[LON-CAPA-cvs] cvs: loncom /interface domainprefs.pm
raeburn
raeburn at source.lon-capa.org
Thu Jun 1 14:09:59 EDT 2023
raeburn Thu Jun 1 18:09:59 2023 EDT
Modified files:
/loncom/interface domainprefs.pm
Log:
- Bug 6754
Support option: "Encrypt stored consumer secrets defined in domain"
-------------- next part --------------
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.423 loncom/interface/domainprefs.pm:1.424
--- loncom/interface/domainprefs.pm:1.423 Mon May 22 21:10:55 2023
+++ loncom/interface/domainprefs.pm Thu Jun 1 18:09:59 2023
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.423 2023/05/22 21:10:55 raeburn Exp $
+# $Id: domainprefs.pm,v 1.424 2023/06/01 18:09:59 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -178,6 +178,7 @@
use DateTime::Locale;
use Time::HiRes qw( sleep );
use Net::CIDR;
+use Crypt::CBC;
my $registered_cleanup;
my $modified_urls;
@@ -225,9 +226,9 @@
'privacy','passwords','proctoring','wafproxy','ipaccess'],$dom);
my %encconfig =
&Apache::lonnet::get_dom('encconfig',['ltitools','lti','proctoring','linkprot'],$dom,undef,1);
+ my ($checked_is_home,$is_home);
if (ref($domconfig{'ltitools'}) eq 'HASH') {
if (ref($encconfig{'ltitools'}) eq 'HASH') {
- my $is_home;
my $home = &Apache::lonnet::domain($dom,'primary');
unless (($home eq 'no_host') || ($home eq '')) {
my @ids=&Apache::lonnet::current_machine_ids();
@@ -235,6 +236,7 @@
$is_home = 1;
}
}
+ $checked_is_home = 1;
foreach my $id (keys(%{$domconfig{'ltitools'}})) {
if ((ref($domconfig{'ltitools'}{$id}) eq 'HASH') &&
(ref($encconfig{'ltitools'}{$id}) eq 'HASH')) {
@@ -248,11 +250,22 @@
}
if (ref($domconfig{'lti'}) eq 'HASH') {
if (ref($encconfig{'lti'}) eq 'HASH') {
+ unless ($checked_is_home) {
+ my $home = &Apache::lonnet::domain($dom,'primary');
+ unless (($home eq 'no_host') || ($home eq '')) {
+ my @ids=&Apache::lonnet::current_machine_ids();
+ if (grep(/^\Q$home\E$/, at ids)) {
+ $is_home = 1;
+ }
+ }
+ $checked_is_home = 1;
+ }
foreach my $id (keys(%{$domconfig{'lti'}})) {
if ((ref($domconfig{'lti'}{$id}) eq 'HASH') &&
(ref($encconfig{'lti'}{$id}) eq 'HASH')) {
- foreach my $item ('key','secret') {
- $domconfig{'lti'}{$id}{$item} = $encconfig{'lti'}{$id}{$item};
+ $domconfig{'lti'}{$id}{'key'} = $encconfig{'lti'}{$id}{'key'};
+ if (($is_home) && ($phase eq 'process')) {
+ $domconfig{'lti'}{$id}{'secret'} = $encconfig{'lti'}{$id}{'secret'};
}
}
}
@@ -6187,6 +6200,9 @@
} elsif ($position eq 'lower') {
$datatable .= &Apache::courseprefs::print_linkprotection($dom,'',$settings,$rowtotal,'','','domain');
} else {
+ my ($switchserver,$switchmessage);
+ $switchserver = &check_switchserver($dom);
+ $switchmessage = &mt("submit from domain's primary library server: [_1].",$switchserver);
my $maxnum = 0;
my %ordered;
if (ref($settings) eq 'HASH') {
@@ -6207,10 +6223,10 @@
for (my $i=0; $i<@items; $i++) {
$css_class = $itemcount%2?' class="LC_odd_row"':'';
my $item = $ordered{$items[$i]};
- my ($key,$secret,$lifetime,$consumer,$requser,$crsinc,$current);
+ my ($key,$secret,$usable,$lifetime,$consumer,$requser,$crsinc,$current);
if (ref($settings->{$item}) eq 'HASH') {
$key = $settings->{$item}->{'key'};
- $secret = $settings->{$item}->{'secret'};
+ $usable = $settings->{$item}->{'usable'};
$lifetime = $settings->{$item}->{'lifetime'};
$consumer = $settings->{$item}->{'consumer'};
$requser = $settings->{$item}->{'requser'};
@@ -6258,8 +6274,56 @@
'<option value="LTI-1p0" selected="selected">1.1</option></select></span> '.
