[LON-CAPA-cvs] cvs: loncom /interface createaccount.pm domainprefs.pm

raeburn raeburn at source.lon-capa.org
Mon May 5 17:28:10 EDT 2014


raeburn		Mon May  5 21:28:10 2014 EDT

  Modified files:              
    /loncom/interface	createaccount.pm domainprefs.pm 
  Log:
  - Domain configuration for self-creation of accounts by users authenticated
    via Shibboleth SSO.
    - Set which environment variables provided by Shibboleth map to which 
      user information fields.  
  
  
-------------- next part --------------
Index: loncom/interface/createaccount.pm
diff -u loncom/interface/createaccount.pm:1.64 loncom/interface/createaccount.pm:1.65
--- loncom/interface/createaccount.pm:1.64	Wed Apr 23 10:11:26 2014
+++ loncom/interface/createaccount.pm	Mon May  5 21:28:10 2014
@@ -4,7 +4,7 @@
 # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
 # username may be processed automatically, or may be queued for approval.
 #
-# $Id: createaccount.pm,v 1.64 2014/04/23 10:11:26 raeburn Exp $
+# $Id: createaccount.pm,v 1.65 2014/05/05 21:28:10 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -170,10 +170,38 @@
         if (grep(/^sso$/,@{$cancreate})) {
             $msg = '<h3>'.&mt('Account creation').'</h3>'.
                    &mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'<br />';
-
+            my $shibenv;
+            if (($r->dir_config('lonOtherAuthen') eq 'yes') && 
+                ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) {
+                if (ref($domconfig{'usercreation'}) eq 'HASH') {
+                    if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+                        if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') {
+                            my @possfields = ('firstname','middlename','lastname','generation',
+                                              'permanentemail','id');
+                            my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+                            $shibenv= {};
+                            foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) {
+                                if ($key eq 'inststatus') {
+                                    if (ref($usertypes) eq 'HASH') {
+                                        if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                            if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) {
+                                                $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                             }
+                                        }
+                                    }
+                                } elsif (grep(/^\Q$key\E/, at possfields)) {
+                                    if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+                                        $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
             $msg .= &username_check($sso_username,$domain,$domdesc,$courseid, 
                                     $lonhost,$contact_email,$contact_name,
-                                    $sso_logout,$statustocreate);
+                                    $sso_logout,$statustocreate,$shibenv);
         } else {
             $msg = '<h3>'.&mt('Account creation unavailable').'</h3>'.
                    '<span class="LC_warning">'.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'</span><br /><br />'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'<hr />'.
@@ -1164,7 +1192,7 @@
 
 sub username_check {
     my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,
-        $contact_name,$sso_logout,$statustocreate) = @_;
+        $contact_name,$sso_logout,$statustocreate,$shibenv) = @_;
     my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg,
         %alerts,%curr_rules,%got_rules);
     &call_rulecheck($username,$domain,\%alerts,\%rulematch,
@@ -1200,6 +1228,11 @@
     }
     if (!$checkfail) {
         $output = '<form method="post" action="/adm/createaccount">';
+        if (ref($shibenv) eq 'HASH') {
+            foreach my $key (keys(%{$shibenv})) {
+                 $inst_results{$username.':'.$domain}{$key} = $shibenv->{$key};
+            }
+        }
         (my $datatable,$rowcount,$editable) = 
             &Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate',
                                                          $inst_results{$username.':'.$domain});
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.239 loncom/interface/domainprefs.pm:1.240
--- loncom/interface/domainprefs.pm:1.239	Sun May  4 21:48:56 2014
+++ loncom/interface/domainprefs.pm	Mon May  5 21:28:10 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.239 2014/05/04 21:48:56 raeburn Exp $
+# $Id: domainprefs.pm,v 1.240 2014/05/05 21:28:10 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4081,6 +4081,43 @@
                 $$rowtotal ++;
             }
         }
+        my @fields = ('lastname','firstname','middlename','permanentemail','id','inststatus');
+        my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
+        $fieldtitles{'inststatus'} = &mt('Institutional status');
+        my $rem;
+        my $numperrow = 2;
+        my $css_class = $$rowtotal%2?' class="LC_odd_row"':'';
+        $datatable .= '<tr'.$css_class.'>'.
+                     '<td class="LC_left_item">'.&mt('Shibboleth (SSO) Data').'</td>'.
+                     '<td class="LC_left_item">'."\n".
+                     '<table><tr><td>'."\n";
+        for (my $i=0; $i<@fields; $i++) {
+            $rem = $i%($numperrow);
+            if ($rem == 0) {
+                if ($i > 0) {
+                    $datatable .= '</tr>';
+                }
+                $datatable .= '<tr>';
+            }
+            my $currval;
+            if (ref($createsettings->{'shibenv'}) eq 'HASH') {
+                $currval = $createsettings->{'shibenv'}{$fields[$i]};
+            }
+            $datatable .= '<td class="LC_left_item">'.
+                          '<span class="LC_nobreak">'.
+                          '<input type="text" name="shibenv_'.$fields[$i].'" '.
+                          'value="'.$currval.'" size="10" /> '.
+                          $fieldtitles{$fields[$i]}.'</span></td>';
+        }
+        my $colsleft = $numperrow - $rem;
+        if ($colsleft > 1 ) {
+            $datatable .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
+                         ' </td>';
+        } elsif ($colsleft == 1) {
+            $datatable .= '<td class="LC_left_item"> </td>';
+        }
+        $datatable .= '</tr></table></td></tr>';
+        $$rowtotal ++;
     } elsif ($position eq 'middle') {
         my %domconf = &Apache::lonnet::get_dom('configuration',['usermodification'],$dom);
         my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
@@ -4091,7 +4128,7 @@
             foreach my $status (@{$types}) {
                 $datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'},
                                                        $numinrow,$$rowtotal,$usertypes);
-            $$rowtotal ++;
+                $$rowtotal ++;
             }
         }
     } else {
@@ -4137,8 +4174,8 @@
         $additional .= '</div>'."\n";
 
