--- loncom/lti/ltiauth.pm	2018/05/28 23:26:04	1.13
+++ loncom/lti/ltiauth.pm	2019/07/18 18:28:46	1.19
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Basic LTI Authentication Module
 #
-# $Id: ltiauth.pm,v 1.13 2018/05/28 23:26:04 raeburn Exp $
+# $Id: ltiauth.pm,v 1.19 2019/07/18 18:28:46 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -57,7 +57,7 @@ sub handler {
         }
     }
 #
-# Retrieve data POSTed by LTI Consumer on launch  
+# Retrieve data POSTed by LTI Consumer on launch
 #
     &Apache::lonacc::get_posted_cgi($r);
     my $params = {};
@@ -205,14 +205,14 @@ sub handler {
                 $mapurl = $tail;
             } else {
                 $symb = $tail;
-                $symb =~ s{^/+}{};
+                $symb =~ s{^/}{};
             }
         } elsif ($tail =~ m{^/res/(?:$match_domain)/(?:$match_username)/.+\.(?:sequence|page)(|___\d+___.+)$}) {
             if ($1 eq '') {
                 $mapurl = $tail;
             } else {
                 $symb = $tail;
-                $symb =~ s{^/+}{};
+                $symb =~ s{^/res/}{};
             }
         } elsif ($tail =~ m{^/($match_domain)/($match_courseid)$}) {
             ($urlcdom,$urlcnum) = ($1,$2);
@@ -339,6 +339,30 @@ sub handler {
     }
 
 #
+# Determine if a username is required from the domain
+# configuration for the specific LTI Consumer
+#
+
+    if (!$lti{$itemid}{'requser'}) {
+        if ($tail =~ m{^/tiny/($match_domain)/(\w+)$}) {
+            foreach my $key (%{$params}) {
+                delete($env{'form.'.$key});
+            }
+            my $ltoken = &Apache::lonnet::tmpput({'linkprot' => $itemid.':'.$tail},
+                                                   $lonhost);
+            if ($ltoken) {
+                $r->internal_redirect($tail.'?ltoken='.$ltoken);
+                $r->set_handlers('PerlHandler'=> undef);
+            } else {
+                &invalid_request($r,9);    
+            }
+        } else {
+            &invalid_request($r,10);
+        }
+        return OK;
+    }
+
+#
 # Determine if source of username matches requirement from the 
 # domain configuration for the specific LTI Consumer.
 # 
@@ -394,7 +418,7 @@ sub handler {
             if ($consumers{$sourcecrs} =~ /^$match_courseid$/) {
                 my $crshome = &Apache::lonnet::homeserver($consumers{$sourcecrs},$cdom);
                 if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
-                    &invalid_request($r,9);
+                    &invalid_request($r,11);
                     return OK;
                 } else {
                     $posscnum = $consumers{$sourcecrs};
@@ -406,7 +430,7 @@ sub handler {
     if ($urlcnum ne '') {
         if ($posscnum ne '') {
             if ($posscnum ne $urlcnum) {
-                &invalid_request($r,10);
+                &invalid_request($r,12);
                 return OK;
             } else {
                 $cnum = $posscnum;
@@ -414,7 +438,7 @@ sub handler {
         } else {
             my $crshome = &Apache::lonnet::homeserver($urlcnum,$cdom);
             if ($crshome =~ /(con_lost|no_host|no_such_host)/) {
-                &invalid_request($r,11);
+                &invalid_request($r,13);
                 return OK;
             } else {
                 $cnum = $urlcnum;
@@ -435,8 +459,10 @@ sub handler {
 
     my (@ltiroles,@lcroles);
     my @lcroleorder = ('cc','in','ta','ep','st');
-    my ($lcrolesref,$ltirolesref) = &LONCAPA::ltiutils::get_lc_roles($params->{'roles'},
-                                                                     \@lcroleorder);
+    my ($lcrolesref,$ltirolesref) = 
+        &LONCAPA::ltiutils::get_lc_roles($params->{'roles'},
+                                         \@lcroleorder,
+                                         $lti{$itemid}{maproles});
     if (ref($lcrolesref) eq 'ARRAY') {
         @lcroles = @{$lcrolesref};
     }
@@ -477,7 +503,7 @@ sub handler {
                                                     $domdesc,\%data,\%alerts,\%rulematch,
                                                     \%inst_results,\%curr_rules,%got_rules);
                 if ($result eq 'notallowed') {
-                    &invalid_request($r,12);
+                    &invalid_request($r,14);
                 } elsif ($result eq 'ok') {
                     if (($ltiroles[0] eq 'Instructor') && ($lcroles[0] eq 'cc') && ($lti{$itemid}{'mapcrs'}) &&
                         ($lti{$itemid}{'makecrs'})) {
@@ -486,16 +512,16 @@ sub handler {
                         }
                     }
                 } else {
-                    &invalid_request($r,13);
+                    &invalid_request($r,15);
                     return OK;
                 }
             } else {
-                &invalid_request($r,14);
+                &invalid_request($r,16);
                 return OK;
             }
         }
     } else {
-        &invalid_request($r,15);
+        &invalid_request($r,17);
         return OK;
     }
 