(' 'x2).
'<span class="LC_nobreak">'.$lt{'lifetime'}.':<input type="text" name="lti_lifetime_'.$i.'"'.
- 'value="'.$lifetime.'" size="3" /></span>'.
- (' 'x2).
+ 'value="'.$lifetime.'" size="3" /></span><br /><br />';
+ if ($key ne '') {
+ $datatable .= '<span class="LC_nobreak">'.$lt{'key'};
+ if ($switchserver) {
+ $datatable .= ': ['.&mt('[_1] to view/edit',$switchserver).']';
+ } else {
+ $datatable .= ':<input type="text" size="25" name="lti_key_'.$i.'" value="'.$key.'" autocomplete="off" />';
+ }
+ $datatable .= '</span> '.(' 'x2);
+ } elsif (!$switchserver) {
+ $datatable .= '<span class="LC_nobreak">'.$lt{'key'}.':'.
+ '<input type="text" size="25" name="lti_key_'.$i.'" value="'.$key.'" autocomplete="off" />'.
+ '</span> '.(' 'x2);
+ }
+ if ($switchserver) {
+ if ($usable ne '') {
+ $datatable .= '<div id="lti_divcurrsecret_'.$i.'" style="display:inline-block" /><span class="LC_nobreak">'.
+ $lt{'secret'}.': ['.&mt('not shown').'] '.(' 'x2).'</span></div>'.
+ '<span class="LC_nobreak">'.&mt('Change secret?').
+ '<label><input type="radio" value="0" name="lti_changesecret_'.$i.'" onclick="javascript:toggleChgSecret(this.form,'."'$i','secret','lti'".');" checked="checked" />'.&mt('No').'</label>'.
+ (' 'x2).
+ '<label><input type="radio" value="1" name="lti_changesecret_'.$i.'" onclick="javascript:toggleChgSecret(this.form,'."'$i','secret','lti'".');" />'.&mt('Yes').'</label>'.(' 'x2).
+ '</span><div id="lti_divchgsecret_'.$i.'" style="display:none" />'.
+ '<span class="LC_nobreak"> - '.$switchmessage.'</span>'.
+ '</div>';
+ } elsif ($key eq '') {
+ $datatable .= '<span class="LC_nobreak">'.&mt('Key and Secret are required').' - '.$switchmessage.'</span>'."\n";
+ } else {
+ $datatable .= '<span class="LC_nobreak">'.&mt('Secret required').' - '.$switchmessage.'</span>'."\n";
+ }
+ } else {
+ if ($usable ne '') {
+ $datatable .= '<div id="lti_divcurrsecret_'.$i.'" style="display:inline-block" /><span class="LC_nobreak">'.
+ $lt{'secret'}.': ['.&mt('not shown').'] '.(' 'x2).'</span></div>'.
+ '<span class="LC_nobreak">'.&mt('Change?').
+ '<label><input type="radio" value="0" name="lti_changesecret_'.$i.'" onclick="javascript:toggleChgSecret(this.form,'."'$i','secret','lti'".');" checked="checked" />'.&mt('No').'</label>'.
+ (' 'x2).
+ '<label><input type="radio" value="1" name="lti_changesecret_'.$i.'" onclick="javascript:toggleChgSecret(this.form,'."'$i','secret','lti'".');" />'.&mt('Yes').
+ '</label> </span><div id="lti_divchgsecret_'.$i.'" style="display:none" />'.
