Mercurial > hg > orthanc-authorization
changeset 190:de232f9b3a60
cppcheck
| author | Sebastien Jodogne <s.jodogne@gmail.com> |
|---|---|
| date | Wed, 05 Jun 2024 15:08:41 +0200 |
| parents | c4b908970ae4 |
| children | 55435a4dd2c6 |
| files | Plugin/AuthorizationWebService.h Plugin/BaseAuthorizationService.h Plugin/CachedAuthorizationService.h Plugin/DefaultAuthorizationParser.h Plugin/Plugin.cpp |
| diffstat | 5 files changed, 40 insertions(+), 39 deletions(-) [+] |
line wrap: on
line diff
--- a/Plugin/AuthorizationWebService.h Thu May 30 21:59:01 2024 +0200 +++ b/Plugin/AuthorizationWebService.h Wed Jun 05 15:08:41 2024 +0200 @@ -69,17 +69,17 @@ void SetIdentifier(const std::string& webServiceIdentifier); - virtual bool HasUserProfile() const + virtual bool HasUserProfile() const ORTHANC_OVERRIDE { return !userProfileUrl_.empty(); } - virtual bool HasCreateToken() const + virtual bool HasCreateToken() const ORTHANC_OVERRIDE { return !tokenCreationBaseUrl_.empty(); } - virtual bool HasTokenValidation() const + virtual bool HasTokenValidation() const ORTHANC_OVERRIDE { return !tokenValidationUrl_.empty(); } @@ -93,7 +93,7 @@ virtual bool DecodeToken(DecodedToken& response, const std::string& tokenKey, - const std::string& tokenValue); + const std::string& tokenValue) ORTHANC_OVERRIDE; static void ToJson(Json::Value& output, const UserProfile& profile);
--- a/Plugin/BaseAuthorizationService.h Thu May 30 21:59:01 2024 +0200 +++ b/Plugin/BaseAuthorizationService.h Wed Jun 05 15:08:41 2024 +0200 @@ -22,6 +22,8 @@ #include "IAuthorizationService.h" +#include <Compatibility.h> + namespace OrthancPlugins { @@ -55,14 +57,14 @@ OrthancPluginHttpMethod method, const AccessedResource& access, const Token& token, - const std::string& tokenValue) + const std::string& tokenValue) ORTHANC_OVERRIDE { return IsGrantedInternal(validity, method, access, &token, tokenValue); } virtual bool IsGrantedToAnonymousUser(unsigned int& validity, OrthancPluginHttpMethod method, - const AccessedResource& access) + const AccessedResource& access) ORTHANC_OVERRIDE { return IsGrantedInternal(validity, method, access, NULL, ""); } @@ -70,20 +72,20 @@ virtual bool GetUserProfile(unsigned int& validity, UserProfile& profile /* out */, const Token& token, - const std::string& tokenValue) + const std::string& tokenValue) ORTHANC_OVERRIDE { return GetUserProfileInternal(validity, profile, &token, tokenValue); } virtual bool GetAnonymousUserProfile(unsigned int& validity /* out */, - UserProfile& profile /* out */) + UserProfile& profile /* out */) ORTHANC_OVERRIDE { return GetUserProfileInternal(validity, profile, NULL, ""); } virtual bool HasUserPermission(unsigned int& validity /* out */, const std::set<std::string>& anyOfPermissions, - const UserProfile& profile) + const UserProfile& profile) ORTHANC_OVERRIDE { if (anyOfPermissions.size() == 0) { @@ -101,7 +103,7 @@ } virtual bool HasAnonymousUserPermission(unsigned int& validity /* out */, - const std::set<std::string>& anyOfPermissions) + const std::set<std::string>& anyOfPermissions) ORTHANC_OVERRIDE { if (anyOfPermissions.size() == 0) {
--- a/Plugin/CachedAuthorizationService.h Thu May 30 21:59:01 2024 +0200 +++ b/Plugin/CachedAuthorizationService.h Wed Jun 05 15:08:41 2024 +0200 @@ -67,17 +67,17 @@ CachedAuthorizationService(BaseAuthorizationService* decorated /* takes ownership */, ICacheFactory& factory); - virtual bool HasUserProfile() const + virtual bool HasUserProfile() const ORTHANC_OVERRIDE { return decorated_->HasUserProfile(); } - virtual bool HasCreateToken() const + virtual bool HasCreateToken() const ORTHANC_OVERRIDE { return decorated_->HasCreateToken(); } - virtual bool HasTokenValidation() const + virtual bool HasTokenValidation() const ORTHANC_OVERRIDE { return decorated_->HasTokenValidation(); } @@ -87,7 +87,7 @@ const std::string& id, const std::vector<IAuthorizationService::OrthancResource>& resources, const std::string& expirationDateString, - const uint64_t& validityDuration) + const uint64_t& validityDuration) ORTHANC_OVERRIDE { return decorated_->CreateToken(response, tokenType, @@ -99,7 +99,7 @@ virtual bool DecodeToken(DecodedToken& response, const std::string& tokenKey, - const std::string& tokenValue) + const std::string& tokenValue) ORTHANC_OVERRIDE { return decorated_->DecodeToken(response, tokenKey,
--- a/Plugin/DefaultAuthorizationParser.h Thu May 30 21:59:01 2024 +0200 +++ b/Plugin/DefaultAuthorizationParser.h Wed Jun 05 15:08:41 2024 +0200 @@ -52,10 +52,10 @@ virtual bool Parse(AccessedResources& target, const std::string& uri, - const std::map<std::string, std::string>& getArguments); + const std::map<std::string, std::string>& getArguments) ORTHANC_OVERRIDE; - virtual bool IsListOfResources(const std::string& uri) const; + virtual bool IsListOfResources(const std::string& uri) const ORTHANC_OVERRIDE; - virtual void GetSingleResourcePatterns(std::vector<boost::regex>& patterns) const; + virtual void GetSingleResourcePatterns(std::vector<boost::regex>& patterns) const ORTHANC_OVERRIDE; }; }
