Mercurial > hg > orthanc-authorization
annotate Plugin/AuthorizationWebService.cpp @ 201:8c79c3b026ce default tip
back to mainline
author | Alain Mazy <am@orthanc.team> |
---|---|
date | Wed, 03 Jul 2024 09:00:01 +0200 |
parents | 85859ec3aa7e |
children |
rev | line source |
---|---|
1 | 1 /** |
2 * Advanced authorization plugin for Orthanc | |
68 | 3 * Copyright (C) 2017-2023 Osimis S.A., Belgium |
150 | 4 * Copyright (C) 2024-2024 Orthanc Team SRL, Belgium |
188
c4b908970ae4
updated copyright, as Orthanc Team now replaces Osimis
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
154
diff
changeset
|
5 * Copyright (C) 2021-2024 Sebastien Jodogne, ICTEAM UCLouvain, Belgium |
1 | 6 * |
7 * This program is free software: you can redistribute it and/or | |
8 * modify it under the terms of the GNU Affero General Public License | |
9 * as published by the Free Software Foundation, either version 3 of | |
10 * the License, or (at your option) any later version. | |
11 * | |
12 * This program is distributed in the hope that it will be useful, but | |
13 * WITHOUT ANY WARRANTY; without even the implied warranty of | |
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
15 * Affero General Public License for more details. | |
16 * | |
17 * You should have received a copy of the GNU Affero General Public License | |
18 * along with this program. If not, see <http://www.gnu.org/licenses/>. | |
19 **/ | |
20 | |
21 #include "AuthorizationWebService.h" | |
22 | |
34 | 23 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" |
24 | |
32 | 25 #include <Logging.h> |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
26 #include <Toolbox.h> |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
27 #include <HttpClient.h> |
71 | 28 #include <algorithm> |
109 | 29 #include "SerializationToolbox.h" |
1 | 30 |
31 namespace OrthancPlugins | |
32 { | |
71 | 33 static const char* GRANTED = "granted"; |
34 static const char* VALIDITY = "validity"; | |
35 static const char* PERMISSIONS = "permissions"; | |
109 | 36 static const char* AUTHORIZED_LABELS = "authorized-labels"; |
37 static const char* USER_NAME = "name"; | |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
38 |
71 | 39 |
1 | 40 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, |
41 OrthancPluginHttpMethod method, | |
42 const AccessedResource& access, | |
43 const Token* token, | |
44 const std::string& tokenValue) | |
45 { | |
46 Json::Value body = Json::objectValue; | |
47 | |
48 switch (method) | |
49 { | |
50 case OrthancPluginHttpMethod_Get: | |
51 body["method"] ="get"; | |
52 break; | |
53 | |
54 case OrthancPluginHttpMethod_Post: | |
55 body["method"] ="post"; | |
56 break; | |
57 | |
58 case OrthancPluginHttpMethod_Put: | |
59 body["method"] ="put"; | |
60 break; | |
61 | |
62 case OrthancPluginHttpMethod_Delete: | |
63 body["method"] ="delete"; | |
64 break; | |
65 | |
66 default: | |
67 throw Orthanc::OrthancException(Orthanc::ErrorCode_ParameterOutOfRange); | |
68 } | |
69 | |
70 body["level"] = EnumerationToString(access.GetLevel()); | |
71 | |
72 if (access.GetLevel() == AccessLevel_System) | |
73 { | |
74 body["uri"] = access.GetOrthancId(); | |
75 } | |
76 else | |
77 { | |
78 body["orthanc-id"] = access.GetOrthancId(); | |
79 body["dicom-uid"] = access.GetDicomUid(); | |
80 } | |
81 | |
82 if (token != NULL) | |
83 { | |
84 body["token-key"] = token->GetKey(); | |
85 body["token-value"] = tokenValue; | |
86 } | |
87 | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
88 if (!identifier_.empty()) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
89 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
90 body["server-id"] = identifier_; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
91 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
92 else |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
93 { |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
94 body["server-id"] = Json::nullValue; |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
95 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
96 |
109 | 97 if (access.GetLabels().size() > 0) |
98 { | |
99 Orthanc::SerializationToolbox::WriteSetOfStrings(body, access.GetLabels(), "labels"); | |
100 } | |
101 | |
70 | 102 Orthanc::WebServiceParameters authWebservice; |
103 | |
104 if (!username_.empty()) | |
105 { | |
106 authWebservice.SetCredentials(username_, password_); | |
107 } | |
1 | 108 |
70 | 109 std::string bodyAsString; |
110 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
111 | |
112 Orthanc::HttpClient authClient(authWebservice, ""); | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
113 authClient.SetUrl(tokenValidationUrl_); |
70 | 114 authClient.AssignBody(bodyAsString); |
115 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
116 authClient.AddHeader("Content-Type", "application/json"); | |
117 authClient.AddHeader("Expect", ""); | |
118 authClient.SetTimeout(10); | |
119 | |
154
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
120 if (token != NULL) |
1 | 121 { |
154
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
122 // Also include the token in the HTTP headers of the query to the auth-service. |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
123 std::string lowerTokenKey; |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
124 Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
125 |
154
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
126 // However, if we have defined a username/password to access this webservice, |
ae1bd3d15f81
add GET argument tokens as HTTP headers in the query to the auth-service
Alain Mazy <am@osimis.io>
parents:
150
diff
changeset
|
127 // we should make sure that the added token does not interfere with the username_ and password_. |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
128 if (!(lowerTokenKey == "authorization" && !username_.empty())) |
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
129 { |
70 | 130 authClient.AddHeader(token->GetKey(), tokenValue); |
59
a5f2976fe8a0
fix Authorization header conflicting with WebServiceUsername
Alain Mazy <am@osimis.io>
parents:
54
diff
changeset
|
131 } |
1 | 132 } |
133 | |
134 Json::Value answer; | |
70 | 135 authClient.ApplyAndThrowException(answer); |
1 | 136 |
137 if (answer.type() != Json::objectValue || | |
138 !answer.isMember(GRANTED) || | |