+ '<span class="LC_nobreak">'.&mt('New Secret').':'.
+ '<input type="password" size="20" name="lti_secret_'.$i.'" value="" autocomplete="new-password" />'.
+ '<label><input type="checkbox" name="lti_visible_'.$i.'" id="lti_visible_'.$i.'" onclick="if (this.checked) { this.form.lti_secret_'.$i.'.type='."'text'".' } else { this.form.lti_secret_'.$i.'.type='."'password'".' }" />'.&mt('Visible input').'</label></span></div>';
+ } else {
+ $datatable .=
+ '<span class="LC_nobreak">'.$lt{'secret'}.':'.
+ '<input type="password" size="20" name="lti_secret_'.$i.'" value="" autocomplete="new-password" />'.
+ '<label><input type="checkbox" name="lti_visible_'.$i.'" id="lti_visible_'.$i.'" onclick="if (this.checked) { this.form.lti_secret_'.$i.'.type='."'text'".' } else { this.form.lti_secret_'.$i.'.type='."'password'".' }" />'.&mt('Visible input').'</label>';
+ }
+ }
+ $datatable .= '<br /><br />'.
'<span class="LC_nobreak">'.$lt{'requser'}.':'.
'<label><input type="radio" name="lti_requser_'.$i.'" value="1"'.$onclickrequser.$checkedrequser{yes}.' />'.&mt('Yes').'</label> '."\n".
'<label><input type="radio" name="lti_requser_'.$i.'" value="0"'.$onclickrequser.$checkedrequser{no}.' />'.&mt('No').'</label></span>'."\n".
@@ -6268,12 +6332,6 @@
'<label><input type="radio" name="lti_crsinc_'.$i.'" value="1"'.$onclickcrsinc.$checkedcrsinc{yes}.' />'.&mt('Yes').'</label> '."\n".
'<label><input type="radio" name="lti_crsinc_'.$i.'" value="0"'.$onclickcrsinc.$checkedcrsinc{no}.' />'.&mt('No').'</label></span>'."\n".
(' 'x4).
- '<span class="LC_nobreak">'.$lt{'key'}.
- ':<input type="text" size="25" name="lti_key_'.$i.'" value="'.$key.'" /></span> '.
- (' 'x2).
- '<span class="LC_nobreak">'.$lt{'secret'}.':'.
- '<input type="password" size="20" name="lti_secret_'.$i.'" value="'.$secret.'" />'.
- '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.lti_secret_'.$i.'.type='."'text'".' } else { this.form.lti_secret_'.$i.'.type='."'password'".' }" />'.&mt('Visible input').'</label>'.
'<input type="hidden" name="lti_id_'.$i.'" value="'.$item.'" /></span>'.
'</fieldset>'.<i_options($i,$current,$itemcount,%lt).'</td></tr>';
$itemcount ++;
@@ -6302,8 +6360,16 @@
'<span class="LC_nobreak">'.$lt{'version'}.':<select name="lti_version_add">'.
'<option value="LTI-1p0" selected="selected">1.1</option></select></span> '."\n".
(' 'x2).
- '<span class="LC_nobreak">'.$lt{'lifetime'}.':<input type="text" size="3" name="lti_lifetime_add" value="300" /></span> '."\n".
- (' 'x2).
+ '<span class="LC_nobreak">'.$lt{'lifetime'}.':<input type="text" size="3" name="lti_lifetime_add" value="300" /></span><br /><br />'."\n";
+ if ($switchserver) {
+ $datatable .= '<span class="LC_nobreak">'.&mt('Key and Secret are required').' - '.$switchmessage.'</span>'."\n";
+ } else {
+ $datatable .= '<span class="LC_nobreak">'.$lt{'key'}.':<input type="text" size="25" name="lti_key_add" value="" autocomplete="off" /></span> '."\n".
+ (' 'x2).
+ '<span class="LC_nobreak">'.$lt{'secret'}.':<input type="password" size="20" name="lti_secret_add" value="" autocomplete="new-password" />'.
