From 7f95bb783147f0f52815cf738863a773586069b3 Mon Sep 17 00:00:00 2001 From: Alain Mazy Date: Fri, 28 Jun 2024 10:27:50 +0200 Subject: [PATCH] fix --- minimal-setup/basic-auth/docker-compose.yml | 6 +++--- .../keycloak-meddream-full/docker-compose.yml | 10 +++++----- minimal-setup/keycloak/docker-compose.yml | 10 +++++----- release-notes.md | 7 +++---- sources/orthanc_auth_service/shares/keycloak_admin.py | 6 +++--- 5 files changed, 19 insertions(+), 20 deletions(-) diff --git a/minimal-setup/basic-auth/docker-compose.yml b/minimal-setup/basic-auth/docker-compose.yml index 1c0f708..24ae336 100644 --- a/minimal-setup/basic-auth/docker-compose.yml +++ b/minimal-setup/basic-auth/docker-compose.yml @@ -6,7 +6,7 @@ version: "3" services: nginx: - image: orthancteam/orthanc-nginx:24.5.1 + image: orthancteam/orthanc-nginx:24.6.1 depends_on: [orthanc, orthanc-auth-service, orthanc-for-shares] restart: unless-stopped ports: ["80:80"] @@ -107,7 +107,7 @@ services: } orthanc-auth-service: - image: orthancteam/orthanc-auth-service:24.5.1 + image: orthancteam/orthanc-auth-service:24.6.1 restart: unless-stopped environment: SECRET_KEY: "change-me-I-am-a-secret-key" @@ -121,7 +121,7 @@ services: } ohif: - image: orthancteam/ohif-v3:24.5.1 + image: orthancteam/ohif-v3:24.6.1 # uncomment if you want to customize ohif configuration # volumes: # - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js diff --git a/minimal-setup/keycloak-meddream-full/docker-compose.yml b/minimal-setup/keycloak-meddream-full/docker-compose.yml index 393c5ac..966136d 100644 --- a/minimal-setup/keycloak-meddream-full/docker-compose.yml +++ b/minimal-setup/keycloak-meddream-full/docker-compose.yml @@ -6,7 +6,7 @@ version: "3" services: nginx: - image: orthancteam/orthanc-nginx:24.5.1 + image: orthancteam/orthanc-nginx:24.6.1 depends_on: [orthanc, orthanc-auth-service, orthanc-for-api, meddream-viewer, keycloak] restart: unless-stopped ports: ["80:80"] @@ -76,7 +76,7 @@ services: } orthanc-auth-service: - image: orthancteam/orthanc-auth-service:24.5.1 + image: orthancteam/orthanc-auth-service:24.6.1 depends_on: [keycloak, meddream-token-service] # permissions can be customized in the permissions.json file volumes: @@ -102,7 +102,7 @@ services: POSTGRES_HOST_AUTH_METHOD: "trust" keycloak: - image: orthancteam/orthanc-keycloak:24.5.1 + image: orthancteam/orthanc-keycloak:24.6.1 depends_on: [keycloak-db] restart: unless-stopped environment: @@ -125,11 +125,11 @@ services: POSTGRES_DB: "keycloak" meddream-token-service: - image: orthancteam/meddream-token-service:24.5.1 + image: orthancteam/meddream-token-service:24.6.1 restart: unless-stopped meddream-viewer: - image: orthancteam/meddream-viewer:24.5.1 + image: orthancteam/meddream-viewer:24.6.1 restart: unless-stopped depends_on: - orthanc-for-api diff --git a/minimal-setup/keycloak/docker-compose.yml b/minimal-setup/keycloak/docker-compose.yml index 2aea6ff..5f2cf0c 100644 --- a/minimal-setup/keycloak/docker-compose.yml +++ b/minimal-setup/keycloak/docker-compose.yml @@ -6,7 +6,7 @@ version: "3" services: nginx: - image: orthancteam/orthanc-nginx:permissions-ui + image: orthancteam/orthanc-nginx:24.6.1 depends_on: [orthanc, orthanc-auth-service, keycloak] restart: unless-stopped ports: ["80:80"] @@ -25,7 +25,7 @@ services: orthanc: # to use OHIF-plugin: use the master-unstable image - image: orthancteam/orthanc:24.6.2 + image: orthancteam/orthanc-pre-release:master-unstable volumes: - orthanc-storage:/var/lib/orthanc/db depends_on: [orthanc-db] @@ -91,7 +91,7 @@ services: } orthanc-auth-service: - image: orthancteam/orthanc-auth-service:permissions-ui + image: orthancteam/orthanc-auth-service:24.6.1 # always disable port mapping in production !!! # ports: ["8000:8000"] # permissions can be customized in the permissions.json file @@ -123,7 +123,7 @@ services: # to use OHIF-plugin: you don't need this container ohif: - image: orthancteam/ohif-v3:24.5.1 + image: orthancteam/ohif-v3:24.6.1 # uncomment if you want to customize ohif configuration # volumes: # - ./ohif-app-config.js:/usr/share/nginx/html/app-config.js @@ -131,7 +131,7 @@ services: keycloak: - image: orthancteam/orthanc-keycloak:permissions-ui + image: orthancteam/orthanc-keycloak:24.6.1 depends_on: [keycloak-db] restart: unless-stopped # healthcheck: diff --git a/release-notes.md b/release-notes.md index 5d3ff8c..df879f5 100644 --- a/release-notes.md +++ b/release-notes.md @@ -4,13 +4,12 @@ SPDX-FileCopyrightText: 2022 - 2024 Orthanc Team SRL SPDX-License-Identifier: GPL-3.0-or-later --> +v 24.6.1 +======== + - when requesting a user-profile with e.g. a basic auth token, the auth-service now returns the Anonymous profile instead of a 400 such that the auth-plugin can cache the response. - -v 24.6.0 -======== - - added a new route `/settings/roles` (GET/PUT) in the auth-service to allow reading/editing the permissions and authorized-labels for each role. Also introduced a new `available-labels` field in the permission.json. diff --git a/sources/orthanc_auth_service/shares/keycloak_admin.py b/sources/orthanc_auth_service/shares/keycloak_admin.py index 7bb8d92..49a9792 100644 --- a/sources/orthanc_auth_service/shares/keycloak_admin.py +++ b/sources/orthanc_auth_service/shares/keycloak_admin.py @@ -63,7 +63,7 @@ def get_user_profile_from_api_key(self, api_key: str) -> Optional[UserProfileRes return None # retrieve the roles for this user - keycloak_role_url = urljoin(self._keycloak_admin_uri, f"users/{user['id']}/role-mappings") + keycloak_role_url = urljoin(self._keycloak_admin_uri, f"users/{user['id']}/role-mappings/realm/composite") keycloak_role_response = requests.get(keycloak_role_url, headers=headers) if keycloak_role_response.status_code != 200: logging.error("Unable to retrieve roles for user") @@ -72,8 +72,8 @@ def get_user_profile_from_api_key(self, api_key: str) -> Optional[UserProfileRes # keep only the roles that we have defined ourselves user_roles = [] resp_roles = keycloak_role_response.json() - for resp_role in resp_roles['realmMappings']: - if resp_role['name'] in self._roles_configuration.get_all_roles(): + for resp_role in resp_roles: + if resp_role['name'] in self.get_all_roles(): user_roles.append(resp_role['name']) profile_from_config = self._roles_configuration.get_role_configuration(user_roles)