[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm lonlogin.pm lonlogout.pm migrateuser.pm switchserver.pm /cgi loncgi.pm /interface loncommon.pm /lonnet/perl lonnet.pm

raeburn raeburn at source.lon-capa.org
Wed Jul 4 12:58:30 EDT 2018


raeburn		Wed Jul  4 16:58:30 2018 EDT

  Modified files:              
    /loncom/auth	lonauth.pm lonlogin.pm lonlogout.pm migrateuser.pm 
                	switchserver.pm 
    /loncom/interface	loncommon.pm 
    /loncom/cgi	loncgi.pm 
    /loncom/lonnet/perl	lonnet.pm 
  Log:
  - Use 'secure' attribute for session cookie on servers using Apache/SSL.
  
  
-------------- next part --------------
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.153 loncom/auth/lonauth.pm:1.154
--- loncom/auth/lonauth.pm:1.153	Sun Jul  1 00:03:42 2018
+++ loncom/auth/lonauth.pm	Wed Jul  4 16:58:19 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # User Authentication Module
 #
-# $Id: lonauth.pm,v 1.153 2018/07/01 00:03:42 raeburn Exp $
+# $Id: lonauth.pm,v 1.154 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -76,8 +76,9 @@
 
 # ----------------------------------------------------------- Get cookies ready
     my ($securecookie,$defaultcookie);
-    if ($ENV{'SERVER_PORT'} == 443) {
-        $securecookie="lonID=$cookie; path=/; HttpOnly; secure";
+    my $ssl = $r->subprocess_env('https');
+    if ($ssl) {
+        $securecookie="lonSID=$cookie; path=/; HttpOnly; secure";
         my $lonidsdir=$r->dir_config('lonIDsDir');
         if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
             my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
@@ -88,7 +89,7 @@
                                               "$lonidsdir/$linkname.id"); 1 };
             if ($made_symlink) {
                 $defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
-                &Apache::lonnet::appenv({'user.linkedenv' => "$lonidsdir/$linkname.id"});
+                &Apache::lonnet::appenv({'user.linkedenv' => $linkname});
             }
         }
     } else {
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.172 loncom/auth/lonlogin.pm:1.173
--- loncom/auth/lonlogin.pm:1.172	Fri Jan 12 15:26:39 2018
+++ loncom/auth/lonlogin.pm	Wed Jul  4 16:58:19 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Login Screen
 #
-# $Id: lonlogin.pm,v 1.172 2018/01/12 15:26:39 raeburn Exp $
+# $Id: lonlogin.pm,v 1.173 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -86,10 +86,14 @@
                                 -expires => '-10y',);
         $r->header_out('Set-cookie' => $c);
     } elsif (($handle eq '') && ($userdom ne '')) {
-        my $c = new CGI::Cookie(-name    => 'lonID',
-                                -value   => '',
-                                -expires => '-10y',);
-        $r->headers_out->add('Set-cookie' => $c);
+        my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+        foreach my $name (keys(%cookies)) {
+            next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+            my $c = new CGI::Cookie(-name    => $name,
+                                    -value   => '',
+                                    -expires => '-10y',);
+            $r->headers_out->add('Set-cookie' => $c);
+        }
     }
     $r->send_http_header;
     return OK if $r->header_only;
Index: loncom/auth/lonlogout.pm
diff -u loncom/auth/lonlogout.pm:1.54 loncom/auth/lonlogout.pm:1.55
--- loncom/auth/lonlogout.pm:1.54	Tue May  8 15:37:41 2018
+++ loncom/auth/lonlogout.pm	Wed Jul  4 16:58:19 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Logout Handler
 #
-# $Id: lonlogout.pm,v 1.54 2018/05/08 15:37:41 raeburn Exp $
+# $Id: lonlogout.pm,v 1.55 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -71,12 +71,11 @@
     my @profile;
     my $lonidsdir=$r->dir_config('lonIDsDir');
     &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
-    unlink("$lonidsdir/$handle.id");
-    if ($env{'user.linkedenv'} ne '') {
-        my $lonhost = $r->dir_config('lonHostID');
-        if ((-l $env{'user.linkedenv'}) && 
-            (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
-            unlink($env{'user.linkedenv'});
+    if (unlink("$lonidsdir/$handle.id")) {
+        if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+            (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+            (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) {
+            unlink("$lonidsdir/$env{'user.linkedenv'}.id");
         }
     }
     if (!$Apache::lonlocal::lh) {
@@ -91,20 +90,14 @@
 
     &Apache::loncommon::content_type($r,'text/html');
 
