|
|
@ -52,6 +52,8 @@ def AuthenticateVerify(inRequest):
|
|
|
|
######################################
|
|
|
|
######################################
|
|
|
|
#Way 1 - try to find AuthToken
|
|
|
|
#Way 1 - try to find AuthToken
|
|
|
|
lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
|
|
|
|
lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
|
|
|
|
|
|
|
|
inRequest.OpenRPA = {}
|
|
|
|
|
|
|
|
inRequest.OpenRPA["AuthToken"] = None
|
|
|
|
#pdb.set_trace()
|
|
|
|
#pdb.set_trace()
|
|
|
|
if "AuthToken" in lCookies:
|
|
|
|
if "AuthToken" in lCookies:
|
|
|
|
lCookieAuthToken = lCookies.get("AuthToken", "").value
|
|
|
|
lCookieAuthToken = lCookies.get("AuthToken", "").value
|
|
|
@ -61,6 +63,8 @@ def AuthenticateVerify(inRequest):
|
|
|
|
#Auth Token Has Been Founded
|
|
|
|
#Auth Token Has Been Founded
|
|
|
|
lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"]
|
|
|
|
lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"]
|
|
|
|
lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"]
|
|
|
|
lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"]
|
|
|
|
|
|
|
|
#Set auth token
|
|
|
|
|
|
|
|
inRequest.OpenRPA["AuthToken"] = lCookieAuthToken
|
|
|
|
#Exit earlier
|
|
|
|
#Exit earlier
|
|
|
|
return lResult
|
|
|
|
return lResult
|
|
|
|
######################################
|
|
|
|
######################################
|
|
|
@ -71,7 +75,7 @@ def AuthenticateVerify(inRequest):
|
|
|
|
":")
|
|
|
|
":")
|
|
|
|
lUser = llHeaderAuthorizationDecodedUserPasswordList[0]
|
|
|
|
lUser = llHeaderAuthorizationDecodedUserPasswordList[0]
|
|
|
|
lPassword = llHeaderAuthorizationDecodedUserPasswordList[1]
|
|
|
|
lPassword = llHeaderAuthorizationDecodedUserPasswordList[1]
|
|
|
|
lDomain = None
|
|
|
|
lDomain = ""
|
|
|
|
if "\\" in lUser:
|
|
|
|
if "\\" in lUser:
|
|
|
|
lDomain = lUser.split("\\")[0]
|
|
|
|
lDomain = lUser.split("\\")[0]
|
|
|
|
lUser = lUser.split("\\")[1]
|
|
|
|
lUser = lUser.split("\\")[1]
|
|
|
@ -95,8 +99,8 @@ def AuthenticateVerify(inRequest):
|
|
|
|
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
|
|
|
|
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
|
|
|
|
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
|
|
|
|
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
|
|
|
|
#Set-cookie
|
|
|
|
#Set-cookie
|
|
|
|
inRequest.OpenRPA={}
|
|
|
|
|
|
|
|
inRequest.OpenRPA["AuthToken"] = lAuthToken
|
|
|
|
inRequest.OpenRPA["AuthToken"] = lAuthToken
|
|
|
|
|
|
|
|
inRequest.OpenRPASetCookie = {}
|
|
|
|
#inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken
|
|
|
|
#inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken
|
|
|
|
#pdb.set_trace()
|
|
|
|
#pdb.set_trace()
|
|
|
|
#inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}")
|
|
|
|
#inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}")
|
|
|
@ -125,14 +129,17 @@ def UserAccessCheckBefore(inMethod, inRequest):
|
|
|
|
inMethod=inMethod.upper()
|
|
|
|
inMethod=inMethod.upper()
|
|
|
|
#Prepare result false
|
|
|
|
#Prepare result false
|
|
|
|
lResult = False
|
|
|
|
lResult = False
|
|
|
|
#Check rules to find first appicable
|
|
|
|
|
|
|
|
lAuthToken = inRequest.OpenRPA["AuthToken"]
|
|
|
|
lAuthToken = inRequest.OpenRPA["AuthToken"]
|
|
|
|
#go next if user is identified
|
|
|
|
#go next if user is identified
|
|
|
|
lUserDict = None
|
|
|
|
lUserDict = None
|
|
|
|
if lAuthToken:
|
|
|
|
if lAuthToken:
|
|
|
|
lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]
|
|
|
|
lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]
|
|
|
|
|
|
|
|
#pdb.set_trace()
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
|
|
|
########################################
|
|
|
|
|
|
|
|
#Check general before rule (without User domain)
|
|
|
|
#Check rules
|
|
|
|
#Check rules
|
|
|
|
for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDict", {}).get((lUserDict["Domain"], lUserDict["User"]), {}).get("MethodMatchURLBeforeList", []):
|
|
|
|
