[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm migrateuser.pm
raeburn
raeburn at source.lon-capa.org
Mon Aug 16 11:25:44 EDT 2021
raeburn Mon Aug 16 15:25:44 2021 EDT
Modified files:
/loncom/auth lonacc.pm migrateuser.pm
Log:
- Bug 6907 Content in a course can be set to be deep-link only.
- Support lti-based or key-based access control with SSO authentication.
-------------- next part --------------
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.193 loncom/auth/lonacc.pm:1.194
--- loncom/auth/lonacc.pm:1.193 Fri Aug 6 12:39:59 2021
+++ loncom/auth/lonacc.pm Mon Aug 16 15:25:44 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.193 2021/08/06 12:39:59 raeburn Exp $
+# $Id: lonacc.pm,v 1.194 2021/08/16 15:25:44 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -305,7 +305,7 @@
my $query = $r->args;
my %form;
if ($query) {
- my @items = ('role','symb','iptoken','origurl');
+ my @items = ('role','symb','iptoken','origurl','ltoken','linkkey');
&Apache::loncommon::get_unprocessed_cgi($query,\@items);
foreach my $item (@items) {
if (defined($env{'form.'.$item})) {
@@ -323,6 +323,16 @@
}
}
+ my ($linkprot,$linkkey);
+ if ($form{'ltoken'}) {
+ my %link_info = &Apache::lonnet::tmpget($form{'ltoken'});
+ $linkprot = $link_info{'linkprot'};
+ my $delete = &Apache::lonnet::tmpdel($form{'ltoken'});
+ }
+ if ($form{'linkkey'} ne '') {
+ $linkkey = $form{'linkkey'};
+ }
+
my $domain = $r->dir_config('lonSSOUserDomain');
if ($domain eq '') {
$domain = $r->dir_config('lonDefDomain');
@@ -372,6 +382,19 @@
$env{'form.origurl'} = $r->uri;
}
}
+ if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
+ $env{'request.deeplink.login'} = $form{'origurl'};
+ } elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
+ $env{'request.deeplink.login'} = $r->uri;
+ }
+ if ($env{'request.deeplink.login'}) {
+ &Apache::lonnet::appenv({'request.deeplink.login' => $r->uri});
+ if ($linkprot) {
+ &Apache::lonnet::appenv({'request.linkprot' => $linkprot});
+ } elsif ($linkkey ne '') {
+ &Apache::lonnet::appenv({'request.linkkey' => $linkkey});
+ }
+ }
$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =
@@ -403,6 +426,18 @@
$info{'origurl'} = $r->uri;
}
}
+ if (($r->uri eq '/adm/sso') && ($form{'origurl'} =~ m{^/+tiny/+$match_domain/+\w+$})) {
+ $info{'deeplink.login'} = $form{'origurl'};
+ } elsif ($r->uri =~ m{^/+tiny/+$match_domain/+\w+$}) {
+ $info{'deeplink.login'} = $r->uri;
+ }
+ if ($info{'deeplink.login'}) {
+ if ($linkprot) {
+ $info{'linkprot'} = $linkprot;
+ } elsif ($linkkey ne '') {
+ $info{'linkkey'} = $linkkey;
+ }
+ }
if ($r->dir_config("ssodirecturl") == 1) {
$info{'origurl'} = $r->uri;
}
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.51 loncom/auth/migrateuser.pm:1.52
--- loncom/auth/migrateuser.pm:1.51 Sat Aug 7 20:49:10 2021
+++ loncom/auth/migrateuser.pm Mon Aug 16 15:25:44 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.51 2021/08/07 20:49:10 raeburn Exp $
+# $Id: migrateuser.pm,v 1.52 2021/08/16 15:25:44 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -710,6 +710,7 @@
&Apache::lonnet::transfer_profile_to_env($r->dir_config('lonIDsDir'),
$handle);
if ($data{'linkprot'} ne '') {
+ &Apache::lonnet::appenv({'request.linkprot' => $data{'linkprot'}});
my ($linkprotector,$deeplink) = split(/:/,$data{'linkprot'},2);
if ($env{'user.linkprotector'}) {
my @protectors = split(/,/,$env{'user.linkprotector'});
@@ -732,6 +733,7 @@
&Apache::lonnet::appenv({'user.linkproturi' => $deeplink});
}
} elsif ($data{'linkkey'}) {
+ &Apache::lonnet::appenv({'request.linkkey' => $data{'linkkey'}});
my $deeplink = $data{'deeplink.login'};
my $linkkey = $data{'linkkey'};
if ($env{'user.deeplinkkey'}) {
@@ -743,7 +745,7 @@
} else {
&Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey});
}
- if ($deeplink) {
+ if ($deeplink) {
if ($env{'user.keyedlinkuri'}) {
my @keyeduris = split(/,/,$env{'user.keyedlinkuri'});
unless (grep(/^\Q$deeplink\E$/, at keyeduris)) {
@@ -843,7 +845,7 @@
}
} else {
my $desturl = '/adm/roles';
- if ($data{'lti.login'}) {
+ if ($data{'lti.login'}) {
if ($data{'lti.selfenrollrole'}) {
$desturl .= '?selectrole=1&'.
