[LON-CAPA-cvs] cvs: loncom /auth lonwebdavacc.pm lonwebdavauth.pm

Fri May 29 16:00:50 EDT 2015

raeburn		Fri May 29 20:00:50 2015 EDT

  Modified files:              
    /loncom/auth	lonwebdavacc.pm lonwebdavauth.pm 
  Log:
  - Single Sign On needs to be able to interface with Apache Basic Auth
    in order to support webDAV clients.
  - For now SSO is not supported with webDAV in LON-CAPA.
  - Discontinue use of call to &sso_login() in lonwebdavacc.pm
  
  
Index: loncom/auth/lonwebdavacc.pm
diff -u loncom/auth/lonwebdavacc.pm:1.4 loncom/auth/lonwebdavacc.pm:1.5

--- loncom/auth/lonwebdavacc.pm:1.4	Fri May 29 18:42:01 2015
+++ loncom/auth/lonwebdavacc.pm	Fri May 29 20:00:49 2015
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Authorization Handler for webDAV access to Authoring Space. 
 #
-# $Id: lonwebdavacc.pm,v 1.4 2015/05/29 18:42:01 raeburn Exp $
+# $Id: lonwebdavacc.pm,v 1.5 2015/05/29 20:00:49 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -47,17 +47,10 @@
  <LocationMatch "^/+webdav/[\w\-.]+/\w[\w.\-\@]+/">
 
 This module is only called following successful authentication. 
-Unless lonOtherAuthen has been set, so Single Sign On can be used,
-successful authentication will have created a session file and
+Successful authentication will have created a session file and
 transferred the contents to the user's environment.
 
-In the case of SSO, there is no existing user environment, but  
-$r->user will have been set to the user's username, following 
-successful authentication.  For SSO, the webDAV session file
-and environment are set up by a call to 
-Apache::lonwebdavauth::init_webdav_env().
-
-Note: because Apache Basic Auth is used for authentication (unless SSO)
+Note: because Apache Basic Auth is used for authentication 
 webDAV access is only available for servers running Apache with SSL.
 
 This is part of the LearningOnline Network with CAPA project
@@ -75,14 +68,17 @@
 
 =item *
 
-If no %env, this was SSO authentication so call to &sso_login() to
-create session, and return cookie. 
+If no %env, calls Apache::lonnet::check_for_valid_session() 
+to retrieve a valid sessionID (webDAV client needs to support
+cookies for session retrieval to be successful). If a session is
+found Apache::lonnet::transfer_profile_to_env() is called 
+to populate %env.
 
 =item *
 
 Checks if requested URL (of form /webdav/authordomain/authorname) is valid
 and whether authenticated user has an active author or co-author
-role in the corresonding Author Space. 
+role in the corresponding Authoring Space. 
 
 =back
 
@@ -96,7 +92,7 @@
 
 =item *
 
-Called if no user.environment exists in %env.
+Not currently used.
 
 =item *
 
@@ -137,13 +133,10 @@
     my $author = "$aname:$adom";
     unless ($env{'user.environment'}) {
         my $handle = &Apache::lonnet::check_for_valid_session($r,'lonDAV');
-        if ($handle eq '') {
-            $handle = &sso_login($r,$sessiondir,$now,$timetolive,$author);
-            if ($handle eq '') {
-                return FORBIDDEN;
-            }
-        } else {
+        if ($handle ne '') {
             &Apache::lonnet::transfer_profile_to_env($sessiondir,$handle);
+        } else {
+            return FORBIDDEN;
         }
     }
     my $uhome=&Apache::lonnet::homeserver($env{'user.name'},$env{'user.domain'});
Index: loncom/auth/lonwebdavauth.pm
diff -u loncom/auth/lonwebdavauth.pm:1.3 loncom/auth/lonwebdavauth.pm:1.4
--- loncom/auth/lonwebdavauth.pm:1.3	Fri May 29 18:42:01 2015
+++ loncom/auth/lonwebdavauth.pm	Fri May 29 20:00:49 2015
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Authentication Handler for webDAV access to Authoring Space.
 #
-# $Id: lonwebdavauth.pm,v 1.3 2015/05/29 18:42:01 raeburn Exp $
+# $Id: lonwebdavauth.pm,v 1.4 2015/05/29 20:00:49 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -57,11 +57,10 @@
 provides the directory location: /home/httpd/webdav/sessionIDs.
 
 If the session is stale, or the cookie is missing or invalid, 
-the user is re-challenged for login information. If the perlvar
-lonOtherAuthen has been set, Single Sign On will be used, otherwise
-an Apache Basic Auth request will be sent to the client.
+the user is re-challenged for login information, by sending
+an Apache Basic Auth request to the client.
 
-If Apache Basic Auth is used, successful authentication will
+If Apache Basic Auth is successful authentication will
 result in creation of a webDAV session file containing a 
 minimal set of information about the user which will also be 
 loaded into the user's environment.  The environment persists
@@ -87,13 +86,8 @@
 
 =item *
 
-No session? - if SSO enabled: return DECLINED
-
-=item *
-
-No session? - if SSO not enabled: return AUTH_REQUIRED
-which will prompt webDAV client to authenticate user 
-(via Apache Basic Auth).
+No session? return AUTH_REQUIRED which will prompt 
+webDAV client to authenticate user (via Apache Basic Auth). 
 
 =item *
 
@@ -179,13 +173,6 @@
         }
     }
 
-    if ($r->dir_config('lonOtherAuthen') eq 'yes') {
-        if (defined($r->dir_config('lonOtherAuthenType'))) {
-            $r->auth_type($r->dir_config('lonOtherAuthenType'));
-        }
-        return DECLINED;
-    }
-
     my ($status,$upass) = $r->get_basic_auth_pw;
     return $status unless ($status == 0 || $status == OK);
 
@@ -198,7 +185,7 @@
     } else {
         $uname = $r->user;
         ($udom) = ($r->uri =~ m{^/webdav/($match_domain)/});
-        unless (($udom ne '' ) && ($uname =~ /^$match_username$/)) {
+        unless (($udom ne '' ) && ($uname =~ /^$match_username$/) && ($upass ne '')) {
             $r->note_basic_auth_failure;
             return AUTH_REQUIRED;
         }


