--- loncom/auth/lonauth.pm 2014/10/04 02:59:32 1.135
+++ loncom/auth/lonauth.pm 2021/11/03 01:04:02 1.169
@@ -1,651 +1,1070 @@
-# The LearningOnline Network
-# User Authentication Module
-#
-# $Id: lonauth.pm,v 1.135 2014/10/04 02:59:32 raeburn Exp $
-#
-# Copyright Michigan State University Board of Trustees
-#
-# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
-#
-# LON-CAPA is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# LON-CAPA is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with LON-CAPA; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# /home/httpd/html/adm/gpl.txt
-#
-# http://www.lon-capa.org/
-#
-
-package Apache::lonauth;
-
-use strict;
-use LONCAPA;
-use Apache::Constants qw(:common);
-use CGI qw(:standard);
-use DynaLoader; # for Crypt::DES version
-use Crypt::DES;
-use Apache::loncommon();
-use Apache::lonnet;
-use Apache::lonmenu();
-use Apache::createaccount;
-use Fcntl qw(:flock);
-use Apache::lonlocal;
-use Apache::File();
-use HTML::Entities;
-
-# ------------------------------------------------------------ Successful login
-sub success {
- my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
- $form) = @_;
-
-# ------------------------------------------------------------ Get cookie ready
- my $cookie =
- &Apache::loncommon::init_user_environment($r, $username, $domain,
- $authhost, $form,
- {'extra_env' => $extra_env,});
-
- my $public=($username eq 'public' && $domain eq 'public');
-
- if ($public or $lowerurl eq 'noredirect') { return $cookie; }
-
-# -------------------------------------------------------------------- Log this
-
- &Apache::lonnet::log($domain,$username,$authhost,
- "Login $ENV{'REMOTE_ADDR'}");
-
-# ------------------------------------------------- Check for critical messages
-
- my @what=&Apache::lonnet::dump('critical',$domain,$username);
- if ($what[0]) {
- if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
- $lowerurl='/adm/email?critical=display';
- }
- }
-
-# ------------------------------------------------------------ Get cookie ready
- $cookie="lonID=$cookie; path=/";
-# -------------------------------------------------------- Menu script and info
- my $destination = $lowerurl;
-
- if (defined($form->{role})) {
- my $envkey = 'user.role.'.$form->{role};
- my $now=time;
- my $then=$env{'user.login.time'};
- my $refresh=$env{'user.refresh.time'};
- my $update=$env{'user.update.time'};
- if (!$update) {
- $update = $then;
- }
- if (exists($env{$envkey})) {
- my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus);
- &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where,
- \$trolecode,\$tstatus,\$tstart,\$tend);
- if ($tstatus eq 'is') {
- $destination .= ($destination =~ /\?/) ? '&' : '?';
- my $newrole = &HTML::Entities::encode($form->{role},'"<>&');
- $destination .= 'selectrole=1&'.$newrole.'=1';
- }
- }
- }
- if (defined($form->{symb})) {
- my $destsymb = $form->{symb};
- $destination .= ($destination =~ /\?/) ? '&' : '?';
- if ($destsymb =~ /___/) {
- # FIXME Need to deal with encrypted symbs and urls as needed.
- my ($map,$resid,$desturl)=split(/___/,$destsymb);
- unless ($desturl=~/^(adm|editupload|public)/) {
- $desturl = &Apache::lonnet::clutter($desturl);
- }
- $desturl = &HTML::Entities::encode($desturl,'"<>&');
- $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= 'destinationurl='.$desturl.
- '&destsymb='.$destsymb;
- } else {
- $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
- $destination .= 'destinationurl='.$destsymb;
- }
- }
- if ($destination =~ m{^/adm/roles}) {
- $destination .= ($destination =~ /\?/) ? '&' : '?';
- $destination .= 'source=login';
- }
-
- my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="loncapaclient";');
- my $header = '';
- my $brcrum = [{'href' => '',
- 'text' => 'Successful Login'},];
- my $start_page=&Apache::loncommon::start_page('Successful Login',
- $header,
- {'bread_crumbs' => $brcrum,});
- my $end_page =&Apache::loncommon::end_page();
-
- my $continuelink=''.&mt('Continue').'';
-# ------------------------------------------------- Output for successful login
-
- &Apache::loncommon::content_type($r,'text/html');
- $r->header_out('Set-cookie' => $cookie);
- $r->send_http_header;
-
- my %lt=&Apache::lonlocal::texthash(
- 'wel' => 'Welcome',
- 'pro' => 'Login problems?',
- );
- my $loginhelp = &loginhelpdisplay($domain);
- if ($loginhelp) {
- $loginhelp = '
'.
