Mercurial > hg > orthanc
diff OrthancServer/main.cpp @ 3500:0d248cc63ded
Security: If remote HTTP access is enabled, HTTP authentication automatically gets enabled
author | Sebastien Jodogne <s.jodogne@gmail.com> |
---|---|
date | Fri, 23 Aug 2019 21:32:16 +0200 |
parents | cc3e408165eb |
children | 27b53c61aa99 |
line wrap: on
line diff
--- a/OrthancServer/main.cpp Fri Aug 23 17:31:43 2019 +0200 +++ b/OrthancServer/main.cpp Fri Aug 23 21:32:16 2019 +0200 @@ -821,11 +821,27 @@ httpServer.SetRemoteAccessAllowed(lock.GetConfiguration().GetBooleanParameter("RemoteAccessAllowed", false)); httpServer.SetKeepAliveEnabled(lock.GetConfiguration().GetBooleanParameter("KeepAlive", defaultKeepAlive)); httpServer.SetHttpCompressionEnabled(lock.GetConfiguration().GetBooleanParameter("HttpCompressionEnabled", true)); - httpServer.SetAuthenticationEnabled(lock.GetConfiguration().GetBooleanParameter("AuthenticationEnabled", false)); httpServer.SetTcpNoDelay(lock.GetConfiguration().GetBooleanParameter("TcpNoDelay", true)); - lock.GetConfiguration().SetupRegisteredUsers(httpServer); + if (httpServer.IsRemoteAccessAllowed()) + { + // Starting with Orthanc 1.5.8, enabling remote access forces user authentication. + httpServer.SetAuthenticationEnabled(true); + } + else + { + httpServer.SetAuthenticationEnabled(lock.GetConfiguration().GetBooleanParameter("AuthenticationEnabled", false)); + } + bool hasUsers = lock.GetConfiguration().SetupRegisteredUsers(httpServer); + + if (httpServer.IsAuthenticationEnabled() && + !hasUsers) + { + LOG(WARNING) << "HTTP authentication is enabled, but no user is declared, " + << "check the value of configuration option \"RegisteredUsers\""; + } + if (lock.GetConfiguration().GetBooleanParameter("SslEnabled", false)) { std::string certificate = lock.GetConfiguration().InterpretStringParameterAsPath(