[LON-CAPA-cvs] cvs: rat / lonuserstate.pm loncom/auth lonauth.pm switchserver.pm loncom/interface lontiny.pm
raeburn
raeburn at source.lon-capa.org
Tue Aug 10 11:28:14 EDT 2021
raeburn Tue Aug 10 15:28:14 2021 EDT
Modified files:
/loncom/auth lonauth.pm switchserver.pm
/loncom/interface lontiny.pm
/rat lonuserstate.pm
Log:
- Bug 6907
- Deep-linking when user has an existing LON-CAPA session, need to support
case where role change is not needed, but course session update needed to
enforce link protection (lti-based or key-based access control).
-------------- next part --------------
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.165 loncom/auth/lonauth.pm:1.166
--- loncom/auth/lonauth.pm:1.165 Mon Aug 9 15:36:28 2021
+++ loncom/auth/lonauth.pm Tue Aug 10 15:28:13 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.165 2021/08/09 15:36:28 raeburn Exp $
+# $Id: lonauth.pm,v 1.166 2021/08/10 15:28:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -386,18 +386,17 @@
&Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
&Apache::loncommon::content_type($r,'text/html');
$r->send_http_header;
- my $start_page =
+ my $start_page =
&Apache::loncommon::start_page('Already logged in');
my $end_page =
&Apache::loncommon::end_page();
my $dest = '/adm/roles';
if ($env{'form.firsturl'} ne '') {
$dest = $env{'form.firsturl'};
- if (($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) &&
- ($env{'request.course.id'})) {
+ if (($dest =~ m{^/tiny/$match_domain/\w+$}) && ($env{'request.course.id'})) {
my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};
my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};
- my $symb = &Apache::loncommon::symb_from_tinyurl($env{'form.firsturl'},$cnum,$cdom);
+ my $symb = &Apache::loncommon::symb_from_tinyurl($dest,$cnum,$cdom);
if ($symb) {
my $buffer;
if ($r->header_in('Content-length') > 0) {
@@ -801,11 +800,24 @@
'user.linkproturi' => $uri};
}
} elsif ($form{'linkkey'}) {
- $extra_env = {'user.deeplinkkey' => $form{'linkkey'},
+ $extra_env = {'user.deeplinkkey' => $form{'linkkey'},
'user.keyedlinkuri' => $form{'firsturl'}};
}
if ($form{'firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
&set_deeplink_login(%form);
+ if ($form{'linkprot'}) {
+ if (ref($extra_env) eq 'HASH') {
+ %{$extra_env} = ( %{$extra_env}, 'request.linkprot' => $form{'linkprot'} );
+ } else {
+ $extra_env = {'request.linkprot' => $form{'linkprot'}};
+ }
+ } elsif ($form{'linkkey'}) {
+ if (ref($extra_env) eq 'HASH') {
+ %{$extra_env} = ( %{$extra_env}, 'request.linkkey' => $form{'linkkey'} );
+ } else {
+ $extra_env = {'request.linkkey' => $form{'linkkey'}};
+ }
+ }
if ($env{'request.deeplink.login'}) {
if (ref($extra_env) eq 'HASH') {
%{$extra_env} = ( %{$extra_env}, 'request.deeplink.login' => $form{'firsturl'} );
@@ -826,24 +838,36 @@
my $cdom = $1;
my ($cnum,$symb) = &Apache::loncommon::symb_from_tinyurl($form{'firsturl'},'',$cdom);
if ($symb) {
- my $disallow;
- my $deeplink = &Apache::lonnet::EXT("resource.0.deeplink",$symb);
- if ($deeplink ne '') {
- my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
- if (($protect ne 'none') && ($protect ne '')) {
- my ($acctype,$item) = split(/:/,$protect);
- if (($acctype eq 'ltic') || ($acctype eq 'ltid')) {
- unless ($form{'linkprot'} eq $protect) {
- $disallow = 1;
- }
- } elsif ($acctype eq 'key') {
- unless ($form{'linkkey'} eq $item) {
- $disallow = 1;
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ my ($disallow,$deeplink);
+ if ($symb =~ /\.(page|sequence)$/) {
+ my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]);