&escape($data{'lti.selfenrollrole'}).'=1';
@@ -867,22 +869,26 @@
if (ref($extra_env) eq 'HASH') {
$extra_env->{'user.linkprotector'} = $linkprotector;
$extra_env->{'user.linkproturi'} = $linkuri;
+ $extra_env->{'request.linkprot'} = $data{'linkprot'};
} else {
$extra_env = {'user.linkprotector' => $linkprotector,
- 'user.linkproturi' => $linkuri,};
- }
- }
- } elsif ($data{'deeplink.login'}) {
- if ($data{'linkkey'}) {
- if (ref($extra_env) eq 'HASH') {
- $extra_env->{'user.deeplinkkey'} = $data{'linkkey'};
- $extra_env->{'user.keyedlinkuri'} = $data{'deeplink.login'},
- } else {
- $extra_env = {'user.deeplinkkey' => $data{'linkkey'},
- 'user.keyedlinkuri' => $data{'deeplink.login'}};
+ 'user.linkproturi' => $linkuri,
+ 'request.linkprot' => $data{'linkprot'}};
}
}
+ } elsif ($data{'linkkey'}) {
if (ref($extra_env) eq 'HASH') {
+ $extra_env->{'user.deeplinkkey'} = $data{'linkkey'};
+ $extra_env->{'user.keyedlinkuri'} = $data{'deeplink.login'};
+ $extra_env->{'request.linkkey'} = $data{'linkkey'};
+ } else {
+ $extra_env = {'user.deeplinkkey' => $data{'linkkey'},
+ 'user.keyedlinkuri' => $data{'deeplink.login'},
+ 'request.linkkey' => $data{'linkkey'}};
+ }
+ }
+ if ($data{'deeplink.login'}) {
+ if (ref($extra_env) eq 'HASH') {
$extra_env->{'request.deeplink.login' => $data{'deeplink.login'}};
} else {
$extra_env = {'request.deeplink.login' => $data{'deeplink.login'}};
@@ -930,6 +936,8 @@
($env{'request.role'} eq $data{'role'}) && ($data{'origurl'} ne '')) {
$next_url = $data{'origurl'};
$reuse_session = 1;
+ } elsif ($data{'origurl'} =~ m{^/tiny/$match_domain/\w+$}) {
+ $next_url=$data{'origurl'};
} else {
$next_url='/adm/roles?selectrole=1&'.&escape($data{'role'}).'=1';
if ($data{'origurl'} ne '') {
@@ -944,7 +952,17 @@
}
if ($reuse_session) {
$r->internal_redirect($next_url);
- } else {
+ } elsif ($data{'deeplink.login'}) {
+ if (ref($extra_env) eq 'HASH') {
+ $extra_env->{'request.deeplink.login'} = $data{'deeplink.login'};
+ } else {
+ $extra_env = {'request.deeplink.login' => $data{'deeplink.login'}};
+ }
+ if ($data{'linkprot'}) {
+ $extra_env->{'request.linkprot'} = $data{'linkprot'};
+ } elsif ($data{'linkkey'} ne '') {
+ $extra_env->{'request.linkkey'} = $data{'linkkey'};
+ }
&Apache::lonauth::success($r,$data{'username'},$data{'domain'},$home,
$next_url,$extra_env,\%form,'',$cid);
}
More information about the LON-CAPA-cvs
mailing list