- &mt('This LON-CAPA server is unable to host your session.').' '.
- '
'.&mt('Currently no other LON-CAPA server is available to host your session either.').'
'.
- &Apache::loncommon::end_page();
- return $result;
-}
-
-sub loginhelpdisplay {
- my ($authdomain) = @_;
- my $login_help = 1;
- my $lang = &Apache::lonlocal::current_language();
- if ($login_help) {
- my $dom = $authdomain;
- if ($dom eq '') {
- $dom = &Apache::lonnet::default_login_domain();
- }
- my %domconfhash = &Apache::loncommon::get_domainconf($dom);
- my $loginhelp_url;
- if ($lang) {
- $loginhelp_url = $domconfhash{$dom.'.login.helpurl_'.$lang};
- if ($loginhelp_url ne '') {
- return $loginhelp_url;
- }
- }
- $loginhelp_url = $domconfhash{$dom.'.login.helpurl_nolang'};
- if ($loginhelp_url ne '') {
- return $loginhelp_url;
- } else {
- return '/adm/loginproblems.html';
- }
- }
- return;
-}
-
-1;
-__END__
-
-
+# The LearningOnline Network
+# User Authentication Module
+#
+# $Id: lonauth.pm,v 1.169 2021/11/03 01:04:02 raeburn Exp $
+#
+# Copyright Michigan State University Board of Trustees
+#
+# This file is part of the LearningOnline Network with CAPA (LON-CAPA).
+#
+# LON-CAPA is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# LON-CAPA is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with LON-CAPA; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+# /home/httpd/html/adm/gpl.txt
+#
+# http://www.lon-capa.org/
+#
+
+package Apache::lonauth;
+
+use strict;
+use LONCAPA qw(:DEFAULT :match);
+use Apache::Constants qw(:common);
+use CGI qw(:standard);
+use Apache::loncommon();
+use Apache::lonnet;
+use Apache::lonmenu();
+use Apache::createaccount;
+use Apache::ltiauth;
+use Fcntl qw(:flock);
+use Apache::lonlocal;
+use Apache::File();
+use HTML::Entities;
+use Digest::MD5;
+
+# ------------------------------------------------------------ Successful login
+sub success {
+ my ($r, $username, $domain, $authhost, $lowerurl, $extra_env,
+ $form,$skipcritical,$cid) = @_;
+
+# ------------------------------------------------------------ Get cookie ready
+ my $cookie =
+ &Apache::loncommon::init_user_environment($r, $username, $domain,
+ $authhost, $form,
+ {'extra_env' => $extra_env,});
+
+ my $public=($username eq 'public' && $domain eq 'public');
+
+ if ($public or $lowerurl eq 'noredirect') { return $cookie; }
+
+# -------------------------------------------------------------------- Log this
+
+ my $ip = &Apache::lonnet::get_requestor_ip();
+ &Apache::lonnet::log($domain,$username,$authhost,
+ "Login $ip");
+
+# ------------------------------------------------- Check for critical messages
+
+ unless ($skipcritical) {
+ my @what=&Apache::lonnet::dump('critical',$domain,$username);
+ if ($what[0]) {
+ if (($what[0] ne 'con_lost') && ($what[0]!~/^error\:/)) {
+ $lowerurl='/adm/email?critical=display';
+ }
+ }
+ }
+
+# ----------------------------------------------------------- Get cookies ready
+ my ($securecookie,$defaultcookie);
+ my $ssl = $r->subprocess_env('https');
+ if ($ssl) {