+ my $navmap = Apache::lonnavmaps::navmap->new();
+ if (ref($navmap)) {
+ $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink');
+ }
+ } else {
+ $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb);
+ }
+ if ($deeplink ne '') {
+ my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
+ if (($protect ne 'none') && ($protect ne '')) {
+ my ($acctype,$item) = split(/:/,$protect);
+ if ($acctype =~ /lti(c|d)$/) {
+ unless ($form{'linkprot'} eq $item.$1.':'.$env{'request.deeplink.login'}) {
+ $disallow = 1;
+ }
+ } elsif ($acctype eq 'key') {
+ unless ($form{'linkkey'} eq $item) {
+ $disallow = 1;
+ }
}
}
}
- }
- unless ($disallow) {
+ unless ($disallow) {
+ $env{'request.deeplink.login'} = $form{'firsturl'};
+ }
+ } else {
$env{'request.deeplink.login'} = $form{'firsturl'};
}
}
Index: loncom/auth/switchserver.pm
diff -u loncom/auth/switchserver.pm:1.56 loncom/auth/switchserver.pm:1.57
--- loncom/auth/switchserver.pm:1.56 Sun Jun 27 17:25:47 2021
+++ loncom/auth/switchserver.pm Tue Aug 10 15:28:13 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Switch Servers Handler
#
-# $Id: switchserver.pm,v 1.56 2021/06/27 17:25:47 raeburn Exp $
+# $Id: switchserver.pm,v 1.57 2021/08/10 15:28:13 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -314,12 +314,11 @@
}
if ($env{'request.linkprot'}) {
$info{'linkprot'} = $env{'request.linkprot'};
+ } elsif ($env{'request.linkkey'}) {
+ $info{'linkkey'} = $env{'request.linkkey'};
}
if ($env{'request.deeplink.login'}) {
$info{'deeplink.login'} = $env{'request.deeplink.login'};
- if ($env{'request.linkkey'}) {
- $info{'linkkey'} = $env{'request.linkkey'};
- }
}
if ($env{'request.lti.login'}) {
$info{'lti.login'} = $env{'request.lti.login'};
Index: loncom/interface/lontiny.pm
diff -u loncom/interface/lontiny.pm:1.6 loncom/interface/lontiny.pm:1.7
--- loncom/interface/lontiny.pm:1.6 Sun Jan 27 15:44:18 2019
+++ loncom/interface/lontiny.pm Tue Aug 10 15:28:14 2021
@@ -2,7 +2,7 @@
# Extract domain, courseID, and symb from a shortened URL,
# and switch role to a role in designated course.
#
-# $Id: lontiny.pm,v 1.6 2019/01/27 15:44:18 raeburn Exp $
+# $Id: lontiny.pm,v 1.7 2021/08/10 15:28:14 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -67,6 +67,8 @@
if ($cnum =~ /^$match_courseid$/) {
my $chome = &Apache::lonnet::homeserver($cnum,$cdom);
if ($chome ne 'no_host') {
+ # Check for ltoken or linkkey
+ my $newlauncher = &launch_check($r->uri,$symb,$cnum,$cdom);
if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
my ($map,$resid,$url) = &Apache::lonnet::decode_symb($symb);
if (&Apache::lonnet::is_on_map($url)) {
@@ -96,24 +98,28 @@
}
my $update;
# Check if course needs to be re-initialized
- my $loncaparev = $r->dir_config('lonVersion');
- my ($result, at reinit) = &Apache::loncommon::needs_coursereinit($loncaparev);
- if ($result eq 'update') {
+ if ($newlauncher) {
$update = 1;
- } elsif (!-e $env{'request.course.fn'}.'.db') {
- $update = 1;
- } elsif (!$env{'request.role.adv'}) {
- my $navmap = Apache::lonnavmaps::navmap->new();
- if (ref($navmap)) {
- my $res = $navmap->getBySymb($symb);
- if (ref($res)) {
- my ($enc_in_bighash,$enc_in_parm);
- $enc_in_bighash = $res->encrypted();
- if (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) {
- $enc_in_parm = 1;
- }
- if ($enc_in_bighash ne $enc_in_parm) {
- $update = 1;
+ } else {
+ my $loncaparev = $r->dir_config('lonVersion');
+ my ($result, at reinit) = &Apache::loncommon::needs_coursereinit($loncaparev);
+ if ($result eq 'update') {
