Mercurial > hg > orthanc-authorization

diff Plugin/AuthorizationWebService.cpp @ 59:a5f2976fe8a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix Authorization header conflicting with WebServiceUsername
author Alain Mazy <am@osimis.io>
date Thu, 10 Nov 2022 10:25:01 +0100
parents 317b31e99501
children 5281a859248d
line wrap: on
line diff
--- a/Plugin/AuthorizationWebService.cpp	Wed Nov 09 18:17:03 2022 +0100
+++ b/Plugin/AuthorizationWebService.cpp	Thu Nov 10 10:25:01 2022 +0100
@@ -21,6 +21,7 @@
 #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h"
 
 #include <Logging.h>
+#include <Toolbox.h>
 
 namespace OrthancPlugins
 {
@@ -93,10 +94,16 @@
         token->GetType() == TokenType_HttpHeader)
     {
       // If the token source is a HTTP header, forward it also as a
-      // HTTP header
-      headersKeys[headersCount] = token->GetKey().c_str();
-      headersValues[headersCount] = tokenValue.c_str();
-      headersCount++;
+      // HTTP header except if it is the Authorization header that might conflict with username_ and password_
+      std::string lowerTokenKey;
+      Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey());
+      
+      if (!(lowerTokenKey == "authorization" && !username_.empty()))
+      {
+        headersKeys[headersCount] = token->GetKey().c_str();
+        headersValues[headersCount] = tokenValue.c_str();
+        headersCount++;
+      }
     }
 
     // set the correct content type for the outgoing