[LON-CAPA-cvs] cvs: loncom /interface createaccount.pm domainprefs.pm
raeburn
raeburn at source.lon-capa.org
Mon May 5 17:28:10 EDT 2014
raeburn Mon May 5 21:28:10 2014 EDT
Modified files:
/loncom/interface createaccount.pm domainprefs.pm
Log:
- Domain configuration for self-creation of accounts by users authenticated
via Shibboleth SSO.
- Set which environment variables provided by Shibboleth map to which
user information fields.
-------------- next part --------------
Index: loncom/interface/createaccount.pm
diff -u loncom/interface/createaccount.pm:1.64 loncom/interface/createaccount.pm:1.65
--- loncom/interface/createaccount.pm:1.64 Wed Apr 23 10:11:26 2014
+++ loncom/interface/createaccount.pm Mon May 5 21:28:10 2014
@@ -4,7 +4,7 @@
# kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
# username may be processed automatically, or may be queued for approval.
#
-# $Id: createaccount.pm,v 1.64 2014/04/23 10:11:26 raeburn Exp $
+# $Id: createaccount.pm,v 1.65 2014/05/05 21:28:10 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -170,10 +170,38 @@
if (grep(/^sso$/,@{$cancreate})) {
$msg = '<h3>'.&mt('Account creation').'</h3>'.
&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution.").'<br />';
-
+ my $shibenv;
+ if (($r->dir_config('lonOtherAuthen') eq 'yes') &&
+ ($r->dir_config('lonOtherAuthenType') eq 'Shibboleth')) {
+ if (ref($domconfig{'usercreation'}) eq 'HASH') {
+ if (ref($domconfig{'usercreation'}{'cancreate'}) eq 'HASH') {
+ if (ref($domconfig{'usercreation'}{'cancreate'}{'shibenv'}) eq 'HASH') {
+ my @possfields = ('firstname','middlename','lastname','generation',
+ 'permanentemail','id');
+ my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($domain);
+ $shibenv= {};
+ foreach my $key (keys(%{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}})) {
+ if ($key eq 'inststatus') {
+ if (ref($usertypes) eq 'HASH') {
+ if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+ if (exists($usertypes->{$domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key}})) {
+ $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+ }
+ }
+ }
+ } elsif (grep(/^\Q$key\E/, at possfields)) {
+ if ($domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key} ne '') {
+ $shibenv->{$key} = $domconfig{'usercreation'}{'cancreate'}{'shibenv'}{$key};
+ }
+ }
+ }
+ }
+ }
+ }
+ }
$msg .= &username_check($sso_username,$domain,$domdesc,$courseid,
$lonhost,$contact_email,$contact_name,
- $sso_logout,$statustocreate);
+ $sso_logout,$statustocreate,$shibenv);
} else {
$msg = '<h3>'.&mt('Account creation unavailable').'</h3>'.
'<span class="LC_warning">'.&mt("Although your username and password were authenticated by your institution's Single Sign On system, you do not currently have a LON-CAPA account at this institution, and you are not permitted to create one.").'</span><br /><br />'.&mt('Please contact the [_1] ([_2]) for assistance.',$contact_name,$contact_email).'<hr />'.