139 answer[GRANTED].type() != Json::booleanValue || | |
140 (answer.isMember(VALIDITY) && | |
141 answer[VALIDITY].type() != Json::intValue)) | |
142 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
143 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
144 "Syntax error in the result of the Web service"); |
1 | 145 } |
146 | |
147 validity = 0; | |
148 if (answer.isMember(VALIDITY)) | |
149 { | |
150 int tmp = answer[VALIDITY].asInt(); | |
151 if (tmp < 0) | |
152 { | |
29
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
153 throw Orthanc::OrthancException(Orthanc::ErrorCode_NetworkProtocol, |
bc0431cb6b8f
fix for compatibility with simplified OrthancPluginCppWrapper
Sebastien Jodogne <s.jodogne@gmail.com>
parents:
22
diff
changeset
|
154 "A validity duration cannot be negative"); |
1 | 155 } |
156 | |
157 validity = static_cast<unsigned int>(tmp); | |
158 } | |
159 | |
160 return answer[GRANTED].asBool(); | |
161 } | |
162 | |
163 | |
164 void AuthorizationWebService::SetCredentials(const std::string& username, | |
165 const std::string& password) | |
166 { | |
167 username_ = username; | |
168 password_ = password; | |
169 } | |
54
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
170 |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
171 void AuthorizationWebService::SetIdentifier(const std::string& webServiceIdentifier) |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
172 { |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
173 identifier_ = webServiceIdentifier; |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
174 } |
317b31e99501
Added 3 new configurations: WebServiceUsername, WebServicePassword, WebServiceIdentifier. WebServiceIdentifier is now included in the payload as the 'identifier' field
Alain Mazy <am@osimis.io>
parents:
46
diff
changeset
|
175 |
74 | 176 |
177 bool AuthorizationWebService::DecodeToken(DecodedToken& response, | |
178 const std::string& tokenKey, | |
179 const std::string& tokenValue) | |
180 { | |
181 if (tokenDecoderUrl_.empty()) | |
182 { | |
183 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenValidationUrl' is not configured"); | |
184 } | |
185 Orthanc::WebServiceParameters authWebservice; | |
186 | |
187 if (!username_.empty()) | |
188 { | |
189 authWebservice.SetCredentials(username_, password_); | |
190 } | |
191 | |
192 Json::Value body; | |
193 | |
194 body["token-key"] = tokenKey; | |
195 body["token-value"] = tokenValue; | |
196 | |
197 std::string bodyAsString; | |
198 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); | |
199 | |
200 Json::Value tokenResponse; | |
201 try | |
202 { | |
203 Orthanc::HttpClient authClient(authWebservice, ""); | |
204 authClient.SetUrl(tokenDecoderUrl_); | |
205 authClient.AssignBody(bodyAsString); | |
206 authClient.SetMethod(Orthanc::HttpMethod_Post); | |
207 authClient.AddHeader("Content-Type", "application/json"); | |
208 authClient.AddHeader("Expect", ""); | |
209 authClient.SetTimeout(10); | |
210 | |
211 authClient.ApplyAndThrowException(tokenResponse); | |
212 | |
213 if (tokenResponse.isMember("redirect-url")) | |
214 { | |
215 response.redirectUrl = tokenResponse["redirect-url"].asString(); | |
216 } | |
217 | |
218 if (tokenResponse.isMember("error-code")) | |
219 { | |
220 response.errorCode = tokenResponse["error-code"].asString(); | |
221 } | |
222 | |
223 if (tokenResponse.isMember("token-type")) | |
224 { | |
225 response.tokenType = tokenResponse["token-type"].asString(); | |
226 } | |
227 | |
228 return true; | |
229 } | |
230 catch (Orthanc::OrthancException& ex) | |
231 { | |
232 return false; | |
233 } | |
234 | |
235 } | |
236 | |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
237 bool AuthorizationWebService::CreateToken(IAuthorizationService::CreatedToken& response, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
238 const std::string& tokenType, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
239 const std::string& id, |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
240 const std::vector<IAuthorizationService::OrthancResource>& resources, |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
241 const std::string& expirationDateString, |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
242 const uint64_t& validityDuration) |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
243 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
244 if (tokenCreationBaseUrl_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
245 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
246 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not create tokens if the 'WebServiceTokenCreationBaseUrl' is not configured"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
247 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
248 std::string url = Orthanc::Toolbox::JoinUri(tokenCreationBaseUrl_, tokenType); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
249 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
250 Orthanc::WebServiceParameters authWebservice; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
251 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
252 if (!username_.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
253 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
254 authWebservice.SetCredentials(username_, password_); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
255 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
256 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
257 Json::Value body; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
258 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
259 if (!id.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
260 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
261 body["id"] = id; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
262 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
263 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
264 body["resources"] = Json::arrayValue; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
265 for (size_t i = 0; i < resources.size(); ++i) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
266 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
267 Json::Value resource; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
268 if (!resources[i].dicomUid.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
269 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