--- a/Plugin/Plugin.cpp Thu May 30 21:59:01 2024 +0200 +++ b/Plugin/Plugin.cpp Wed Jun 05 15:08:41 2024 +0200 @@ -229,8 +229,6 @@ OrthancPluginHttpMethod method, const OrthancPlugins::AccessedResource& access) { - unsigned int validity; // ignored - // Ignored the access levels that are unchecked // (cf. "UncheckedLevels" option) if (uncheckedLevels_.find(access.GetLevel()) == uncheckedLevels_.end()) @@ -242,6 +240,7 @@ if (authTokens.empty()) { + unsigned int validity; // ignored granted = authorizationService_->IsGrantedToAnonymousUser(validity, method, access); } else @@ -249,6 +248,7 @@ // Loop over all the authorization tokens in the request until finding one that is granted for (size_t i = 0; i < authTokens.size(); ++i) { + unsigned int validity; // ignored if (authorizationService_->IsGranted(validity, method, access, authTokens[i].GetToken(), authTokens[i].GetValue())) { granted = true; @@ -284,8 +284,6 @@ { try { - unsigned int validity; // ignored - // Allow GET accesses to unchecked resources/folders (usually static resources) //////////////////////////////////////////////////////////////// @@ -314,7 +312,6 @@ // Based on the tokens, check if the user has access based on its permissions and the mapping between urls and permissions //////////////////////////////////////////////////////////////// bool hasUserRequiredPermissions = false; - bool hasAuthorizedLabelsForResource = false; if (permissionParser_.get() != NULL && authorizationService_.get() != NULL) @@ -328,6 +325,8 @@ std::string msg = std::string("Testing whether anonymous user has any of the required permissions '") + JoinStrings(requiredPermissions) + "'"; LOG(INFO) << msg; + + unsigned int validity; // ignored if (authorizationService_->HasAnonymousUserPermission(validity, requiredPermissions)) { LOG(INFO) << msg << " -> granted"; @@ -351,13 +350,16 @@ unsigned int validityNotUsed; authorizationService_->GetUserProfile(validityNotUsed, profile, authTokens[i].GetToken(), authTokens[i].GetValue()); + unsigned int validity; // ignored if (authorizationService_->HasUserPermission(validity, requiredPermissions, profile)) { LOG(INFO) << msg << " -> granted"; hasUserRequiredPermissions = true; // check labels permissions - std::string msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; + msg = std::string("Testing whether user has the authorized_labels to access '") + uri + "' based on the HTTP header '" + authTokens[i].GetToken().GetKey() + "'"; + + bool hasAuthorizedLabelsForResource = false; if (CheckAuthorizedLabelsForResource(hasAuthorizedLabelsForResource, uri, getArguments, profile)) { if (hasAuthorizedLabelsForResource) @@ -795,7 +797,7 @@ } else { - throw e; + throw; } } @@ -860,7 +862,7 @@ } else { - throw e; + throw; } } } @@ -989,11 +991,6 @@ throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "A JSON payload was expected"); } - Json::Value authPayload; - - authPayload["token-key"] = body["TokenKey"].asString(); - authPayload["token-value"] = body["TokenValue"].asString(); - OrthancPlugins::IAuthorizationService::DecodedToken decodedToken; if (authorizationService_->DecodeToken(decodedToken, body["TokenKey"].asString(), @@ -1107,7 +1104,7 @@ try { - static const char* PLUGIN_SECTION = "Authorization"; + static const char* const PLUGIN_SECTION = "Authorization"; OrthancPlugins::OrthancConfiguration orthancFullConfiguration; @@ -1189,12 +1186,8 @@ std::string urlUserProfile; std::string urlRoot; - static const char* WEB_SERVICE_ROOT = "WebServiceRootUrl"; - static const char* WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; - static const char* WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; - static const char* WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; - static const char* WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; - static const char* WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; + static const char* const WEB_SERVICE_ROOT = "WebServiceRootUrl"; + if (pluginConfiguration.LookupStringValue(urlRoot, WEB_SERVICE_ROOT)) { urlTokenDecoder = Orthanc::Toolbox::JoinUri(urlRoot, "/tokens/decode"); @@ -1204,6 +1197,12 @@ } else { + static const char* const WEB_SERVICE_TOKEN_DECODER = "WebServiceTokenDecoderUrl"; + static const char* const WEB_SERVICE_TOKEN_VALIDATION = "WebServiceTokenValidationUrl"; + static const char* const WEB_SERVICE_TOKEN_CREATION_BASE = "WebServiceTokenCreationBaseUrl"; + static const char* const WEB_SERVICE_USER_PROFILE = "WebServiceUserProfileUrl"; + static const char* const WEB_SERVICE_TOKEN_VALIDATION_LEGACY = "WebService"; + pluginConfiguration.LookupStringValue(urlTokenValidation, WEB_SERVICE_TOKEN_VALIDATION); pluginConfiguration.LookupStringValue(urlTokenDecoder, WEB_SERVICE_TOKEN_DECODER); if (urlTokenValidation.empty()) @@ -1233,7 +1232,7 @@ LOG(WARNING) << "Authorization plugin: url defined for User Profile: " << urlUserProfile << ", user tokens validation is enabled"; userTokensEnabled_ = true; - static const char* PERMISSIONS = "Permissions"; + static const char* const PERMISSIONS = "Permissions"; if (!pluginConfiguration.GetJson().isMember(PERMISSIONS)) { throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: Missing required \"" + std::string(PERMISSIONS) +