[LON-CAPA-cvs] cvs: loncom /auth migrateuser.pm

raeburn raeburn at source.lon-capa.org
Mon Oct 6 23:13:34 EDT 2014


raeburn		Tue Oct  7 03:13:34 2014 EDT

  Modified files:              
    /loncom/auth	migrateuser.pm 
  Log:
  Bug 6675 (IP change detected in session migration).
  - log when IP change detected.
  - Include user's domain in query string if re-authentication uses /adm/login.
  
  
Index: loncom/auth/migrateuser.pm
diff -u loncom/auth/migrateuser.pm:1.23 loncom/auth/migrateuser.pm:1.24
--- loncom/auth/migrateuser.pm:1.23	Mon Oct  6 00:48:44 2014
+++ loncom/auth/migrateuser.pm	Tue Oct  7 03:13:34 2014
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.23 2014/10/06 00:48:44 raeburn Exp $
+# $Id: migrateuser.pm,v 1.24 2014/10/07 03:13:34 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -37,12 +37,15 @@
 use Apache::lonlogin();
 
 sub goto_login {
-    my ($r) = @_;
+    my ($r,$domain) = @_;
     &Apache::loncommon::content_type($r,'text/html');
     $r->send_http_header;
+    my $url = '/adm/login';
+    if ($domain) {
+        $url .= '?domain='.$domain;
+    }
     $r->print(&Apache::loncommon::start_page('Going to login',undef,
-					     {'redirect' =>
-						  [0,'/adm/login'],}).
+					     {'redirect' => [0,$url],}).
 	      '<h1>'.&mt('One moment please...').'</h1>'.
 	      '<p>'.&mt('Transferring to login page.').'</p>'.
 	      &Apache::loncommon::end_page());
@@ -173,10 +176,13 @@
             $url .= '/adm/roles';
         } else {
             $url .= '/adm/login';
+            if ($udom) {
+                $url .= '?domain='.$udom;
+            }
             $message .= '<br />'.&mt('You will need to provide your password one more time.');
         }
         my %info= (
-                    'domain'          => $dataref->{'domain'},
+                    'domain'          => $udom,
                     'username'        => $dataref->{'username'},
                     'role'            => $dataref->{'role'},
                     'sessionserver'   => $lonhost,
@@ -189,7 +195,8 @@
         }
         my $iptoken = &Apache::lonnet::tmpput(\%info,$switchto);
         unless ($iptoken eq 'conlost') {
-            $url .= '?iptoken='.$iptoken;
+            $url .= ($url =~ /\?/) ? '&' : '?';
+            $url .= 'iptoken='.$iptoken;
         }
         $r->print(&Apache::loncommon::start_page($title,undef,
                                                  {'redirect' =>
@@ -223,12 +230,18 @@
         return &goto_login($r);
     }
     if ($data{'ip'} ne $ENV{'REMOTE_ADDR'}) {
+        &Apache::lonnet::logthis('IP change when session migration requested -- was: '.
+                 $data{'ip'}.'; now: '.$ENV{'REMOTE_ADDR'}.' for '.$data{'username'}.':'.$data{'domain'});
 	return &ip_changed($r,$data{'domain'},$data{'server'},\%data);
     }
 
     &Apache::lonnet::logthis("Allowing access for $data{'username'}:$data{'domain'} to $data{'role'}");
     my $home=&Apache::lonnet::homeserver($data{'username'},$data{'domain'});
-    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r); }
+    my $udom;
+    if (&Apache::lonnet::domain($data{'domain'})) {
+        $udom=$data{'domain'};
+    }
+    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r,$udom); }
 
     my $extra_env = &sso_check(\%data);
 




More information about the LON-CAPA-cvs mailing list