#OrchestratorAccessUsers for test

Signed-off-by: Ivan Maslov <Ivan.Maslov@UnicodeLabs.ru>
dev-linux
Ivan Maslov 5 years ago
parent f6ed0cf27a
commit 0b551d152a

@ -0,0 +1,32 @@
def SettingsUpdate(inDict):
#################################################
#General MethodMatchURL list (no domain/user)
lRuleMethodMatchURLBeforeList=[
{
"Method":"GET",
"MatchType":"Equal",
"URL":"/",
"FlagAccess": True
}
]
#Append to global list
inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]=inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]+lRuleMethodMatchURLBeforeList
##################################################
#""/"ND" MethodMatchURLList
l__ND_RuleMethodMatchURLBeforeList={
("","ND"): {
"MethodMatchURLBeforeList": [
{
"Method":"GET",
"MatchType":"Beginwith",
"URL":"/",
#"FlagAccessDefRequestGlobalAuthenticate": TestDef
"FlagAccess": True
}
]
}
}
#Append to global list
inDict["Server"]["AccessUsers"]["RuleDomainUserDict"].update(l__ND_RuleMethodMatchURLBeforeList)
#Return current dict
return inDict

@ -78,8 +78,8 @@ def Settings():
], ],
"AccessUsers": { #Defaul - all URL is blocked "AccessUsers": { #Defaul - all URL is blocked
"FlagCredentialsAsk": True, #Turn on Authentication "FlagCredentialsAsk": True, #Turn on Authentication
"RuleDict": { "RuleDomainUserDict": {
#("Domain", "User"): { #("DOMAIN", "USER"): { #upper case
# "MethodMatchURLBeforeList": [ # "MethodMatchURLBeforeList": [
# { # {
# "Method":"GET|POST", # "Method":"GET|POST",
@ -91,6 +91,15 @@ def Settings():
# ] # ]
#} #}
}, },
"RuleMethodMatchURLBeforeList": [
# {
# "Method":"GET|POST",
# "MatchType":"BeginWith|Contains|Equal|EqualCase",
# "URL":"",
# "FlagAccessDefRequestGlobalAuthenticate": None, #Return bool
# "FlagAccess": True
# }
],
"AuthTokensDict": { "AuthTokensDict": {
#"<AuthToken>":{"User":"", "Domain":"", "TokenDatetime":<Datetime>} #"<AuthToken>":{"User":"", "Domain":"", "TokenDatetime":<Datetime>}
} }

@ -1,2 +0,0 @@
def SettingsUpdate(inDict):
print("Subsettings file in Settings folder has been sucessfully called")

