From 0b551d152aaf33c847a9b0050ba9681410832193 Mon Sep 17 00:00:00 2001 From: Ivan Maslov Date: Sat, 23 Nov 2019 10:12:33 +0300 Subject: [PATCH] #OrchestratorAccessUsers for test Signed-off-by: Ivan Maslov --- Orchestrator/Settings/AccessUser_ND.py | 32 +++++++++++++ Orchestrator/Settings/Settings.py | 13 +++++- Orchestrator/Settings/Test.py | 2 - Sources/pyOpenRPA/Orchestrator/Server.py | 53 ++++++++++++++++++++-- Sources/pyOpenRPA/Orchestrator/__main__.py | 2 +- 5 files changed, 92 insertions(+), 10 deletions(-) create mode 100644 Orchestrator/Settings/AccessUser_ND.py delete mode 100644 Orchestrator/Settings/Test.py diff --git a/Orchestrator/Settings/AccessUser_ND.py b/Orchestrator/Settings/AccessUser_ND.py new file mode 100644 index 00000000..05f73397 --- /dev/null +++ b/Orchestrator/Settings/AccessUser_ND.py @@ -0,0 +1,32 @@ +def SettingsUpdate(inDict): + ################################################# + #General MethodMatchURL list (no domain/user) + lRuleMethodMatchURLBeforeList=[ + { + "Method":"GET", + "MatchType":"Equal", + "URL":"/", + "FlagAccess": True + } + ] + #Append to global list + inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]=inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]+lRuleMethodMatchURLBeforeList + ################################################## + #""/"ND" MethodMatchURLList + l__ND_RuleMethodMatchURLBeforeList={ + ("","ND"): { + "MethodMatchURLBeforeList": [ + { + "Method":"GET", + "MatchType":"Beginwith", + "URL":"/", + #"FlagAccessDefRequestGlobalAuthenticate": TestDef + "FlagAccess": True + } + ] + } + } + #Append to global list + inDict["Server"]["AccessUsers"]["RuleDomainUserDict"].update(l__ND_RuleMethodMatchURLBeforeList) + #Return current dict + return inDict \ No newline at end of file diff --git a/Orchestrator/Settings/Settings.py b/Orchestrator/Settings/Settings.py index 4eb2b2fc..632cb487 100644 --- a/Orchestrator/Settings/Settings.py +++ b/Orchestrator/Settings/Settings.py @@ -78,8 +78,8 @@ def Settings(): ], "AccessUsers": { #Defaul - all URL is blocked "FlagCredentialsAsk": True, #Turn on Authentication - "RuleDict": { - #("Domain", "User"): { + "RuleDomainUserDict": { + #("DOMAIN", "USER"): { #upper case # "MethodMatchURLBeforeList": [ # { # "Method":"GET|POST", @@ -91,6 +91,15 @@ def Settings(): # ] #} }, + "RuleMethodMatchURLBeforeList": [ + # { + # "Method":"GET|POST", + # "MatchType":"BeginWith|Contains|Equal|EqualCase", + # "URL":"", + # "FlagAccessDefRequestGlobalAuthenticate": None, #Return bool + # "FlagAccess": True + # } + ], "AuthTokensDict": { #"":{"User":"", "Domain":"", "TokenDatetime":} } diff --git a/Orchestrator/Settings/Test.py b/Orchestrator/Settings/Test.py deleted file mode 100644 index 71ea09a3..00000000 --- a/Orchestrator/Settings/Test.py +++ /dev/null @@ -1,2 +0,0 @@ -def SettingsUpdate(inDict): - print("Subsettings file in Settings folder has been sucessfully called") \ No newline at end of file diff --git a/Sources/pyOpenRPA/Orchestrator/Server.py b/Sources/pyOpenRPA/Orchestrator/Server.py index edbb9aa2..157c030a 100644 --- a/Sources/pyOpenRPA/Orchestrator/Server.py +++ b/Sources/pyOpenRPA/Orchestrator/Server.py @@ -52,6 +52,8 @@ def AuthenticateVerify(inRequest): ###################################### #Way 1 - try to find AuthToken lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", "")) + inRequest.OpenRPA = {} + inRequest.OpenRPA["AuthToken"] = None #pdb.set_trace() if "AuthToken" in lCookies: lCookieAuthToken = lCookies.get("AuthToken", "").value @@ -61,6 +63,8 @@ def AuthenticateVerify(inRequest): #Auth Token Has Been Founded lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"] lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"] + #Set auth token + inRequest.OpenRPA["AuthToken"] = lCookieAuthToken #Exit earlier return lResult ###################################### @@ -71,7 +75,7 @@ def AuthenticateVerify(inRequest): ":") lUser = llHeaderAuthorizationDecodedUserPasswordList[0] lPassword = llHeaderAuthorizationDecodedUserPasswordList[1] - lDomain = None + lDomain = "" if "\\" in lUser: lDomain = lUser.split("\\")[0] lUser = lUser.split("\\")[1] @@ -95,8 +99,8 @@ def AuthenticateVerify(inRequest): mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"] mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now() #Set-cookie - inRequest.OpenRPA={} inRequest.OpenRPA["AuthToken"] = lAuthToken + inRequest.OpenRPASetCookie = {} #inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken #pdb.set_trace() #inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}") @@ -125,14 +129,17 @@ def UserAccessCheckBefore(inMethod, inRequest): inMethod=inMethod.upper() #Prepare result false lResult = False - #Check rules to find first appicable lAuthToken = inRequest.OpenRPA["AuthToken"] #go next if user is identified lUserDict = None if lAuthToken: lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken] + #pdb.set_trace() + ######################################## + ######################################## + #Check general before rule (without User domain) #Check rules - for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDict", {}).get((lUserDict["Domain"], lUserDict["User"]), {}).get("MethodMatchURLBeforeList", []): + for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []): #Go next execution if flag is false if not lResult: #Check if Method is identical @@ -153,6 +160,36 @@ def UserAccessCheckBefore(inMethod, inRequest): elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": if lAccessRuleItem["URL"] == inRequest.path: lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) + ######################################### + ######################################### + #Do check if lResult is false + if not lResult: + #Check access by User Domain + #Check rules to find first appicable + #Check rules + for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []): + #Go next execution if flag is false + if not lResult: + #Check if Method is identical + if lAccessRuleItem["Method"].upper() == inMethod: + #check Match type variant: BeginWith + if lAccessRuleItem["MatchType"].upper() == "BEGINWITH": + if inRequest.path.startswith(lAccessRuleItem["URL"]): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) + #check Match type variant: Contains + elif lAccessRuleItem["MatchType"].upper() == "CONTAINS": + if inRequest.path.contains(lAccessRuleItem["URL"]): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) + # check Match type variant: Equal + elif lAccessRuleItem["MatchType"].upper() == "EQUAL": + if lAccessRuleItem["URL"].upper() == inRequest.path.upper(): + lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) + # check Match type variant: EqualCase + elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": + if lAccessRuleItem["URL"] == inRequest.path: + lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) + ##################################### + ##################################### #Return lResult return lResult # HTTPRequestHandler class @@ -164,7 +201,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): # Send headers self.send_header('Content-type', inContentType) #Check if var exist - if hasattr(self, "OpenRPA"): + if hasattr(self, "OpenRPASetCookie"): self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}") self.end_headers() lFileObject = open(inFilePath, "rb") @@ -261,6 +298,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): # check if file in FileURL - File Path Mapping Dict if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]: self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL]) + else: + #Set access denied code + # Send response status code + self.send_response(403) + # Send headers + self.end_headers() # POST def do_POST(self): ##################################### diff --git a/Sources/pyOpenRPA/Orchestrator/__main__.py b/Sources/pyOpenRPA/Orchestrator/__main__.py index aa755fde..f228ca09 100644 --- a/Sources/pyOpenRPA/Orchestrator/__main__.py +++ b/Sources/pyOpenRPA/Orchestrator/__main__.py @@ -1,4 +1,4 @@ import sys lFolderPath = "\\".join(__file__.split("\\")[:-2]) -sys.path.append(lFolderPath) +sys.path.insert(0, lFolderPath) from Orchestrator import Orchestrator \ No newline at end of file