--- loncom/auth/migrateuser.pm	2017/11/30 15:14:51	1.26
+++ loncom/auth/migrateuser.pm	2018/03/23 01:01:29	1.27
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Starts a user off based of an existing token.
 #
-# $Id: migrateuser.pm,v 1.26 2017/11/30 15:14:51 raeburn Exp $
+# $Id: migrateuser.pm,v 1.27 2018/03/23 01:01:29 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -35,25 +35,29 @@ use Apache::lonauth;
 use Apache::lonnet;
 use Apache::lonlocal;
 use Apache::lonlogin();
+use Apache::ltiauth;
 
 sub goto_login {
-    my ($r,$domain) = @_;
-    &Apache::loncommon::content_type($r,'text/html');
-    $r->send_http_header;
-    my $url = '/adm/login';
-    if ($domain) {
-        $url .= '?domain='.$domain;
-    }
-    $r->print(&Apache::loncommon::start_page('Going to login',undef,
-					     {'redirect' => [0,$url],}).
-	      '<h1>'.&mt('One moment please...').'</h1>'.
-	      '<p>'.&mt('Transferring to login page.').'</p>'.
-	      &Apache::loncommon::end_page());
+    my ($r,$domain,$data) = @_;
+    if ((ref($data) eq 'HASH') && ($data->{'lti.login'})) {
+        &Apache::ltiauth::invalid_request($r,'22');
+    } else {
+        &Apache::loncommon::content_type($r,'text/html');
+        $r->send_http_header;
+        my $url = '/adm/login';
+        if ($domain) {
+            $url .= '?domain='.$domain;
+        }
+        $r->print(&Apache::loncommon::start_page('Going to login',undef,
+					         {'redirect' => [0,$url],}).
+	          '<h1>'.&mt('One moment please...').'</h1>'.
+	          '<p>'.&mt('Transferring to login page.').'</p>'.
+	          &Apache::loncommon::end_page());
+    }
     return OK;
 }
 
-
-sub sso_lti_check {
+sub sso_check {
     my ($data) = @_;
     my %extra_env;
     if (ref($data) eq 'HASH') {
@@ -64,23 +68,40 @@ sub sso_lti_check {
             $extra_env{'request.sso.reloginserver'} = 
                 $data->{'sso.reloginserver'};
         }
+    }
+    return \%extra_env;
+}
+
+sub lti_check {
+    my ($data) = @_;
+    my %lti_env;
+    if (ref($data) eq 'HASH') {
         if ($data->{'lti.login'}) {
-            $extra_env{'request.lti.login'} = $data->{'lti.login'};
+            $lti_env{'request.lti.login'} = $data->{'lti.login'};
+            if ($data->{'lti.reqcrs'}) {
+                $lti_env{'request.lti.reqcrs'} = $data->{'lti.reqcrs'};
+            }
+            if ($data->{'lti.reqrole'}) {
+                $lti_env{'request.lti.reqrole'} = $data->{'lti.reqrole'};
+            }
+            if ($data->{'lti.selfenrollrole'}) {
+                $lti_env{'request.lti.selfenrollrole'} = $data->{'lti.selfenrollrole'};
+            }
         }
         if ($data->{'lti.passbackid'}) {
-            $extra_env{'request.lti.passbackid'} = $data->{'lti.passbackid'};
+            $lti_env{'request.lti.passbackid'} = $data->{'lti.passbackid'};
         }
         if ($data->{'lti.passbackurl'}) {
-            $extra_env{'request.lti.passbackurl'} = $data->{'lti.passbackurl'};
+            $lti_env{'request.lti.passbackurl'} = $data->{'lti.passbackurl'};
         }
         if ($data->{'lti.rosterid'}) {
-            $extra_env{'request.lti.rosterid'} = $data->{'lti.rosterid'};
+            $lti_env{'request.lti.rosterid'} = $data->{'lti.rosterid'};
         }
         if ($data->{'lti.rosterurl'}) {
-            $extra_env{'request.lti.rosterurl'} = $data->{'lti.rosterurl'};
+            $lti_env{'request.lti.rosterurl'} = $data->{'lti.rosterurl'};
         }
     }
-    return \%extra_env;
+    return \%lti_env;
 }
 
 sub ip_changed {
@@ -238,11 +259,11 @@ sub handler {
     &Apache::lonlocal::get_language_handle($r);
 
     if ($delete ne 'ok') {
-	return &goto_login($r);
+	return &goto_login($r,undef,\%data);
     }
 