-    #expire the cookie
-    my $name = 'lonID';
-    if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public')) {
-        $name = 'lonPubID';
-    }
-    my $c = new CGI::Cookie(-name    => $name,
-			    -value   => '',
-			    -expires => '-10y',);
-    $r->headers_out->add('Set-cookie' => $c);
-    if (($name eq 'lonID') && ($env{'user.linkedenv'})) {
-        my $other = new CGI::Cookie(-name    => 'lonLinkID',
-                                    -value   => '',
-                                    -expires => '-10y',);
-        $r->headers_out->add('Set-cookie' => $other);
+    #expire the cookies
+    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+    foreach my $name (keys(%cookies)) {
+        next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+        my $c = new CGI::Cookie(-name    => $name,
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->headers_out->add('Set-cookie' => $c);
     }
     $r->send_http_header;
     return OK if $r->header_only;
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.33 loncom/auth/migrateuser.pm:1.34
--- loncom/auth/migrateuser.pm:1.33	Sun Jul  1 00:03:42 2018
+++ loncom/auth/migrateuser.pm	Wed Jul  4 16:58:19 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.33 2018/07/01 00:03:42 raeburn Exp $
+# $Id: migrateuser.pm,v 1.34 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -258,12 +258,12 @@
 
 sub logout {
     my ($r,$handle,$data,$lti_env) = @_;
-    unlink($handle);
-    if ($env{'user.linkedenv'} ne '') {
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-l $env{'user.linkedenv'}) &&
-            (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
-            unlink($env{'user.linkedenv'});
+    my $lonidsdir=$r->dir_config('lonIDsDir');
+    if (unlink("$lonidsdir/$handle.id")) {
+        if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+            (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+            (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) {
+            unlink("$lonidsdir/$env{'user.linkedenv'}.id");
         }
     }
     my %temp=('logout' => time);
@@ -275,18 +275,15 @@
 
     &Apache::loncommon::content_type($r,'text/html');
 
-    #expire the cookie
-    my $c = new CGI::Cookie(-name    => 'lonID',
-                            -value   => '',
-                            -expires => '-10y',);
-    $r->headers_out->add('Set-cookie' => $c);
-    if ($env{'user.linkedenv'}) {
-        my $linked = new CGI::Cookie(-name    => 'lonLinkID',
-                                     -value   => '',
-                                     -expires => '-10y',);
-        $r->headers_out->add('Set-cookie' => $linked);
+    #expire the cookies
+    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+    foreach my $name (keys(%cookies)) {
+        next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+        my $c = new CGI::Cookie(-name    => $name,
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->headers_out->add('Set-cookie' => $c);
     }
-    my $lonhost = $r->dir_config('lonHostID');
     my (%info,%user_info,%lti_info);
     if (ref($lti_env) eq 'HASH') {
         %lti_info = %{$lti_env};
Index: loncom/auth/switchserver.pm
diff -u loncom/auth/switchserver.pm:1.40 loncom/auth/switchserver.pm:1.41
--- loncom/auth/switchserver.pm:1.40	Sat Apr 14 02:30:11 2018
+++ loncom/auth/switchserver.pm	Wed Jul  4 16:58:19 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Switch Servers Handler
 #
-# $Id: switchserver.pm,v 1.40 2018/04/14 02:30:11 raeburn Exp $
+# $Id: switchserver.pm,v 1.41 2018/07/04 16:58:19 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -166,12 +166,14 @@
     }
 
     #remove session env, and log event
-    unlink($handle);
-    if ($env{'user.linkedenv'} ne '') {
-        my $lonidsdir=$r->dir_config('lonIDsDir');
-        if ((-l $env{'user.linkedenv'}) &&
-            (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
-            unlink($env{'user.linkedenv'});
+    if (unlink($handle)) {
+        if ($env{'user.linkedenv'} ne '') {
+            my $lonidsdir=$r->dir_config('lonIDsDir');
+            if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+                (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+                (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq $handle)) {
+                unlink("$lonidsdir/$env{'user.linkedenv'}.id");
+            }
         }
     }
     my %temp=('switchserver' => time.':'.$env{'form.otherserver'},
@@ -193,18 +195,15 @@
 
     &Apache::loncommon::content_type($r,'text/html');
 
