Mercurial > hg > orthanc-authorization
annotate Plugin/AuthorizationWebService.cpp @ 111:2b1a95c7d263
wip: adjust tools/find queries
author | Alain Mazy <am@osimis.io> |
---|---|
date | Wed, 30 Aug 2023 18:10:09 +0200 |
parents | 7381a7674b36 |
children | 572955904411 |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
1 | 4 * |
5 * This program is free software: you can redistribute it and/or | |
6 * modify it under the terms of the GNU Affero General Public License | |
7 * as published by the Free Software Foundation, either version 3 of | |
8 * the License, or (at your option) any later version. | |
9 * | |
10 * This program is distributed in the hope that it will be useful, but | |
11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 * Affero General Public License for more details. | |
14 * | |
15 * You should have received a copy of the GNU Affero General Public License | |
16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 **/ | |
18 | |
19 #include "AuthorizationWebService.h" | |
20 | |
34 | 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
22 | |
32 | 23 #include <Logging.h> |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
24 #include <Toolbox.h> |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
25 #include <HttpClient.h> |
71 | 26 #include <algorithm> |
109 | 27 #include "SerializationToolbox.h" |
1 | 28 |
29 namespace OrthancPlugins | |
30 { | |
71 | 31 static const char* GRANTED = "granted"; |
32 static const char* VALIDITY = "validity"; | |
33 static const char* PERMISSIONS = "permissions"; | |
109 | 34 static const char* AUTHORIZED_LABELS = "authorized-labels"; |
35 static const char* FORBIDDEN_LABELS = "forbidden-labels"; | |
36 static const char* USER_NAME = "name"; | |
71 | 37 |
38 | |
1 | 39 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
40 OrthancPluginHttpMethod method, | |
41 const AccessedResource& access, | |
42 const Token* token, | |
43 const std::string& tokenValue) | |
44 { | |
45 Json::Value body = Json::objectValue; | |
46 | |
47 switch (method) | |
48 { | |
49 case OrthancPluginHttpMethod_Get: | |
50 body["method"] ="get"; | |
51 break; | |
52 | |
53 case OrthancPluginHttpMethod_Post: | |
54 body["method"] ="post"; | |
55 break; | |
56 | |
57 case OrthancPluginHttpMethod_Put: | |
58 body["method"] ="put"; | |
59 break; | |
60 | |
61 case OrthancPluginHttpMethod_Delete: | |
62 body["method"] ="delete"; | |
63 break; | |
64 | |
65 default: | |
66 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange); | |
67 } | |
68 | |
69 body["level"] = EnumerationToString(access.GetLevel()); | |
70 | |
71 if (access.GetLevel() == AccessLevel_System) | |
72 { | |
73 body["uri"] = access.GetOrthancId(); | |
74 } | |
75 else | |
76 { | |
77 body["orthanc-id"] = access.GetOrthancId(); | |
78 body["dicom-uid"] = access.GetDicomUid(); | |
79 } | |
80 | |
81 if (token != NULL) | |
82 { | |
83 body["token-key"] = token->GetKey(); | |
84 body["token-value"] = tokenValue; | |
85 } | |
86 | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
87 if (!identifier_.empty()) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
88 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
89 body["server-id"] = identifier_; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
90 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
91 else |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
92 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
93 body["server-id"] = Json::nullValue; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
94 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
95 |
109 | 96 if (access.GetLabels().size() > 0) |
97 { | |
98 Orthanc::SerializationToolbox::WriteSetOfStrings(body, access.GetLabels(), "labels"); | |
99 } | |
100 | |
70 | 101 Orthanc::WebServiceParameters authWebservice; |
102 | |
103 if (!username_.empty()) | |
104 { | |
105 authWebservice.SetCredentials(username_, password_); | |
106 } | |
1 | 107 |
70 | 108 std::string bodyAsString; |
109 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
110 | |
111 Orthanc::HttpClient authClient(authWebservice, ""); | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
112 authClient.SetUrl(tokenValidationUrl_); |
70 | 113 authClient.AssignBody(bodyAsString); |
114 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
115 authClient.AddHeader("Content-Type", "application/json"); | |
116 authClient.AddHeader("Expect", ""); | |
117 authClient.SetTimeout(10); | |
118 | |
1 | 119 if (token != NULL && |
120 token->GetType() == TokenType_HttpHeader) | |
121 { | |
122 // If the token source is a HTTP header, forward it also as a | |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
123 // HTTP header except if it is the Authorization header that might conflict with username_ and password_ |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
124 std::string lowerTokenKey; |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
125 Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
126 |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
127 if (!(lowerTokenKey == "authorization" && !username_.empty())) |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
128 { |
70 | 129 authClient.AddHeader(token->GetKey(), tokenValue); |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
130 } |
1 | 131 } |
132 | |
133 Json::Value answer; | |
70 | 134 authClient.ApplyAndThrowException(answer); |
1 | 135 |
136 if (answer.type() != Json::objectValue || | |
137 !answer.isMember(GRANTED) || | |