@ -52,6 +52,8 @@ def AuthenticateVerify(inRequest):
###################################### ######################################
#Way 1 - try to find AuthToken #Way 1 - try to find AuthToken
lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", "")) lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
inRequest.OpenRPA = {}
inRequest.OpenRPA["AuthToken"] = None
#pdb.set_trace() #pdb.set_trace()
if "AuthToken" in lCookies: if "AuthToken" in lCookies:
lCookieAuthToken = lCookies.get("AuthToken", "").value lCookieAuthToken = lCookies.get("AuthToken", "").value
@ -61,6 +63,8 @@ def AuthenticateVerify(inRequest):
#Auth Token Has Been Founded #Auth Token Has Been Founded
lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"] lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"]
lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"] lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"]
#Set auth token
inRequest.OpenRPA["AuthToken"] = lCookieAuthToken
#Exit earlier #Exit earlier
return lResult return lResult
###################################### ######################################
@ -71,7 +75,7 @@ def AuthenticateVerify(inRequest):
":") ":")
lUser = llHeaderAuthorizationDecodedUserPasswordList[0] lUser = llHeaderAuthorizationDecodedUserPasswordList[0]
lPassword = llHeaderAuthorizationDecodedUserPasswordList[1] lPassword = llHeaderAuthorizationDecodedUserPasswordList[1]
lDomain = None lDomain = ""
if "\\" in lUser: if "\\" in lUser:
lDomain = lUser.split("\\")[0] lDomain = lUser.split("\\")[0]
lUser = lUser.split("\\")[1] lUser = lUser.split("\\")[1]
@ -95,8 +99,8 @@ def AuthenticateVerify(inRequest):
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"] mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now() mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
#Set-cookie #Set-cookie
inRequest.OpenRPA={}
inRequest.OpenRPA["AuthToken"] = lAuthToken inRequest.OpenRPA["AuthToken"] = lAuthToken
inRequest.OpenRPASetCookie = {}
#inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken #inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken
#pdb.set_trace() #pdb.set_trace()
#inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}") #inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}")
@ -125,14 +129,17 @@ def UserAccessCheckBefore(inMethod, inRequest):
inMethod=inMethod.upper() inMethod=inMethod.upper()
#Prepare result false #Prepare result false
lResult = False lResult = False
#Check rules to find first appicable
lAuthToken = inRequest.OpenRPA["AuthToken"] lAuthToken = inRequest.OpenRPA["AuthToken"]
#go next if user is identified #go next if user is identified
lUserDict = None lUserDict = None
if lAuthToken: if lAuthToken:
lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken] lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]
#pdb.set_trace()
########################################
########################################
#Check general before rule (without User domain)
#Check rules #Check rules
for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDict", {}).get((lUserDict["Domain"], lUserDict["User"]), {}).get("MethodMatchURLBeforeList", []): for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []):
#Go next execution if flag is false #Go next execution if flag is false
if not lResult: if not lResult:
#Check if Method is identical #Check if Method is identical
@ -153,6 +160,36 @@ def UserAccessCheckBefore(inMethod, inRequest):
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE": elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
if lAccessRuleItem["URL"] == inRequest.path: if lAccessRuleItem["URL"] == inRequest.path:
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict) lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
#########################################
#########################################
#Do check if lResult is false
if not lResult:
#Check access by User Domain
#Check rules to find first appicable
#Check rules
for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []):
#Go next execution if flag is false
if not lResult:
#Check if Method is identical
if lAccessRuleItem["Method"].upper() == inMethod:
#check Match type variant: BeginWith
if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
if inRequest.path.startswith(lAccessRuleItem["URL"]):
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
#check Match type variant: Contains
elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
if inRequest.path.contains(lAccessRuleItem["URL"]):
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
# check Match type variant: Equal
elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
# check Match type variant: EqualCase
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
if lAccessRuleItem["URL"] == inRequest.path:
lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
#####################################
#####################################
#Return lResult #Return lResult
return lResult return lResult
# HTTPRequestHandler class # HTTPRequestHandler class
@ -164,7 +201,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
# Send headers # Send headers
self.send_header('Content-type', inContentType) self.send_header('Content-type', inContentType)
#Check if var exist #Check if var exist
if hasattr(self, "OpenRPA"): if hasattr(self, "OpenRPASetCookie"):
self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}") self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}")
self.end_headers() self.end_headers()
lFileObject = open(inFilePath, "rb") lFileObject = open(inFilePath, "rb")
@ -261,6 +298,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
# check if file in FileURL - File Path Mapping Dict # check if file in FileURL - File Path Mapping Dict
if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]: if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]:
self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL]) self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL])
else:
#Set access denied code
# Send response status code
self.send_response(403)
# Send headers
self.end_headers()
# POST # POST
def do_POST(self): def do_POST(self):
##################################### #####################################

@ -1,4 +1,4 @@
import sys import sys
lFolderPath = "\\".join(__file__.split("\\")[:-2]) lFolderPath = "\\".join(__file__.split("\\")[:-2])
sys.path.append(lFolderPath) sys.path.insert(0, lFolderPath)
from Orchestrator import Orchestrator from Orchestrator import Orchestrator
Loading…
Cancel
Save