@@ -517,10 +543,10 @@ sub handler {
                              $symb,$cdom,$cnum,$params,\@ltiroles,$lti{$itemid},\@lcroles,
                              $reqcrs,$sourcecrs);
             } else {
-                &invalid_request($r,16);
+                &invalid_request($r,18);
             }
         } else {
-            &invalid_request($r,17);
+            &invalid_request($r,19);
         }
         return OK;
     }
@@ -606,7 +632,7 @@ sub handler {
             }
         }
         if ($reqrole eq '') {
-            &invalid_request($r,18);
+            &invalid_request($r,20);
             return OK;
         } else {
             unless (%crsenv) {
@@ -616,10 +642,10 @@ sub handler {
             my $default_enrollment_end_date   = $crsenv{'default_enrollment_end_date'};
             my $now = time;
             if ($default_enrollment_end_date && $default_enrollment_end_date <= $now) {
-                &invalid_request($r,19);
+                &invalid_request($r,21);
                 return OK;
             } elsif ($default_enrollment_start_date && $default_enrollment_start_date >$now) {
-                &invalid_request($r,20);
+                &invalid_request($r,22);
                 return OK;
             } else {
                 $selfenrollrole = $reqrole.'./'.$cdom.'/'.$cnum;
@@ -661,15 +687,8 @@ sub lti_enroll {
             my %coursehash = &Apache::lonnet::coursedescription($cdom.'_'.$cnum);
             my $start = $coursehash{'default_enrollment_start_date'};
             my $end = $coursehash{'default_enrollment_end_date'};
-            my $enrollresult = &LONCAPA::ltiutils::enrolluser($role,$cdom,$cnum,$sec,$start,$end);
-            if ($enrollresult eq 'ok') {
-                my (%userroles,%newrole,%newgroups);
-                &Apache::lonnet::standard_roleprivs(\%newrole,$role,$cdom,$spec,$cnum,
-                                                    $area);
-                &Apache::lonnet::set_userprivs(\%userroles,\%newrole,\%newgroups);
-                $userroles{'user.role.'.$spec} = $start.'.'.$end;
-                &Apache::lonnet::appenv(\%userroles,[$role,'cm']);
-            }
+            $enrollresult = &LONCAPA::ltiutils::enrolluser($udom,$uname,$role,$cdom,$cnum,$sec,
+                                                           $start,$end,1);
         }
     }
     return $enrollresult;
@@ -730,12 +749,24 @@ sub lti_session {
             }
         }
     }
+    my $protocol = 'http';
+    if ($ENV{'SERVER_PORT'} == 443) {
+        $protocol = 'https';
+    }
     if (($is_balancer) && (!$hosthere)) {
         # login but immediately go to switch server.
         &Apache::lonauth::success($r,$uname,$udom,$uhome,'noredirect');
+        if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
+            &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$otherserver,
+                                                      $ltihash->{'key'},
+                                                      $ltihash->{'secret'},
+                                                      $params->{$ltihash->{'callback'}},
+                                                      $r->dir_config('ltiIDsDir'),
+                                                      $protocol,$r->hostname);
+        }
         if ($symb) {
             $env{'form.symb'} = $symb;
-            $env{'request.lti.uri'} = $symb;
+            $env{'request.lti.uri'} = $tail;
         } else {
             if ($mapurl) {
                 $env{'form.origurl'} = $mapurl;
@@ -761,7 +792,7 @@ sub lti_session {
             $env{'request.lti.sourcecrs'} = $sourcecrs;
         }
         if ($selfenrollrole) {
-            $env{'request.lti.selfenroll'} = $selfenrollrole;
+            $env{'request.lti.selfenrollrole'} = $selfenrollrole;
             $env{'request.lti.sourcecrs'} = $sourcecrs;
         }
         if ($ltihash->{'passback'}) {
@@ -799,6 +830,14 @@ sub lti_session {
         foreach my $key (%{$params}) {
             delete($env{'form.'.$key});
         }
+        if (($ltihash->{'callback'}) && ($params->{$ltihash->{'callback'}})) {
+            &LONCAPA::ltiutils::setup_logout_callback($uname,$udom,$lonhost,
+                                                      $ltihash->{'key'},
+                                                      $ltihash->{'secret'},
+                                                      $params->{$ltihash->{'callback'}},
+                                                      $r->dir_config('ltiIDsDir'),
+                                                      $protocol,$r->hostname);
+        }
         my $ip = $r->get_remote_host();
         my %info=('ip'        => $ip,
                   'domain'    => $udom,