--- loncom/auth/lonauth.pm 2021/10/26 15:52:54 1.168
+++ loncom/auth/lonauth.pm 2021/11/24 20:15:15 1.171
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.168 2021/10/26 15:52:54 raeburn Exp $
+# $Id: lonauth.pm,v 1.171 2021/11/24 20:15:15 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -42,11 +42,12 @@ use Apache::lonlocal;
use Apache::File();
use HTML::Entities;
use Digest::MD5;
+use CGI::Cookie();
# ------------------------------------------------------------ Successful login
sub success {
my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
- $form,$skipcritical,$cid) = @_;
+ $form,$skipcritical,$cid,$expirepub) = @_;
# ------------------------------------------------------------ Get cookie ready
my $cookie =
@@ -178,6 +179,22 @@ sub success {
$destination .= 'source=login';
}
+ if (($env{'request.deeplink.login'} eq $lowerurl) &&
+ (($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) {
+ my %info;
+ if ($env{'request.linkprot'}) {
+ $info{'linkprot'} = $env{'request.linkprot'};
+ } elsif ($env{'request.linkkey'} ne '') {
+ $info{'linkkey'} = $env{'request.linkkey'};
+ }
+ $info{'origurl'} = $lowerurl;
+ my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
+ unless (($token eq 'con_lost') || ($token eq 'refused') ||
+ ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+ $destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
+ }
+ }
+
my $windowname = 'loncapaclient';
if ($env{'request.lti.login'}) {
$windowname .= 'lti';
@@ -217,6 +234,12 @@ sub success {
if ($defaultcookie) {
$r->headers_out->add('Set-cookie' => $defaultcookie);
}
+ if ($expirepub) {
+ my $c = new CGI::Cookie(-name => 'lonPubID',
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
+ }
$r->send_http_header;
my ($start_page,$js,$pagebody,$end_page);
@@ -277,7 +300,7 @@ ENDSUCCESS
# --------------------------------------------------------------- Failed login!
sub failed {
- my ($r,$message,$form) = @_;
+ my ($r,$message,$form,$authhost) = @_;
(undef,undef,undef,my $clientmathml,my $clientunicode) =
&Apache::loncommon::decode_user_agent();
my $args = {};
@@ -285,14 +308,19 @@ sub failed {
$args = {'browser.unicode' => 1};
}
+ my @actions;
my $start_page = &Apache::loncommon::start_page('Unsuccessful Login',undef,$args);
my $uname = &Apache::loncommon::cleanup_html($form->{'uname'});
my $udom = &Apache::loncommon::cleanup_html($form->{'udom'});
if (&Apache::lonnet::domain($udom,'description') eq '') {
undef($udom);
}
+ my $authtype;
+ if (($udom ne '') && ($uname ne '') && ($authhost eq 'no_host')) {
+ $authtype = &Apache::lonnet::queryauthenticate($uname,$udom);
+ }
my $retry = '/adm/login';
- if ($uname eq $form->{'uname'}) {
+ if (($uname eq $form->{'uname'}) && ($authtype !~ /^lti:/)) {
$retry .= '?username='.$uname;
}
if ($udom) {
@@ -329,7 +357,7 @@ sub failed {
}
if (exists($form->{linkprot})) {
my $ltoken = &Apache::lonnet::tmpput({linkprot => $form->{'linkprot'}},
- $r->dir_config('lonHostID'));
+ $r->dir_config('lonHostID'),'retry');
if ($ltoken) {
$retry .= (($retry =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
}
@@ -340,18 +368,28 @@ sub failed {
my $end_page = &Apache::loncommon::end_page();
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my @actions =
- (&mt('Please [_1]log in again[_2].','',''));
+ if ($authtype =~ /^lti:/) {
+ $message = &mt('Direct login is not supported with the username you entered.').
+ '
'.
+ &mt('You likely need to launch LON-CAPA from within a course in a different Learning Management System.').
+ '
'.
+ &mt('You can also try to log in with a different username.');
+ @actions =
+ (&mt('Try your [_1]log in again[_2].','',''));
+ } else {
+ $message = &mt($message);
+ @actions =
+ (&mt('Please [_1]log in again[_2].','',''));
+ }
my $loginhelp = &loginhelpdisplay($udom);
if ($loginhelp) {
push(@actions, ''.&mt('Login problems?').'');
}
#FIXME: link to helpdesk might be added here
-
$r->print(
$start_page
.'
'.&mt('You are already logged in!').'
' + .''.&mt('Please [_1]log out[_2] first, and then try your access again', + '','') + .'
' + .$end_page); + } else { + if (($info{'linkprot'}) || ($info{'linkkey'} ne '')) { + my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link'); + unless (($token eq 'con_lost') || ($token eq 'refused') || + ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { + $dest .= (($dest =~ /\?/) ? '&' : '?') . 'ttoken='.$token; + } + } + $r->print( + $start_page + .''.&mt('You are already logged in!').'
' + .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4] first, and then try your access again', + '','', + '','') + .'
