[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm

raeburn raeburn at source.lon-capa.org
Tue Oct 6 13:39:04 EDT 2020 

raeburn		Tue Oct  6 17:39:04 2020 EDT

  Modified files:              (Branch: version_2_11_X)
    /loncom/auth	lonacc.pm 
  Log:
  - For 2.11
    Backport 1.182
  
  
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.13 loncom/auth/lonacc.pm:1.159.2.14
--- loncom/auth/lonacc.pm:1.159.2.13	Thu Oct  1 10:42:56 2020
+++ loncom/auth/lonacc.pm	Tue Oct  6 17:39:04 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Cookie Based Access Handler
 #
-# $Id: lonacc.pm,v 1.159.2.13 2020/10/01 10:42:56 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.14 2020/10/06 17:39:04 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -780,19 +780,29 @@
                         unless (&Apache::lonnet::symbverify($symb,$requrl,\$encstate)) {
                             $invalidsymb = 1;
                             #
-                            # If $env{'request.enc'} is true, but no encryption for $symb retrieved
-                            # by original lonnet::symbread() call, call again to check for an instance
-                            # of $requrl in the course which has encryption, and set that as the symb.
-                            # If there is no such symb, or symbverify() fails for the new symb proceed
-                            # to report invalid symb.
+                            # If $env{'request.enc'} inconsistent with encryption expected for $symb
+                            # retrieved by lonnet::symbread(), call again to check for an instance of
+                            # $requrl in the course for which expected encryption matches request.enc.
+                            # If symb for different instance passes lonnet::symbverify(), use that as
+                            # the symb for $requrl and call &Apache::lonnet::allowed() for that symb.
+                            # Report invalid symb if there is no other symb. Redirect to /adm/ambiguous
+                            # if multiple possible symbs consistent with request.enc available for $requrl.
                             #
-                            if ($env{'request.enc'} && !$encstate) {
+                            if (($env{'request.enc'} && !$encstate) || (!$env{'request.enc'} && $encstate)) {
                                 my %possibles;
                                 my $nocache = 1;
+                                my $oldsymb = $symb;
                                 $symb = &Apache::lonnet::symbread($requrl,'','','',\%possibles,$nocache);
-                                if ($symb) {
+                                if (($symb) && ($symb ne $oldsymb)) {
                                     if (&Apache::lonnet::symbverify($symb,$requrl)) {
-                                        $invalidsymb = '';
+                                        my $access=&Apache::lonnet::allowed('bre',$requrl,$symb);
+                                        if ($access eq 'B') {
+                                            $env{'request.symb'} = $symb;
+                                            &Apache::blockedaccess::setup_handler($r);
+                                            return OK;
+                                        } elsif (($access eq '2') || ($access eq 'F')) {
+                                            $invalidsymb = '';
+                                        }
                                     }
                                 } elsif (keys(%possibles) > 1) {
                                     $r->internal_redirect('/adm/ambiguous');

More information about the LON-CAPA-cvs mailing list