Mercurial > hg > orthanc-authorization
annotate Plugin/AuthorizationWebService.cpp @ 113:43154740ea2e
wip: checking labels
author | Alain Mazy <am@osimis.io> |
---|---|
date | Tue, 05 Sep 2023 12:48:20 +0200 |
parents | 572955904411 |
children | 0eed78c1e177 |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
1 | 4 * |
5 * This program is free software: you can redistribute it and/or | |
6 * modify it under the terms of the GNU Affero General Public License | |
7 * as published by the Free Software Foundation, either version 3 of | |
8 * the License, or (at your option) any later version. | |
9 * | |
10 * This program is distributed in the hope that it will be useful, but | |
11 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 * Affero General Public License for more details. | |
14 * | |
15 * You should have received a copy of the GNU Affero General Public License | |
16 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
17 **/ | |
18 | |
19 #include "AuthorizationWebService.h" | |
20 | |
34 | 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
22 | |
32 | 23 #include <Logging.h> |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
24 #include <Toolbox.h> |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
25 #include <HttpClient.h> |
71 | 26 #include <algorithm> |
109 | 27 #include "SerializationToolbox.h" |
1 | 28 |
29 namespace OrthancPlugins | |
30 { | |
71 | 31 static const char* GRANTED = "granted"; |
32 static const char* VALIDITY = "validity"; | |
33 static const char* PERMISSIONS = "permissions"; | |
109 | 34 static const char* AUTHORIZED_LABELS = "authorized-labels"; |
35 static const char* USER_NAME = "name"; | |
71 | 36 |
37 | |
1 | 38 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
39 OrthancPluginHttpMethod method, | |
40 const AccessedResource& access, | |
41 const Token* token, | |
42 const std::string& tokenValue) | |
43 { | |
44 Json::Value body = Json::objectValue; | |
45 | |
46 switch (method) | |
47 { | |
48 case OrthancPluginHttpMethod_Get: | |
49 body["method"] ="get"; | |
50 break; | |
51 | |
52 case OrthancPluginHttpMethod_Post: | |
53 body["method"] ="post"; | |
54 break; | |
55 | |
56 case OrthancPluginHttpMethod_Put: | |
57 body["method"] ="put"; | |
58 break; | |
59 | |
60 case OrthancPluginHttpMethod_Delete: | |
61 body["method"] ="delete"; | |
62 break; | |
63 | |
64 default: | |
65 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange); | |
66 } | |
67 | |
68 body["level"] = EnumerationToString(access.GetLevel()); | |
69 | |
70 if (access.GetLevel() == AccessLevel_System) | |
71 { | |
72 body["uri"] = access.GetOrthancId(); | |
73 } | |
74 else | |
75 { | |
76 body["orthanc-id"] = access.GetOrthancId(); | |
77 body["dicom-uid"] = access.GetDicomUid(); | |
78 } | |
79 | |
80 if (token != NULL) | |
81 { | |
82 body["token-key"] = token->GetKey(); | |
83 body["token-value"] = tokenValue; | |
84 } | |
85 | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
86 if (!identifier_.empty()) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
87 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
88 body["server-id"] = identifier_; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
89 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
90 else |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
91 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
92 body["server-id"] = Json::nullValue; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
93 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
94 |
109 | 95 if (access.GetLabels().size() > 0) |
96 { | |
97 Orthanc::SerializationToolbox::WriteSetOfStrings(body, access.GetLabels(), "labels"); | |
98 } | |
99 | |
70 | 100 Orthanc::WebServiceParameters authWebservice; |
101 | |
102 if (!username_.empty()) | |
103 { | |
104 authWebservice.SetCredentials(username_, password_); | |
105 } | |
1 | 106 |
70 | 107 std::string bodyAsString; |
108 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
109 | |
110 Orthanc::HttpClient authClient(authWebservice, ""); | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
111 authClient.SetUrl(tokenValidationUrl_); |
70 | 112 authClient.AssignBody(bodyAsString); |
113 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
114 authClient.AddHeader("Content-Type", "application/json"); | |
115 authClient.AddHeader("Expect", ""); | |
116 authClient.SetTimeout(10); | |
117 | |
1 | 118 if (token != NULL && |
119 token->GetType() == TokenType_HttpHeader) | |
120 { | |
121 // If the token source is a HTTP header, forward it also as a | |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
122 // HTTP header except if it is the Authorization header that might conflict with username_ and password_ |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
123 std::string lowerTokenKey; |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
124 Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
125 |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
126 if (!(lowerTokenKey == "authorization" && !username_.empty())) |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
127 { |
70 | 128 authClient.AddHeader(token->GetKey(), tokenValue); |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
129 } |
1 | 130 } |
131 | |
132 Json::Value answer; | |
70 | 133 authClient.ApplyAndThrowException(answer); |
1 | 134 |
135 if (answer.type() != Json::objectValue || | |
136 !answer.isMember(GRANTED) || | |
137 answer[GRANTED].type() != Json::booleanValue || | |
138 (answer.isMember(VALIDITY) && | |
139 answer[VALIDITY].type() != Json::intValue)) | |
140 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
141 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
142 "Syntax error in the result of the Web service"); |
1 | 143 } |
144 | |
145 validity = 0; | |
146 if (answer.isMember(VALIDITY)) | |
147 { | |
148 int tmp = answer[VALIDITY].asInt(); | |
149 if (tmp < 0) | |
150 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
151 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
152 "A validity duration cannot be negative"); |
1 | 153 } |
154 | |
155 validity = static_cast<unsigned int>(tmp); | |
156 } | |
157 | |
158 return answer[GRANTED].asBool(); | |
159 } | |
160 | |
161 | |
162 void AuthorizationWebService::SetCredentials(const std::string& username, | |
163 const std::string& password) | |
164 { | |
165 username_ = username; | |
166 password_ = password; | |
167 } | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
168 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
169 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
170 { |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
171 identifier_ = webServiceIdentifier; |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
172 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
173 |
74 | 174 |
175 bool AuthorizationWebService::DecodeToken(DecodedToken& response, | |
176 const std::string& tokenKey, | |
177 const std::string& tokenValue) | |
178 { | |
179 if (tokenDecoderUrl_.empty()) | |
180 { | |
181 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenValidationUrl' is not configured"); | |
182 } | |
