From a0101868b2e076d322a8fca6f8cfeddfc3390347 Mon Sep 17 00:00:00 2001
From: Danny Glin <dlglin@ucalgary.ca>
Date: Tue, 23 Dec 2025 13:31:47 -0700
Subject: [PATCH] Remove Cosign authentication module

---
 lib/WeBWorK/Authen/Cosign.pm | 90 ------------------------------------
 1 file changed, 90 deletions(-)
 delete mode 100644 lib/WeBWorK/Authen/Cosign.pm

diff --git a/lib/WeBWorK/Authen/Cosign.pm b/lib/WeBWorK/Authen/Cosign.pm
deleted file mode 100644
index 3bdae8976c..0000000000
--- a/lib/WeBWorK/Authen/Cosign.pm
+++ /dev/null
@@ -1,90 +0,0 @@
-package WeBWorK::Authen::Cosign;
-use base qw/WeBWorK::Authen/;
-
-=head1 NAME
-
-WeBWorK::Authen::Cosign - Authentication plug in for cosign
-
-to use: include in localOverrides.conf or course.conf
-  $authen{user_module} = "WeBWorK::Authen::Cosign";
-and add /webwork2 or /webwork2/courseName as a CosignProtected
-Location
-
-if $c->ce->{cosignoff} is set for a course, authentication reverts
-to standard WeBWorK authentication.
-
-=cut
-
-use strict;
-use warnings;
-use WeBWorK::Debug;
-
-# this is similar to the method in the base class, except that cosign
-# ensures that we don't get to the address without a login.  this means
-# that we can't allow guest logins, but don't have to do any password
-# checking or cookie management.
-
-sub get_credentials {
-	my ($self) = @_;
-	my $c      = $self->{c};
-	my $ce     = $c->ce;
-	my $db     = $c->db;
-
-	if ($ce->{cosignoff}) {
-		return $self->SUPER::get_credentials();
-	} else {
-		$c->stash(disable_cookies => 1);
-
-		if (defined($ENV{'REMOTE_USER'})) {
-			$self->{'user_id'} = $ENV{'REMOTE_USER'};
-			$self->{c}->param("user", $ENV{'REMOTE_USER'});
-		} else {
-			return 0;
-		}
-		# set external auth parameter so that Login.pm knows
-		#    not to rely on internal logins if there's a check_user
-		#    failure.
-		$self->{external_auth} = 1;
-
-		# the session key isn't used (cosign is managing this
-		#    for us), and we want to force checking against the
-		#    site_checkPassword
-		$self->{'session_key'}       = undef;
-		$self->{'password'}          = 1;
-		$self->{'credential_source'} = "params";
-		$self->{login_type}          = "cosign";
-
-		return 1;
-	}
-}
-
-sub site_checkPassword {
-	my ($self, $userID, $clearTextPassword) = @_;
-
-	if ($self->{c}->ce->{cosignoff}) {
-		return 0;
-	} else {
-		# this is easy; if we're here at all, we've authenticated
-		# through cosign
-		return 1;
-	}
-}
-
-# this is a bit of a cheat, because it does the redirect away from the
-#   logout script or what have you, but I don't see a way around that.
-sub forget_verification {
-	my ($self, @args) = @_;
-	my $c = $self->{c};
-
-	if ($c->ce->{cosignoff}) {
-		return $self->SUPER::forget_verification(@args);
-	} else {
-		$self->{was_verified} = 0;
-		#		$c->headers_out->{"Location"} = $c->ce->{cosign_logout_script};
-		#		$c->send_http_header;
-		#		return;
-		$self->{redirect} = $c->ce->{cosign_logout_script};
-	}
-}
-
-1;