Mercurial > hg > orthanc-authorization
diff Plugin/Plugin.cpp @ 195:2f1e872e8eaa
merge
| author | Alain Mazy <am@orthanc.team> |
|---|---|
| date | Fri, 14 Jun 2024 16:31:58 +0200 |
| parents | 85859ec3aa7e de232f9b3a60 |
| children | 55760c465c3a |
line wrap: on
line diff
--- a/Plugin/Plugin.cpp Fri Jun 14 16:26:53 2024 +0200 +++ b/Plugin/Plugin.cpp Fri Jun 14 16:31:58 2024 +0200 @@ -229,8 +229,6 @@ OrthancPluginHttpMethod method, const OrthancPlugins::AccessedResource& access) { - unsigned int validity; // ignored - // Ignored the access levels that are unchecked // (cf. "UncheckedLevels" option) if (uncheckedLevels_.find(access.GetLevel()) == uncheckedLevels_.end()) @@ -242,6 +240,7 @@ if (authTokens.empty()) { + unsigned int validity; // ignored granted = authorizationService_->IsGrantedToAnonymousUser(validity, method, access); } else @@ -249,6 +248,7 @@ // Loop over all the authorization tokens in the request until finding one that is granted for (size_t i = 0; i < authTokens.size(); ++i) { + unsigned int validity; // ignored if (authorizationService_->IsGranted(validity, method, access, authTokens[i].GetToken(), authTokens[i].GetValue())) { granted = true; @@ -284,8 +284,6 @@ { try { - unsigned int validity; // ignored - // Allow GET accesses to unchecked resources/folders (usually static resources) //////////////////////////////////////////////////////////////// @@ -314,7 +312,6 @@ // Based on the tokens, check if the user has access based on its permissions and the mapping between urls and permissions //////////////////////////////////////////////////////////////// bool hasUserRequiredPermissions = false; - bool hasAuthorizedLabelsForResource = false; if (permissionParser_.get() != NULL && authorizationService_.get() != NULL) @@ -328,6 +325,8 @@ std::string msg = std::string("Testing whether anonymous user has any of the required permissions '") + JoinStrings(requiredPermissions) + "'"; LOG(INFO) << msg; + + unsigned int validity; // ignored if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions)) { LOG(INFO) << msg << " -> granted"; @@ -351,13 +350,16 @@ unsigned int validityNotUsed; authorizationService_->GetUserProfile(validityNotUsed, profile, authTokens[i].GetToken(), authTokens[i].GetValue()); + unsigned int validity; // ignored if (authorizationService_->HasUserPermission(validity, requiredPermissions, profile)) { LOG(INFO) << msg << " -> granted"; hasUserRequiredPermissions = true; // check labels permissions - std::string msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; + msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; + + bool hasAuthorizedLabelsForResource = false; if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, getArguments, profile)) { if (hasAuthorizedLabelsForResource) @@ -795,7 +797,7 @@ } else { - throw e; + throw; } } @@ -860,7 +862,7 @@ } else { - throw e; + throw; } } } @@ -989,11 +991,6 @@ throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected"); } - Json::Value authPayload; - - authPayload["token-key"] = body["TokenKey"].asString(); - authPayload["token-value"] = body["TokenValue"].asString(); - OrthancPlugins::IAuthorizationService::DecodedToken decodedToken; if (authorizationService_->DecodeToken(decodedToken, body["TokenKey"].asString(), @@ -1176,7 +1173,7 @@ try { - static const char* PLUGIN_SECTION = "Authorization"; + static const char* const PLUGIN_SECTION = "Authorization"; OrthancPlugins::OrthancConfiguration orthancFullConfiguration; @@ -1259,13 +1256,8 @@ std::string urlSettingsRole; std::string urlRoot; - static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl"; - static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; - static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; - static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; - static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; - static const char* WEB_SERVICE_SETTINGS_ROLES = "WebServiceSettingsRolesUrl"; - static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; + static const char* const WEB_SERVICE_ROOT = "WebServiceRootUrl"; + if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT)) { urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode"); @@ -1276,6 +1268,13 @@ } else { + static const char* const WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; + static const char* const WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; + static const char* const WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; + static const char* const WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; + static const char* const WEB_SERVICE_SETTINGS_ROLES = "WebServiceSettingsRolesUrl"; + static const char* const WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; + pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION); pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER); if (urlTokenValidation.empty()) @@ -1306,7 +1305,7 @@ LOG(WARNING) << "Authorization plugin: url defined for User Profile: " << urlUserProfile << ", user tokens validation is enabled"; userTokensEnabled_ = true; - static const char* PERMISSIONS = "Permissions"; + static const char* const PERMISSIONS = "Permissions"; if (!pluginConfiguration.GetJson().isMember(PERMISSIONS)) { throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: Missing required \"" + std::string(PERMISSIONS) +