[LON-CAPA-cvs] cvs: loncom(version_2_11_X) /auth lonacc.pm
raeburn
raeburn at source.lon-capa.org
Sat Dec 11 19:53:57 EST 2021
raeburn Sun Dec 12 00:53:57 2021 EDT
Modified files: (Branch: version_2_11_X)
/loncom/auth lonacc.pm
Log:
- For 2.11
Backport 1.189, 1.190, 1.191, 1.196, 1.199, 1.200 (part) 1.201, 1.202
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.159.2.20 loncom/auth/lonacc.pm:1.159.2.21
--- loncom/auth/lonacc.pm:1.159.2.20 Wed Feb 10 11:36:15 2021
+++ loncom/auth/lonacc.pm Sun Dec 12 00:53:57 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.159.2.20 2021/02/10 11:36:15 raeburn Exp $
+# $Id: lonacc.pm,v 1.159.2.21 2021/12/12 00:53:57 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -159,7 +159,8 @@
if (length($value) == 1) {
$value=~s/[\r\n]$//;
}
- } elsif ($fname =~ /\.(xls|doc|ppt)(x|m)$/i) {
+ }
+ if ($fname =~ /\.(xls|doc|ppt)(x|m)$/i) {
$value=~s/[\r\n]$//;
}
if (ref($fields) eq 'ARRAY') {
@@ -296,7 +297,7 @@
my $query = $r->args;
my %form;
if ($query) {
- my @items = ('role','symb','iptoken');
+ my @items = ('role','symb','iptoken','origurl','logtoken');
&Apache::loncommon::get_unprocessed_cgi($query,\@items);
foreach my $item (@items) {
if (defined($env{'form.'.$item})) {
@@ -314,6 +315,38 @@
}
}
+#
+# If Shibboleth auth is in use, and a dual SSO and non-SSO login page
+# is in use, then the query string will contain the logtoken item with
+# a value set to the name of a .tmp file in /home/httpd/perl/tmp
+# containing the url to display after authentication, and also,
+# optionally, role and symb.
+#
+# Otherwise the query string may contain role and symb.
+#
+
+ if ($form{'logtoken'}) {
+ my ($firsturl, at rest);
+ my $lonhost = $r->dir_config('lonHostID');
+ my $tmpinfo = &Apache::lonnet::reply('tmpget:'.$form{'logtoken'},$lonhost);
+ my $delete = &Apache::lonnet::tmpdel($form{'logtoken'});
+ unless (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
+ ($tmpinfo eq 'no_such_host')) {
+ (undef,$firsturl, at rest) = split(/&/,$tmpinfo);
+ if ($firsturl ne '') {
+ $firsturl = &unescape($firsturl);
+ }
+ foreach my $item (@rest) {
+ my ($key,$value) = split(/=/,$item);
+ $form{$key} = &unescape($value);
+ }
+ if ($form{'iptoken'}) {
+ %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+ }
+ }
+ }
+
my $domain = $r->dir_config('lonSSOUserDomain');
if ($domain eq '') {
$domain = $r->dir_config('lonDefDomain');
@@ -340,7 +373,7 @@
my $lowest_load;
($otherserver,undef,undef,undef,$lowest_load) = &Apache::lonnet::choose_server($domain);
if ($lowest_load > 100) {
- $otherserver = &Apache::lonnet::spareserver($lowest_load,$lowest_load,1,$domain);
+ $otherserver = &Apache::lonnet::spareserver($r,$lowest_load,$lowest_load,1,$domain);
}
if ($otherserver ne '') {
my @hosts = &Apache::lonnet::current_machine_ids();
@@ -355,6 +388,14 @@
# login but immediately go to switch server to find us a new
# machine
&Apache::lonauth::success($r,$user,$domain,$home,'noredirect');
+ foreach my $item (keys(%form)) {
+ $env{'form.'.$item} = $form{$item};
+ }
+ unless (($form{'symb'}) || ($form{'origurl'})) {
+ unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) {
+ $env{'form.origurl'} = $r->uri;
+ }
+ }
$env{'request.sso.login'} = 1;
if (defined($r->dir_config("lonSSOReloginServer"))) {
$env{'request.sso.reloginserver'} =
@@ -376,12 +417,14 @@
'server' => $r->dir_config('lonHostID'),
'sso.login' => 1
);
- foreach my $item ('role','symb','iptoken') {
+ foreach my $item ('role','symb','iptoken','origurl') {
if (exists($form{$item})) {
$info{$item} = $form{$item};
+ } elsif ($sessiondata{$item} ne '') {
+ $info{$item} = $sessiondata{$item};
}
}
- unless ($info{'symb'}) {
+ unless (($info{'symb'}) || ($info{'origurl'})) {
unless (($r->uri eq '/adm/roles') || ($r->uri eq '/adm/sso')) {
$info{'origurl'} = $r->uri;
}
@@ -423,6 +466,8 @@
$r->subprocess_env->set('SSOUserUnknown' => $user);
$r->subprocess_env->set('SSOUserDomain' => $domain);
if (grep(/^sso$/, at cancreate)) {
+#FIXME - need to preserve origurl, role and symb for use after account
+# creation
$r->set_handlers('PerlHandler'=> [\&Apache::createaccount::handler]);
$r->handler('perl-script');
} else {
@@ -462,7 +507,7 @@
if ($handle eq '') {
unless ((($requrl eq '/adm/switchserver') && (!$r->is_initial_req())) ||
($requrl =~ m{^/public/$match_domain/$match_courseid/syllabus}) ||
- ($requrl =~ m{^/adm/help/}) ||
+ ($requrl =~ m{^/adm/help/}) || ($requrl eq '/adm/sso') ||
($requrl =~ m{^/res/$match_domain/$match_username/})) {
$r->log_reason("Cookie not valid", $r->filename);
}
@@ -541,7 +586,7 @@
my $hostname = $r->hostname();
my $lonhost = &Apache::lonnet::host_from_dns($hostname);
if ($lonhost) {
- my $actual = &Apache::lonnet::absolute_url($hostname);
+ my $actual = &Apache::lonnet::absolute_url($hostname,1,1);
my $expected = $Apache::lonnet::protocol{$lonhost}.'://'.$hostname;
unless ($actual eq $expected) {
$env{'request.use_absolute'} = $expected;
@@ -653,7 +698,8 @@
$access=&Apache::lonnet::allowed('bre',$requrl,'','','','',1);
}
} else {
- $access=&Apache::lonnet::allowed('bre',$requrl);
+ my $clientip = &Apache::lonnet::get_requestor_ip($r);
+ $access=&Apache::lonnet::allowed('bre',$requrl,'','',$clientip);
}
}
if ($check_block) {
More information about the LON-CAPA-cvs
mailing list