@@ -1164,7 +1192,7 @@
sub username_check {
my ($username,$domain,$domdesc,$courseid,$lonhost,$contact_email,
- $contact_name,$sso_logout,$statustocreate) = @_;
+ $contact_name,$sso_logout,$statustocreate,$shibenv) = @_;
my (%rulematch,%inst_results,$checkfail,$rowcount,$editable,$output,$msg,
%alerts,%curr_rules,%got_rules);
&call_rulecheck($username,$domain,\%alerts,\%rulematch,
@@ -1200,6 +1228,11 @@
}
if (!$checkfail) {
$output = '<form method="post" action="/adm/createaccount">';
+ if (ref($shibenv) eq 'HASH') {
+ foreach my $key (keys(%{$shibenv})) {
+ $inst_results{$username.':'.$domain}{$key} = $shibenv->{$key};
+ }
+ }
(my $datatable,$rowcount,$editable) =
&Apache::loncreateuser::personal_data_display($username,$domain,1,'selfcreate',
$inst_results{$username.':'.$domain});
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.239 loncom/interface/domainprefs.pm:1.240
--- loncom/interface/domainprefs.pm:1.239 Sun May 4 21:48:56 2014
+++ loncom/interface/domainprefs.pm Mon May 5 21:28:10 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.239 2014/05/04 21:48:56 raeburn Exp $
+# $Id: domainprefs.pm,v 1.240 2014/05/05 21:28:10 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -4081,6 +4081,43 @@
$$rowtotal ++;
}
}
+ my @fields = ('lastname','firstname','middlename','permanentemail','id','inststatus');
+ my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
+ $fieldtitles{'inststatus'} = &mt('Institutional status');
+ my $rem;
+ my $numperrow = 2;
+ my $css_class = $$rowtotal%2?' class="LC_odd_row"':'';
+ $datatable .= '<tr'.$css_class.'>'.
+ '<td class="LC_left_item">'.&mt('Shibboleth (SSO) Data').'</td>'.
+ '<td class="LC_left_item">'."\n".
+ '<table><tr><td>'."\n";
+ for (my $i=0; $i<@fields; $i++) {
+ $rem = $i%($numperrow);
+ if ($rem == 0) {
+ if ($i > 0) {
+ $datatable .= '</tr>';
+ }
+ $datatable .= '<tr>';
+ }
+ my $currval;
+ if (ref($createsettings->{'shibenv'}) eq 'HASH') {
+ $currval = $createsettings->{'shibenv'}{$fields[$i]};
+ }
+ $datatable .= '<td class="LC_left_item">'.
+ '<span class="LC_nobreak">'.
+ '<input type="text" name="shibenv_'.$fields[$i].'" '.
+ 'value="'.$currval.'" size="10" /> '.
+ $fieldtitles{$fields[$i]}.'</span></td>';
+ }
+ my $colsleft = $numperrow - $rem;
+ if ($colsleft > 1 ) {
+ $datatable .= '<td colspan="'.$colsleft.'" class="LC_left_item">'.
+ ' </td>';
+ } elsif ($colsleft == 1) {
+ $datatable .= '<td class="LC_left_item"> </td>';
+ }
+ $datatable .= '</tr></table></td></tr>';
+ $$rowtotal ++;
} elsif ($position eq 'middle') {
my %domconf = &Apache::lonnet::get_dom('configuration',['usermodification'],$dom);
my ($othertitle,$usertypes,$types) = &Apache::loncommon::sorted_inst_types($dom);
@@ -4091,7 +4128,7 @@
foreach my $status (@{$types}) {
$datatable .= &modifiable_userdata_row('selfcreate',$status,$domconf{'usermodification'},
$numinrow,$$rowtotal,$usertypes);
- $$rowtotal ++;
+ $$rowtotal ++;
}
}
} else {
@@ -4137,8 +4174,8 @@
$additional .= '</div>'."\n";
($datatable,$itemcount) = &radiobutton_prefs(\%radiohash,\@toggles,\%defaultchecked,
- \%choices,$itemcount,$onclick,$additional);
- $$rowtotal += $itemcount;
+ \%choices,$$rowtotal,$onclick,$additional);
+ $$rowtotal ++;