138 answer[GRANTED].type() != Json::booleanValue || | |
139 (answer.isMember(VALIDITY) && | |
140 answer[VALIDITY].type() != Json::intValue)) | |
141 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
142 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
143 "Syntax error in the result of the Web service"); |
1 | 144 } |
145 | |
146 validity = 0; | |
147 if (answer.isMember(VALIDITY)) | |
148 { | |
149 int tmp = answer[VALIDITY].asInt(); | |
150 if (tmp < 0) | |
151 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
152 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
153 "A validity duration cannot be negative"); |
1 | 154 } |
155 | |
156 validity = static_cast<unsigned int>(tmp); | |
157 } | |
158 | |
159 return answer[GRANTED].asBool(); | |
160 } | |
161 | |
162 | |
163 void AuthorizationWebService::SetCredentials(const std::string& username, | |
164 const std::string& password) | |
165 { | |
166 username_ = username; | |
167 password_ = password; | |
168 } | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
169 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
170 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
171 { |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
172 identifier_ = webServiceIdentifier; |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
173 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
174 |
74 | 175 |
176 bool AuthorizationWebService::DecodeToken(DecodedToken& response, | |
177 const std::string& tokenKey, | |
178 const std::string& tokenValue) | |
179 { | |
180 if (tokenDecoderUrl_.empty()) | |
181 { | |
182 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenValidationUrl' is not configured"); | |
183 } | |
184 Orthanc::WebServiceParameters authWebservice; | |
185 | |
186 if (!username_.empty()) | |
187 { | |
188 authWebservice.SetCredentials(username_, password_); | |
189 } | |
190 | |
191 Json::Value body; | |
192 | |
193 body["token-key"] = tokenKey; | |
194 body["token-value"] = tokenValue; | |
195 | |
196 std::string bodyAsString; | |
197 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
198 | |
199 Json::Value tokenResponse; | |
200 try | |
201 { | |
202 Orthanc::HttpClient authClient(authWebservice, ""); | |
203 authClient.SetUrl(tokenDecoderUrl_); | |
204 authClient.AssignBody(bodyAsString); | |
205 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
206 authClient.AddHeader("Content-Type", "application/json"); | |
207 authClient.AddHeader("Expect", ""); | |
208 authClient.SetTimeout(10); | |
209 | |
210 authClient.ApplyAndThrowException(tokenResponse); | |
211 | |
212 if (tokenResponse.isMember("redirect-url")) | |
213 { | |
214 response.redirectUrl = tokenResponse["redirect-url"].asString(); | |
215 } | |
216 | |
217 if (tokenResponse.isMember("error-code")) | |
218 { | |
219 response.errorCode = tokenResponse["error-code"].asString(); | |
220 } | |
221 | |
222 if (tokenResponse.isMember("token-type")) | |
223 { | |
224 response.tokenType = tokenResponse["token-type"].asString(); | |
225 } | |
226 | |
227 return true; | |
228 } | |
229 catch (Orthanc::OrthancException& ex) | |
230 { | |
231 return false; | |
232 } | |
233 | |
234 } | |
235 | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
236 bool AuthorizationWebService::CreateToken(IAuthorizationService::CreatedToken& response, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
237 const std::string& tokenType, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
238 const std::string& id, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
239 const std::vector<IAuthorizationService::OrthancResource>& resources, |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
240 const std::string& expirationDateString, |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
241 const uint64_t& validityDuration) |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
242 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
243 if (tokenCreationBaseUrl_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
244 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
245 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenCreationBaseUrl' is not configured"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
246 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
247 std::string url = Orthanc::Toolbox::JoinUri(tokenCreationBaseUrl_, tokenType); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
248 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
249 Orthanc::WebServiceParameters authWebservice; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
250 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
251 if (!username_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
252 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
253 authWebservice.SetCredentials(username_, password_); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
254 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
255 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
256 Json::Value body; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
257 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
258 if (!id.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
259 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
260 body["id"] = id; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
261 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
262 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
263 body["resources"] = Json::arrayValue; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