270 resource["dicom-uid"] = resources[i].dicomUid; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
271 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
272 if (!resources[i].orthancId.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
273 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
274 resource["orthanc-id"] = resources[i].orthancId; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
275 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
276 if (!resources[i].url.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
277 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
278 resource["url"] = resources[i].url; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
279 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
280 if (!resources[i].level.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
281 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
282 resource["level"] = resources[i].level; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
283 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
284 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
285 body["resources"].append(resource); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
286 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
287 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
288 body["type"] = tokenType; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
289 if (!expirationDateString.empty()) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
290 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
291 body["expiration-date"] = expirationDateString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
292 } |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
293 if (validityDuration > 0) |
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
294 { |
86 | 295 body["validity-duration"] = Json::UInt64(validityDuration); |
73
512247750f0a
new ValidityDuration arg in create token API
Alain Mazy <am@osimis.io>
parents:
72
diff
changeset
|
296 } |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
297 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
298 std::string bodyAsString; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
299 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
300 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
301 Json::Value tokenResponse; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
302 try |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
303 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
304 Orthanc::HttpClient authClient(authWebservice, ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
305 authClient.SetUrl(url); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
306 authClient.AssignBody(bodyAsString); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
307 authClient.SetMethod(Orthanc::HttpMethod_Put); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
308 authClient.AddHeader("Content-Type", "application/json"); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
309 authClient.AddHeader("Expect", ""); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
310 authClient.SetTimeout(10); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
311 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
312 authClient.ApplyAndThrowException(tokenResponse); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
313 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
314 response.token = tokenResponse["token"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
315 response.url = tokenResponse["url"].asString(); |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
316 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
317 return true; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
318 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
319 catch (Orthanc::OrthancException& ex) |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
320 { |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
321 return false; |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
322 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
323 |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
324 } |
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
325 |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
326 void AuthorizationWebService::ToJson(Json::Value& jsonProfile, const UserProfile& profile) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
327 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
328 jsonProfile = Json::objectValue; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
329 jsonProfile[USER_NAME] = profile.name; |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
330 Orthanc::SerializationToolbox::WriteSetOfStrings(jsonProfile, profile.authorizedLabels, AUTHORIZED_LABELS); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
331 Orthanc::SerializationToolbox::WriteSetOfStrings(jsonProfile, profile.permissions, PERMISSIONS); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
332 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
333 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
334 void AuthorizationWebService::FromJson(UserProfile& profile, const Json::Value& jsonProfile) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
335 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
336 if (jsonProfile.type() != Json::objectValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
337 !jsonProfile.isMember(PERMISSIONS) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
338 !jsonProfile.isMember(AUTHORIZED_LABELS) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
339 !jsonProfile.isMember(USER_NAME) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
340 jsonProfile[PERMISSIONS].type() != Json::arrayValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
341 jsonProfile[AUTHORIZED_LABELS].type() != Json::arrayValue || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
342 jsonProfile[USER_NAME].type() != Json::stringValue) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
343 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
344 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
345 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
346 } |
194
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
347 // LOG(INFO) << jsonProfile.toStyledString(); |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