+ '<label><input type="checkbox" name="lti_add_visible" id="lti_add_visible" onclick="if (this.checked) { this.form.lti_secret_add.type='."'text'".' } else { this.form.lti_secret_add.type='."'password'".' }" />'.&mt('Visible input').'</label></span> '."\n";
+ }
+ $datatable .= '<br /><br />'.
'<span class="LC_nobreak">'.$lt{'requser'}.':'.
'<label><input type="radio" name="lti_requser_add" value="1" onclick="toggleLTI(this.form,'."'requser','add'".');" checked="checked" />'.&mt('Yes').'</label> '."\n".
'<label><input type="radio" name="lti_requser_add" value="0" onclick="toggleLTI(this.form,'."'requser','add'".');" />'.&mt('No').'</label></span>'."\n".
@@ -6311,11 +6377,6 @@
'<span class="LC_nobreak">'.$lt{'crsinc'}.':'.
'<label><input type="radio" name="lti_crsinc_add" value="1" onclick="toggleLTI(this.form,'."'crsinc','add'".');" checked="checked" />'.&mt('Yes').'</label> '."\n".
'<label><input type="radio" name="lti_crsinc_add" value="0" onclick="toggleLTI(this.form,'."'crsinc','add'".');" />'.&mt('No').'</label></span>'."\n".
- (' 'x4).
- '<span class="LC_nobreak">'.$lt{'key'}.':<input type="text" size="25" name="lti_key_add" value="" /></span> '."\n".
- (' 'x2).
- '<span class="LC_nobreak">'.$lt{'secret'}.':<input type="password" size="20" name="lti_secret_add" value="" />'.
- '<label><input type="checkbox" name="visible" onclick="if (this.checked) { this.form.lti_secret_add.type='."'text'".' } else { this.form.lti_secret_add.type='."'password'".' }" />'.&mt('Visible input').'</label></span> '."\n".
'</fieldset>'.<i_options('add',undef,$itemcount,%lt).
'</td>'."\n".
'</tr>'."\n";
@@ -13423,10 +13484,14 @@
sub check_switchserver {
my ($dom,$confname) = @_;
- my ($allowed,$switchserver);
- my $home = &Apache::lonnet::homeserver($confname,$dom);
- if ($home eq 'no_host') {
+ my ($allowed,$switchserver,$home);
+ if ($confname eq '') {
$home = &Apache::lonnet::domain($dom,'primary');
+ } else {
+ $home = &Apache::lonnet::homeserver($confname,$dom);
+ if ($home eq 'no_host') {
+ $home = &Apache::lonnet::domain($dom,'primary');
+ }
}
my @ids=&Apache::lonnet::current_machine_ids();
foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } }
@@ -14352,7 +14417,6 @@
foreach my $hostid (keys(%servers)) {
if (($hostid ne '') && (grep(/^\Q$hostid\E$/, at ids))) {
- my $newkey;
my $keyitem = 'form.'.$context.'_privkey_'.$hostid;
if (exists($env{$keyitem})) {
$env{$keyitem} =~ s/(`)/'/g;
@@ -14376,7 +14440,7 @@
}
sub store_security {
- my ($dom,$context,$secchanges,$newkeyset,$keystore,$lastactref) = @_;
+ my ($dom,$context,$secchanges,$newkeyset,$keystore) = @_;
return unless ((ref($secchanges) eq 'HASH') && (ref($newkeyset) eq 'HASH') &&
(ref($keystore) eq 'HASH'));
if (keys(%{$secchanges})) {
@@ -14391,11 +14455,6 @@
$dom,$hostid);
}
}
- if (ref($lastactref) eq 'HASH') {
- if (($secchanges->{'encrypt'}) || ($secchanges->{'private'})) {
