--- loncom/interface/lonuserutils.pm 2017/11/04 20:23:23 1.192
+++ loncom/interface/lonuserutils.pm 2022/02/14 01:15:24 1.210
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.192 2017/11/04 20:23:23 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.210 2022/02/14 01:15:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -438,7 +438,7 @@ sub javascript_validations {
} elsif ($context eq 'domain') {
$setsection_call = 'setCourse()';
$setsections_js = &dc_setcourse_js($param{'formname'},$mode,
- $context,$showcredits);
+ $context,$showcredits,$domain);
}
$finish = " var checkSec = $setsection_call\n".
" if (checkSec == 'ok') {\n".
@@ -531,21 +531,28 @@ END
/* regexp here to check for non \d \. in credits */
END
} else {
+ my ($numrules,$intargjs) =
+ &Apache::loncommon::passwd_validation_js('vf.elements[current.argfield].value',$domain);
$auth_checks .= (<
'.&mt('Error').': '. + &mt('Invalid datatoken').'
'); + return 'missingdata'; + } my @records=&Apache::loncommon::upfile_record_sep(); if($env{'form.noFirstLine'}){ $firstLine=shift(@records); @@ -1214,6 +1232,7 @@ sub print_upload_manager_form { } &print_upload_manager_footer($r,$i,$keyfields,$defdom,$today,$halfyear, $context,$permission,$crstype,$showcredits); + return 'ok'; } sub setup_date_selectors { @@ -1561,10 +1580,11 @@ sub my_custom_roles { my %rolehash=&Apache::lonnet::dump('roles',$udom,$uname); foreach my $key (keys(%rolehash)) { if ($key=~/^rolesdef\_(\w+)$/) { + my $role = $1; if ($crstype eq 'Community') { next if ($rolehash{$key} =~ /bre\&S/); } - $returnhash{$1}=$1; + $returnhash{$role}=$role; } } return %returnhash; @@ -2287,7 +2307,6 @@ sub build_user_record { sub courses_selector { my ($cdom,$formname) = @_; - my %coursecodes = (); my %codes = (); my @codetitles = (); my %cat_titles = (); @@ -2300,14 +2319,15 @@ sub courses_selector { my $jscript = ''; my $totcodes = 0; - $totcodes = - &Apache::courseclassifier::retrieve_instcodes(\%coursecodes, - $cdom,$totcodes); - if ($totcodes > 0) { - $format_reply = - &Apache::lonnet::auto_instcode_format($caller,$cdom,\%coursecodes, - \%codes,\@codetitles,\%cat_titles,\%cat_order); - if ($format_reply eq 'ok') { + my $instcats = &Apache::lonnet::get_dom_instcats($cdom); + if (ref($instcats) eq 'HASH') { + if ((ref($instcats->{'codetitles'}) eq 'ARRAY') && (ref($instcats->{'codes'}) eq 'HASH') && + (ref($instcats->{'cat_titles'}) eq 'HASH') && (ref($instcats->{'cat_order'}) eq 'HASH')) { + %codes = %{$instcats->{'codes'}}; + @codetitles = @{$instcats->{'codetitles'}}; + %cat_titles = %{$instcats->{'cat_titles'}}; + %cat_order = %{$instcats->{'cat_order'}}; + $totcodes = scalar(keys(%codes)); my $numtypes = @codetitles; &Apache::courseclassifier::build_code_selections(\%codes,\@codetitles,\%cat_titles,\%cat_order,\%idlist,\%idnums,\%idlist_titles); my ($scripttext,$longtitles) = &Apache::courseclassifier::javascript_definitions(\@codetitles,\%idlist,\%idlist_titles,\%idnums,\%cat_titles); @@ -3521,6 +3541,8 @@ END setSections(formname,'$crstype'); if (seccheck == 'ok') { opener.document.$callingform.newsecs.value = formname.sections.value; + } else { + return; } END } else { @@ -4105,7 +4127,7 @@ sub print_first_users_upload_form { .&Apache::lonhtmlcommon::end_pick_box(); $str .= '' - .'' .'
