Mercurial > hg > orthanc-authorization

diff Plugin/Plugin.cpp @ 74:aa73b10c2db9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
new API route to decode tokens
author Alain Mazy <am@osimis.io>
date Fri, 03 Mar 2023 18:03:22 +0100
parents 512247750f0a
children d301047ee3c4
line wrap: on
line diff
--- a/Plugin/Plugin.cpp	Fri Mar 03 10:41:27 2023 +0100
+++ b/Plugin/Plugin.cpp	Fri Mar 03 18:03:22 2023 +0100
@@ -419,6 +419,57 @@
   }
 }
 
+void DecodeToken(OrthancPluginRestOutput* output,
+                 const char* /*url*/,
+                 const OrthancPluginHttpRequest* request)
+{
+  OrthancPluginContext* context = OrthancPlugins::GetGlobalContext();
+
+  if (request->method != OrthancPluginHttpMethod_Post)
+  {
+    OrthancPluginSendMethodNotAllowed(context, output, "POST");
+  }
+  else
+  {
+    // convert from Orthanc flavored API to WebService API
+    Json::Value body;
+    if (!OrthancPlugins::ReadJson(body, request->body, request->bodySize))
+    {
+      throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected");
+    }
+
+    Json::Value authPayload;
+
+    authPayload["token-key"] = body["TokenKey"].asString();
+    authPayload["token-value"] = body["TokenValue"].asString();
+
+    OrthancPlugins::IAuthorizationService::DecodedToken decodedToken;
+    if (authorizationService_->DecodeToken(decodedToken,
+                                           body["TokenKey"].asString(),
+                                           body["TokenValue"].asString()))
+    {
+      Json::Value decodedJsonToken;
+      
+      if (!decodedToken.redirectUrl.empty())
+      {
+        decodedJsonToken["RedirectUrl"] = decodedToken.redirectUrl;
+      }
+
+      if (!decodedToken.errorCode.empty())
+      {
+        decodedJsonToken["ErrorCode"] = decodedToken.errorCode;
+      }
+
+      if (!decodedToken.tokenType.empty())
+      {
+        decodedJsonToken["TokenType"] = decodedToken.tokenType;
+      }
+
+      OrthancPlugins::AnswerJson(decodedJsonToken, output);
+    }
+  }
+}
+
 void GetUserProfile(OrthancPluginRestOutput* output,
                     const char* /*url*/,
                     const OrthancPluginHttpRequest* request)
@@ -599,18 +650,21 @@
         pluginConfiguration.LookupSetOfStrings(uncheckedResources_, "UncheckedResources", false);
         pluginConfiguration.LookupListOfStrings(uncheckedFolders_, "UncheckedFolders", false);
 
+        std::string urlTokenDecoder;
         std::string urlTokenValidation;
         std::string urlTokenCreationBase;
         std::string urlUserProfile;
         std::string urlRoot;
 
         static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl";
+        static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl";
         static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl";
         static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl";
         static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl";
         static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService";
         if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT))
         {
+          urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode");
           urlTokenValidation = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/validate");
           urlTokenCreationBase = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/");
           urlUserProfile = Orthanc::Toolbox::JoinUri(urlRoot, "/user/get-profile");
@@ -618,6 +672,7 @@
         else 
         {
           pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION);
+          pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER);
           if (urlTokenValidation.empty())
           {
             pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION_LEGACY);
@@ -698,6 +753,7 @@
           if (standardConfigurations.find("orthanc-explorer-2") != standardConfigurations.end())
           {
             uncheckedFolders_.push_back("/ui/app/");
+            uncheckedFolders_.push_back("/ui/landing/");
             uncheckedResources_.insert("/ui/api/pre-login-configuration");        // for the UI to know, i.e. if Keycloak is enabled or not
             uncheckedResources_.insert("/ui/api/configuration");
             uncheckedResources_.insert("/auth/user-profile");
@@ -757,7 +813,8 @@
 
         std::unique_ptr<OrthancPlugins::AuthorizationWebService> webService(new OrthancPlugins::AuthorizationWebService(urlTokenValidation,
                                                                                                                         urlTokenCreationBase,
-                                                                                                                        urlUserProfile));
+                                                                                                                        urlUserProfile,
+                                                                                                                        urlTokenDecoder));
 
         std::string webServiceIdentifier;
         if (pluginConfiguration.LookupStringValue(webServiceIdentifier, "WebServiceIdentifier"))
@@ -781,6 +838,11 @@
           OrthancPluginRegisterOnChangeCallback(context, OnChangeCallback);
         }
         
+        if (!urlTokenDecoder.empty())
+        {
+          OrthancPlugins::RegisterRestCallback<DecodeToken>("/auth/tokens/decode", true);
+        }
+
         if (!urlUserProfile.empty())
         {
           OrthancPlugins::RegisterRestCallback<GetUserProfile>("/auth/user/profile", true);
@@ -790,7 +852,8 @@
         {
           OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true);
         }
-        
+
+
 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1)
         OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests);
 #else