- $lastactref->{'domdefaults'} = 1;
- }
- }
}
}
@@ -15075,7 +15134,7 @@
sub modify_lti {
my ($r,$dom,$action,$lastactref,%domconfig) = @_;
my %domdefaults = &Apache::lonnet::get_domain_defaults($dom,1);
- my ($newid, at allpos,%changes,%confhash,%encconfig,$errors,$resulttext);
+ my ($newid, at allpos,%changes,%confhash,%ltienc,$errors,$resulttext);
my (%posslti,%posslticrs,%posscrstype);
my @courseroles = ('cc','in','ta','ep','st');
my @ltiroles = qw(Learner Instructor ContentDeveloper TeachingAssistant Mentor Member Manager Administrator);
@@ -15189,29 +15248,43 @@
}
}
}
+ my (%keystore,$secstored);
+ if ($is_home) {
+ &store_security($dom,'lti',\%secchanges,\%newkeyset,\%keystore);
+ }
+
+ my ($cipher,$privnum);
+ if ((@items > 0) && ($is_home)) {
+ ($cipher,$privnum) = &get_priv_creds($dom,$home,$secchanges{'encrypt'},
+ $newltisec{'encrypt'},$keystore{$home});
+ }
foreach my $idx (@items) {
my $itemid = $itemids{$idx};
next unless ($itemid);
+ my %currlti;
+ unless ($idx eq 'add') {
+ if (ref($domconfig{$action}) eq 'HASH') {
+ if (ref($domconfig{$action}{$itemid}) eq 'HASH') {
+ %currlti = %{$domconfig{$action}{$itemid}};
+ }
+ }
+ }
my $position = $env{'form.lti_pos_'.$itemid};
$position =~ s/\D+//g;
if ($position ne '') {
$allpos[$position] = $itemid;
}
- foreach my $item ('consumer','key','secret','lifetime','requser','crsinc') {
+ foreach my $item ('consumer','lifetime','requser','crsinc') {
my $formitem = 'form.lti_'.$item.'_'.$idx;
$env{$formitem} =~ s/(`)/'/g;
if ($item eq 'lifetime') {
$env{$formitem} =~ s/[^\d.]//g;
}
if ($env{$formitem} ne '') {
- if (($item eq 'key') || ($item eq 'secret')) {
- $encconfig{$itemid}{$item} = $env{$formitem};
- } else {
- $confhash{$itemid}{$item} = $env{$formitem};
- unless (($idx eq 'add') || ($changes{$itemid})) {
- if ($domconfig{$action}{$itemid}{$item} ne $confhash{$itemid}{$item}) {
- $changes{$itemid} = 1;
- }
+ $confhash{$itemid}{$item} = $env{$formitem};
+ unless (($idx eq 'add') || ($changes{$itemid})) {
+ if ($currlti{$item} ne $confhash{$itemid}{$item}) {
+ $changes{$itemid} = 1;
}
}
}
@@ -15352,27 +15425,27 @@
unless (($idx eq 'add') || ($changes{$itemid})) {
if ($confhash{$itemid}{'crsinc'}) {
foreach my $field ('mapcrs','storecrs','makecrs','section','passback','roster') {
- if ($domconfig{$action}{$itemid}{$field} ne $confhash{$itemid}{$field}) {
+ if ($currlti{$field} ne $confhash{$itemid}{$field}) {
$changes{$itemid} = 1;
}
}
unless ($changes{$itemid}) {
- if ($domconfig{$action}{$itemid}{'passback'} eq $confhash{$itemid}{'passback'}) {
- if ($domconfig{$action}{$itemid}{'passbackformat'} ne $confhash{$itemid}{'passbackformat'}) {
+ if ($currlti{'passback'} eq $confhash{$itemid}{'passback'}) {
+ if ($currlti{'passbackformat'} ne $confhash{$itemid}{'passbackformat'}) {
$changes{$itemid} = 1;
}
}
}
foreach my $field ('mapcrstype','selfenroll') {
unless ($changes{$itemid}) {
