Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add token authentication option for DICOMweb #1349

Merged
merged 4 commits into from
Nov 21, 2023

Conversation

psavery
Copy link
Collaborator

@psavery psavery commented Oct 26, 2023

When the user is creating a DICOMweb assetstore, if they select the "token" authentication type, an input box will appear where the user must enter the token.

This token is saved in MongoDB, and is used for making all requests for this DICOMweb assetstore. That includes requests for importing the data (which may only be done by an admin), and requests for viewing the data (which may be done by anyone with access to the folder).

If an admin wishes to restrict users from viewing DICOMweb assets that were imported using this token, the admin must restrict access to the imported items via girder's folder access controls.

Fixes: #1313

Depends on: imi-bigpicture/wsidicom#117

@psavery psavery force-pushed the token-authentication branch 2 times, most recently from 3b51045 to 9b1d9e8 Compare October 27, 2023 16:55
@psavery psavery marked this pull request as draft November 1, 2023 21:15
@psavery
Copy link
Collaborator Author

psavery commented Nov 1, 2023

I converted this back to a draft because I realized we are not actually passing this token-containing session to wsidicom. We need to fix that.

However, wsidicom wants us to provide it an object derived from AuthBase, and then they create a session out of it. They should also accept a session in case we want to create the session ourselves, so we might need to modify that upstream.

@psavery psavery force-pushed the token-authentication branch from 9b1d9e8 to 7f0856a Compare November 2, 2023 17:51
@psavery
Copy link
Collaborator Author

psavery commented Nov 2, 2023

This now works again, but it depends on imi-bigpicture/wsidicom#117

psavery added a commit to psavery/large_image that referenced this pull request Nov 13, 2023
As of the latest `wsidicom` release (0.13.0), the new `__init__` method
just takes a `requests.Session` object. The old `__init__` method was
moved to the class method `create_client()`. So we need to update
the way we initialize it.

In girder#1349, we are adding authentication where we create the DICOMwebClient
object ourselves, so go ahead and do that now to simplify that one.

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
psavery added a commit to psavery/large_image that referenced this pull request Nov 13, 2023
As of the latest `wsidicom` release (0.13.0), the new `__init__` method
just takes a `DICOMwebClient` object. The old `__init__` method was
moved to the class method `create_client()`. So we need to update
the way we initialize it.

In girder#1349, we are adding authentication where we create the DICOMwebClient
object ourselves, so go ahead and do that now to simplify that one.

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
psavery added a commit to psavery/large_image that referenced this pull request Nov 13, 2023
As of the latest `wsidicom` release (0.13.0), the new `__init__` method
just takes a `DICOMwebClient` object. The old `__init__` method was
moved to the class method `create_client()`. So we need to update
the way we initialize it.

In girder#1349, we are adding authentication where we create the DICOMwebClient
object ourselves, so go ahead and do that now to simplify that one.

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
@psavery psavery force-pushed the token-authentication branch from 9d91994 to e6df8d8 Compare November 13, 2023 22:46
@psavery psavery marked this pull request as ready for review November 14, 2023 14:00
When the user is creating a DICOMweb assetstore, if they select
the "token" authentication type, an input box will appear where the
user must enter the token.

This token is saved in MongoDB, and is used for making all requests
for this DICOMweb assetstore. That includes requests for importing
the data (which may only be done by an admin), and requests for
viewing the data (which may be done by anyone with access to the folder).

If an admin wishes to restrict users from viewing DICOMweb
assets that were imported using this token, the admin must restrict
access to the imported items via girder's folder access controls.

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
This is what it was before...

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
The `WsiDicomWebClient` class now takes a `DICOMwebClient` object
as its argument. Update our instantiation to reflect this.

Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
@psavery psavery force-pushed the token-authentication branch from e6df8d8 to 6f165e1 Compare November 21, 2023 00:11
Signed-off-by: Patrick Avery <patrick.avery@kitware.com>
@psavery psavery requested a review from manthey November 21, 2023 13:14
@manthey manthey merged commit 2712dcf into girder:master Nov 21, 2023
5 checks passed
@psavery psavery deleted the token-authentication branch December 16, 2023 03:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add authentication options for DICOMweb servers
2 participants