[LON-CAPA-cvs] cvs: loncom /auth lonacc.pm lonauth.pm lonlogin.pm migrateuser.pm
raeburn
raeburn at source.lon-capa.org
Fri Oct 3 22:59:32 EDT 2014
raeburn Sat Oct 4 02:59:32 2014 EDT
Modified files:
/loncom/auth lonacc.pm lonauth.pm lonlogin.pm migrateuser.pm
Log:
Bug 6675
- Changed client IP address when load balancing:
Support option to host on Load Balancer itself, after re-authentication.
Index: loncom/auth/lonacc.pm
diff -u loncom/auth/lonacc.pm:1.157 loncom/auth/lonacc.pm:1.158
--- loncom/auth/lonacc.pm:1.157 Tue Jun 17 23:22:10 2014
+++ loncom/auth/lonacc.pm Sat Oct 4 02:59:32 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Cookie Based Access Handler
#
-# $Id: lonacc.pm,v 1.157 2014/06/17 23:22:10 raeburn Exp $
+# $Id: lonacc.pm,v 1.158 2014/10/04 02:59:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -307,7 +307,10 @@
my %sessiondata;
if ($form{'iptoken'}) {
%sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
- my $delete = &Apache::lonnet::tmpdel($form{'token'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
+ unless ($sessiondata{'sessionserver'}) {
+ delete($form{'iptoken'});
+ }
}
my $domain = $r->dir_config('lonSSOUserDomain');
@@ -319,8 +322,8 @@
&Apache::lonnet::logthis(" SSO authorized user $user ");
my ($is_balancer,$otherserver,$hosthere);
if ($form{'iptoken'}) {
- if (($sessiondata{'domain'} eq $form{'udom'}) &&
- ($sessiondata{'username'} eq $form{'uname'})) {
+ if (($sessiondata{'domain'} eq $domain) &&
+ ($sessiondata{'username'} eq $user)) {
$hosthere = 1;
}
}
@@ -361,7 +364,7 @@
'server' => $r->dir_config('lonHostID'),
'sso.login' => 1
);
- foreach my $item ('role','symb') {
+ foreach my $item ('role','symb','iptoken') {
if (exists($form{$item})) {
$info{$item} = $form{$item};
}
Index: loncom/auth/lonauth.pm
diff -u loncom/auth/lonauth.pm:1.134 loncom/auth/lonauth.pm:1.135
--- loncom/auth/lonauth.pm:1.134 Wed Apr 30 21:51:30 2014
+++ loncom/auth/lonauth.pm Sat Oct 4 02:59:32 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network
# User Authentication Module
#
-# $Id: lonauth.pm,v 1.134 2014/04/30 21:51:30 raeburn Exp $
+# $Id: lonauth.pm,v 1.135 2014/10/04 02:59:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -309,12 +309,6 @@
my $tmpinfo=Apache::lonnet::reply('tmpget:'.$form{'logtoken'},
$form{'serverid'});
- my %sessiondata;
- if ($form{'iptoken'}) {
- %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
- my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
- }
-
if (($tmpinfo=~/^error/) || ($tmpinfo eq 'con_lost') ||
($tmpinfo eq 'no_such_host')) {
&failed($r,'Information needed to verify your login information is missing, inaccessible or expired.',\%form);
@@ -334,19 +328,25 @@
return OK;
}
- my ($key,$firsturl,$rolestr,$symbstr)=split(/&/,$tmpinfo);
+ my ($key,$firsturl,$rolestr,$symbstr,$iptokenstr)=split(/&/,$tmpinfo);
if ($rolestr) {
$rolestr = &unescape($rolestr);
}
if ($symbstr) {
$symbstr= &unescape($symbstr);
}
+ if ($iptokenstr) {
+ $iptokenstr = &unescape($iptokenstr);
+ }
if ($rolestr =~ /^role=/) {
(undef,$form{'role'}) = split('=',$rolestr);
}
if ($symbstr =~ /^symb=/) {
(undef,$form{'symb'}) = split('=',$symbstr);
}
+ if ($iptokenstr =~ /^iptoken=/) {