- if (ref($domconfig{$action}{$itemid}{$field}) eq 'ARRAY') {
+ if (ref($currlti{$field}) eq 'ARRAY') {
if (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
- my @diffs = &Apache::loncommon::compare_arrays($domconfig{$action}{$itemid}{$field},
+ my @diffs = &Apache::loncommon::compare_arrays($currlti{$field},
$confhash{$itemid}{$field});
if (@diffs) {
$changes{$itemid} = 1;
}
- } elsif (@{$domconfig{$action}{$itemid}{$field}} > 0) {
+ } elsif (@{$currlti{$field}} > 0) {
$changes{$itemid} = 1;
}
} elsif (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
@@ -15383,10 +15456,10 @@
}
}
unless ($changes{$itemid}) {
- if (ref($domconfig{$action}{$itemid}{'maproles'}) eq 'HASH') {
+ if (ref($currlti{'maproles'}) eq 'HASH') {
if (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
- foreach my $ltirole (keys(%{$domconfig{$action}{$itemid}{'maproles'}})) {
- if ($domconfig{$action}{$itemid}{'maproles'}{$ltirole} ne
+ foreach my $ltirole (keys(%{$currlti{'maproles'}})) {
+ if ($currlti{'maproles'}{$ltirole} ne
$confhash{$itemid}{'maproles'}{$ltirole}) {
$changes{$itemid} = 1;
last;
@@ -15395,13 +15468,13 @@
unless ($changes{$itemid}) {
foreach my $ltirole (keys(%{$confhash{$itemid}{'maproles'}})) {
if ($confhash{$itemid}{'maproles'}{$ltirole} ne
- $domconfig{$action}{$itemid}{'maproles'}{$ltirole}) {
+ $currlti{'maproles'}{$ltirole}) {
$changes{$itemid} = 1;
last;
}
}
}
- } elsif (keys(%{$domconfig{$action}{$itemid}{'maproles'}}) > 0) {
+ } elsif (keys(%{$currlti{'maproles'}}) > 0) {
$changes{$itemid} = 1;
}
} elsif (ref($confhash{$itemid}{'maproles'}) eq 'HASH') {
@@ -15415,20 +15488,20 @@
}
unless ($changes{$itemid}) {
foreach my $field ('mapuser','lcauth','lcauthparm','topmenu','inlinemenu','callback') {
- if ($domconfig{$action}{$itemid}{$field} ne $confhash{$itemid}{$field}) {
+ if ($currlti{$field} ne $confhash{$itemid}{$field}) {
$changes{$itemid} = 1;
}
}
unless ($changes{$itemid}) {
foreach my $field ('makeuser','lcmenu') {
- if (ref($domconfig{$action}{$itemid}{$field}) eq 'ARRAY') {
+ if (ref($currlti{$field}) eq 'ARRAY') {
if (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
- my @diffs = &Apache::loncommon::compare_arrays($domconfig{$action}{$itemid}{$field},
+ my @diffs = &Apache::loncommon::compare_arrays($currlti{$field},
$confhash{$itemid}{$field});
if (@diffs) {
$changes{$itemid} = 1;
}
- } elsif (@{$domconfig{$action}{$itemid}{$field}} > 0) {
+ } elsif (@{$currlti{$field}} > 0) {
$changes{$itemid} = 1;
}
} elsif (ref($confhash{$itemid}{$field}) eq 'ARRAY') {
@@ -15441,6 +15514,71 @@
}
}
}
+ if ($is_home) {
+ my $keyitem = 'form.lti_key_'.$idx;
+ $env{$keyitem} =~ s/(`)/'/g;
+ if ($env{$keyitem} ne '') {
+ $ltienc{$itemid}{'key'} = $env{$keyitem};
+ unless ($changes{$itemid}) {
+ if ($currlti{'key'} ne $env{$keyitem}) {
+ $changes{$itemid} = 1;
+ }
+ }
+ }
+ my $secretitem = 'form.lti_secret_'.$idx;
