[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm
albertel
lon-capa-cvs@mail.lon-capa.org
Tue, 08 Aug 2006 17:20:15 -0000
This is a MIME encoded message
--albertel1155057615
Content-Type: text/plain
albertel Tue Aug 8 13:20:15 2006 EDT
Modified files:
/loncom/auth lonacc.pm
Log:
- fix issues with public access
- publiccheck takes care of issuing all public cookies
(thus no longer getting two ids consumed)
- pucliccheck will initlaize the env of a puclic user so
lonacc can use the existance of user.name and user.domain being
set as a valid check of a being a valid user (as opposed to the
cookie being set to a valid file)
--albertel1155057615
Content-Type: text/plain
Content-Disposition: attachment; filename="albertel-20060808132015.txt"
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.91 loncom/auth/lonacc.pm:1.92
--- loncom/auth/lonacc.pm:1.91 Fri Aug 4 17:31:53 2006
+++ loncom/auth/lonacc.pm Tue Aug 8 13:20:15 2006
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.91 2006/08/04 21:31:53 albertel Exp $
+# $Id: lonacc.pm,v 1.92 2006/08/08 17:20:15 albertel Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -172,147 +172,132 @@
$r->set_handlers('PerlResponseHandler'=>
[\&Apache::switchserver::handler]);
}
-
- if ($handle ne '') {
- if ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
+
+ if ($handle eq '') {
+ $r->log_reason("Cookie $handle not valid", $r->filename);
+ } elsif ((-e "$lonidsdir/$handle.id") && ($handle ne '')) {
# ------------------------------------------------------ Initialize Environment
- &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
+ &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
# --------------------------------------------------------- Initialize Language
- &Apache::lonlocal::get_language_handle($r);
+ &Apache::lonlocal::get_language_handle($r);
+
+ }
+# -------------------------------------------------- Should be a valid user now
+ if ($env{'user.name'} ne '' && $env{'user.domain'} ne '') {
# -------------------------------------------------------------- Resource State
- if ($requrl=~/^\/+(res|uploaded)\//) {
- $env{'request.state'} = "published";
- } else {
- $env{'request.state'} = 'unknown';
- }
- $env{'request.filename'} = $r->filename;
- $env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
+ if ($requrl=~/^\/+(res|uploaded)\//) {
+ $env{'request.state'} = "published";
+ } else {
+ $env{'request.state'} = 'unknown';
+ }
+ $env{'request.filename'} = $r->filename;
+ $env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl);
# -------------------------------------------------------- Load POST parameters
- &Apache::lonacc::get_posted_cgi($r);
+ &Apache::lonacc::get_posted_cgi($r);
# ---------------------------------------------------------------- Check access
- my $now = time;
- if ($requrl!~/^\/adm|public|prtspool\//) {
- my $access=&Apache::lonnet::allowed('bre',$requrl);
- if ($access eq '1') {
- $env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
- return HTTP_NOT_ACCEPTABLE;
- }
- if ($access eq 'A') {
- &Apache::restrictedaccess::setup_handler($r);
- return OK;
- }
- if (($access ne '2') && ($access ne 'F')) {
- $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
- return HTTP_NOT_ACCEPTABLE;
- }
- }
- if ($requrl =~ m|^/prtspool/|) {
- my $start='/prtspool/'.$env{'user.name'}.'_'.
- $env{'user.domain'};
- if ($requrl !~ /^\Q$start\E/) {
- $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
- return HTTP_NOT_ACCEPTABLE;
- }
+ my $now = time;
+ if ($requrl!~/^\/adm|public|prtspool\//) {
+ my $access=&Apache::lonnet::allowed('bre',$requrl);
+ if ($access eq '1') {
+ $env{'user.error.msg'}="$requrl:bre:0:0:Choose Course";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ if ($access eq 'A') {
+ &Apache::restrictedaccess::setup_handler($r);
+ return OK;
+ }
+ if (($access ne '2') && ($access ne 'F')) {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
}
- if ($env{'user.name'} eq 'public' &&
- $env{'user.domain'} eq 'public' &&
- $requrl !~ m{^/+(res|public|uploaded)/} &&
- $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$} &&
- $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
- $env{'request.querystring'}=$r->args;
- $env{'request.firsturl'}=$requrl;
- return FORBIDDEN;
+ }
+ if ($requrl =~ m|^/prtspool/|) {
+ my $start='/prtspool/'.$env{'user.name'}.'_'.
