[LON-CAPA-cvs] cvs: loncom / loncapa_apache.conf /auth lonacc.pm restrictedaccess.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Fri, 14 Jul 2006 21:38:26 -0000
This is a MIME encoded message
--albertel1152913106
Content-Type: text/plain
albertel Fri Jul 14 17:38:26 2006 EDT
Modified files:
/loncom loncapa_apache.conf
/loncom/auth restrictedaccess.pm lonacc.pm
Log:
- switching from using a FORBIDDEN pass to just making the restricted
access screen the response phase
--albertel1152913106
Content-Type: text/plain
Content-Disposition: attachment; filename="albertel-20060714173826.txt"
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.148 loncom/loncapa_apache.conf:1.149
--- loncom/loncapa_apache.conf:1.148 Fri Jul 14 17:08:48 2006
+++ loncom/loncapa_apache.conf Fri Jul 14 17:38:23 2006
@@ -1,7 +1,7 @@
##
## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
##
-## $Id: loncapa_apache.conf,v 1.148 2006/07/14 21:08:48 raeburn Exp $
+## $Id: loncapa_apache.conf,v 1.149 2006/07/14 21:38:23 albertel Exp $
##
#
@@ -496,6 +496,7 @@
PerlAccessHandler Apache::publiccheck
AuthType LONCAPA
SetHandler perl-script
+PerlAuthzHandler Apache::lonacc
PerlHandler Apache::restrictedaccess
</Location>
Index: loncom/auth/restrictedaccess.pm
diff -u loncom/auth/restrictedaccess.pm:1.1 loncom/auth/restrictedaccess.pm:1.2
--- loncom/auth/restrictedaccess.pm:1.1 Sun Jul 9 23:58:45 2006
+++ loncom/auth/restrictedaccess.pm Fri Jul 14 17:38:26 2006
@@ -30,7 +30,6 @@
use lib '/home/httpd/lib/perl/';
use Apache::Constants qw(:common :http REDIRECT);
use CGI::Cookie();
-use Apache::File ();
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonauth();
@@ -42,28 +41,21 @@
sub handler {
my $r = shift;
- &Apache::loncommon::get_unprocessed_cgi
- ($ENV{'QUERY_STRING'}.'&'.$env{'request.querystring'},
- ['origurl']);
-
- &Apache::lonacc::get_posted_cgi($r);
my $origurl = &unescape($env{'form.origurl'});
- my $msg;
+ if (!defined($origurl)) {
+ $origurl = $r->uri;
+ }
if (exists($env{'form.pass1'})) {
my ($result,$end) = &check_pass($r,$origurl);
if ($result eq 'ok') {
- my $cookie_check = &print_redirect($r,$end,$origurl);
- if ($cookie_check eq 'ok') {
- $env{'request.state'} = "published";
- $env{'request.filename'} = $origurl;
- $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
- return REDIRECT;
- } else {
- &print_entryform($r,$origurl,$cookie_check);
- }
+ &Apache::lonnet::appenv(('user.passphrase_access_'.$origurl =>
+ $end));
+ $env{'request.state'} = "published";
+ $env{'request.filename'} = $origurl;
+ $r->header_out(Location => 'http://'.$ENV{'HTTP_HOST'}.$origurl);
+ return REDIRECT;
} else {
- $msg = "Invalid passphrase";
- &print_entryform($r,$origurl,$msg);
+ &print_entryform($r,$origurl,"Invalid passphrase");
}
} else {
&print_entryform($r,$origurl);
@@ -85,14 +77,10 @@
alert("You must enter a passphrase");
return;
}
- if (document.passform.pass1.value != document.passform.pass2.value) {
- alert("Passphrases do not match");
- return;
- }
document.passform.submit();
}
</script>');
- $r->print('<b>'.$msg.'</b>');
+ $r->print('<span class="LC_error">'.$msg.'</span>');
$r->print('<div align="center"><form name="passform" method="post" '.
'action="/adm/restrictedaccess">');
$r->print('<br /><br /><br />');
@@ -102,10 +90,6 @@
'<td><input type="password" size="20" name="pass1"></td>');
$r->print(&Apache::loncommon::end_data_table_row());
$r->print(&Apache::loncommon::start_data_table_row());
- $r->print('<td><nobr>'.&mt('Confirm passphrase: ').'</nobr></td>');
- $r->print('<td><input type="password" size="20" name="pass2" /></td>');
- $r->print(&Apache::loncommon::end_data_table_row());
- $r->print(&Apache::loncommon::start_data_table_row());
$r->print('<td align="center" colspan="2"><br />'.