'; @@ -4179,7 +4201,7 @@ sub upfile_drop_add { $r->print(''.&mt('Error').': '. &mt('Enrollment of users not permitted for specified default domain: [_1].', &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).''); - return; + return 'untrusted'; } } } elsif ($context eq 'author') { @@ -4193,7 +4215,7 @@ sub upfile_drop_add { $r->print(''.&mt('Error').': '. &mt('Addition of users not permitted for specified default domain: [_1].', &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).''); - return; + return 'untrusted'; } } } elsif (($context eq 'domain') && ($setting eq 'domain')) { @@ -4206,7 +4228,7 @@ sub upfile_drop_add { $r->print(''.&mt('Error').': '. &mt('Addition of users not permitted for specified default domain: [_1].', &Apache::lonnet::domain($env{'form.defaultdomain'},'description')).''); - return; + return 'untrusted'; } } } @@ -4219,9 +4241,9 @@ sub upfile_drop_add { } else { my %home_servers = &Apache::lonnet::get_servers($defdom,'library'); if (! exists($home_servers{$desiredhost})) { - $r->print(''.&mt('Error').': '. - &mt('Invalid home server specified').''); - return; + $r->print(''.&mt('Error').': '. + &mt('Invalid home server specified').'
'); + return 'invalidhome'; } } # Determine authentication mechanism @@ -4231,6 +4253,7 @@ sub upfile_drop_add { } my $amode = ''; my $genpwd = ''; + my @genpwdfail; if ($env{'form.login'} eq 'krb') { $amode='krb'; $amode.=$env{'form.krbver'}; @@ -4239,16 +4262,20 @@ sub upfile_drop_add { $amode='internal'; if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) { $genpwd=$env{'form.intarg'}; + @genpwdfail = + &Apache::loncommon::check_passwd_rules($domain,$genpwd); } } elsif ($env{'form.login'} eq 'loc') { $amode='localauth'; if ((defined($env{'form.locarg'})) && ($env{'form.locarg'})) { $genpwd=$env{'form.locarg'}; } + } elsif ($env{'form.login'} eq 'lti') { + $amode='lti'; } if ($amode =~ /^krb/) { if (! defined($genpwd) || $genpwd eq '') { - $r->print(''.': '. + $r->print(''. &mt('Unable to enroll users').' '. &mt('No Kerberos domain was specified.').''); $amode = ''; # This causes the loop below to be skipped @@ -4317,10 +4344,14 @@ sub upfile_drop_add { \@statuses,\@poss_roles); &gather_userinfo($context,'view',\%userlist,$indexhash,\%info, \%cstr_roles,$permission); - } } } + if ($datatoken eq '') { + $r->print(''.&mt('Error').': '. + &mt('Invalid datatoken').'