+ $securecookie="lonSID=$cookie; path=/; HttpOnly; secure";
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
+ my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
+ if (-e "$lonidsdir/$linkname.id") {
+ unlink("$lonidsdir/$linkname.id");
+ }
+ my $made_symlink = eval { symlink("$lonidsdir/$cookie.id",
+ "$lonidsdir/$linkname.id"); 1 };
+ if ($made_symlink) {
+ $defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
+ &Apache::lonnet::appenv({'user.linkedenv' => $linkname});
+ }
+ }
+ } else {
+ $defaultcookie = "lonID=$cookie; path=/; HttpOnly;";
+ }
+# -------------------------------------------------------- Menu script and info
+ my $destination = $lowerurl;
+ if ($env{'request.lti.login'}) {
+ if (($env{'request.lti.reqcrs'}) && ($env{'request.lti.reqrole'} eq 'cc')) {
+ &Apache::loncommon::content_type($r,'text/html');
+ if ($securecookie) {
+ $r->headers_out->add('Set-cookie' => $securecookie);
+ }
+ if ($defaultcookie) {
+ $r->headers_out->add('Set-cookie' => $defaultcookie);
+ }
+ $r->send_http_header;
+ if (ref($form) eq 'HASH') {
+ $form->{'lti.login'} = $env{'request.lti.login'};
+ $form->{'lti.reqcrs'} = $env{'request.lti.reqcrs'};
+ $form->{'lti.reqrole'} = $env{'request.lti.reqrole'};
+ $form->{'lti.sourcecrs'} = $env{'request.lti.sourcecrs'};
+ }
+ &Apache::ltiauth::lti_reqcrs($r,$domain,$form,$username,$domain);
+ return;
+ }
+ if ($env{'request.lti.selfenrollrole'}) {
+ if (&Apache::ltiauth::lti_enroll($username,$domain,
+ $env{'request.lti.selfenrollrole'}) eq 'ok') {
+ $form->{'role'} = $env{'request.lti.selfenrollrole'};
+ &Apache::lonnet::delenv('request.lti.selfenrollrole');
+ } else {
+ &Apache::ltiauth::invalid_request($r,24);
+ }
+ }
+ }
+ if (defined($form->{role})) {
+ my $envkey = 'user.role.'.$form->{role};
+ my $now=time;
+ my $then=$env{'user.login.time'};
+ my $refresh=$env{'user.refresh.time'};
+ my $update=$env{'user.update.time'};
+ if (!$update) {
+ $update = $then;
+ }
+ if (exists($env{$envkey})) {
+ my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus);
+ &Apache::lonnet::role_status($envkey,$update,$refresh,$now,\$role,\$where,
+ \$trolecode,\$tstatus,\$tstart,\$tend);
+ if ($tstatus eq 'is') {
+ $destination .= ($destination =~ /\?/) ? '&' : '?';
+ my $newrole = &HTML::Entities::encode($form->{role},'"<>&');
+ $destination .= 'selectrole=1&'.$newrole.'=1';
+ }
+ }
+ }
+ if (defined($form->{symb})) {
+ my $destsymb = $form->{symb};
+ my $encrypted;
+ if ($destsymb =~ m{^/enc/}) {
+ $encrypted = 1;
+ if ($cid) {
+ $destsymb = &Apache::lonenc::unencrypted($destsymb,$cid);
+ }
+ }
+ $destination .= ($destination =~ /\?/) ? '&' : '?';
+ if ($destsymb =~ /___/) {
+ my ($map,$resid,$desturl)=split(/___/,$destsymb);
+ $desturl = &Apache::lonnet::clutter($desturl);
+ if ($encrypted) {
+ $desturl = &Apache::lonenc::encrypted($desturl,1,$cid);
+ $destsymb = $form->{symb};
+ }
+ $desturl = &HTML::Entities::encode($desturl,'"<>&');
+ $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
+ $destination .= 'destinationurl='.$desturl.