+ $update = 1;
+ } elsif (!-e $env{'request.course.fn'}.'.db') {
+ $update = 1;
+ } elsif (!$env{'request.role.adv'}) {
+ my $navmap = Apache::lonnavmaps::navmap->new();
+ if (ref($navmap)) {
+ my $res = $navmap->getBySymb($symb);
+ if (ref($res)) {
+ my ($enc_in_bighash,$enc_in_parm);
+ $enc_in_bighash = $res->encrypted();
+ if (&Apache::lonnet::EXT('resource.0.encrypturl',$symb) =~ /^yes$/i) {
+ $enc_in_parm = 1;
+ }
+ if ($enc_in_bighash ne $enc_in_parm) {
+ $update = 1;
+ }
}
}
}
@@ -236,6 +242,118 @@
}
}
+sub launch_check {
+ my ($linkuri,$symb,$cnum,$cdom) = @_;
+ &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['ltoken','linkkey']);
+ my ($linkprotector,$linkproturi,$linkkey,$newlauncher);
+ if ($env{'form.ltoken'}) {
+ my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
+ &Apache::lonnet::tmpdel($env{'form.ltoken'});
+ delete($env{'form.ltoken'});
+ if ($link_info{'linkprot'}) {
+ ($linkprotector,$linkproturi) = split(/:/,$link_info{'linkprot'},2);
+ if ($env{'user.linkprotector'}) {
+ my @protectors = split(/,/,$env{'user.linkprotector'});
+ unless (grep(/^\Q$linkprotector\E$/, at protectors)) {
+ push(@protectors,$linkprotector);
+ @protectors = sort { $a <=> $b } @protectors;
+ &Apache::lonnet::appenv({'user.linkprotector' => join(',', at protectors)});
+ }
+ } else {
+ &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector });
+ }
+ if ($env{'user.linkproturi'}) {
+ my @proturis = split(/,/,$env{'user.linkproturi'});
+ unless(grep(/^\Q$linkproturi\E$/, at proturis)) {
+ push(@proturis,$linkproturi);
+ @proturis = sort(@proturis);
+ &Apache::lonnet::appenv({'user.linkproturi' => join(',', at proturis)});
+ }
+ } else {
+ &Apache::lonnet::appenv({'user.linkproturi' => $linkproturi});
+ }
+ }
+ } elsif ($env{'form.linkkey'}) {
+ $linkkey = $env{'form.linkkey'};
+ my $keyedlinkuri = $linkuri;
+ if ($env{'user.deeplinkkey'}) {
+ my @linkkeys = split(/,/,$env{'user.deeplinkkey'});
+ unless (grep(/^\Q$linkkey\E$/, at linkkeys)) {
+ push(@linkkeys,$linkkey);
+ &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))});
+ }
+ } else {
+ &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey});
+ }
+ if ($env{'user.keyedlinkuri'}) {
+ my @keyeduris = split(/,/,$env{'user.keyedlinkuri'});
+ unless (grep(/^\Q$keyedlinkuri\E$/, at keyeduris)) {
+ push(@keyeduris,$keyedlinkuri);
+ &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))});
+ }
+ } else {
+ &Apache::lonnet::appenv({'user.keyedlinkuri' => $keyedlinkuri});
+ }
+ delete($env{'form.linkkey'});
+ }
+ if ($env{'request.course.id'} eq $cdom.'_'.$cnum) {
+ my $currdeeplinklogin = $env{'request.deeplink.login'};
+ if ($linkprotector || $linkkey) {
+ my $deeplink;
+ if ($symb =~ /\.(page|sequence)$/) {
+ my $mapname = &Apache::lonnet::deversion((&Apache::lonnet::decode_symb($symb))[2]);
+ my $navmap = Apache::lonnavmaps::navmap->new();
+ if (ref($navmap)) {
+ $deeplink = $navmap->get_mapparam(undef,$mapname,'0.deeplink');
+ }
+ } else {
+ $deeplink = &Apache::lonnet::EXT('resource.0.deeplink',$symb);
+ }
+ if ($deeplink ne '') {
+ my $disallow;
+ my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
+ if (($protect ne 'none') && ($protect ne '')) {
+ my ($acctype,$item) = split(/:/,$protect);
+ if ($acctype =~ /lti(c|d)$/) {
+ unless ($linkprotector.':'.$linkproturi eq $item.$1.':'.$linkuri) {
+ $disallow = 1;
+ }
+ } elsif ($acctype eq 'key') {
+ unless ($linkkey eq $item) {
+ $disallow = 1;
+ }
+ }
+ }
+ if ($disallow) {
+ if ($currdeeplinklogin eq $linkuri) {
+ &Apache::lonnet::delenv('request.deeplink.login');