264 for (size_t i = 0; i < resources.size(); ++i) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
265 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
266 Json::Value resource; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
267 if (!resources[i].dicomUid.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
268 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
269 resource["dicom-uid"] = resources[i].dicomUid; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
270 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
271 if (!resources[i].orthancId.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
272 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
273 resource["orthanc-id"] = resources[i].orthancId; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
274 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
275 if (!resources[i].url.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
276 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
277 resource["url"] = resources[i].url; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
278 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
279 if (!resources[i].level.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
280 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
281 resource["level"] = resources[i].level; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
282 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
283 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
284 body["resources"].append(resource); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
285 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
286 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
287 body["type"] = tokenType; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
288 if (!expirationDateString.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
289 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
290 body["expiration-date"] = expirationDateString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
291 } |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
292 if (validityDuration > 0) |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
293 { |
86 | 294 body["validity-duration"] = Json::UInt64(validityDuration); |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
295 } |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
296 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
297 std::string bodyAsString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
298 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
299 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
300 Json::Value tokenResponse; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
301 try |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
302 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
303 Orthanc::HttpClient authClient(authWebservice, ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
304 authClient.SetUrl(url); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
305 authClient.AssignBody(bodyAsString); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
306 authClient.SetMethod(Orthanc::HttpMethod_Put); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
307 authClient.AddHeader("Content-Type", "application/json"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
308 authClient.AddHeader("Expect", ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
309 authClient.SetTimeout(10); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
310 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
311 authClient.ApplyAndThrowException(tokenResponse); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
312 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
313 response.token = tokenResponse["token"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
314 response.url = tokenResponse["url"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
315 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
316 return true; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
317 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
318 catch (Orthanc::OrthancException& ex) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
319 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
320 return false; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
321 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
322 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
323 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
324 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
325 |
71 | 326 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
109 | 327 UserProfile& profile /* out */, |
71 | 328 const Token* token, |
329 const std::string& tokenValue) | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
330 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
331 if (userProfileUrl_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
332 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
333 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
334 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
335 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
336 Orthanc::WebServiceParameters authWebservice; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
337 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
338 if (!username_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
339 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
