[LON-CAPA-cvs] cvs: loncom /auth lonauth.pm lonlogin.pm lonlogout.pm migrateuser.pm switchserver.pm /cgi loncgi.pm /interface loncommon.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Wed Jul 4 12:58:30 EDT 2018
raeburn Wed Jul 4 16:58:30 2018 EDT
Modified files:
/loncom/auth lonauth.pm lonlogin.pm lonlogout.pm migrateuser.pm
switchserver.pm
/loncom/interface loncommon.pm
/loncom/cgi loncgi.pm
/loncom/lonnet/perl lonnet.pm
Log:
- Use 'secure' attribute for session cookie on servers using Apache/SSL.
-------------- next part --------------
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.153 loncom/auth/lonauth.pm:1.154
--- loncom/auth/lonauth.pm:1.153 Sun Jul 1 00:03:42 2018
+++ loncom/auth/lonauth.pm Wed Jul 4 16:58:19 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.153 2018/07/01 00:03:42 raeburn Exp $
+# $Id: lonauth.pm,v 1.154 2018/07/04 16:58:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -76,8 +76,9 @@
# ----------------------------------------------------------- Get cookies ready
my ($securecookie,$defaultcookie);
- if ($ENV{'SERVER_PORT'} == 443) {
- $securecookie="lonID=$cookie; path=/; HttpOnly; secure";
+ my $ssl = $r->subprocess_env('https');
+ if ($ssl) {
+ $securecookie="lonSID=$cookie; path=/; HttpOnly; secure";
my $lonidsdir=$r->dir_config('lonIDsDir');
if (($lonidsdir) && (-e "$lonidsdir/$cookie.id")) {
my $linkname=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, 32).'_linked';
@@ -88,7 +89,7 @@
"$lonidsdir/$linkname.id"); 1 };
if ($made_symlink) {
$defaultcookie = "lonLinkID=$linkname; path=/; HttpOnly;";
- &Apache::lonnet::appenv({'user.linkedenv' => "$lonidsdir/$linkname.id"});
+ &Apache::lonnet::appenv({'user.linkedenv' => $linkname});
}
}
} else {
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.172 loncom/auth/lonlogin.pm:1.173
--- loncom/auth/lonlogin.pm:1.172 Fri Jan 12 15:26:39 2018
+++ loncom/auth/lonlogin.pm Wed Jul 4 16:58:19 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.172 2018/01/12 15:26:39 raeburn Exp $
+# $Id: lonlogin.pm,v 1.173 2018/07/04 16:58:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -86,10 +86,14 @@
-expires => '-10y',);
$r->header_out('Set-cookie' => $c);
} elsif (($handle eq '') && ($userdom ne '')) {
- my $c = new CGI::Cookie(-name => 'lonID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $c);
+ my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ foreach my $name (keys(%cookies)) {
+ next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+ my $c = new CGI::Cookie(-name => $name,
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
+ }
}
$r->send_http_header;
return OK if $r->header_only;
Index: loncom/auth/lonlogout.pm
diff -u loncom/auth/lonlogout.pm:1.54 loncom/auth/lonlogout.pm:1.55
--- loncom/auth/lonlogout.pm:1.54 Tue May 8 15:37:41 2018
+++ loncom/auth/lonlogout.pm Wed Jul 4 16:58:19 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Logout Handler
#
-# $Id: lonlogout.pm,v 1.54 2018/05/08 15:37:41 raeburn Exp $
+# $Id: lonlogout.pm,v 1.55 2018/07/04 16:58:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -71,12 +71,11 @@
my @profile;
my $lonidsdir=$r->dir_config('lonIDsDir');
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
- unlink("$lonidsdir/$handle.id");
- if ($env{'user.linkedenv'} ne '') {
- my $lonhost = $r->dir_config('lonHostID');
- if ((-l $env{'user.linkedenv'}) &&
- (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
- unlink($env{'user.linkedenv'});
+ if (unlink("$lonidsdir/$handle.id")) {
+ if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+ (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+ (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) {
+ unlink("$lonidsdir/$env{'user.linkedenv'}.id");
}
}