-    #expire the cookie
-    my $c = new CGI::Cookie(-name    => 'lonID',
-			    -value   => '',
-			    -expires => '-10y',);
-    $r->headers_out->add('Set-cookie' => $c);
-    if ($env{'user.linkedenv'}) {
-        my $linked = new CGI::Cookie(-name    => 'lonLinkID',
-                                     -value   => '',
-                                     -expires => '-10y',);
-        $r->headers_out->add('Set-cookie' => $linked);
+    #expire the cookies
+    my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+    foreach my $name (keys(%cookies)) {
+        next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+        my $c = new CGI::Cookie(-name    => $name,
+                                -value   => '',
+                                -expires => '-10y',);
+        $r->headers_out->add('Set-cookie' => $c);
     }
-
     if ($r->header_only) {
 	$r->send_http_header;
 	return OK;
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1319 loncom/interface/loncommon.pm:1.1320
--- loncom/interface/loncommon.pm:1.1319	Wed Jul  4 13:44:16 2018
+++ loncom/interface/loncommon.pm	Wed Jul  4 16:58:22 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1319 2018/07/04 13:44:16 raeburn Exp $
+# $Id: loncommon.pm,v 1.1320 2018/07/04 16:58:22 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -16444,18 +16444,18 @@
 	    opendir(DIR,$lonids);
 	    while ($filename=readdir(DIR)) {
 		if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
-                    if ($ENV{'SERVER_PORT'} == 443) {
+                    if (tie(my %oldenv,'GDBM_File',"$lonids/$filename",
+                            &GDBM_READER(),0640)) {
                         my $linkedfile;
-                        if (tie(my %oldenv,'GDBM_File',"$lonids/$cookie.id",
-                                &GDBM_READER(),0640)) {
-                            if (exists($oldenv{'user.linkedenv'})) {
-                                $linkedfile = $oldenv{'user.linkedenv'};
-                            }
-                            untie(%oldenv);
+                        if (exists($oldenv{'user.linkedenv'})) {
+                            $linkedfile = $oldenv{'user.linkedenv'};
                         }
-                        if (unlink($lonids.'/'.$filename)) {
-                            if ($linkedfile =~ /^[a-f0-9]+_linked\.id$/) {
-                                unlink($lonids.'/'.$linkedfile);
+                        untie(%oldenv);
+                        if (unlink("$lonids/$filename")) {
+                            if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
+                                if (-l "$lonids/$linkedfile.id") {
+                                    unlink("$lonids/$linkedfile.id");
+                                }
                             }
                         }
                     } else {
Index: loncom/cgi/loncgi.pm
diff -u loncom/cgi/loncgi.pm:1.15 loncom/cgi/loncgi.pm:1.16
--- loncom/cgi/loncgi.pm:1.15	Mon Aug  1 15:19:05 2016
+++ loncom/cgi/loncgi.pm	Wed Jul  4 16:58:26 2018
@@ -1,7 +1,7 @@
 #
 # LON-CAPA helpers for cgi-bin scripts
 #
-# $Id: loncgi.pm,v 1.15 2016/08/01 15:19:05 raeburn Exp $
+# $Id: loncgi.pm,v 1.16 2018/07/04 16:58:26 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -82,8 +82,9 @@
 Inputs: 1 ( optional). When called from a handler in mod_perl,
         pass in the request object.
 
-Returns: 1 if the user has a LON-CAPA cookie 0 if not.
-Loads the users environment into the %env hash if the cookie is correct.
+Returns: 1 if the user has a LON-CAPA cookie, 0 if not.
+Side effect: Loads the user's environment into the %env hash
+             if the cookie is correct.
 
 =cut
 
@@ -91,21 +92,11 @@
 #############################################
 sub check_cookie_and_load_env {
     my ($r) = @_;
-    my %cookies;
-    if (ref($r)) {
-        %cookies = CGI::Cookie->fetch($r);    
-    } else {
-        %cookies = CGI::Cookie->fetch();
-    }
-    if (exists($cookies{'lonID'}) && 
-        -e "$lonidsdir/".$cookies{'lonID'}->value.".id") {
-        # cookie found
-        &transfer_profile_to_env($cookies{'lonID'}->value);
-        return 1;
-    } else {
-        # No cookie found
-        return 0;
+    my ($hascookie,$handle) = &check_cookie($r);
+    if (($hascookie) && ($handle)) {
+        &transfer_profile_to_env($handle);
     }
+    return $hascookie;
 }
 
 #############################################
@@ -117,6 +108,11 @@
 
 Inputs: none
 
+Array context:
+Returns: (1,$handle) if the user has a LON-CAPA cookie;
+(0) if user does not have a LON-CAPA cookie.
+
+Scalar context:
 Returns: 1 if the user has a LON-CAPA cookie and 0 if not.
 
