Mercurial > hg > orthanc-authorization

comparison Plugin/AuthorizationWebService.cpp @ 59:a5f2976fe8a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix Authorization header conflicting with WebServiceUsername
author Alain Mazy <am@osimis.io>
date Thu, 10 Nov 2022 10:25:01 +0100
parents 317b31e99501
children 5281a859248d
comparison
equal deleted inserted replaced
58:ad279c70c22d 59:a5f2976fe8a0
19 #include "AuthorizationWebService.h" 19 #include "AuthorizationWebService.h"
20 20
21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" 21 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
22 22
23 #include <Logging.h> 23 #include <Logging.h>
24 #include <Toolbox.h>
24 25
25 namespace OrthancPlugins 26 namespace OrthancPlugins
26 { 27 {
27 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity, 28 bool AuthorizationWebService::IsGrantedInternal(unsigned int& validity,
28 OrthancPluginHttpMethod method, 29 OrthancPluginHttpMethod method,
91 92
92 if (token != NULL && 93 if (token != NULL &&
93 token->GetType() == TokenType_HttpHeader) 94 token->GetType() == TokenType_HttpHeader)
94 { 95 {
95 // If the token source is a HTTP header, forward it also as a 96 // If the token source is a HTTP header, forward it also as a
96 // HTTP header 97 // HTTP header except if it is the Authorization header that might conflict with username_ and password_
97 headersKeys[headersCount] = token->GetKey().c_str(); 98 std::string lowerTokenKey;
98 headersValues[headersCount] = tokenValue.c_str(); 99 Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey());
99 headersCount++; 100
101 if (!(lowerTokenKey == "authorization" && !username_.empty()))
102 {
103 headersKeys[headersCount] = token->GetKey().c_str();
104 headersValues[headersCount] = tokenValue.c_str();
105 headersCount++;
106 }
100 } 107 }
101 108
102 // set the correct content type for the outgoing 109 // set the correct content type for the outgoing
103 headersKeys[headersCount] = "Content-Type"; 110 headersKeys[headersCount] = "Content-Type";
104 headersValues[headersCount] = "application/json"; 111 headersValues[headersCount] = "application/json";