+ $env{$secretitem} =~ s/(`)/'/g;
+ if ($currlti{'usable'}) {
+ if ($env{'form.lti_changesecret_'.$idx}) {
+ if ($env{$secretitem} ne '') {
+ if ($privnum && $cipher) {
+ $ltienc{$itemid}{'secret'} = $cipher->encrypt_hex($env{$secretitem});
+ $confhash{$itemid}{'cipher'} = $privnum;
+ } else {
+ $ltienc{$itemid}{'secret'} = $env{$secretitem};
+ }
+ $changes{$itemid} = 1;
+ }
+ } else {
+ $ltienc{$itemid}{'secret'} = $currlti{'secret'};
+ $confhash{$itemid}{'cipher'} = $currlti{'cipher'};
+ }
+ if (ref($ltienc{$itemid}) eq 'HASH') {
+ if (($ltienc{$itemid}{'key'} ne '') && ($ltienc{$itemid}{'secret'} ne '')) {
+ $confhash{$itemid}{'usable'} = 1;
+ }
+ }
+ } elsif ($env{$secretitem} ne '') {
+ if ($privnum && $cipher) {
+ $ltienc{$itemid}{'secret'} = $cipher->encrypt_hex($env{$secretitem});
+ $confhash{$itemid}{'cipher'} = $privnum;
+ } else {
+ $ltienc{$itemid}{'secret'} = $env{$secretitem};
+ }
+ if (ref($ltienc{$itemid}) eq 'HASH') {
+ if (($ltienc{$itemid}{'key'} ne '') && ($ltienc{$itemid}{'key'} ne '')) {
+ $confhash{$itemid}{'usable'} = 1;
+ }
+ }
+ $changes{$itemid} = 1;
+ }
+ }
+ unless ($changes{$itemid}) {
+ foreach my $key (keys(%currlti)) {
+ if (ref($currlti{$key}) eq 'HASH') {
+ if (ref($confhash{$itemid}{$key}) eq 'HASH') {
+ foreach my $innerkey (keys(%{$currlti{$key}})) {
+ unless (exists($confhash{$itemid}{$key}{$innerkey})) {
+ $changes{$itemid} = 1;
+ last;
+ }
+ }
+ } elsif (keys(%{$currlti{$key}}) > 0) {
+ $changes{$itemid} = 1;
+ }
+ }
+ last if ($changes{$itemid});
+ }
+ }
}
if (@allpos > 0) {
my $idx = 0;
@@ -15458,12 +15596,21 @@
}
}
}
+
+ if ((keys(%changes) == 0) && (keys(%secchanges) == 0)) {
+ return &mt('No changes made.');
+ }
+
my %ltihash = (
$action => { %confhash }
);
- my %ltienchash = (
- $action => { %encconfig }
- );
+ my %ltienchash;
+
+ if ($is_home) {
+ %ltienchash = (
+ $action => { %ltienc }
+ );
+ }
if (keys(%secchanges)) {
$ltihash{'ltisec'} = \%newltisec;
if ($secchanges{'linkprot'}) {
@@ -15474,11 +15621,8 @@
}
my $putresult = &Apache::lonnet::put_dom('configuration',\%ltihash,$dom);
if ($putresult eq 'ok') {
- my %keystore;
- &store_security($dom,'lti',\%secchanges,\%newkeyset,\%keystore,$lastactref);
- &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
- if ((keys(%changes) == 0) && (keys(%secchanges) == 0)) {
- return &mt('No changes made.');
+ if (keys(%ltienchash)) {
+ &Apache::lonnet::put_dom('encconfig',\%ltienchash,$dom,undef,1);
}
$resulttext = &mt('Changes made:').'<ul>';
if (keys(%secchanges) > 0) {
@@ -15489,28 +15633,20 @@
}
if (keys(%changes) > 0) {
my $cachetime = 24*60*60;
- my %ltiall = %confhash;
- foreach my $id (keys(%ltiall)) {
- if (ref($encconfig{$id}) eq 'HASH') {
- foreach my $item ('key','secret') {
- $ltiall{$id}{$item} = $encconfig{$id}{$item};
- }
- }
- }
- &Apache::lonnet::do_cache_new('lti',$dom,\%ltiall,$cachetime);