for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []):
|
|
|
|
#Go next execution if flag is false
|
|
|
|
#Go next execution if flag is false
|
|
|
|
if not lResult:
|
|
|
|
if not lResult:
|
|
|
|
#Check if Method is identical
|
|
|
|
#Check if Method is identical
|
|
|
@ -153,6 +160,36 @@ def UserAccessCheckBefore(inMethod, inRequest):
|
|
|
|
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
|
|
|
|
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
|
|
|
|
if lAccessRuleItem["URL"] == inRequest.path:
|
|
|
|
if lAccessRuleItem["URL"] == inRequest.path:
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
|
|
|
|
#########################################
|
|
|
|
|
|
|
|
#########################################
|
|
|
|
|
|
|
|
#Do check if lResult is false
|
|
|
|
|
|
|
|
if not lResult:
|
|
|
|
|
|
|
|
#Check access by User Domain
|
|
|
|
|
|
|
|
#Check rules to find first appicable
|
|
|
|
|
|
|
|
#Check rules
|
|
|
|
|
|
|
|
for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []):
|
|
|
|
|
|
|
|
#Go next execution if flag is false
|
|
|
|
|
|
|
|
if not lResult:
|
|
|
|
|
|
|
|
#Check if Method is identical
|
|
|
|
|
|
|
|
if lAccessRuleItem["Method"].upper() == inMethod:
|
|
|
|
|
|
|
|
#check Match type variant: BeginWith
|
|
|
|
|
|
|
|
if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
|
|
|
|
|
|
|
|
if inRequest.path.startswith(lAccessRuleItem["URL"]):
|
|
|
|
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
|
|
|
|
#check Match type variant: Contains
|
|
|
|
|
|
|
|
elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
|
|
|
|
|
|
|
|
if inRequest.path.contains(lAccessRuleItem["URL"]):
|
|
|
|
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
|
|
|
|
# check Match type variant: Equal
|
|
|
|
|
|
|
|
elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
|
|
|
|
|
|
|
|
if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
|
|
|
|
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
|
|
|
|
# check Match type variant: EqualCase
|
|
|
|
|
|
|
|
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
|
|
|
|
|
|
|
|
if lAccessRuleItem["URL"] == inRequest.path:
|
|
|
|
|
|
|
|
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
|
|
|
|
|
|
|
|
#####################################
|
|
|
|
|
|
|
|
#####################################
|
|
|
|
#Return lResult
|
|
|
|
#Return lResult
|
|
|
|
return lResult
|
|
|
|
return lResult
|
|
|
|
# HTTPRequestHandler class
|
|
|
|
# HTTPRequestHandler class
|
|
|
@ -164,7 +201,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
# Send headers
|
|
|
|
# Send headers
|
|
|
|
self.send_header('Content-type', inContentType)
|
|
|
|
self.send_header('Content-type', inContentType)
|
|
|
|
#Check if var exist
|
|
|
|
#Check if var exist
|
|
|
|
if hasattr(self, "OpenRPA"):
|
|
|
|
if hasattr(self, "OpenRPASetCookie"):
|
|
|
|
self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}")
|
|
|
|
self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}")
|
|
|
|
self.end_headers()
|
|
|
|
self.end_headers()
|
|
|
|
lFileObject = open(inFilePath, "rb")
|
|
|
|
lFileObject = open(inFilePath, "rb")
|
|
|
@ -261,6 +298,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
# check if file in FileURL - File Path Mapping Dict
|
|
|
|
# check if file in FileURL - File Path Mapping Dict
|
|
|
|
if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]:
|
|
|
|
if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]:
|
|
|
|
self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL])
|
|
|
|
self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL])
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
#Set access denied code
|
|
|
|
|
|
|
|
# Send response status code
|
|
|
|
|
|
|
|
self.send_response(403)
|
|
|
|
|
|
|
|
# Send headers
|
|
|
|
|
|
|
|
self.end_headers()
|
|
|
|
# POST
|
|
|
|
# POST
|
|
|
|
def do_POST(self):
|
|
|
|
def do_POST(self):
|
|
|
|
#####################################
|
|
|
|
#####################################
|
|
|
|