+ '&destsymb='.$destsymb;
+ } elsif (!$encrypted) {
+ $destsymb = &HTML::Entities::encode($destsymb,'"<>&');
+ $destination .= 'destinationurl='.$destsymb;
+ }
+ }
+ if ($destination =~ m{^/adm/roles}) {
+ $destination .= ($destination =~ /\?/) ? '&' : '?';
+ $destination .= 'source=login';
+ }
+
+ if (($env{'request.deeplink.login'} eq $lowerurl) &&
+ (($env{'request.linkprot'}) || ($env{'request.linkkey'} ne ''))) {
+ my %info;
+ if ($env{'request.linkprot'}) {
+ $info{'linkprot'} = $env{'request.linkprot'};
+ } elsif ($env{'request.linkkey'} ne '') {
+ $info{'linkkey'} = $env{'request.linkkey'};
+ }
+ $info{'origurl'} = $lowerurl;
+ my $token = &Apache::lonnet::tmpput(\%info,$r->dir_config('lonHostID'),'link');
+ unless (($token eq 'con_lost') || ($token eq 'refused') ||
+ ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) {
+ $destination .= (($destination =~ /\?/) ? '&' : '?') . 'ttoken='.$token;
+ }
+ }
+
+ my $windowname = 'loncapaclient';
+ if ($env{'request.lti.login'}) {
+ $windowname .= 'lti';
+ }
+ my $windowinfo = Apache::lonhtmlcommon::scripttag('self.name="'.$windowname.'";');
+ my $brcrum = [{'href' => '',
+ 'text' => 'Successful Login'},];
+ my $args = {'bread_crumbs' => $brcrum,};
+ unless ((defined($form->{role})) || (defined($form->{symb}))) {
+ my $update=$env{'user.update.time'};
+ if (!$update) {
+ $update = $env{'user.login.time'};
+ }
+ my %roles_in_env;
+ my $showcount = &Apache::lonroles::roles_from_env(\%roles_in_env,$update);
+ if ($showcount == 1) {
+ foreach my $rolecode (keys(%roles_in_env)) {
+ my ($cid) = ($rolecode =~ m{^\Quser.role.st./\E($match_domain/$match_courseid)(?:/|$)});
+ if ($cid) {
+ my %coursedescription =
+ &Apache::lonnet::coursedescription($cid,{'one_time' => '1'});
+ if ($coursedescription{'type'} eq 'Placement') {
+ $args->{'crstype'} = 'Placement';
+ }
+ last;
+ }
+ }
+ }
+ }
+
+# ------------------------------------------------- Output for successful login
+
+ &Apache::loncommon::content_type($r,'text/html');
+ if ($securecookie) {
+ $r->headers_out->add('Set-cookie' => $securecookie);
+ }
+ if ($defaultcookie) {
+ $r->headers_out->add('Set-cookie' => $defaultcookie);
+ }
+ $r->send_http_header;
+
+ my ($start_page,$js,$pagebody,$end_page);
+ if ($env{'request.lti.login'}) {
+ $args = {'only_body' => 1};
+ if ($env{'request.lti.target'} eq '') {
+ my $ltitarget = (($destination =~ /\?/) ? '&' : '?').
+ 'ltitarget=iframe';
+ $js = <<"ENDJS";
+
+
+
+ENDJS
+ $args->{'add_entries'} = {'onload' => "javascript:setLTItarget();"};
+ $pagebody = '';
+ } else {
+ $args->{'redirect'} = [0,$destination,1];
+ }
+ $start_page=&Apache::loncommon::start_page('',$js,$args);
+ } else {
+ $args->{'redirect'} = [0,$destination];
+ $start_page=&Apache::loncommon::start_page('Successful Login',
+ $js,$args);
+
+ my %lt=&Apache::lonlocal::texthash(
+ 'wel' => 'Welcome',
+ 'pro' => 'Login problems?',
+ );
+ $pagebody = "
$lt{'wel'}
\n".
+ &mt('Welcome to the Learning[_1]Online[_2] Network with CAPA. Please wait while your session is being set up.','','');
+ my $loginhelp = &loginhelpdisplay($domain);
+ if ($loginhelp) {
+ $pagebody .= '
'.
+ &mt('This LON-CAPA server is unable to host your session.').' '.
+ '
'.&mt('Currently no other LON-CAPA server is available to host your session either.').'
'.
+ &Apache::loncommon::end_page();
+ return $result;
+}
+
+sub loginhelpdisplay {
+ my ($authdomain) = @_;
+ my $login_help = 1;
+ my $lang = &Apache::lonlocal::current_language();
+ if ($login_help) {
+ my $dom = $authdomain;
+ if ($dom eq '') {
+ $dom = &Apache::lonnet::default_login_domain();
+ }
+ my %domconfhash = &Apache::loncommon::get_domainconf($dom);
+ my $loginhelp_url;
+ if ($lang) {
+ $loginhelp_url = $domconfhash{$dom.'.login.helpurl_'.$lang};
+ if ($loginhelp_url ne '') {
+ return $loginhelp_url;
+ }
+ }
+ $loginhelp_url = $domconfhash{$dom.'.login.helpurl_nolang'};
+ if ($loginhelp_url ne '') {
+ return $loginhelp_url;
+ } else {
+ return '/adm/loginproblems.html';
+ }
+ }
+ return;
+}
+
+1;
+__END__
+
+
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
Please contact the server administrator at
root@localhost to inform them of the time this error occurred,
and the actions you performed just before this error.
More information about this error may be available
in the server error log.