348 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
349 profile.name = jsonProfile[USER_NAME].asString(); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
350 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
351 for (Json::ArrayIndex i = 0; i < jsonProfile[PERMISSIONS].size(); ++i) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
352 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
353 profile.permissions.insert(jsonProfile[PERMISSIONS][i].asString()); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
354 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
355 for (Json::ArrayIndex i = 0; i < jsonProfile[AUTHORIZED_LABELS].size(); ++i) |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
356 { |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
357 profile.authorizedLabels.insert(jsonProfile[AUTHORIZED_LABELS][i].asString()); |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
358 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
359 } |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
360 |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
361 |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
362 |
71 | 363 bool AuthorizationWebService::GetUserProfileInternal(unsigned int& validity, |
109 | 364 UserProfile& profile /* out */, |
71 | 365 const Token* token, |
366 const std::string& tokenValue) | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
367 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
368 if (userProfileUrl_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
369 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
370 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get user profile if the 'WebServiceUserProfileUrl' is not configured"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
371 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
372 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
373 Orthanc::WebServiceParameters authWebservice; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
374 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
375 if (!username_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
376 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
377 authWebservice.SetCredentials(username_, password_); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
378 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
379 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
380 Json::Value body; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
381 |
71 | 382 if (token != NULL) |
383 { | |
384 body["token-key"] = token->GetKey(); | |
385 body["token-value"] = tokenValue; | |
386 } | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
387 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
388 if (!identifier_.empty()) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
389 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
390 body["identifier"] = identifier_; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
391 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
392 else |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
393 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
394 body["identifier"] = Json::nullValue; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
395 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
396 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
397 std::string bodyAsString; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
398 Orthanc::Toolbox::WriteFastJson(bodyAsString, body); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
399 |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
400 try |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
401 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
402 Orthanc::HttpClient authClient(authWebservice, ""); |
72
e381ba725669
new PUT auth/tokens/{token-type} API route + updated interface with WebService
Alain Mazy <am@osimis.io>
parents:
71
diff
changeset
|
403 authClient.SetUrl(userProfileUrl_); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
404 authClient.AssignBody(bodyAsString); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
405 authClient.SetMethod(Orthanc::HttpMethod_Post); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
406 authClient.AddHeader("Content-Type", "application/json"); |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
407 authClient.AddHeader("Expect", ""); |
70 | 408 authClient.SetTimeout(10); |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
409 |
109 | 410 Json::Value jsonProfile; |
411 authClient.ApplyAndThrowException(jsonProfile); | |
71 | 412 |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
413 if (!jsonProfile.isMember(VALIDITY) || |
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
414 jsonProfile[VALIDITY].type() != Json::intValue) |
71 | 415 { |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
416 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, |
109 | 417 "Syntax error in the result of the Auth Web service, the format of the UserProfile is invalid"); |
418 } | |
419 validity = jsonProfile[VALIDITY].asUInt(); | |
113 | 420 profile.tokenKey = token->GetKey(); |
421 profile.tokenType = token->GetType(); | |
422 profile.tokenValue = tokenValue; | |
423 | |
115
0eed78c1e177
cache the UserProfile + updated http filter logic
Alain Mazy <am@osimis.io>
parents:
113
diff
changeset
|
424 FromJson(profile, jsonProfile); |
109 | 425 |
112
572955904411
added tools/labels + removed forbidden_labels
Alain Mazy <am@osimis.io>
parents:
109
diff
changeset
|
426 if (profile.authorizedLabels.size() == 0) |
71 | 427 { |
116
89eddd4b2f6a
tested resource token for WADO-RS
Alain Mazy <am@osimis.io>
parents:
115
diff
changeset
|
428 LOG(WARNING) << "The UserProfile for '" << profile.name << "' does not contain any authorized labels"; |
71 | 429 } |
430 | |
69
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
431 return true; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
432 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
433 catch (Orthanc::OrthancException& ex) |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
434 { |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
435 return false; |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
436 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
437 } |
af44dce56328
new 'auth/user-profile' Rest API route
