def _check_user_identity(
self) -> Tuple[bool, Optional[UserIdentityNegotiation]]:
"""Check the user's response to a User Identity request.
Returns
-------
bool
True if the user identity has been confirmed, False otherwise.
pdu_primitives.UserIdentityNegotiation or None
The negotiation response, if a positive response is requested,
otherwise None.
"""
# pylint: disable=broad-except
# The UserIdentityNegotiation (request) item
req = self.requestor.user_identity
if req is None:
return True, None
try:
rsp = evt.trigger(
self.assoc, evt.EVT_USER_ID, {
"user_id_type": req.user_identity_type,
"primary_field": req.primary_field,
"secondary_field": req.secondary_field,
})
except NotImplementedError:
# If the user hasn't implemented identity negotiation then
# default to accepting the association
return True, None
except Exception as exc:
# If the user has implemented identity negotiation but an exception
# occurred then reject the association
LOGGER.error("Exception in handler bound to 'evt.EVT_USER_ID'")
LOGGER.exception(exc)
return False, None
identity_verified, response = cast(Tuple[bool, Optional[bytes]], rsp)
if not identity_verified:
# Reject association as the user isn't authorised
return False, None
if req.user_identity_type in [3, 4, 5]:
if req.positive_response_requested and response is not None:
try:
rsp = UserIdentityNegotiation()
rsp.server_response = response
return True, rsp
except Exception as exc:
# > If the acceptor doesn't support user identification it
# > will accept the association without making a positive
# > response
LOGGER.error(
"Unable to set the User Identity Negotiation's "
"'server_response'")
LOGGER.exception(exc)
return True, None
return True, None
def add_user_identity(self, primitive, id_type, primary, secondary,
response):
"""Add User Identity to the A-ASSOCIATE primitive."""
item = UserIdentityNegotiation()
item.user_identity_type = id_type
item.primary_field = primary
item.secondary_field = secondary
item.positive_response_requested = response
primitive.user_information.append(item)
def test_conversion(self):
""" Check converting to PDU item works correctly """
primitive = UserIdentityNegotiation()
# -RQ
primitive.user_identity_type = 1
primitive.primary_field = b'test'
item = primitive.from_primitive()
primitive.user_identity_type = 2
primitive.secondary_field = b''
with pytest.raises(ValueError):
item = primitive.from_primitive()
# -AC
primitive = UserIdentityNegotiation()
primitive.server_response = b'Test'
item = primitive.from_primitive()
assert item.encode() == b'\x59\x00\x00\x06\x00\x04\x54\x65\x73\x74'
def test_string(self):
"""Check string output."""
primitive = UserIdentityNegotiation()
primitive.user_identity_type = 1
primitive.positive_response_requested = True
primitive.primary_field = b'\x00\x01'
primitive.secondary_field = b'\x00\x21'
assert 'requested: True' in primitive.__str__()
assert 'type: 1' in primitive.__str__()
assert 'Primary' in primitive.__str__()
assert 'Secondary' in primitive.__str__()
primitive.server_response = b'\x00\x31'
assert 'Server response' in primitive.__str__()
def test_assignment_and_exceptions(self):
""" Check incorrect types/values for properties raise exceptions """
primitive = UserIdentityNegotiation()
for type_no in [1, 2, 3, 4, 5]:
primitive.user_identity_type = type_no
assert primitive.user_identity_type == type_no
with pytest.raises(ValueError):
primitive.user_identity_type = 6
with pytest.raises(TypeError):
primitive.user_identity_type = 'a'
primitive.positive_response_requested = True
assert primitive.positive_response_requested
with pytest.raises(TypeError):
primitive.positive_response_requested = 'test'
primitive.primary_field = b'\x00\x01'
assert primitive.primary_field == b'\x00\x01'
with pytest.raises(TypeError):
primitive.primary_field = ['test']
primitive.secondary_field = b'\x00\x21'
assert primitive.secondary_field == b'\x00\x21'
primitive.secondary_field = None
assert primitive.secondary_field is None
with pytest.raises(TypeError):
primitive.secondary_field = ['test']
primitive.server_response = b'\x00\x31'
assert primitive.server_response == b'\x00\x31'
with pytest.raises(TypeError):
primitive.server_response = ['test']
primitive = UserIdentityNegotiation()
with pytest.raises(ValueError):
primitive.from_primitive()
primitive.user_identity_type = 2
with pytest.raises(ValueError):
primitive.from_primitive()
def test_string(self):
"""Check string output."""
