Mercurial > hg > orthanc-authorization
changeset 73:512247750f0a
new ValidityDuration arg in create token API
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Fri, 03 Mar 2023 10:41:27 +0100 |
| parents | e381ba725669 |
| children | aa73b10c2db9 |
| files | Plugin/AuthorizationWebService.cpp Plugin/AuthorizationWebService.h Plugin/CachedAuthorizationService.h Plugin/DefaultConfiguration.json Plugin/IAuthorizationService.h Plugin/Plugin.cpp |
| diffstat | 6 files changed, 40 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/Plugin/AuthorizationWebService.cpp Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/AuthorizationWebService.cpp Fri Mar 03 10:41:27 2023 +0100 @@ -167,7 +167,8 @@ const std::string& tokenType, const std::string& id, const std::vector<IAuthorizationService::OrthancResource>& resources, - const std::string& expirationDateString) + const std::string& expirationDateString, + const uint64_t& validityDuration) { if (tokenCreationBaseUrl_.empty()) { @@ -218,6 +219,10 @@ { body["expiration-date"] = expirationDateString; } + if (validityDuration > 0) + { + body["validity-duration"] = validityDuration; + } std::string bodyAsString; Orthanc::Toolbox::WriteFastJson(bodyAsString, body);
--- a/Plugin/AuthorizationWebService.h Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/AuthorizationWebService.h Fri Mar 03 10:41:27 2023 +0100 @@ -84,7 +84,8 @@ const std::string& tokenType, const std::string& id, const std::vector<IAuthorizationService::OrthancResource>& resources, - const std::string& expirationDateString) ORTHANC_OVERRIDE; + const std::string& expirationDateString, + const uint64_t& validityDuration) ORTHANC_OVERRIDE; }; }
--- a/Plugin/CachedAuthorizationService.h Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/CachedAuthorizationService.h Fri Mar 03 10:41:27 2023 +0100 @@ -85,13 +85,15 @@ const std::string& tokenType, const std::string& id, const std::vector<IAuthorizationService::OrthancResource>& resources, - const std::string& expirationDateString) + const std::string& expirationDateString, + const uint64_t& validityDuration) { return decorated_->CreateToken(response, tokenType, id, resources, - expirationDateString); + expirationDateString, + validityDuration); } };
--- a/Plugin/DefaultConfiguration.json Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/DefaultConfiguration.json Fri Mar 03 10:41:27 2023 +0100 @@ -4,6 +4,7 @@ // // "WebServiceUserProfileUrl" : " ROOT /user/get-profile", // // "WebServiceTokenValidationUrl" : " ROOT /tokens/validate", // // "WebServiceTokenCreationBaseUrl" : " ROOT /tokens/", + // You should define it only if your auth webservice implements all 3 routes ! // "WebServiceRootUrl" : "http://change-me:8000/", // The URL of the auth webservice route implementing user profile (optional)
--- a/Plugin/IAuthorizationService.h Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/IAuthorizationService.h Fri Mar 03 10:41:27 2023 +0100 @@ -79,7 +79,8 @@ const std::string& tokenType, const std::string& id, const std::vector<OrthancResource>& resources, - const std::string& expirationDateString) = 0; + const std::string& expirationDateString, + const uint64_t& validityDuration) = 0; virtual bool HasUserProfile() const = 0; virtual bool HasCreateToken() const = 0;
--- a/Plugin/Plugin.cpp Fri Feb 24 18:13:36 2023 +0100 +++ b/Plugin/Plugin.cpp Fri Mar 03 10:41:27 2023 +0100 @@ -138,8 +138,13 @@ LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "'"; if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions)) { + LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "' -> granted"; return 1; } + else + { + LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "' -> not granted"; + } } else { @@ -148,13 +153,17 @@ LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "'"; if (authorizationService_->HasUserPermission(validity, requiredPermissions, authTokens[i].token, authTokens[i].value)) { + LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "' -> granted"; return 1; } + else + { + LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "' -> not granted"; + } } } } } - if (authorizationParser_.get() != NULL && authorizationService_.get() != NULL) { @@ -175,9 +184,8 @@ // (cf. "UncheckedLevels" option) if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end()) { - LOG(INFO) << "Testing whether access to " - << OrthancPlugins::EnumerationToString(access->GetLevel()) - << " \"" << access->GetOrthancId() << "\" is allowed"; + std::string msg = std::string("Testing whether access to ") + OrthancPlugins::EnumerationToString(access->GetLevel()) + " \"" + access->GetOrthancId() + "\" is allowed with a resource token"; + LOG(INFO) << msg; bool granted = false; @@ -200,8 +208,13 @@ if (!granted) { + LOG(INFO) << msg << " -> not granted"; return 0; } + else + { + LOG(INFO) << msg << " -> granted"; + } } } @@ -338,6 +351,7 @@ std::string id; std::vector<OrthancPlugins::IAuthorizationService::OrthancResource> resources; std::string expirationDateString; + uint64_t validityDuration; if (body.isMember("ID")) { @@ -373,12 +387,18 @@ expirationDateString = body["ExpirationDate"].asString(); } + if (body.isMember("ValidityDuration")) + { + validityDuration = body["ValidityDuration"].asUInt64(); + } + OrthancPlugins::IAuthorizationService::CreatedToken createdToken; if (authorizationService_->CreateToken(createdToken, tokenType, id, resources, - expirationDateString)) + expirationDateString, + validityDuration)) { Json::Value createdJsonToken; createdJsonToken["Token"] = createdToken.token;