'<input type="button" name="sendpass" value="'.
&mt('Submit passphrase').'" onClick="verify()" /></td>');
@@ -116,37 +100,8 @@
$r->print(&Apache::loncommon::end_page());
}
-sub print_redirect {
- my ($r,$end,$requrl) = @_;
- my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
- my $lonid=$cookies{'lonID'};
- my $lonidsdir=$r->dir_config('lonIDsDir');
- my $cookie;
- if ($lonid) {
- $cookie=$lonid->value;
- $cookie=~s/\W//g;
- }
- if ($cookie) {
- my $envkey = 'user.passphrase_access_'.$requrl;
- open(my $idf,">>$lonidsdir/$cookie.id");
- if (!flock($idf,LOCK_EX)) {
- &Apache::lonnet::logthis("<font color=blue>WARNING: ".
- 'Could not obtain exclusive lock in restrictedaccess: '.$!);
- close($idf);
- return 'error: '.$!;
- } else {
- print $idf (&escape($envkey).'='.&escape($end)."\n");
- close($idf);
- return 'ok';
- }
- } else {
- return 'error: no cookie set';
- }
-}
-
sub check_pass {
my ($r,$origurl) = @_;
- my $password = $env{'form.pass1'};
my ($udom,$unum,$group,$file_name,$result,$end);
if ($origurl =~ m-/+uploaded/([^/]+)/([^/]+)/portfolio(/.+)$-) {
$udom = $1;
@@ -165,9 +120,7 @@
foreach my $key (sort(keys(%{$access_hash}))) {
if ($key =~ /^[^:]+:guest_(\d+)/) {
$end = $1;
- my $content = $$access_hash{$key};
- my $passwd = $content->{'password'};
- if ($password eq $passwd) {
+ if ($env{'form.pass1'} eq $access_hash->{$key}{'password'}) {
$result = 'ok';
} else {
$result = 'fail';
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.85 loncom/auth/lonacc.pm:1.86
--- loncom/auth/lonacc.pm:1.85 Sun Jul 9 23:58:45 2006
+++ loncom/auth/lonacc.pm Fri Jul 14 17:38:26 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.85 2006/07/10 03:58:45 raeburn Exp $
+# $Id: lonacc.pm,v 1.86 2006/07/14 21:38:26 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -35,6 +35,7 @@
use Apache::lonnet;
use Apache::loncommon();
use Apache::lonlocal;
+use Apache::restrictedaccess();
use CGI::Cookie();
use Fcntl qw(:flock);
use LONCAPA;
@@ -292,9 +293,8 @@
}
}
}
- my $login = $r->dir_config('Login');
- $login .= '?origurl='.&escape($requrl);
- $r->custom_response(FORBIDDEN,$login);
+ $r->set_handlers('PerlHandler'=> \&Apache::restrictedaccess::handler);
+ $r->content_type('perl-script');
return;
}
@@ -389,22 +389,16 @@
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
- if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
- return OK;
- } else {
- return FORBIDDEN;
- }
+ &passphrase_access_checker($r,$result,$requrl);
+ return OK;
}
} elsif ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$|) {
my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
- if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
- return OK;
- } else {
- return FORBIDDEN;
- }
+ &passphrase_access_checker($r,$result,$requrl);
+ return OK;
}
}
if ($requrl!~/^\/adm|public|prtspool\//) {
@@ -525,23 +519,17 @@
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
- if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
- return OK;
- } else {
- return FORBIDDEN;
- }
+ &passphrase_access_checker($r,$result,$requrl);
+ return OK;
}
} elsif ($requrl =~ m|/+uploaded/([^/]+)/([^/]+)/groups/([^/]+)/portfolio/(.+)$|) {
my $result = &portfolio_access($1,$2,$3.'/'.$4,$3);
if ($result eq 'ok') {
return OK;
} elsif ($result =~ /^[^:]+:guest_/) {
- if (&passphrase_access_checker($r,$result,$requrl) eq 'ok') {
- return OK;
- } else {
- return FORBIDDEN;
- }
- }
+ &passphrase_access_checker($r,$result,$requrl);
+ return OK;
+ }
}
# -------------------------------------------------------------- Not authorized
$requrl=~/\.(\w+)$/;
--albertel1152913106--