primitive = UserIdentityNegotiation()
primitive.user_identity_type = 1
primitive.positive_response_requested = True
primitive.primary_field = b"\x00\x01"
primitive.secondary_field = b"\x00\x21"
assert "requested: True" in primitive.__str__()
assert "type: 1" in primitive.__str__()
assert "Primary" in primitive.__str__()
assert "Secondary" in primitive.__str__()
primitive.server_response = b"\x00\x31"
assert "Server response" in primitive.__str__()
def add_user_identity_rsp(self, primitive):
"""Add User Identity (rsp) to the A-ASSOCIATE primitive."""
item = UserIdentityNegotiation()
item.server_response = b'this is the response'
primitive.user_information.append(item)
from pynetdicom import (AE, StoragePresentationContexts,
QueryRetrievePresentationContexts, build_role)
from pynetdicom.pdu_primitives import UserIdentityNegotiation
ae = AE()
# Contexts proposed as a QR SCU
ae.requested_contexts = QueryRetrievePresentationContexts
# Contexts supported as a Storage SCP - requires Role Selection
ae.requested_contexts = StoragePresentationContexts
# Add role selection items for the storage contexts we will be supporting
# as an SCP
negotiation_items = []
for context in StoragePresentationContexts:
role = build_role(context.abstract_syntax, scp_role=True)
negotiation_items.append(role)
# Add user identity negotiation request
user_identity = UserIdentityNegotiation()
user_identity.user_identity_type = 2
user_identity.primary_field = b'username'
user_identity.secondary_field = b'password'
negotiation_items.append(user_identity)
# Associate with the peer at IP address 127.0.0.1 and port 11112
assoc = ae.associate('127.0.0.1', 11112, ext_neg=negotiation_items)
if assoc.is_established:
assoc.release()
def _check_user_identity(self):
"""Check the user's response to a User Identity request.
Returns
-------
bool
True if the user identity has been confirmed, False otherwise.
pdu_primitives.UserIdentityNegotiation or None
The negotiation response, if a positive response is requested,
otherwise None.
"""
# pylint: disable=broad-except
# The UserIdentityNegotiation (request) item
req = self.assoc.requestor.user_identity
try:
default = evt.get_default_handler(evt.EVT_USER_ID)
if self.assoc.get_handlers(evt.EVT_USER_ID) != default:
identity_verified, response = evt.trigger(
self.assoc,
evt.EVT_USER_ID,
{
'user_id_type' : req.user_identity_type,
'primary_field' : req.primary_field,
'secondary_field' : req.secondary_field,
}
)
else:
identity_verified, response = self.assoc.ae.on_user_identity(
req.user_identity_type,
req.primary_field,
req.secondary_field,
{
'requestor' : self.assoc.requestor.info,
}
)
except NotImplementedError:
# If the user hasn't implemented identity negotiation then
# default to accepting the association
return True, None
except Exception as exc:
# If the user has implemented identity negotiation but an exception
# occurred then reject the association
LOGGER.error("Exception in handling user identity negotiation")
LOGGER.exception(exc)
return False, None
if not identity_verified:
# Reject association as the user isn't authorised
return False, None
if req.user_identity_type in [3, 4, 5]:
if req.positive_response_requested and response is not None:
try:
rsp = UserIdentityNegotiation()
rsp.server_response = response
return True, rsp
except Exception as exc:
# > If the acceptor doesn't support user identification it
# > will accept the association without making a positive
# > response
LOGGER.error(
"Unable to set the User Identity Negotiation's "
"'server_response'"
)
LOGGER.exception(exc)
return True, None
return True, None