183 Orthanc::WebServiceParameters authWebservice; | |
184 | |
185 if (!username_.empty()) | |
186 { | |
187 authWebservice.SetCredentials(username_, password_); | |
188 } | |
189 | |
190 Json::Value body; | |
191 | |
192 body["token-key"] = tokenKey; | |
193 body["token-value"] = tokenValue; | |
194 | |
195 std::string bodyAsString; | |
196 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
197 | |
198 Json::Value tokenResponse; | |
199 try | |
200 { | |
201 Orthanc::HttpClient authClient(authWebservice, ""); | |
202 authClient.SetUrl(tokenDecoderUrl_); | |
203 authClient.AssignBody(bodyAsString); | |
204 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
205 authClient.AddHeader("Content-Type", "application/json"); | |
206 authClient.AddHeader("Expect", ""); | |
207 authClient.SetTimeout(10); | |
208 | |
209 authClient.ApplyAndThrowException(tokenResponse); | |
210 | |
211 if (tokenResponse.isMember("redirect-url")) | |
212 { | |
213 response.redirectUrl = tokenResponse["redirect-url"].asString(); | |
214 } | |
215 | |
216 if (tokenResponse.isMember("error-code")) | |
217 { | |
218 response.errorCode = tokenResponse["error-code"].asString(); | |
219 } | |
220 | |
221 if (tokenResponse.isMember("token-type")) | |
222 { | |
223 response.tokenType = tokenResponse["token-type"].asString(); | |
224 } | |
225 | |
226 return true; | |
227 } | |
228 catch (Orthanc::OrthancException& ex) | |
229 { | |
230 return false; | |
231 } | |
232 | |
233 } | |
234 | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
235 bool AuthorizationWebService::CreateToken(IAuthorizationService::CreatedToken& response, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
236 const std::string& tokenType, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
237 const std::string& id, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
238 const std::vector<IAuthorizationService::OrthancResource>& resources, |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
239 const std::string& expirationDateString, |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
240 const uint64_t& validityDuration) |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
241 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
242 if (tokenCreationBaseUrl_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
243 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
244 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenCreationBaseUrl' is not configured"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
245 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
246 std::string url = Orthanc::Toolbox::JoinUri(tokenCreationBaseUrl_, tokenType); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
247 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
248 Orthanc::WebServiceParameters authWebservice; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
249 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
250 if (!username_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
251 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
252 authWebservice.SetCredentials(username_, password_); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
253 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
254 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
255 Json::Value body; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
256 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
257 if (!id.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
258 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
259 body["id"] = id; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
260 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
261 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
262 body["resources"] = Json::arrayValue; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
263 for (size_t i = 0; i < resources.size(); ++i) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
264 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
265 Json::Value resource; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
266 if (!resources[i].dicomUid.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
267 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
268 resource["dicom-uid"] = resources[i].dicomUid; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
269 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
270 if (!resources[i].orthancId.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
271 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
272 resource["orthanc-id"] = resources[i].orthancId; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
273 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
274 if (!resources[i].url.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
275 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
276 resource["url"] = resources[i].url; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
277 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
278 if (!resources[i].level.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
279 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
280 resource["level"] = resources[i].level; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
281 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
282 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
283 body["resources"].append(resource); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
284 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
285 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
286 body["type"] = tokenType; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
287 if (!expirationDateString.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
288 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
289 body["expiration-date"] = expirationDateString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
290 } |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
291 if (validityDuration > 0) |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
292 { |
86 | 293 body["validity-duration"] = Json::UInt64(validityDuration); |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
294 } |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
295 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
296 std::string bodyAsString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
297 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
298 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
299 Json::Value tokenResponse; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
300 try |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
301 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
302 Orthanc::HttpClient authClient(authWebservice, ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
303 authClient.SetUrl(url); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
304 authClient.AssignBody(bodyAsString); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
305 authClient.SetMethod(Orthanc::HttpMethod_Put); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
306 authClient.AddHeader("Content-Type", "application/json"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
