# HG changeset patch # User Alain Mazy # Date 1668072301 -3600 # Node ID a5f2976fe8a0b90425900c5b1fe3051245a0515e # Parent ad279c70c22dcc5ad3e1f951f8c07a95259bccee fix Authorization header conflicting with WebServiceUsername diff -r ad279c70c22d -r a5f2976fe8a0 NEWS --- a/NEWS Wed Nov 09 18:17:03 2022 +0100 +++ b/NEWS Thu Nov 10 10:25:01 2022 +0100 @@ -7,7 +7,11 @@ * new configuration option "StandardConfigurations" to replace multiple configurations. Allowed values: "osimis-web-viewer", "stone-webviewer" * added support for QIDO-RS query arguments (e.g: /dicom-web/studies?0020000D=1.2.3&...) - +* possible BREAKING_CHANGE: if "TokenHttpHeaders" is set to "Authorization" and if + "WebServiceUsername" is defined, the "Authorization" header of the HTTP request + sent to the auth-service will contain the basic auth info from WebServiceUsername and + WebServicePassword. You should get the "Authorization" value from the token-value field + of the payload sent to the auth-service. 2022-09-26 - v 0.3.0 ==================== diff -r ad279c70c22d -r a5f2976fe8a0 Plugin/AuthorizationWebService.cpp --- a/Plugin/AuthorizationWebService.cpp Wed Nov 09 18:17:03 2022 +0100 +++ b/Plugin/AuthorizationWebService.cpp Thu Nov 10 10:25:01 2022 +0100 @@ -21,6 +21,7 @@ #include "../Resources/Orthanc/Plugins/OrthancPluginCppWrapper.h" #include +#include namespace OrthancPlugins { @@ -93,10 +94,16 @@ token->GetType() == TokenType_HttpHeader) { // If the token source is a HTTP header, forward it also as a - // HTTP header - headersKeys[headersCount] = token->GetKey().c_str(); - headersValues[headersCount] = tokenValue.c_str(); - headersCount++; + // HTTP header except if it is the Authorization header that might conflict with username_ and password_ + std::string lowerTokenKey; + Orthanc::Toolbox::ToLowerCase(lowerTokenKey, token->GetKey()); + + if (!(lowerTokenKey == "authorization" && !username_.empty())) + { + headersKeys[headersCount] = token->GetKey().c_str(); + headersValues[headersCount] = tokenValue.c_str(); + headersCount++; + } } // set the correct content type for the outgoing