--- loncom/auth/migrateuser.pm 2009/07/23 17:40:29 1.16
+++ loncom/auth/migrateuser.pm 2013/12/30 20:55:42 1.20
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.16 2009/07/23 17:40:29 raeburn Exp $
+# $Id: migrateuser.pm,v 1.20 2013/12/30 20:55:42 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -29,11 +29,12 @@
package Apache::migrateuser;
use strict;
-use LONCAPA;
+use LONCAPA qw(:DEFAULT :match);
use Apache::Constants qw(:common :http :methods);
use Apache::lonauth;
use Apache::lonnet;
use Apache::lonlocal;
+use Apache::lonlogin();
sub goto_login {
my ($r) = @_;
@@ -52,16 +53,126 @@ sub goto_login {
sub sso_check {
my ($data) = @_;
my %extra_env;
- if ($data->{'sso.login'}) {
- $extra_env{'request.sso.login'} = $data->{'sso.login'};
- }
- if ($data->{'sso.reloginserver'}) {
- $extra_env{'request.sso.reloginserver'} =
- $data->{'sso.reloginserver'};
+ if (ref($data) eq 'HASH') {
+ if ($data->{'sso.login'}) {
+ $extra_env{'request.sso.login'} = $data->{'sso.login'};
+ }
+ if ($data->{'sso.reloginserver'}) {
+ $extra_env{'request.sso.reloginserver'} =
+ $data->{'sso.reloginserver'};
+ }
}
return \%extra_env;
}
+sub ip_changed {
+ my ($r,$udom,$camefrom,$dataref) = @_;
+ &Apache::loncommon::content_type($r,'text/html');
+ $r->send_http_header;
+ if (ref($dataref) eq 'HASH') {
+ my $title = 'LON-CAPA Session redirected';
+ my $message = &mt('Your internet address has changed since you logged in.');
+ my $camefrom = &Apache::lonnet::hostname($dataref->{'server'});
+ my $frombalancer = $dataref->{'balancer'};
+ my $rule_in_effect;
+ if ($frombalancer) {
+ my $balancerdom = &Apache::lonnet::host_domain($dataref->{'server'});
+ my ($result,$cached)=&Apache::lonnet::is_cached_new('loadbalancing',$balancerdom);
+ unless (defined($cached)) {
+ my $cachetime = 60*60*24;
+ my %domconfig =
+ &Apache::lonnet::get_dom('configuration',['loadbalancing'],$balancerdom);
+ if (ref($domconfig{'loadbalancing'}) eq 'HASH') {
+ $result = &Apache::lonnet::do_cache_new('loadbalancing',$balancerdom,
+ $domconfig{'loadbalancing'},$cachetime);
+ }
+ }
+ if (ref($result) eq 'HASH') {
+ (undef,my $currtargets,my $currrules) =
+ &Apache::lonnet::check_balancer_result($result,$dataref->{'server'});
+ if (ref($currrules) eq 'HASH') {
+ if ($dataref->{'sso.login'}) {
+ if ($currrules->{'_LC_ipchangesso'} ne '') {
+ $rule_in_effect = $currrules->{'_LC_ipchangesso'};
+ }
+ } else {
+ if ($currrules->{'_LC_ipchange'} ne '') {
+ $rule_in_effect = $currrules->{'_LC_ipchange'};
+ }
+ }
+ }
+ }
+ }
+ my $url;
+ my $lonhost= $r->dir_config('lonHostID');
+ my $switchto = $lonhost;
+ if ($rule_in_effect eq 'balancer') {
+ my $hosthere;
+ if ($dataref->{'role'}) {
+ my ($adom,$aname);
+ if ($dataref->{'role'} =~ m{^au\./($match_domain)/$}) {
+ $adom = $1;
+ $aname = $dataref->{'username'};
+ } elsif ($dataref->{'role'} =~ m{^(?:ca|aa)\./($match_domain)/($match_username)$}) {
+ $adom = $1;
+ $aname = $2;
+ }
+ if ($adom ne '' && $aname ne '') {
+ my $ahome = &Apache::lonnet::homeserver($aname,$adom);
+ unless ($ahome eq 'no_host') {
+ my @ids=&Apache::lonnet::current_machine_ids();
+ if ($ahome && grep(/^\Q$ahome\E$/,@ids)) {
+ $hosthere = 1;
+ }
+ }
+ }
+ }
+ unless ($hosthere) {
+ my $hostname = &Apache::lonnet::hostname($dataref->{'server'});
+ if ($hostname) {
+ $switchto = $dataref->{'server'};
+ my $protocol = $Apache::lonnet::protocol{$switchto};
+ $protocol = 'http' if ($protocol ne 'https');
+ $url = $protocol.'://'.$hostname;
+ $message .= '
'.
+ &mt('As a result, your LON-CAPA session is being redirected to the server where you originally logged in.');
+ }
+ }
+ }
+ if ($dataref->{'sso.login'}) {
+ $url .= '/adm/roles?';
+ } else {
+ $url .= '/adm/login?';
+ $message .= '
'.&mt('You will need to provide your password one more time.');
+ }
+ my %info= (
+ 'domain' => $dataref->{'domain'},
+ 'username' => $dataref->{'username'},
+ 'role' => $dataref->{'role'},
+ 'sessionserver' => $lonhost,
+ );
+ if ($dataref->{'origurl'}) {
+ $info{'origurl'} = $dataref->{'origurl'};
+ }
+ if ($dataref->{'symb'}) {
+ $info{'symb'} = $dataref->{'symb'};
+ }
+ my $iptoken = &Apache::lonnet::tmpput(\%info,$switchto);
+ unless ($iptoken eq 'conlost') {
+ $url .= 'iptoken='.$iptoken;
+ }
+ $r->print(&Apache::loncommon::start_page($title,undef,
+ {'redirect' =>
+ [2,$url],}).
+ '
'.$message.'
'. + &Apache::loncommon::end_page()); + } else { + return &goto_login($r); + } + return OK; +} + sub handler { my ($r) = @_; @@ -78,12 +189,14 @@ sub handler { return &goto_login($r); } - if ($data{'ip'} ne $ENV{'REMOTE_ADDR'} || !defined($data{'username'}) || - !defined($data{'domain'}) ) { - return &goto_login($r); + if (!defined($data{'username'}) || !defined($data{'domain'})) { + return &goto_login($r); + } + if ($data{'ip'} ne $ENV{'REMOTE_ADDR'}) { + return &ip_changed($r,$data{'domain'},$data{'server'},\%data); } - &Apache::lonnet::logthis("Allowing access for $data{'username'}\@$data{'domain'} to $data{'role'}"); + &Apache::lonnet::logthis("Allowing access for $data{'username'}:$data{'domain'} to $data{'role'}"); my $home=&Apache::lonnet::homeserver($data{'username'},$data{'domain'}); if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r); }