+ }
+ } else {
+ unless ($currdeeplinklogin eq $linkuri) {
+ if ($linkprotector) {
+ &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
+ } elsif ($linkkey) {
+ &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
+ }
+ $newlauncher = 1;
+ }
+ &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
+ }
+ }
+ } else {
+ &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
+ }
+ } else {
+ &Apache::lonnet::appenv({'request.deeplink.login' => $linkuri});
+ if ($linkprotector) {
+ &Apache::lonnet::appenv({'request.linkprot' => $linkprotector.':'.$linkproturi});
+ } elsif ($linkkey) {
+ &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
+ }
+ }
+ return $newlauncher;
+}
+
sub do_redirect {
my ($r,$destination) = @_;
my $windowname = 'loncapaclient';
Index: rat/lonuserstate.pm
diff -u rat/lonuserstate.pm:1.165 rat/lonuserstate.pm:1.166
--- rat/lonuserstate.pm:1.165 Fri Aug 6 01:27:04 2021
+++ rat/lonuserstate.pm Tue Aug 10 15:28:14 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Construct and maintain state and binary representation of course for user
#
-# $Id: lonuserstate.pm,v 1.165 2021/08/06 01:27:04 raeburn Exp $
+# $Id: lonuserstate.pm,v 1.166 2021/08/10 15:28:14 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1616,47 +1616,64 @@
$deeplink = $hash{'deeplinkonly_'.$loginrid};
}
if ($deeplink) {
+ my $disallow;
my ($state,$others,$listed,$scope,$protect) = split(/,/,$deeplink);
- if ($others eq 'hide') {
- my @recfolders;
- if ($scope eq 'rec') {
- foreach my $key (keys(%hash)) {
- if ($key=~/^map_hierarchy_(\d+)$/) {
- my $mpc = $1;
- my @ids = split(/,/,$hash{$key});
- if (grep(/^$deeplink_login_pc$/, at ids)) {
- my $idx;
- foreach my $mapid (@ids) {
- if ($idx) {
- push(@recfolders,$mapid);
- } elsif ($mapid == $deeplink_login_pc) {
- push(@recfolders,$mapid);
- $idx = $mapid;
+ if (($protect ne 'none') && ($protect ne '')) {
+ my ($acctype,$item) = split(/:/,$protect);
+ if ($acctype =~ /lti(c|d)$/) {
+ unless ($env{'request.linkprot'} eq $item.$1.':'.$env{'request.deeplink.login'}) {
+ $disallow = 1;
+ }
+ } elsif ($acctype eq 'key') {
+ unless ($env{'request.linkkey'} eq $item) {
+ $disallow = 1;
+ }
+ }
+ }
+ if ($disallow) {
+ &Apache::lonnet::delenv('request.deeplink.login');
+ } else {
+ if ($others eq 'hide') {
+ my @recfolders;
+ if ($scope eq 'rec') {
+ foreach my $key (keys(%hash)) {
+ if ($key=~/^map_hierarchy_(\d+)$/) {
+ my $mpc = $1;
+ my @ids = split(/,/,$hash{$key});
+ if (grep(/^$deeplink_login_pc$/, at ids)) {
+ my $idx;
+ foreach my $mapid (@ids) {
+ if ($idx) {
+ push(@recfolders,$mapid);
+ } elsif ($mapid == $deeplink_login_pc) {
+ push(@recfolders,$mapid);
+ $idx = $mapid;
+ }
}
+ push(@recfolders,$mpc);
}
- push(@recfolders,$mpc);
}
}
}
- }
- foreach my $key (keys(%hash)) {
- if ($key=~/^src_(.+)$/) {
- my $rid = $1;
- next if ($rid eq '0.0');
- next if ($rid eq $loginrid);
- if ($scope ne 'res') {
- my $mapid = (split(/\./,$rid))[0];
- next if ($mapid eq $deeplink_login_pc);
- if ($scope eq 'rec') {
- next if (grep(/^$mapid$/, at recfolders));
+ foreach my $key (keys(%hash)) {
+ if ($key=~/^src_(.+)$/) {
+ my $rid = $1;
+ next if ($rid eq '0.0');
+ next if ($rid eq $loginrid);
+ if ($scope ne 'res') {
+ my $mapid = (split(/\./,$rid))[0];
+ next if ($mapid eq $deeplink_login_pc);
+ if ($scope eq 'rec') {
+ next if (grep(/^$mapid$/, at recfolders));
+ }
}
+ $deeplinkout{$rid} = 1;
}
- $deeplinkout{$rid} = 1;
}
}
}
+ &deeplinkouts();
}
- &deeplinkouts();
}
}
&mapcrumbs();
More information about the LON-CAPA-cvs
mailing list