'); + return 'missingdata'; + } if ( $domain eq &LONCAPA::clean_domain($domain) && ($amode ne '')) { ####################################### @@ -4390,7 +4421,8 @@ sub upfile_drop_add { my $newuserdom = $env{'request.role.domain'}; map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes); # Get new users list - my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname); + my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname, + %showpasswdrules,$haspasswdmap); my $counter = -1; my (%willtrust,%trustchecked); foreach my $line (@userdata) { @@ -4541,11 +4573,43 @@ sub upfile_drop_add { } } # determine user password - my $password = $genpwd; + my $password; + my $passwdfromfile; if (defined($fields{'ipwd'})) { if ($entries{$fields{'ipwd'}}) { $password=$entries{$fields{'ipwd'}}; + $passwdfromfile = 1; + if ($env{'form.login'} eq 'int') { + my $uhome=&Apache::lonnet::homeserver($username,$userdomain); + if (($uhome eq 'no_host') || ($changeauth)) { + my @brokepwdrules = + &Apache::loncommon::check_passwd_rules($domain,$password); + if (@brokepwdrules) { + $disallow{$counter} = &mt('[_1]: Password included in file for this user did not meet requirements.', + ''.$username.''); + map { $showpasswdrules{$_} = 1; } @brokepwdrules; + next; + } + } + } + } + } + unless ($passwdfromfile) { + if ($env{'form.login'} eq 'int') { + if (@genpwdfail) { + my $uhome=&Apache::lonnet::homeserver($username,$userdomain); + if (($uhome eq 'no_host') || ($changeauth)) { + $disallow{$counter} = &mt('[_1]: No specific password in file for this user; default password did not meet requirements', + ''.$username.''); + unless ($haspasswdmap) { + map { $showpasswdrules{$_} = 1; } @genpwdfail; + $haspasswdmap = 1; + } + } + next; + } } + $password = $genpwd; } # determine user role my $role = ''; @@ -4614,7 +4678,7 @@ sub upfile_drop_add { &mt('The user does not already exist, and you may not create a new user in a different domain.'); next; } else { - unless ($password || $env{'form.login'} eq 'loc') { + unless (($password ne '') || ($env{'form.login'} eq 'loc') || ($env{'form.login'} eq 'lti')) { $disallow{$counter} = &mt('[_1]: This is a new user but no default password was provided, and the authentication type requires one.', ''.$username.''); @@ -4817,6 +4881,16 @@ sub upfile_drop_add { my (%userres,%authres,%roleres,%idres); my $singlesec = ''; if ($role eq 'st') { + if (($context eq 'domain') && ($changeauth eq 'Yes') && (!$newuser)) { + if ((&Apache::lonnet::allowed('mau',$userdomain)) && + (&Apache::lonnet::homeserver($username,$userdomain) ne 'no_host')) { + if ((($amode =~ /^krb4|krb5|internal$/) && $password ne '') || + ($amode eq 'localauth')) { + $authresult = + &Apache::lonnet::modifyuserauth($userdomain,$username,$amode,$password); + } + } + } my $sec; if (ref($userinfo{$i}{'sections'}) eq 'ARRAY') { if (@secs > 0) { @@ -4858,16 +4932,16 @@ sub upfile_drop_add { } } } - if (!$multiple) { - ($userresult,$authresult,$roleresult,$idresult) = - &modifyuserrole($context,$setting, - $changeauth,$cid,$userdomain,$username, - $id,$amode,$password,$fname, - $mname,$lname,$gen,$singlesec, - $env{'form.forceid'},$desiredhost, - $email,$role,$enddate,$startdate, - $checkid,$inststatus); - } + } + if (!$multiple) { + ($userresult,$authresult,$roleresult,$idresult) = + &modifyuserrole($context,$setting, + $changeauth,$cid,$userdomain,$username, + $id,$amode,$password,$fname, + $mname,$lname,$gen,$singlesec, + $env{'form.forceid'},$desiredhost, + $email,$role,$enddate,$startdate, + $checkid,$inststatus); } } if ($multiple) { @@ -4908,6 +4982,7 @@ sub upfile_drop_add { $counts{'auth'})."\n"); } $r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules)); + $r->print(&passwdrule_alerts($domain,\%showpasswdrules)); ##################################### # Display list of students to drop # ##################################### @@ -4934,6 +5009,7 @@ sub upfile_drop_add { } } } # end of unless + return 'ok'; } sub print_namespacing_alerts { @@ -4976,6 +5052,42 @@ sub print_namespacing_alerts { } } +sub passwdrule_alerts { + my ($domain,$passwdrules) = @_; + my $warning; + if (ref($passwdrules) eq 'HASH') { + my %showrules = %{$passwdrules}; + if (keys(%showrules)) { + my %passwdconf = &Apache::lonnet::get_passwdconf($domain); + $warning = ''.&mt('Password requirement(s) unmet for one or more users:').'