340 authWebservice.SetCredentials(username_, password_); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
341 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
342 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
343 Json::Value body; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
344 |
71 | 345 if (token != NULL) |
346 { | |
347 body["token-key"] = token->GetKey(); | |
348 body["token-value"] = tokenValue; | |
349 } | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
350 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
351 if (!identifier_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
352 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
353 body["identifier"] = identifier_; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
354 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
355 else |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
356 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
357 body["identifier"] = Json::nullValue; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
358 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
359 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
360 std::string bodyAsString; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
361 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
362 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
363 try |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
364 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
365 Orthanc::HttpClient authClient(authWebservice, ""); |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
366 authClient.SetUrl(userProfileUrl_); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
367 authClient.AssignBody(bodyAsString); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
368 authClient.SetMethod(Orthanc::HttpMethod_Post); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
369 authClient.AddHeader("Content-Type", "application/json"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
370 authClient.AddHeader("Expect", ""); |
70 | 371 authClient.SetTimeout(10); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
372 |
109 | 373 Json::Value jsonProfile; |
374 authClient.ApplyAndThrowException(jsonProfile); | |
71 | 375 |
109 | 376 if (jsonProfile.type() != Json::objectValue || |
377 !jsonProfile.isMember(PERMISSIONS) || | |
378 !jsonProfile.isMember(VALIDITY) || | |
379 !jsonProfile.isMember(AUTHORIZED_LABELS) || | |
380 !jsonProfile.isMember(FORBIDDEN_LABELS) || | |
381 !jsonProfile.isMember(USER_NAME) || | |
382 jsonProfile[PERMISSIONS].type() != Json::arrayValue || | |
383 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || | |
384 jsonProfile[FORBIDDEN_LABELS].type() != Json::arrayValue || | |
385 jsonProfile[VALIDITY].type() != Json::intValue || | |
386 jsonProfile[USER_NAME].type() != Json::stringValue) | |
71 | 387 { |
109 | 388 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
389 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); | |
390 } | |
391 | |
392 validity = jsonProfile[VALIDITY].asUInt(); | |
393 | |
394 profile.name = jsonProfile[USER_NAME].asString(); | |
395 | |
396 for (Json::ArrayIndex i = 0; i < jsonProfile[PERMISSIONS].size(); ++i) | |
397 { | |
398 profile.permissions.insert(jsonProfile[PERMISSIONS][i].asString()); | |
399 } | |
400 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) | |
401 { | |
402 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); | |
71 | 403 } |
109 | 404 for (Json::ArrayIndex i = 0; i < jsonProfile[FORBIDDEN_LABELS].size(); ++i) |
405 { | |
406 profile.forbiddenLabels.insert(jsonProfile[FORBIDDEN_LABELS][i].asString()); | |
407 } | |
408 | |
409 if (profile.authorizedLabels.size() > 0 && profile.forbiddenLabels.size() > 0) | |
71 | 410 { |
109 | 411 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
412 "Syntax error in the result of the Auth Web service, the UserProfile can not contain both authorized and forbidden labels"); | |
413 } | |
414 | |
415 if (profile.authorizedLabels.size() == 0 && profile.forbiddenLabels.size() == 0) | |
416 { | |
417 LOG(WARNING) << "The UserProfile does not contain any authorized or forbidden labels, assuming the user has access to all data (equivalent to \"authorized_labels\": [\"*\"]) !"; | |
418 profile.authorizedLabels.insert("*"); | |
71 | 419 } |
420 | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
421 return true; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
422 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
423 catch (Orthanc::OrthancException& ex) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
424 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
425 return false; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
426 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
427 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
428 |
71 | 429 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, |
430 const std::string& permission, | |
431 const Token* token, | |
432 const std::string& tokenValue) | |
433 { | |
109 | 434 UserProfile profile; |
71 | 435 |
436 | |
437 if (GetUserProfileInternal(validity, profile, token, tokenValue)) | |
438 { | |
109 | 439 std::set<std::string>& permissions = profile.permissions; |
440 for (std::set<std::string>::const_iterator it = permissions.begin(); it != permissions.end(); ++it) | |
71 | 441 { |
109 | 442 if (permission == *it) |
71 | 443 { |
444 return true; | |
445 } | |
446 } | |
447 } | |
448 | |
449 return false; | |
450 } | |
451 | |
1 | 452 } |