+ (undef,$form{'iptoken'}) = split('=',$iptokenstr);
+ }
my $keybin=pack("H16",$key);
@@ -430,6 +430,8 @@
my $hosthere;
if ($form{'iptoken'}) {
+ my %sessiondata = &Apache::lonnet::tmpget($form{'iptoken'});
+ my $delete = &Apache::lonnet::tmpdel($form{'iptoken'});
if (($sessiondata{'domain'} eq $form{'udom'}) &&
($sessiondata{'username'} eq $form{'uname'})) {
$hosthere = 1;
Index: loncom/auth/lonlogin.pm
diff -u loncom/auth/lonlogin.pm:1.158 loncom/auth/lonlogin.pm:1.159
--- loncom/auth/lonlogin.pm:1.158 Tue Nov 26 03:17:09 2013
+++ loncom/auth/lonlogin.pm Sat Oct 4 02:59:32 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Login Screen
#
-# $Id: lonlogin.pm,v 1.158 2013/11/26 03:17:09 raeburn Exp $
+# $Id: lonlogin.pm,v 1.159 2014/10/04 02:59:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -113,7 +113,10 @@
my %sessiondata;
if ($env{'form.iptoken'}) {
%sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
- my $delete = &Apache::lonnet::tmpdel($env{'form.token'});
+ unless ($sessiondata{'sessionserver'}) {
+ my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
+ delete($env{'form.iptoken'});
+ }
}
# ----------------------------------------------------------- Process Interface
$env{'form.interface'}=~s/\W//g;
@@ -222,6 +225,12 @@
}
$tokenextras .= '&symb='.&escape($env{'form.symb'});
}
+ if ($env{'form.iptoken'}) {
+ if (!$tokenextras) {
+ $tokenextras = '&&';
+ }
+ $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'});
+ }
my $logtoken=Apache::lonnet::reply(
'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras,
$lonhost);
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.20 loncom/auth/migrateuser.pm:1.21
--- loncom/auth/migrateuser.pm:1.20 Mon Dec 30 20:55:42 2013
+++ loncom/auth/migrateuser.pm Sat Oct 4 02:59:32 2014
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Starts a user off based of an existing token.
#
-# $Id: migrateuser.pm,v 1.20 2013/12/30 20:55:42 raeburn Exp $
+# $Id: migrateuser.pm,v 1.21 2014/10/04 02:59:32 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -77,6 +77,11 @@
my $rule_in_effect;
if ($frombalancer) {
my $balancerdom = &Apache::lonnet::host_domain($dataref->{'server'});
+ if ($dataref->{'sso.login'}) {
+ if (&Apache::lonnet::domain($dataref->{'domain'})) {
+ $balancerdom = $dataref->{'domain'};
+ }
+ }
my ($result,$cached)=&Apache::lonnet::is_cached_new('loadbalancing',$balancerdom);
unless (defined($cached)) {
my $cachetime = 60*60*24;
@@ -140,9 +145,9 @@
}
}
if ($dataref->{'sso.login'}) {
- $url .= '/adm/roles?';
+ $url .= '/adm/roles';
} else {
- $url .= '/adm/login?';
+ $url .= '/adm/login';
$message .= '<br />'.&mt('You will need to provide your password one more time.');
}
my %info= (
@@ -159,7 +164,7 @@
}
my $iptoken = &Apache::lonnet::tmpput(\%info,$switchto);
unless ($iptoken eq 'conlost') {
- $url .= 'iptoken='.$iptoken;
+ $url .= '?iptoken='.$iptoken;
}
$r->print(&Apache::loncommon::start_page($title,undef,
{'redirect' =>
@@ -206,6 +211,9 @@
if ($data{'symb'} ne '') {
$form{'symb'} = $data{'symb'};
}
+ if ($data{'iptoken'} ne '') {
+ $form{'iptoken'} = $data{'iptoken'};
+ }
if (!$data{'role'}) {
my $handle = &Apache::lonnet::check_for_valid_session($r);
More information about the LON-CAPA-cvs
mailing list