307 authClient.AddHeader("Expect", ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
308 authClient.SetTimeout(10); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
309 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
310 authClient.ApplyAndThrowException(tokenResponse); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
311 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
312 response.token = tokenResponse["token"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
313 response.url = tokenResponse["url"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
314 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
315 return true; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
316 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
317 catch (Orthanc::OrthancException& ex) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
318 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
319 return false; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
320 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
321 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
322 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
323 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
324 |
71 | 325 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
109 | 326 UserProfile& profile /* out */, |
71 | 327 const Token* token, |
328 const std::string& tokenValue) | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
329 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
330 if (userProfileUrl_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
331 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
332 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
333 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
334 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
335 Orthanc::WebServiceParameters authWebservice; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
336 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
337 if (!username_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
338 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
339 authWebservice.SetCredentials(username_, password_); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
340 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
341 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
342 Json::Value body; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
343 |
71 | 344 if (token != NULL) |
345 { | |
346 body["token-key"] = token->GetKey(); | |
347 body["token-value"] = tokenValue; | |
348 } | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
349 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
350 if (!identifier_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
351 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
352 body["identifier"] = identifier_; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
353 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
354 else |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
355 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
356 body["identifier"] = Json::nullValue; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
357 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
358 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
359 std::string bodyAsString; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
360 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
361 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
362 try |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
363 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
364 Orthanc::HttpClient authClient(authWebservice, ""); |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
365 authClient.SetUrl(userProfileUrl_); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
366 authClient.AssignBody(bodyAsString); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
367 authClient.SetMethod(Orthanc::HttpMethod_Post); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
368 authClient.AddHeader("Content-Type", "application/json"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
369 authClient.AddHeader("Expect", ""); |
70 | 370 authClient.SetTimeout(10); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
371 |
109 | 372 Json::Value jsonProfile; |
373 authClient.ApplyAndThrowException(jsonProfile); | |
71 | 374 |
109 | 375 if (jsonProfile.type() != Json::objectValue || |
376 !jsonProfile.isMember(PERMISSIONS) || | |
377 !jsonProfile.isMember(VALIDITY) || | |
378 !jsonProfile.isMember(AUTHORIZED_LABELS) || | |
379 !jsonProfile.isMember(USER_NAME) || | |
380 jsonProfile[PERMISSIONS].type() != Json::arrayValue || | |
381 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || | |
382 jsonProfile[VALIDITY].type() != Json::intValue || | |
383 jsonProfile[USER_NAME].type() != Json::stringValue) | |
71 | 384 { |
109 | 385 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
386 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); | |
387 } | |
388 | |
389 validity = jsonProfile[VALIDITY].asUInt(); | |
390 | |
391 profile.name = jsonProfile[USER_NAME].asString(); | |
113 | 392 profile.tokenKey = token->GetKey(); |
393 profile.tokenType = token->GetType(); | |
394 profile.tokenValue = tokenValue; | |
395 | |
109 | 396 for (Json::ArrayIndex i = 0; i < jsonProfile[PERMISSIONS].size(); ++i) |
397 { | |
398 profile.permissions.insert(jsonProfile[PERMISSIONS][i].asString()); | |
399 } | |
400 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) | |
401 { | |
402 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); | |
71 | 403 } |
109 | 404 |
112
572955904411
added tools/labels + removed forbidden_labels
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
405 if (profile.authorizedLabels.size() == 0) |
71 | 406 { |
112
572955904411
added tools/labels + removed forbidden_labels
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
407 LOG(WARNING) << "The UserProfile does not contain any authorized labels, you should add, e.g, \"authorized_labels\": [\"*\"] to grant him access to all labels !"; |
71 | 408 } |
409 | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
410 return true; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
411 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
412 catch (Orthanc::OrthancException& ex) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
413 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
414 return false; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
415 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
416 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
417 |
71 | 418 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, |
419 const std::string& permission, | |
113 | 420 const UserProfile& profile) |
71 | 421 { |
113 | 422 const std::set<std::string>& permissions = profile.permissions; |
423 for (std::set<std::string>::const_iterator it = permissions.begin(); it != permissions.end(); ++it) | |
71 | 424 { |
113 | 425 if (permission == *it) |
71 | 426 { |
113 | 427 return true; |
71 | 428 } |
429 } | |
430 | |
431 return false; | |
432 } | |
433 | |
1 | 434 } |