Mercurial > hg > orthanc-authorization

comparison Plugin/Plugin.cpp @ 81:fac45493d547

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
more flexibility wrt configuration
author Alain Mazy <am@osimis.io>
date Thu, 16 Mar 2023 17:38:03 +0100
parents 94a9484d7f8f
children 1c91a1cbbc35
comparison
equal deleted inserted replaced
80:0ffad746a16b 81:fac45493d547
604 OrthancPlugins::MemoryCache::Factory factory(10000); 604 OrthancPlugins::MemoryCache::Factory factory(10000);
605 605
606 std::string dicomWebRoot = "/dicom-web/"; 606 std::string dicomWebRoot = "/dicom-web/";
607 std::string oe2Root = "/ui/"; 607 std::string oe2Root = "/ui/";
608 608
609 bool hasBasicAuthEnabled = orthancFullConfiguration.GetBooleanValue("AuthenticationEnabled", "true");
610
609 if (orthancFullConfiguration.IsSection("DicomWeb")) 611 if (orthancFullConfiguration.IsSection("DicomWeb"))
610 { 612 {
611 OrthancPlugins::OrthancConfiguration dicomWeb; 613 OrthancPlugins::OrthancConfiguration dicomWeb;
612 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb"); 614 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb");
613 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/"); 615 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/");
723 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; 725 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation";
724 } 726 }
725 727
726 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL) 728 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL)
727 { 729 {
728 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: No Token Validation or User Profile url defined"); 730 if (hasBasicAuthEnabled)
731 {
732 LOG(WARNING) << "Authorization plugin: No Token Validation or User Profile url defined -> will only be able to generate tokens. All API routes are accessible to all registered users.";
733 }
734 else
735 {
736 LOG(WARNING) << "Authorization plugin: ----------- insecure setup ---------- No Token Validation or User Profile url defined -> will only be able to generate tokens. Authentication is not enabled -> anyone will have access to all API routes.";
737 }
729 } 738 }
730 739
731 std::set<std::string> standardConfigurations; 740 std::set<std::string> standardConfigurations;
732 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false)) 741 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false))
733 { 742 {
852 { 861 {
853 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); 862 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);
854 } 863 }
855 864
856 865
866 if (authorizationParser_.get() != NULL || permissionParser_.get() != NULL)
867 {
868 if (hasBasicAuthEnabled)
869 {
870 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: you are using the plugin to grant access to resources or handle user permissions. This is not compatible with \"AuthenticationEnabled\" = true");
871 }
872
873 LOG(WARNING) << "Authorization plugin: Registering Incoming HTTP Request Filter";
874
857 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1) 875 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
858 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests); 876 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests);
859 #else 877 #else
860 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback); 878 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback);
861 #endif 879 #endif
880 }
881
862 } 882 }
863 else 883 else
864 { 884 {
865 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, " 885 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, "
866 << "the authorization plugin is disabled"; 886 << "the authorization plugin is disabled";