Alain Mazy <am@osimis.io>
parents:
68
diff
changeset
|
438 |
71 | 439 bool AuthorizationWebService::HasUserPermissionInternal(unsigned int& validity, |
440 const std::string& permission, | |
113 | 441 const UserProfile& profile) |
71 | 442 { |
113 | 443 const std::set<std::string>& permissions = profile.permissions; |
444 for (std::set<std::string>::const_iterator it = permissions.begin(); it != permissions.end(); ++it) | |
71 | 445 { |
113 | 446 if (permission == *it) |
71 | 447 { |
113 | 448 return true; |
71 | 449 } |
450 } | |
451 | |
452 return false; | |
453 } | |
454 | |
194
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
455 bool AuthorizationWebService::GetSettingsRoles(Json::Value& roles) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
456 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
457 if (settingsRolesUrl_.empty()) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
458 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
459 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not get settings-roles if the 'WebServiceSettingsRolesUrl' is not configured"); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
460 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
461 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
462 Orthanc::WebServiceParameters authWebservice; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
463 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
464 if (!username_.empty()) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
465 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
466 authWebservice.SetCredentials(username_, password_); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
467 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
468 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
469 try |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
470 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
471 Orthanc::HttpClient authClient(authWebservice, ""); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
472 authClient.SetUrl(settingsRolesUrl_); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
473 authClient.SetMethod(Orthanc::HttpMethod_Get); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
474 authClient.AddHeader("Expect", ""); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
475 authClient.SetTimeout(10); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
476 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
477 authClient.ApplyAndThrowException(roles); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
478 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
479 return true; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
480 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
481 catch (Orthanc::OrthancException& ex) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
482 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
483 return false; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
484 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
485 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
486 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
487 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
488 bool AuthorizationWebService::UpdateSettingsRoles(Json::Value& response, const Json::Value& roles) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
489 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
490 if (settingsRolesUrl_.empty()) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
491 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
492 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadRequest, "Can not update settings-roles if the 'WebServiceSettingsRolesUrl' is not configured"); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
493 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
494 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
495 Orthanc::WebServiceParameters authWebservice; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
496 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
497 if (!username_.empty()) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
498 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
499 authWebservice.SetCredentials(username_, password_); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
500 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
501 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
502 try |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
503 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
504 std::string bodyAsString; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
505 Orthanc::Toolbox::WriteFastJson(bodyAsString, roles); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
506 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
507 Orthanc::HttpClient authClient(authWebservice, ""); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
508 authClient.SetUrl(settingsRolesUrl_); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
509 authClient.AssignBody(bodyAsString); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
510 authClient.SetMethod(Orthanc::HttpMethod_Put); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
511 authClient.AddHeader("Content-Type", "application/json"); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
512 authClient.AddHeader("Expect", ""); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
513 authClient.SetTimeout(10); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
514 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
515 authClient.ApplyAndThrowException(response); |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
516 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
517 return true; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
518 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
519 catch (Orthanc::OrthancException& ex) |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
520 { |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
521 return false; |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
522 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
523 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
524 } |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
525 |
85859ec3aa7e
added support for roles/permissions edition
Alain Mazy <am@orthanc.team>
parents:
188
diff
changeset
|
526 |
1 | 527 } |