+ &Apache::lonnet::do_cache_new('lti',$dom,\%confhash,$cachetime);
if (ref($lastactref) eq 'HASH') {
$lastactref->{'lti'} = 1;
}
my %bynum;
foreach my $itemid (sort(keys(%changes))) {
- my $position = $confhash{$itemid}{'order'};
- $bynum{$position} = $itemid;
+ if (ref($confhash{$itemid}) eq 'HASH') {
+ my $position = $confhash{$itemid}{'order'};
+ $bynum{$position} = $itemid;
+ }
}
foreach my $pos (sort { $a <=> $b } keys(%bynum)) {
my $itemid = $bynum{$pos};
- if (ref($confhash{$itemid}) ne 'HASH') {
- $resulttext .= '<li>'.&mt('Deleted: [_1]',$changes{$itemid}).'</li>';
- } else {
+ if (ref($confhash{$itemid}) eq 'HASH') {
$resulttext .= '<li><b>'.$confhash{$itemid}{'consumer'}.'</b><ul>';
my $position = $pos + 1;
$resulttext .= '<li>'.&mt('Order: [_1]',$position).'</li>';
@@ -15519,13 +15655,11 @@
$resulttext .= '<li>'.$lt{$item}.': '.$confhash{$itemid}{$item}.'</li>';
}
}
- if ($encconfig{$itemid}{'key'} ne '') {
- $resulttext .= '<li>'.$lt{'key'}.': '.$encconfig{$itemid}{'key'}.'</li>';
+ if ($ltienc{$itemid}{'key'} ne '') {
+ $resulttext .= '<li>'.$lt{'key'}.': '.$ltienc{$itemid}{'key'}.'</li>';
}
- if ($encconfig{$itemid}{'secret'} ne '') {
- $resulttext .= '<li>'.$lt{'secret'}.': ';
- my $num = length($encconfig{$itemid}{'secret'});
- $resulttext .= ('*'x$num).'</li>';
+ if ($ltienc{$itemid}{'secret'} ne '') {
+ $resulttext .= '<li>'.$lt{'secret'}.': ['.&mt('not shown').']</li>';
}
if ($confhash{$itemid}{'requser'}) {
if ($confhash{$itemid}{'callback'}) {
@@ -15677,8 +15811,18 @@
$resulttext .= '</ul></li>';
}
}
+ if (keys(%deletions)) {
+ foreach my $itemid (sort { $a <=> $b } keys(%deletions)) {
+ $resulttext .= '<li>'.&mt('Deleted: [_1]',$changes{$itemid}).'</li>';
+ }
+ }
}
$resulttext .= '</ul>';
+ if (ref($lastactref) eq 'HASH') {
+ if (($secchanges{'encrypt'}) || ($secchanges{'private'})) {
+ $lastactref->{'domdefaults'} = 1;
+ }
+ }
} else {
$errors .= '<li><span class="LC_error">'.&mt('Failed to save changes').'</span></li>';
}
@@ -15689,6 +15833,30 @@
return $resulttext;
}
+sub get_priv_creds {
+ my ($dom,$home,$encchg,$encrypt,$storedsec) = @_;
+ my ($needenc,$cipher,$privnum);
+ my %domdefs = &Apache::lonnet::get_domain_defaults($dom);
+ if (($encchg) && (ref($encrypt) eq 'HASH')) {
+ $needenc = $encrypt->{'consumers'}
+ } else {
+ $needenc = $domdefs{'ltienc_consumers'};
+ }
+ if ($needenc) {
+ if (($storedsec eq 'ok') || ((ref($domdefs{'ltiprivhosts'}) eq 'ARRAY') &&
+ (grep(/^\Q$home\E$/,@{$domdefs{'ltiprivhosts'}})))) {
+ my %privhash = &Apache::lonnet::restore_dom('lti','private',$dom,$home,1);
+ my $privkey = $privhash{'key'};
+ $privnum = $privhash{'version'};
+ if (($privnum) && ($privkey ne '')) {
+ $cipher = Crypt::CBC->new({'key' => $privkey,
+ 'cipher' => 'DES'});
+ }
+ }
+ }
+ return ($cipher,$privnum);
+}
+
sub get_lti_id {
my ($domain,$consumer) = @_;
# get lock on lti db
More information about the LON-CAPA-cvs
mailing list