     if (!defined($data{'username'}) || !defined($data{'domain'})) {
-        return &goto_login($r);
+        return &goto_login($r,undef,\%data);
     }
     if ($data{'ip'} ne $ENV{'REMOTE_ADDR'}) {
         &Apache::lonnet::logthis('IP change when session migration requested -- was: '.
@@ -256,9 +277,17 @@ sub handler {
     if (&Apache::lonnet::domain($data{'domain'})) {
         $udom=$data{'domain'};
     }
-    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r,$udom); }
+    if ($home =~ /(con_lost|no_such_host)/) { return &goto_login($r,$udom,\%data); }
+
+    my $sso_env = &sso_check(\%data);
+    my $lti_env = &lti_check(\%data);
 
-    my $extra_env = &sso_lti_check(\%data);
+    my $extra_env;
+    if ((ref($sso_env) eq 'HASH') && (keys(%{$sso_env}))) {
+        $extra_env = $sso_env;
+    } elsif ((ref($lti_env) eq 'HASH') && (keys(%{$lti_env}))) {
+        $extra_env = $lti_env;
+    }
 
     my %form;
     if ($data{'symb'} ne '') {
@@ -276,7 +305,37 @@ sub handler {
 	if ($handle) {
 	    &Apache::lonnet::transfer_profile_to_env($r->dir_config('lonIDsDir'),
 						     $handle);
-            if ($data{'origurl'} ne '') {
+#FIXME if user is not currently logged in as an LTI log-in log them out.
+            if ($data{'lti.login'}) {
+                if (($data{'lti.reqcrs'}) && ($data{'lti.reqrole'} eq 'cc')) {
+                    $form{'lti.reqcrs'} = $data{'lti.reqcrs'};
+                    $form{'lti.reqrole'} = $data{'lti.reqrole'};
+                    $form{'lti.sourcecrs'} = $data{'lti.sourcecrs'};
+                    &Apache::loncommon::content_type($r,'text/html');
+                    $r->send_http_header;
+                    &Apache::ltiauth::lti_reqcrs($r,$data{'domain'},\%form,$data{'username'},$data{'domain'});
+                } elsif ($data{'lti.selfenrollrole'}) {
+                    if (&Apache::ltiauth::lti_enroll($data{'username'},data{'domain'},
+                                                 $data{'lti.selfenrollrole'}) eq 'ok') {
+                        my $url = '/adm/roles?selectrole=1&'.
+                                  &escape($data{'lti.selfenrollrole'}).'=1';
+                        if ($data{'origurl'} =~ m{/default_\d+\.sequence$}) {
+                            $url .= '&orgurl='.$data{'origurl'}.'&navmap=1';
+                        } elsif ($data{'origurl'} ne '') {
+                            $url .= '&orgurl='.$data{'origurl'};
+                        }
+                        $r->internal_redirect($url);
+                    } else {
+                        &Apache::ltiauth::invalid_request($r,23);
+                    }
+                } elsif ($data{'origurl'} ne '') {
+                    my $url = $data{'origurl'};
+                    if ($url =~ m{/default_\d+\.sequence$}) {
+                        $url .= (($url =~/\?/)?'&':'?').'navmap=1';
+                    }
+                    $r->internal_redirect($url);
+                }
+            } elsif ($data{'origurl'} ne '') {
                 $r->internal_redirect($data{'origurl'});
             } elsif ($env{'request.course.id'}) {
                 $r->internal_redirect('/adm/navmaps');
@@ -287,13 +346,22 @@ sub handler {
             my $desturl = '/adm/roles';
             if ($data{'origurl'} ne '') {
                 $desturl = $data{'origurl'};
+                if ($data{'lti.login'}) {
+                    $desturl = $data{'origurl'};
+                    if ($desturl =~ m{/default_\d+\.sequence$}) {
+                        $desturl .= (($desturl =~/\?/)?'&':'?').'navmap=1';
+                    }
+                }
+            }
+            my $skipcritical;
+            if (($data{'lti.login'}) && ($data{'lti.reqcrs'}) &&
+                ($data{'lti.reqrole'} eq 'cc')) {
+                $skipcritical = 1;
             }
 	    &Apache::lonauth::success($r,$data{'username'},$data{'domain'},
-				      $home,$desturl,$extra_env,\%form);
-
+				      $home,$desturl,$extra_env,\%form,$skipcritical);
 	}
 	return OK;
-
     }
 
     my $next_url='/adm/roles?selectrole=1&amp;'.&escape($data{'role'}).'=1';