Mercurial > hg > orthanc

diff OrthancServer/main.cpp @ 3533:2090ec6a83a5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
create a default user if none is provided, while issuing a warning in Orthanc Explorer
author Sebastien Jodogne <s.jodogne@gmail.com>
date Fri, 04 Oct 2019 17:41:43 +0200
parents f07352e0375c
children cac8ffcb9cef
line wrap: on
line diff
--- a/OrthancServer/main.cpp	Thu Oct 03 13:44:08 2019 +0200
+++ b/OrthancServer/main.cpp	Fri Oct 04 17:41:43 2019 +0200
@@ -832,8 +832,8 @@
         if (httpServer.IsRemoteAccessAllowed() &&
             !authenticationEnabled)
         {
-          LOG(WARNING) << "Remote access is enabled while user authentication is disabled, "
-                       << "make sure this does not affect the security of your setup";
+          LOG(WARNING) << "====> Remote access is enabled while user authentication is explicitly disabled, "
+                       << "make sure this does not affect the security of your setup <====";
         }
       }
       else if (httpServer.IsRemoteAccessAllowed())
@@ -857,8 +857,35 @@
       if (httpServer.IsAuthenticationEnabled() &&
           !hasUsers)
       {
-        LOG(WARNING) << "HTTP authentication is enabled, but no user is declared, "
-                     << "check the value of configuration option \"RegisteredUsers\"";
+        if (httpServer.IsRemoteAccessAllowed())
+        {
+          /**
+           * Starting with Orthanc 1.5.8, if no user is explicitly
+           * defined while remote access is allowed, we create a
+           * default user, and Orthanc Explorer shows a warning
+           * message about an "Insecure setup". This convention is
+           * used in Docker images "jodogne/orthanc",
+           * "jodogne/orthanc-plugins" and "osimis/orthanc".
+           **/
+          LOG(ERROR) << "====> HTTP authentication is enabled, but no user is declared. "
+                     << "Creating a default user: Review your configuration option \"RegisteredUsers\". "
+                     << "Your setup is INSECURE <====";
+
+          context.SetDefaultUser(true);
+
+          // This is the username/password of the default user in Orthanc.
+          httpServer.RegisterUser("orthanc", "orthanc");
+        }
+        else
+        {
+          LOG(WARNING) << "HTTP authentication is enabled, but no user is declared, "
+                       << "check the value of configuration option \"RegisteredUsers\"";
+        }
+      }
+      else
+      {
+        // This setup is secure
+        context.SetDefaultUser(false);
       }
       
       if (lock.GetConfiguration().GetBooleanParameter("SslEnabled", false))