+ $env{'user.domain'};
+ if ($requrl !~ /^\Q$start\E/) {
+ $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied";
+ return HTTP_NOT_ACCEPTABLE;
}
+ }
+ if ($env{'user.name'} eq 'public' &&
+ $env{'user.domain'} eq 'public' &&
+ $requrl !~ m{^/+(res|public|uploaded)/} &&
+ $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x &&
+ $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) {
+ $env{'request.querystring'}=$r->args;
+ $env{'request.firsturl'}=$requrl;
+ return FORBIDDEN;
+ }
# ------------------------------------------------------------- This is allowed
- if ($env{'request.course.id'}) {
+ if ($env{'request.course.id'}) {
&Apache::lonnet::countacc($requrl);
- $requrl=~/\.(\w+)$/;
- if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
- ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$)/) ||
- ($requrl=~/^\/adm\/wrapper\//) ||
- ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
- ($requrl=~m|\.problem/smpedit$|) ||
- ($requrl=~/^\/public\/.*\/syllabus$/)) {
+ $requrl=~/\.(\w+)$/;
+ if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') ||
+ ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$ )/x) ||
+ ($requrl=~/^\/adm\/wrapper\//) ||
+ ($requrl=~m|^/adm/coursedocs/showdoc/|) ||
+ ($requrl=~m|\.problem/smpedit$|) ||
+ ($requrl=~/^\/public\/.*\/syllabus$/)) {
# ------------------------------------- This is serious stuff, get symb and log
my $query=$r->args;
- my $symb;
- if ($query) {
+ my $symb;
+ if ($query) {
&Apache::loncommon::get_unprocessed_cgi($query,['symb']);
- }
- if ($env{'form.symb'}) {
+ }
+ if ($env{'form.symb'}) {
$symb=&Apache::lonnet::symbclean($env{'form.symb'});
- if ($requrl =~ m|^/adm/wrapper/|
+ if ($requrl =~ m|^/adm/wrapper/|
|| $requrl =~ m|^/adm/coursedocs/showdoc/|) {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
'last_known' =>[$murl,$mid]);
- } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
+ } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) ||
(($requrl=~m|(.*)/smpedit$|) &&
&Apache::lonnet::symbverify($symb,$1))) {
- my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
- &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
- 'last_known' =>[$murl,$mid]);
+ my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb);
+ &Apache::lonnet::symblist($map,$murl => [$murl,$mid],
+ 'last_known' =>[$murl,$mid]);
} else {
$r->log_reason('Invalid symb for '.$requrl.': '.
- $symb);
- $env{'user.error.msg'}=
- "$requrl:bre:1:1:Invalid Access";
- return HTTP_NOT_ACCEPTABLE;
- }
- } else {
- $symb=&Apache::lonnet::symbread($requrl);
+ $symb);
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
+ }
+ } else {
+ $symb=&Apache::lonnet::symbread($requrl);
if (&Apache::lonnet::is_on_map($requrl) && $symb &&
!&Apache::lonnet::symbverify($symb,$requrl)) {
$r->log_reason('Invalid symb for '.$requrl.': '.$symb);
- $env{'user.error.msg'}=
- "$requrl:bre:1:1:Invalid Access";
- return HTTP_NOT_ACCEPTABLE;
+ $env{'user.error.msg'}=
+ "$requrl:bre:1:1:Invalid Access";
+ return HTTP_NOT_ACCEPTABLE;
}
if ($symb) {
my ($map,$mid,$murl)=
&Apache::lonnet::decode_symb($symb);
&Apache::lonnet::symblist($map,$murl =>[$murl,$mid],
- 'last_known' =>[$murl,$mid]);
+ 'last_known' =>[$murl,$mid]);
}
- }
- $env{'request.symb'}=$symb;
- &Apache::lonnet::courseacclog($symb);
- } else {
+ }
+ $env{'request.symb'}=$symb;
+ &Apache::lonnet::courseacclog($symb);
+ } else {
# ------------------------------------------------------- This is other content
- &Apache::lonnet::courseacclog($requrl);
- }
- }
- return OK;
- } else {
- $r->log_reason("Cookie $handle not valid", $r->filename);
- }
+ &Apache::lonnet::courseacclog($requrl);
+ }
}
-
-# -------------------------------------------- See if this is a public resource
- if ($requrl=~m|^/public/|
- || (&Apache::lonnet::metadata($requrl,'copyright') eq 'public')) {
- &Apache::lonnet::logthis('Granting public access: '.$requrl);
- &Apache::lonlocal::get_language_handle($r);
- my $cookie=
- &Apache::lonauth::success($r,'public','public','public');
- my $lonidsdir=$r->dir_config('lonIDsDir');
- &Apache::lonnet::transfer_profile_to_env($lonidsdir,$cookie);
- &Apache::lonacc::get_posted_cgi($r);
- $env{'request.state'} = "published";
- $env{'request.publicaccess'} = 1;
- $env{'request.filename'} = $r->filename;
-
- $r->header_out('Set-cookie',"lonID=$cookie; path=/");
- return OK;
+ return OK;
}
+# -------------------------------------------- See if this is a public resource
if ($requrl=~m|^/+adm/+help/+|) {
return OK;
}
--albertel1155057615--