# HG changeset patch # User Sebastien Jodogne # Date 1570203703 -7200 # Node ID 2090ec6a83a5131915400e3cce2e396b7c53e06d # Parent e4b4b4dbef99dc8a19b87ad188658d76ca016f61 create a default user if none is provided, while issuing a warning in Orthanc Explorer diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancExplorer/explorer.html --- a/OrthancExplorer/explorer.html Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancExplorer/explorer.html Fri Oct 04 17:41:43 2019 +0200 @@ -646,6 +646,19 @@ + + diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancExplorer/explorer.js --- a/OrthancExplorer/explorer.js Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancExplorer/explorer.js Fri Oct 04 17:41:43 2019 +0200 @@ -79,6 +79,11 @@ $tree.tree('openNode', event.node, true); } ); + + // Inject the template of the warning about insecure setup as the + // first child of each page + var insecure = $('#template-insecure').html(); + $('[data-role="page"]>[data-role="content"]').prepend(insecure); currentPage = $.mobile.pageData.active; currentUuid = $.mobile.pageData.uuid; @@ -388,6 +393,14 @@ .text(s.Name) .append(' » ')); } + + // New in Orthanc 1.5.8 + if ('IsDefaultUser' in s && + s.IsDefaultUser) { + $('.warning-insecure').show(); + } else { + $('.warning-insecure').hide(); + } } }); }); diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancServer/OrthancRestApi/OrthancRestSystem.cpp --- a/OrthancServer/OrthancRestApi/OrthancRestSystem.cpp Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancServer/OrthancRestApi/OrthancRestSystem.cpp Fri Oct 04 17:41:43 2019 +0200 @@ -53,11 +53,14 @@ static void GetSystemInformation(RestApiGetCall& call) { + ServerContext& context = OrthancRestApi::GetContext(call); + Json::Value result = Json::objectValue; result["ApiVersion"] = ORTHANC_API_VERSION; result["Version"] = ORTHANC_VERSION; result["DatabaseVersion"] = OrthancRestApi::GetIndex(call).GetDatabaseVersion(); + result["IsDefaultUser"] = context.IsDefaultUser(); // New in Orthanc 1.5.8 { OrthancConfiguration::ReaderLock lock; @@ -72,7 +75,7 @@ #if ORTHANC_ENABLE_PLUGINS == 1 result["PluginsEnabled"] = true; - const OrthancPlugins& plugins = OrthancRestApi::GetContext(call).GetPlugins(); + const OrthancPlugins& plugins = context.GetPlugins(); if (plugins.HasStorageArea()) { diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancServer/ServerContext.cpp --- a/OrthancServer/ServerContext.cpp Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancServer/ServerContext.cpp Fri Oct 04 17:41:43 2019 +0200 @@ -239,7 +239,8 @@ done_(false), haveJobsChanged_(false), isJobsEngineUnserialized_(false), - metricsRegistry_(new MetricsRegistry) + metricsRegistry_(new MetricsRegistry), + isDefaultUser_(false) { { OrthancConfiguration::ReaderLock lock; diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancServer/ServerContext.h --- a/OrthancServer/ServerContext.h Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancServer/ServerContext.h Fri Oct 04 17:41:43 2019 +0200 @@ -220,6 +220,7 @@ bool saveJobs_; std::auto_ptr metricsRegistry_; + bool isDefaultUser_; public: class DicomCacheLocker : public boost::noncopyable @@ -402,5 +403,15 @@ { return *metricsRegistry_; } + + void SetDefaultUser(bool isDefaultUser) + { + isDefaultUser_ = isDefaultUser; + } + + bool IsDefaultUser() const + { + return isDefaultUser_; + } }; } diff -r e4b4b4dbef99 -r 2090ec6a83a5 OrthancServer/main.cpp --- a/OrthancServer/main.cpp Thu Oct 03 13:44:08 2019 +0200 +++ b/OrthancServer/main.cpp Fri Oct 04 17:41:43 2019 +0200 @@ -832,8 +832,8 @@ if (httpServer.IsRemoteAccessAllowed() && !authenticationEnabled) { - LOG(WARNING) << "Remote access is enabled while user authentication is disabled, " - << "make sure this does not affect the security of your setup"; + LOG(WARNING) << "====> Remote access is enabled while user authentication is explicitly disabled, " + << "make sure this does not affect the security of your setup <===="; } } else if (httpServer.IsRemoteAccessAllowed()) @@ -857,8 +857,35 @@ if (httpServer.IsAuthenticationEnabled() && !hasUsers) { - LOG(WARNING) << "HTTP authentication is enabled, but no user is declared, " - << "check the value of configuration option \"RegisteredUsers\""; + if (httpServer.IsRemoteAccessAllowed()) + { + /** + * Starting with Orthanc 1.5.8, if no user is explicitly + * defined while remote access is allowed, we create a + * default user, and Orthanc Explorer shows a warning + * message about an "Insecure setup". This convention is + * used in Docker images "jodogne/orthanc", + * "jodogne/orthanc-plugins" and "osimis/orthanc". + **/ + LOG(ERROR) << "====> HTTP authentication is enabled, but no user is declared. " + << "Creating a default user: Review your configuration option \"RegisteredUsers\". " + << "Your setup is INSECURE <===="; + + context.SetDefaultUser(true); + + // This is the username/password of the default user in Orthanc. + httpServer.RegisterUser("orthanc", "orthanc"); + } + else + { + LOG(WARNING) << "HTTP authentication is enabled, but no user is declared, " + << "check the value of configuration option \"RegisteredUsers\""; + } + } + else + { + // This setup is secure + context.SetDefaultUser(false); } if (lock.GetConfiguration().GetBooleanParameter("SslEnabled", false))