changeset 73:512247750f0a

new ValidityDuration arg in create token API
author Alain Mazy <am@osimis.io>
date Fri, 03 Mar 2023 10:41:27 +0100
parents e381ba725669
children aa73b10c2db9
files Plugin/AuthorizationWebService.cpp Plugin/AuthorizationWebService.h Plugin/CachedAuthorizationService.h Plugin/DefaultConfiguration.json Plugin/IAuthorizationService.h Plugin/Plugin.cpp
diffstat 6 files changed, 40 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/Plugin/AuthorizationWebService.cpp	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/AuthorizationWebService.cpp	Fri Mar 03 10:41:27 2023 +0100
@@ -167,7 +167,8 @@
                                             const std::string& tokenType, 
                                             const std::string& id, 
                                             const std::vector<IAuthorizationService::OrthancResource>& resources,
-                                            const std::string& expirationDateString)
+                                            const std::string& expirationDateString,
+                                            const uint64_t& validityDuration)
   {
     if (tokenCreationBaseUrl_.empty())
     {
@@ -218,6 +219,10 @@
     {
       body["expiration-date"] = expirationDateString;
     }
+    if (validityDuration > 0)
+    {
+      body["validity-duration"] = validityDuration;
+    }
 
     std::string bodyAsString;
     Orthanc::Toolbox::WriteFastJson(bodyAsString, body);
--- a/Plugin/AuthorizationWebService.h	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/AuthorizationWebService.h	Fri Mar 03 10:41:27 2023 +0100
@@ -84,7 +84,8 @@
                              const std::string& tokenType, 
                              const std::string& id, 
                              const std::vector<IAuthorizationService::OrthancResource>& resources,
-                             const std::string& expirationDateString) ORTHANC_OVERRIDE;
+                             const std::string& expirationDateString,
+                             const uint64_t& validityDuration) ORTHANC_OVERRIDE;
 
   };
 }
--- a/Plugin/CachedAuthorizationService.h	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/CachedAuthorizationService.h	Fri Mar 03 10:41:27 2023 +0100
@@ -85,13 +85,15 @@
                      const std::string& tokenType, 
                      const std::string& id, 
                      const std::vector<IAuthorizationService::OrthancResource>& resources,
-                     const std::string& expirationDateString)
+                     const std::string& expirationDateString,
+                     const uint64_t& validityDuration)
     {
       return decorated_->CreateToken(response,
                                      tokenType,
                                      id,
                                      resources,
-                                     expirationDateString);
+                                     expirationDateString,
+                                     validityDuration);
     }
 
  };
--- a/Plugin/DefaultConfiguration.json	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/DefaultConfiguration.json	Fri Mar 03 10:41:27 2023 +0100
@@ -4,6 +4,7 @@
         // // "WebServiceUserProfileUrl" : " ROOT /user/get-profile",
         // // "WebServiceTokenValidationUrl" : " ROOT /tokens/validate",
         // // "WebServiceTokenCreationBaseUrl" : " ROOT /tokens/",
+        // You should define it only if your auth webservice implements all 3 routes !
         // "WebServiceRootUrl" : "http://change-me:8000/",
 
         // The URL of the auth webservice route implementing user profile (optional)
--- a/Plugin/IAuthorizationService.h	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/IAuthorizationService.h	Fri Mar 03 10:41:27 2023 +0100
@@ -79,7 +79,8 @@
                              const std::string& tokenType, 
                              const std::string& id, 
                              const std::vector<OrthancResource>& resources,
-                             const std::string& expirationDateString) = 0;
+                             const std::string& expirationDateString,
+                             const uint64_t& validityDuration) = 0;
 
     virtual bool HasUserProfile() const = 0;
     virtual bool HasCreateToken() const = 0;
--- a/Plugin/Plugin.cpp	Fri Feb 24 18:13:36 2023 +0100
+++ b/Plugin/Plugin.cpp	Fri Mar 03 10:41:27 2023 +0100
@@ -138,8 +138,13 @@
           LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "'";
           if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions))
           {
+            LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "' -> granted";
             return 1;
           }
+          else
+          {
+            LOG(INFO) << "Testing whether anonymous user has any of the required permissions '" << JoinStrings(requiredPermissions) << "' -> not granted";
+          }
         }
         else
         {
@@ -148,13 +153,17 @@
             LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "'";
             if (authorizationService_->HasUserPermission(validity, requiredPermissions, authTokens[i].token, authTokens[i].value))
             {
+              LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "' -> granted";
               return 1;
             }
+            else
+            {
+              LOG(INFO) << "Testing whether user has the required permission '" << JoinStrings(requiredPermissions) << "' based on the '" << authTokens[i].token.GetKey() << "' HTTP header required to match '" << matchedPattern << "' -> not granted";
+            }
           }
         }
       }
     }
-
     if (authorizationParser_.get() != NULL &&
         authorizationService_.get() != NULL)
     {
@@ -175,9 +184,8 @@
         // (cf. "UncheckedLevels" option)
         if (uncheckedLevels_.find(access->GetLevel()) == uncheckedLevels_.end())
         {
-          LOG(INFO) << "Testing whether access to "
-                    << OrthancPlugins::EnumerationToString(access->GetLevel())
-                    << " \"" << access->GetOrthancId() << "\" is allowed";
+          std::string msg = std::string("Testing whether access to ") + OrthancPlugins::EnumerationToString(access->GetLevel()) + " \"" + access->GetOrthancId() + "\" is allowed with a resource token";
+          LOG(INFO) << msg;
 
           bool granted = false;
 
@@ -200,8 +208,13 @@
 
           if (!granted)
           {
+            LOG(INFO) << msg << " -> not granted";
             return 0;
           }
+          else
+          {
+            LOG(INFO) << msg << " -> granted";
+          }
         }
       }
 
@@ -338,6 +351,7 @@
     std::string id;
     std::vector<OrthancPlugins::IAuthorizationService::OrthancResource> resources;
     std::string expirationDateString;
+    uint64_t validityDuration;
 
     if (body.isMember("ID"))
     {
@@ -373,12 +387,18 @@
       expirationDateString = body["ExpirationDate"].asString();
     }
 
+    if (body.isMember("ValidityDuration"))
+    {
+      validityDuration = body["ValidityDuration"].asUInt64();
+    }
+
     OrthancPlugins::IAuthorizationService::CreatedToken createdToken;
     if (authorizationService_->CreateToken(createdToken,
                                            tokenType,
                                            id,
                                            resources,
-                                           expirationDateString))
+                                           expirationDateString,
+                                           validityDuration))
     {
       Json::Value createdJsonToken;
       createdJsonToken["Token"] = createdToken.token;