 =cut
@@ -124,13 +120,52 @@
 #############################################
 #############################################
 sub check_cookie {
-    my %cookies=fetch CGI::Cookie;
-    if (exists($cookies{'lonID'}) && 
-        -e "$lonidsdir/".$cookies{'lonID'}->value.".id") {
-        # cookie found
-        return 1;
+    my ($r) = @_;
+    my %cookies;
+    if (ref($r)) {
+        %cookies = CGI::Cookie->fetch($r);
+    } else {
+        %cookies = CGI::Cookie->fetch();
+    }
+    if (keys(%cookies)) {
+        my $name = 'lonID';
+        my $secure = 'lonSID';
+        my $linkname = 'lonLinkID';
+        my $pubname = 'lonPubID';
+        my $lonid;
+        if (exists($cookies{$secure})) {
+            $lonid=$cookies{$secure};
+        } elsif (exists($cookies{$name})) {
+            $lonid=$cookies{$name};
+        } elsif (exists($cookies{$linkname})) {
+            $lonid=$cookies{$linkname};
+        } elsif (exists($cookies{$pubname})) {
+            $lonid=$cookies{$pubname};
+        }
+        if ($lonid) {
+            my $handle=&LONCAPA::clean_handle($lonid->value);
+            if ($handle) {
+                if (-l "$lonidsdir/$handle.id") {
+                    my $link = readlink("$lonidsdir/$handle.id");
+                    if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+                        $handle = $1;
+                    }
+                }
+                if (-e "$lonidsdir/".$handle.".id") {
+                    # valid cookie found
+                    if (wantarray) {
+                        return (1,$handle);
+                    } else {
+                        return 1;
+                    }
+                }
+            }
+        }
+    }
+    # No valid cookie found
+    if (wantarray) {
+        return (0);
     } else {
-        # No cookie found
         return 0;
     }
 }
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1377 loncom/lonnet/perl/lonnet.pm:1.1378
--- loncom/lonnet/perl/lonnet.pm:1.1377	Mon May 28 23:26:21 2018
+++ loncom/lonnet/perl/lonnet.pm	Wed Jul  4 16:58:29 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1377 2018/05/28 23:26:21 raeburn Exp $
+# $Id: lonnet.pm,v 1.1378 2018/07/04 16:58:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -652,31 +652,39 @@
 sub check_for_valid_session {
     my ($r,$name,$userhashref,$domref) = @_;
     my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
-    my ($linkname,$pubname);
-    if ($name eq '') {
-        $name = 'lonID';
+    my ($lonidsdir,$linkname,$pubname,$secure,$lonid);
+    if ($name eq 'lonDAV') {
+        $lonidsdir=$r->dir_config('lonDAVsessDir');
+    } else {
+        $lonidsdir=$r->dir_config('lonIDsDir');
+        if ($name eq '') {
+            $name = 'lonID';
+        }
+    }
+    if ($name eq 'lonID') {
+        $secure = 'lonSID';
         $linkname = 'lonLinkID';
         $pubname = 'lonPubID';
-    }
-    my $lonid=$cookies{$name};
-    if (!$lonid) {
-        if (($name eq 'lonID') && ($ENV{'SERVER_PORT'} != 443) && ($linkname)) {
+        if (exists($cookies{$secure})) {
+            $lonid=$cookies{$secure};
+        } elsif (exists($cookies{$name})) {
+            $lonid=$cookies{$name};
+        } elsif (exists($cookies{$linkname})) {
             $lonid=$cookies{$linkname};
+        } elsif (exists($cookies{$pubname})) {
+            $lonid=$cookies{$pubname};
         }
-        if (!$lonid) {
-            if (($name eq 'lonID') && ($pubname)) {
-                $lonid=$cookies{$pubname};
-            }
-        }
+    } else {
+        $lonid=$cookies{$name};
     }
     return undef if (!$lonid);
 
     my $handle=&LONCAPA::clean_handle($lonid->value);
-    my $lonidsdir;
-    if ($name eq 'lonDAV') {
-        $lonidsdir=$r->dir_config('lonDAVsessDir');
-    } else {
-        $lonidsdir=$r->dir_config('lonIDsDir');
+    if (-l "$lonidsdir/$handle.id") {
+        my $link = readlink("$lonidsdir/$handle.id");
+        if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+            $handle = $1;
+        }
     }
     if (!-e "$lonidsdir/$handle.id") {
         if ((ref($domref)) && ($name eq 'lonID') && 


More information about the LON-CAPA-cvs mailing list