if (!$Apache::lonlocal::lh) {
@@ -91,20 +90,14 @@
&Apache::loncommon::content_type($r,'text/html');
- #expire the cookie
- my $name = 'lonID';
- if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public')) {
- $name = 'lonPubID';
- }
- my $c = new CGI::Cookie(-name => $name,
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $c);
- if (($name eq 'lonID') && ($env{'user.linkedenv'})) {
- my $other = new CGI::Cookie(-name => 'lonLinkID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $other);
+ #expire the cookies
+ my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ foreach my $name (keys(%cookies)) {
+ next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+ my $c = new CGI::Cookie(-name => $name,
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
}
$r->send_http_header;
return OK if $r->header_only;
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.33 loncom/auth/migrateuser.pm:1.34
--- loncom/auth/migrateuser.pm:1.33 Sun Jul 1 00:03:42 2018
+++ loncom/auth/migrateuser.pm Wed Jul 4 16:58:19 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.33 2018/07/01 00:03:42 raeburn Exp $
+# $Id: migrateuser.pm,v 1.34 2018/07/04 16:58:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -258,12 +258,12 @@
sub logout {
my ($r,$handle,$data,$lti_env) = @_;
- unlink($handle);
- if ($env{'user.linkedenv'} ne '') {
- my $lonidsdir=$r->dir_config('lonIDsDir');
- if ((-l $env{'user.linkedenv'}) &&
- (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
- unlink($env{'user.linkedenv'});
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ if (unlink("$lonidsdir/$handle.id")) {
+ if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+ (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+ (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq "$lonidsdir/$handle.id")) {
+ unlink("$lonidsdir/$env{'user.linkedenv'}.id");
}
}
my %temp=('logout' => time);
@@ -275,18 +275,15 @@
&Apache::loncommon::content_type($r,'text/html');
- #expire the cookie
- my $c = new CGI::Cookie(-name => 'lonID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $c);
- if ($env{'user.linkedenv'}) {
- my $linked = new CGI::Cookie(-name => 'lonLinkID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $linked);
+ #expire the cookies
+ my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ foreach my $name (keys(%cookies)) {
+ next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+ my $c = new CGI::Cookie(-name => $name,
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
}
- my $lonhost = $r->dir_config('lonHostID');
my (%info,%user_info,%lti_info);
if (ref($lti_env) eq 'HASH') {
%lti_info = %{$lti_env};
Index: loncom/auth/switchserver.pm
diff -u loncom/auth/switchserver.pm:1.40 loncom/auth/switchserver.pm:1.41
--- loncom/auth/switchserver.pm:1.40 Sat Apr 14 02:30:11 2018
+++ loncom/auth/switchserver.pm Wed Jul 4 16:58:19 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Switch Servers Handler
#
-# $Id: switchserver.pm,v 1.40 2018/04/14 02:30:11 raeburn Exp $
+# $Id: switchserver.pm,v 1.41 2018/07/04 16:58:19 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -166,12 +166,14 @@
}
#remove session env, and log event
- unlink($handle);
- if ($env{'user.linkedenv'} ne '') {
- my $lonidsdir=$r->dir_config('lonIDsDir');
- if ((-l $env{'user.linkedenv'}) &&
- (readlink($env{'user.linkedenv'}) eq "$lonidsdir/$handle.id")) {
- unlink($env{'user.linkedenv'});
+ if (unlink($handle)) {
+ if ($env{'user.linkedenv'} ne '') {
+ my $lonidsdir=$r->dir_config('lonIDsDir');
+ if (($env{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
+ (-l "$lonidsdir/$env{'user.linkedenv'}.id") &&
+ (readlink("$lonidsdir/$env{'user.linkedenv'}.id") eq $handle)) {
+ unlink("$lonidsdir/$env{'user.linkedenv'}.id");
