[LON-CAPA-cvs] cvs: loncom /interface createaccount.pm
raeburn
lon-capa-cvs-allow@mail.lon-capa.org
Fri, 04 Jul 2008 18:53:22 -0000
raeburn Fri Jul 4 14:53:22 2008 EDT
Modified files:
/loncom/interface createaccount.pm
Log:
- Token required on user information data entry page.
- Token validation required for account creation.
Index: loncom/interface/createaccount.pm
diff -u loncom/interface/createaccount.pm:1.7 loncom/interface/createaccount.pm:1.8
--- loncom/interface/createaccount.pm:1.7 Tue Jul 1 12:41:57 2008
+++ loncom/interface/createaccount.pm Fri Jul 4 14:53:22 2008
@@ -3,7 +3,7 @@
# institutional log-in ID (institutional authentication required - localauth
# or kerberos) or an e-mail address.
#
-# $Id: createaccount.pm,v 1.7 2008/07/01 16:41:57 bisitz Exp $
+# $Id: createaccount.pm,v 1.8 2008/07/04 18:53:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -42,6 +42,7 @@
use DynaLoader; # for Crypt::DES version
use Crypt::DES;
use LONCAPA qw(:DEFAULT :match);
+use HTML::Entities;
sub handler {
my $r = shift;
@@ -122,9 +123,13 @@
my ($output,$msg);
if (grep(/^sso$/,@cancreate)) {
$msg = &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account in this domain.");
- ($output, my $checkfail) = &username_check($sso_username,$domain,$domdesc,$courseid);
- if ($checkfail) {
+ ($output, my $checkfail) = &username_check($sso_username,$domain,
+ $domdesc,$courseid,
+ $lonhost,$contact_email);
+ if ($checkfail eq 'username') {
$msg .= &mt('A LON-CAPA account may not be created with the username you use.');
+ } elsif ($checkfail eq 'authtoken') {
+ $msg .= &mt('Error creating token.');
} else {
$msg .= &mt('To create one, use the table below to provide information about yourself (if appropriate), then click the "Create LON-CAPA account" button.');
}
@@ -181,7 +186,8 @@
$courseid);
} elsif ($env{'form.phase'} eq 'username_validation') {
$output = &username_validation($env{'form.uname'},$domain,$domdesc,
- $contact_name,$contact_email,$courseid);
+ $contact_name,$contact_email,$courseid,
+ $lonhost);
} elsif (!$token) {
my $now=time;
if (grep(/^login$/,@cancreate)) {
@@ -668,7 +674,7 @@
}
sub username_validation {
- my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid) = @_;
+ my ($username,$domain,$domdesc,$contact_name,$contact_email,$courseid,$lonhost) = @_;
my ($retrieved,$output,$upass);
$username= &LONCAPA::clean_username($username);
@@ -694,7 +700,8 @@
$authok = 'non_authorized';
}
if ($authok eq 'authorized') {
- ($output,undef) = &username_check($username,$domain,$domdesc,$courseid);
+ ($output,undef) = &username_check($username,$domain,$domdesc,
+ $courseid,$lonhost,$contact_email);
} else {
$output = '<div class="LC_warning">'
.&mt('Username and/or password could not be authenticated.')
@@ -706,7 +713,7 @@
}
sub username_check {
- my ($username,$domain,$domdesc,$courseid) = @_;
+ my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email) = @_;
my (%rulematch,%inst_results,$newuser,%alerts,%curr_rules,%got_rules);
$newuser = 1;
my $checkhash;
@@ -724,7 +731,7 @@
&Apache::loncommon::user_rule_formats($domain,$domdesc,
$curr_rules{$domain}{'username'},'username');
if ($userchkmsg) {
- $checkfail = 1;
+ $checkfail = 'username';
}
}
return ($userchkmsg,$checkfail);
@@ -732,13 +739,26 @@
}
}
my $submit_text = &mt('Create LON-CAPA account');
- # FIXME need a cookie to confirm credentials were validated.
my $output = '<form method="post" action="/adm/createaccount">'.
&Apache::loncreateuser::personal_data_display($username,$domain,1,
undef,$inst_results{$username.':'.$domain}).
'<br /><br /><input type="hidden" name="uname" value="'.$username.'" />'."\n".
'<input type="hidden" name="udom" value="'.$domain.'" />'."\n".
'<input type="hidden" name="phase" value="username_activation" />';
+ my $now = time;
+ my %info = ('ip' => $ENV{'REMOTE_ADDR'},
+ 'time' => $now,
+ 'domain' => $domain,
+ 'username' => $username);
+ my $authtoken = &Apache::lonnet::tmpput(\%info,$lonhost);
+ if ($authtoken !~ /^error/ && $authtoken ne 'no_such_host') {
+ $output .= '<input type="hidden" name="authtoken" value="'.&HTML::Entities::encode($authtoken,'&<>"').'" />';
+ } else {
+ $output = &mt('An error occurred when storing a token').'<br />'.
+ &mt('You will not be able to proceed to the next stage of account creation').
+ &linkto_email_help($contact_email,$domdesc);
+ return($output,'authtoken');
+ }
if ($courseid ne '') {
$output .= '<input type="hidden" name="courseid" value="'.$courseid.'" />';
}
@@ -756,6 +776,27 @@
&mt('Return to previous page').'</a>'.
&Apache::loncommon::end_page();
my %domdefaults = &Apache::lonnet::get_domain_defaults($domain);
+ my %data = &Apache::lonnet::tmpget($env{'form.authtoken'});
+ my $now = time;
+ my $earlyout;
+ my $timeout = 300;
+ if (keys(%data) == 0) {
+ $output = &mt('Sorry, your authentication has expired.');
+ $earlyout = 'fail';
+ }
+ if (($data{'time'} !~ /^\d+$/) ||
+ ($data{'domain'} ne $domain) ||
+ ($data{'username'} ne $username)) {
+ $earlyout = 'fail';
+ $output = &mt('The credentials you provided could not be verified.');
+ } elsif ($now - $data{'time'} > $timeout) {
+ $earlyout = 'fail';
+ $output = &mt('Sorry, your authentication has expired.');
+ }
+ if ($earlyout ne '') {
+ $output .= '<br />'.&mt('Please [_1]start again[_2].','<a href="/adm/createaccount">','</a>');
+ return($earlyout,$output);
+ }
if ((($domdefaults{'auth_def'} =~/^krb(4|5)$/) &&
($domdefaults{'auth_arg_def'} ne '')) ||
($domdefaults{'auth_def'} eq 'localauth')) {
@@ -776,6 +817,7 @@
$env{'form.cgeneration'},undef,undef,
$env{'form.cpermanentemail'});
if ($result eq 'ok') {
+ my $delete = &Apache::lonnet::tmpdel($env{'form.authtoken'});
$output = &mt('A LON-CAPA account has been created for username: [_1] in domain: [_2].',$username,$domain);
my %form = &start_session($r,$username,$domain,$lonhost,$courseid);
my $nostart = 1;
@@ -838,6 +880,13 @@
if ($msgtext) {
$msg .= '<br />'.$msgtext;
}
+ $msg .= &linkto_email_help($contact_email,$domdesc);
+ return $msg;
+}
+
+sub linkto_email_help {
+ my ($contact_email,$domdesc) = @_;
+ my $msg;
if ($contact_email ne '') {
my $escuri = &HTML::Entities::encode('/adm/createaccount','&<>"');
$msg .= '<br />'.&mt('You may wish to contact the [_1]LON-CAPA helpdesk[_2] for the [_3] domain.','<a href="/adm/helpdesk?origurl='.$escuri.'">','</a>',$domdesc);