' + .$end_page); + } + return OK; } - &set_deeplink_login(%form); - } else { - $r->print( - $start_page - .''.&mt('You are already logged in!').'
' - .''.&mt('Please [_1]log out[_2] first, and then try your access again', - '','') - .'
' - .$end_page); - return OK; } } } $r->print( - $start_page - .''.&mt('You are already logged in!').'
' - .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' - ,'','','','') - .'
' - .$end_page + $start_page + .''.&mt('You are already logged in!').'
' + .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].' + ,'','','','') + .'
' + .$end_page ); return OK; } @@ -443,19 +508,7 @@ sub handler { # ---------------------------------------------------- No valid token, continue - - my $buffer; - if ($r->header_in('Content-length') > 0) { - $r->read($buffer,$r->header_in('Content-length'),0); - } - my %form; - foreach my $pair (split(/&/,$buffer)) { - my ($name,$value) = split(/=/,$pair); - $value =~ tr/+/ /; - $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; - $form{$name}=$value; - } - + my %form = &get_form_items($r); if ((!$form{'uname'}) || (!$form{'upass0'}) || (!$form{'udom'})) { &failed($r,'Username, password and domain need to be specified.', \%form); @@ -499,7 +552,8 @@ sub handler { return OK; } - my ($key,$firsturl,@rest)=split(/&/,$tmpinfo); + my ($des_key,$firsturl,@rest)=split(/&/,$tmpinfo); + $firsturl = &unescape($firsturl); foreach my $item (@rest) { my ($key,$value) = split(/=/,$item); $form{$key} = &unescape($value); @@ -508,7 +562,7 @@ sub handler { $form{'firsturl'} = $firsturl; } my $upass = $ENV{HTTPS} ? $form{'upass0'} - : &Apache::loncommon::des_decrypt($key,$form{'upass0'}); + : &Apache::loncommon::des_decrypt($des_key,$form{'upass0'}); # ---------------------------------------------------------------- Authenticate @@ -530,7 +584,7 @@ sub handler { if ($authhost eq 'no_host') { &failed($r,'Username and/or password could not be authenticated.', - \%form); + \%form,$authhost); return OK; } elsif ($authhost eq 'no_account_on_host') { if ($defaultauth) { @@ -570,9 +624,9 @@ sub handler { $firsturl='/adm/roles'; } - my $hosthere; + my ($hosthere,%sessiondata); if ($form{'iptoken'}) { - my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); + %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'}); my $delete = &Apache::lonnet::tmpdel($form{'iptoken'}); if (($sessiondata{'domain'} eq $form{'udom'}) && ($sessiondata{'username'} eq $form{'uname'})) { @@ -616,7 +670,7 @@ sub handler { unless ($suprim eq $uprim) { unless ($suintdom eq $uintdom) { &Apache::lonnet::logthis('Attempted switch user ' - .'to user with different "internet domain".'); + .'to user with different "internet domain".'); $noprivswitch = 1; } } @@ -778,6 +832,18 @@ sub handler { $form{'noloadbalance'} = $hosthere; } my $extra_env; + if (($hosthere) && ($sessiondata{'sessionserver'} ne '')) { + if ($sessiondata{'origurl'} ne '') { + $firsturl = $sessiondata{'origurl'}; + $form{'firsturl'} = $sessiondata{'origurl'}; + my @names = ('role','symb','linkprot','linkkey'); + foreach my $item (@names) { + if ($sessiondata{$item} ne '') { + $form{$item} = $sessiondata{$item}; + } + } + } + } if ($form{'linkprot'}) { my ($linkprotector,$uri) = split(/:/,$form{'linkprot'},2); if ($linkprotector) { @@ -817,14 +883,31 @@ sub handler { } } +sub get_form_items { + my ($r) = @_; + my $buffer; + if ($r->header_in('Content-length') > 0) { + $r->read($buffer,$r->header_in('Content-length'),0); + } + my %form; + foreach my $pair (split(/&/,$buffer)) { + my ($name,$value) = split(/=/,$pair); + $value =~ tr/+/ /; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg; + $form{$name}=$value; + } + return %form; +} + sub set_deeplink_login { my (%form) = @_; + my $disallow; if ($form{'firsturl'} =~ m{^/tiny/($match_domain)/\w+$}) { my $cdom = $1; my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom); if ($symb) { if ($env{'request.course.id'} eq $cdom.'_'.$cnum) { - my ($disallow,$deeplink); + my $deeplink; if ($symb =~ /\.(page|sequence)$/) { my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]); my $navmap = Apache::lonnavmaps::navmap->new(); @@ -857,14 +940,17 @@ sub set_deeplink_login { } } } - return; + if ($disallow) { + return; + } + return 'ok'; } sub set_retry_token { my ($form,$lonhost,$querystr) = @_; if (ref($form) eq 'HASH') { my ($firsturl,$token,$extras,@names); - @names = ('role','symb','linkprot','linkkey'); + @names = ('role','symb','linkprot','linkkey','iptoken'); foreach my $name (@names) { if ($form->{$name} ne '') { $extras .= '&'.$name.'='.&escape($form->{$name});