+ }
}
}
my %temp=('switchserver' => time.':'.$env{'form.otherserver'},
@@ -193,18 +195,15 @@
&Apache::loncommon::content_type($r,'text/html');
- #expire the cookie
- my $c = new CGI::Cookie(-name => 'lonID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $c);
- if ($env{'user.linkedenv'}) {
- my $linked = new CGI::Cookie(-name => 'lonLinkID',
- -value => '',
- -expires => '-10y',);
- $r->headers_out->add('Set-cookie' => $linked);
+ #expire the cookies
+ my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
+ foreach my $name (keys(%cookies)) {
+ next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
+ my $c = new CGI::Cookie(-name => $name,
+ -value => '',
+ -expires => '-10y',);
+ $r->headers_out->add('Set-cookie' => $c);
}
-
if ($r->header_only) {
$r->send_http_header;
return OK;
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1319 loncom/interface/loncommon.pm:1.1320
--- loncom/interface/loncommon.pm:1.1319 Wed Jul 4 13:44:16 2018
+++ loncom/interface/loncommon.pm Wed Jul 4 16:58:22 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.1319 2018/07/04 13:44:16 raeburn Exp $
+# $Id: loncommon.pm,v 1.1320 2018/07/04 16:58:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -16444,18 +16444,18 @@
opendir(DIR,$lonids);
while ($filename=readdir(DIR)) {
if ($filename=~/^$username\_\d+\_$domain\_$authhost\.id$/) {
- if ($ENV{'SERVER_PORT'} == 443) {
+ if (tie(my %oldenv,'GDBM_File',"$lonids/$filename",
+ &GDBM_READER(),0640)) {
my $linkedfile;
- if (tie(my %oldenv,'GDBM_File',"$lonids/$cookie.id",
- &GDBM_READER(),0640)) {
- if (exists($oldenv{'user.linkedenv'})) {
- $linkedfile = $oldenv{'user.linkedenv'};
- }
- untie(%oldenv);
+ if (exists($oldenv{'user.linkedenv'})) {
+ $linkedfile = $oldenv{'user.linkedenv'};
}
- if (unlink($lonids.'/'.$filename)) {
- if ($linkedfile =~ /^[a-f0-9]+_linked\.id$/) {
- unlink($lonids.'/'.$linkedfile);
+ untie(%oldenv);
+ if (unlink("$lonids/$filename")) {
+ if ($linkedfile =~ /^[a-f0-9]+_linked$/) {
+ if (-l "$lonids/$linkedfile.id") {
+ unlink("$lonids/$linkedfile.id");
+ }
}
}
} else {
Index: loncom/cgi/loncgi.pm
diff -u loncom/cgi/loncgi.pm:1.15 loncom/cgi/loncgi.pm:1.16
--- loncom/cgi/loncgi.pm:1.15 Mon Aug 1 15:19:05 2016
+++ loncom/cgi/loncgi.pm Wed Jul 4 16:58:26 2018
@@ -1,7 +1,7 @@
#
# LON-CAPA helpers for cgi-bin scripts
#
-# $Id: loncgi.pm,v 1.15 2016/08/01 15:19:05 raeburn Exp $
+# $Id: loncgi.pm,v 1.16 2018/07/04 16:58:26 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -82,8 +82,9 @@
Inputs: 1 ( optional). When called from a handler in mod_perl,
pass in the request object.
-Returns: 1 if the user has a LON-CAPA cookie 0 if not.
-Loads the users environment into the %env hash if the cookie is correct.
+Returns: 1 if the user has a LON-CAPA cookie, 0 if not.
+Side effect: Loads the user's environment into the %env hash
+ if the cookie is correct.
=cut
@@ -91,21 +92,11 @@
#############################################
sub check_cookie_and_load_env {
my ($r) = @_;
- my %cookies;
- if (ref($r)) {
- %cookies = CGI::Cookie->fetch($r);
- } else {
- %cookies = CGI::Cookie->fetch();
- }
- if (exists($cookies{'lonID'}) &&
- -e "$lonidsdir/".$cookies{'lonID'}->value.".id") {
- # cookie found
- &transfer_profile_to_env($cookies{'lonID'}->value);
- return 1;
- } else {
- # No cookie found
- return 0;
+ my ($hascookie,$handle) = &check_cookie($r);
+ if (($hascookie) && ($handle)) {
+ &transfer_profile_to_env($handle);
}
+ return $hascookie;
}
#############################################
@@ -117,6 +108,11 @@
Inputs: none
+Array context:
+Returns: (1,$handle) if the user has a LON-CAPA cookie;
+(0) if user does not have a LON-CAPA cookie.
+
+Scalar context:
Returns: 1 if the user has a LON-CAPA cookie and 0 if not.