         ($datatable,$itemcount) = &radiobutton_prefs(\%radiohash,\@toggles,\%defaultchecked,
-                                                     \%choices,$itemcount,$onclick,$additional);
-        $$rowtotal += $itemcount;
+                                                     \%choices,$$rowtotal,$onclick,$additional);
+        $$rowtotal ++;
         $datatable .= &print_requestmail($dom,'selfcreation',$createsettings,$rowtotal);
         $$rowtotal ++;
         my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info();
@@ -8336,7 +8373,7 @@
                         if (($item eq 'selfcreate') || ($item eq 'statustocreate') ||
                             ($item eq 'captcha') || ($item eq 'recaptchakeys') || 
                             ($item eq 'emailusername') || ($item eq 'notify') ||
-                            ($item eq 'selfcreateprocessing')) {
+                            ($item eq 'selfcreateprocessing') || ($item eq 'shibenv')) {
                             $curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
                         } else {
                             $save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
@@ -8368,6 +8405,7 @@
     %{$cancreate{'emailusername'}} = ();
     @{$cancreate{'statustocreate'}} = ();
     %{$cancreate{'selfcreateprocessing'}} = ();
+    %{$cancreate{'shibenv'}} = ();
     my %selfcreatetypes = (
                              sso   => 'users authenticated by institutional single sign on',
                              login => 'users authenticated by institutional log-in',
@@ -8485,6 +8523,7 @@
     }
     my @fields = ('lastname','firstname','middlename','generation',
                   'permanentemail','id');
+    my @shibfields = (@fields,'inststatus');
     my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
 #
 # Where usernames may created for institutional log-in and/or institutional single sign on:
@@ -8529,6 +8568,27 @@
                 }
             }
         }
+        foreach my $field (@shibfields) {
+            if ($env{'form.shibenv_'.$field} ne '') {
+                $cancreate{'shibenv'}{$field} = $env{'form.shibenv_'.$field};
+            }
+        }
+        if (ref($curr_usercreation{'cancreate'}) eq 'HASH') {
+            if (ref($curr_usercreation{'cancreate'}{'shibenv'}) eq 'HASH') {
+                foreach my $field (@shibfields) {
+                    if ($env{'form.shibenv_'.$field} ne $curr_usercreation{'cancreate'}{'shibenv'}{$field}) {
+                        push(@{$changes{'cancreate'}},'shibenv');
+                    }
+                }
+            } else {
+                foreach my $field (@shibfields) {
+                    if ($env{'form.shibenv_'.$field}) {
+                        push(@{$changes{'cancreate'}},'shibenv');
+                        last;
+                    }
+                }
+            }
+        }
     }
     foreach my $item (@contexts) {
         if (ref($curr_usercreation{'cancreate'}{$item}) eq 'ARRAY') {
@@ -8651,6 +8711,9 @@
     if (ref($cancreate{'statustocreate'}) eq 'ARRAY') {
         $save_usercreate{'cancreate'}{'statustocreate'} = $cancreate{'statustocreate'};
     }
+    if (ref($cancreate{'shibenv'}) eq 'HASH') {
+        $save_usercreate{'cancreate'}{'shibenv'} = $cancreate{'shibenv'};
+    }
     $save_usercreate{'cancreate'}{'emailusername'} = $cancreate{'emailusername'};
     $save_usercreate{'emailrule'} = \@email_rule;
 
@@ -8693,6 +8756,22 @@
                                 }
                             }
                         }
+                    } elsif ($type eq 'shibenv') {
+                        if (keys(%{$cancreate{$type}}) == 0) {
+                            $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information'); 
+                        } else {
+                            $chgtext .= &mt('Shibboleth-autheticated user information set from environment variables, as follows:').
+                                        '<ul>';
+                            foreach my $field (@shibfields) {
+                                next if ($cancreate{$type}{$field} eq '');
+                                if ($field eq 'inststatus') {
+                                    $chgtext .= '<li>'.&mt('Institutional status').' -- '.$cancreate{$type}{$field}.'</li>';
+                                } else {
+                                    $chgtext .= '<li>'.$fieldtitles{$field}.' -- '.$cancreate{$type}{$field}.'</li>';
+                                }
+                            }
+                            $chgtext .= '</ul>';
+                        }  
                     } elsif ($type eq 'statustocreate') {
                         if ((ref($cancreate{'selfcreate'}) eq 'ARRAY') &&
                             (ref($cancreate{'statustocreate'}) eq 'ARRAY')) {


More information about the LON-CAPA-cvs mailing list