$datatable .= &print_requestmail($dom,'selfcreation',$createsettings,$rowtotal);
$$rowtotal ++;
my ($infofields,$infotitles) = &Apache::loncommon::emailusername_info();
@@ -8336,7 +8373,7 @@
if (($item eq 'selfcreate') || ($item eq 'statustocreate') ||
($item eq 'captcha') || ($item eq 'recaptchakeys') ||
($item eq 'emailusername') || ($item eq 'notify') ||
- ($item eq 'selfcreateprocessing')) {
+ ($item eq 'selfcreateprocessing') || ($item eq 'shibenv')) {
$curr_usercreation{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
} else {
$save_usercreate{$key}{$item} = $domconfig{'usercreation'}{$key}{$item};
@@ -8368,6 +8405,7 @@
%{$cancreate{'emailusername'}} = ();
@{$cancreate{'statustocreate'}} = ();
%{$cancreate{'selfcreateprocessing'}} = ();
+ %{$cancreate{'shibenv'}} = ();
my %selfcreatetypes = (
sso => 'users authenticated by institutional single sign on',
login => 'users authenticated by institutional log-in',
@@ -8485,6 +8523,7 @@
}
my @fields = ('lastname','firstname','middlename','generation',
'permanentemail','id');
+ my @shibfields = (@fields,'inststatus');
my %fieldtitles = &Apache::loncommon::personal_data_fieldtitles();
#
# Where usernames may created for institutional log-in and/or institutional single sign on:
@@ -8529,6 +8568,27 @@
}
}
}
+ foreach my $field (@shibfields) {
+ if ($env{'form.shibenv_'.$field} ne '') {
+ $cancreate{'shibenv'}{$field} = $env{'form.shibenv_'.$field};
+ }
+ }
+ if (ref($curr_usercreation{'cancreate'}) eq 'HASH') {
+ if (ref($curr_usercreation{'cancreate'}{'shibenv'}) eq 'HASH') {
+ foreach my $field (@shibfields) {
+ if ($env{'form.shibenv_'.$field} ne $curr_usercreation{'cancreate'}{'shibenv'}{$field}) {
+ push(@{$changes{'cancreate'}},'shibenv');
+ }
+ }
+ } else {
+ foreach my $field (@shibfields) {
+ if ($env{'form.shibenv_'.$field}) {
+ push(@{$changes{'cancreate'}},'shibenv');
+ last;
+ }
+ }
+ }
+ }
}
foreach my $item (@contexts) {
if (ref($curr_usercreation{'cancreate'}{$item}) eq 'ARRAY') {
@@ -8651,6 +8711,9 @@
if (ref($cancreate{'statustocreate'}) eq 'ARRAY') {
$save_usercreate{'cancreate'}{'statustocreate'} = $cancreate{'statustocreate'};
}
+ if (ref($cancreate{'shibenv'}) eq 'HASH') {
+ $save_usercreate{'cancreate'}{'shibenv'} = $cancreate{'shibenv'};
+ }
$save_usercreate{'cancreate'}{'emailusername'} = $cancreate{'emailusername'};
$save_usercreate{'emailrule'} = \@email_rule;
@@ -8693,6 +8756,22 @@
}
}
}
+ } elsif ($type eq 'shibenv') {
+ if (keys(%{$cancreate{$type}}) == 0) {
+ $chgtext .= &mt('Shibboleth-autheticated user does not use environment variables to set user information');
+ } else {
+ $chgtext .= &mt('Shibboleth-autheticated user information set from environment variables, as follows:').
+ '<ul>';
+ foreach my $field (@shibfields) {
+ next if ($cancreate{$type}{$field} eq '');
+ if ($field eq 'inststatus') {
+ $chgtext .= '<li>'.&mt('Institutional status').' -- '.$cancreate{$type}{$field}.'</li>';
+ } else {
+ $chgtext .= '<li>'.$fieldtitles{$field}.' -- '.$cancreate{$type}{$field}.'</li>';
+ }
+ }
+ $chgtext .= '</ul>';
+ }
} elsif ($type eq 'statustocreate') {
if ((ref($cancreate{'selfcreate'}) eq 'ARRAY') &&
(ref($cancreate{'statustocreate'}) eq 'ARRAY')) {
More information about the LON-CAPA-cvs
mailing list