=cut
@@ -124,13 +120,52 @@
#############################################
#############################################
sub check_cookie {
- my %cookies=fetch CGI::Cookie;
- if (exists($cookies{'lonID'}) &&
- -e "$lonidsdir/".$cookies{'lonID'}->value.".id") {
- # cookie found
- return 1;
+ my ($r) = @_;
+ my %cookies;
+ if (ref($r)) {
+ %cookies = CGI::Cookie->fetch($r);
+ } else {
+ %cookies = CGI::Cookie->fetch();
+ }
+ if (keys(%cookies)) {
+ my $name = 'lonID';
+ my $secure = 'lonSID';
+ my $linkname = 'lonLinkID';
+ my $pubname = 'lonPubID';
+ my $lonid;
+ if (exists($cookies{$secure})) {
+ $lonid=$cookies{$secure};
+ } elsif (exists($cookies{$name})) {
+ $lonid=$cookies{$name};
+ } elsif (exists($cookies{$linkname})) {
+ $lonid=$cookies{$linkname};
+ } elsif (exists($cookies{$pubname})) {
+ $lonid=$cookies{$pubname};
+ }
+ if ($lonid) {
+ my $handle=&LONCAPA::clean_handle($lonid->value);
+ if ($handle) {
+ if (-l "$lonidsdir/$handle.id") {
+ my $link = readlink("$lonidsdir/$handle.id");
+ if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+ $handle = $1;
+ }
+ }
+ if (-e "$lonidsdir/".$handle.".id") {
+ # valid cookie found
+ if (wantarray) {
+ return (1,$handle);
+ } else {
+ return 1;
+ }
+ }
+ }
+ }
+ }
+ # No valid cookie found
+ if (wantarray) {
+ return (0);
} else {
- # No cookie found
return 0;
}
}
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1377 loncom/lonnet/perl/lonnet.pm:1.1378
--- loncom/lonnet/perl/lonnet.pm:1.1377 Mon May 28 23:26:21 2018
+++ loncom/lonnet/perl/lonnet.pm Wed Jul 4 16:58:29 2018
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1377 2018/05/28 23:26:21 raeburn Exp $
+# $Id: lonnet.pm,v 1.1378 2018/07/04 16:58:29 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -652,31 +652,39 @@
sub check_for_valid_session {
my ($r,$name,$userhashref,$domref) = @_;
my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
- my ($linkname,$pubname);
- if ($name eq '') {
- $name = 'lonID';
+ my ($lonidsdir,$linkname,$pubname,$secure,$lonid);
+ if ($name eq 'lonDAV') {
+ $lonidsdir=$r->dir_config('lonDAVsessDir');
+ } else {
+ $lonidsdir=$r->dir_config('lonIDsDir');
+ if ($name eq '') {
+ $name = 'lonID';
+ }
+ }
+ if ($name eq 'lonID') {
+ $secure = 'lonSID';
$linkname = 'lonLinkID';
$pubname = 'lonPubID';
- }
- my $lonid=$cookies{$name};
- if (!$lonid) {
- if (($name eq 'lonID') && ($ENV{'SERVER_PORT'} != 443) && ($linkname)) {
+ if (exists($cookies{$secure})) {
+ $lonid=$cookies{$secure};
+ } elsif (exists($cookies{$name})) {
+ $lonid=$cookies{$name};
+ } elsif (exists($cookies{$linkname})) {
$lonid=$cookies{$linkname};
+ } elsif (exists($cookies{$pubname})) {
+ $lonid=$cookies{$pubname};
}
- if (!$lonid) {
- if (($name eq 'lonID') && ($pubname)) {
- $lonid=$cookies{$pubname};
- }
- }
+ } else {
+ $lonid=$cookies{$name};
}
return undef if (!$lonid);
my $handle=&LONCAPA::clean_handle($lonid->value);
- my $lonidsdir;
- if ($name eq 'lonDAV') {
- $lonidsdir=$r->dir_config('lonDAVsessDir');
- } else {
- $lonidsdir=$r->dir_config('lonIDsDir');
+ if (-l "$lonidsdir/$handle.id") {
+ my $link = readlink("$lonidsdir/$handle.id");
+ if ((-e $link) && ($link =~ m{^\Q$lonidsdir\E/(.+)\.id$})) {
+ $handle = $1;
+ }
}
if (!-e "$lonidsdir/$handle.id") {
if ((ref($domref)) && ($name eq 'lonID') &&
More information about the LON-CAPA-cvs
mailing list