#OrchestratorAccessUsers for test

Signed-off-by: Ivan Maslov <Ivan.Maslov@UnicodeLabs.ru>

Orchestrator/Settings/AccessUser_ND.py

@@ -0,0 +1,32 @@
+def SettingsUpdate(inDict):
+    #################################################
+    #General MethodMatchURL list (no domain/user)
+    lRuleMethodMatchURLBeforeList=[
+            {
+            "Method":"GET",
+            "MatchType":"Equal",
+            "URL":"/",
+            "FlagAccess": True
+        }
+    ]
+    #Append to global list
+    inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]=inDict["Server"]["AccessUsers"]["RuleMethodMatchURLBeforeList"]+lRuleMethodMatchURLBeforeList
+    ##################################################
+    #""/"ND" MethodMatchURLList
+    l__ND_RuleMethodMatchURLBeforeList={
+        ("","ND"): {
+            "MethodMatchURLBeforeList": [
+                {
+                    "Method":"GET",
+                    "MatchType":"Beginwith",
+                    "URL":"/",
+                    #"FlagAccessDefRequestGlobalAuthenticate": TestDef
+                    "FlagAccess": True
+                }
+            ]
+        }
+    }
+    #Append to global list
+    inDict["Server"]["AccessUsers"]["RuleDomainUserDict"].update(l__ND_RuleMethodMatchURLBeforeList)
+    #Return current dict
+    return inDict

Orchestrator/Settings/Settings.py

@@ -78,8 +78,8 @@ def Settings():
             ],
             "AccessUsers": { #Defaul - all URL is blocked
                 "FlagCredentialsAsk": True, #Turn on Authentication
-                "RuleDict": {
+                "RuleDomainUserDict": {
-                    #("Domain", "User"): {
+                    #("DOMAIN", "USER"): { #upper case
                     #    "MethodMatchURLBeforeList": [
                     #       {
                     #           "Method":"GET|POST",
@@ -91,6 +91,15 @@ def Settings():
                     #    ]
                     #}
                 },
+                "RuleMethodMatchURLBeforeList": [
+                    #       {
+                    #           "Method":"GET|POST",
+                    #           "MatchType":"BeginWith|Contains|Equal|EqualCase",
+                    #           "URL":"",
+                    #           "FlagAccessDefRequestGlobalAuthenticate": None, #Return bool
+                    #           "FlagAccess": True       
+                    #        }
+                ],
                 "AuthTokensDict": {
                     #"<AuthToken>":{"User":"", "Domain":"", "TokenDatetime":<Datetime>}
                 }

Orchestrator/Settings/Test.py

@@ -1,2 +0,0 @@
-def SettingsUpdate(inDict):
-    print("Subsettings file in Settings folder has been sucessfully called")

Sources/pyOpenRPA/Orchestrator/Server.py

@@ -52,6 +52,8 @@ def AuthenticateVerify(inRequest):
     ######################################
     #Way 1 - try to find AuthToken
     lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
+    inRequest.OpenRPA = {}
+    inRequest.OpenRPA["AuthToken"] = None
     #pdb.set_trace()
     if "AuthToken" in lCookies:
         lCookieAuthToken = lCookies.get("AuthToken", "").value
@@ -61,6 +63,8 @@ def AuthenticateVerify(inRequest):
                 #Auth Token Has Been Founded
                 lResult["Domain"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["Domain"]
                 lResult["User"] = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lCookieAuthToken]["User"]
+                #Set auth token
+                inRequest.OpenRPA["AuthToken"] = lCookieAuthToken
                 #Exit earlier
                 return lResult
     ######################################
@@ -71,7 +75,7 @@ def AuthenticateVerify(inRequest):
             ":")
         lUser = llHeaderAuthorizationDecodedUserPasswordList[0]
         lPassword = llHeaderAuthorizationDecodedUserPasswordList[1]
-        lDomain = None
+        lDomain = ""
         if "\\" in lUser:
             lDomain = lUser.split("\\")[0]
             lUser = lUser.split("\\")[1]
@@ -95,8 +99,8 @@ def AuthenticateVerify(inRequest):
             mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
             mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
             #Set-cookie
-            inRequest.OpenRPA={}
             inRequest.OpenRPA["AuthToken"] = lAuthToken
+            inRequest.OpenRPASetCookie = {}
             #inRequest.OpenRPAResponse["Set-Cookie"]=[]lResult["Set-Cookie"] = lAuthToken
             #pdb.set_trace()
             #inRequest.send_header("Set-Cookie:", f"AuthToken={lAuthToken}")
@@ -125,14 +129,17 @@ def UserAccessCheckBefore(inMethod, inRequest):
     inMethod=inMethod.upper()
     #Prepare result false
     lResult = False
-    #Check rules to find first appicable
     lAuthToken = inRequest.OpenRPA["AuthToken"]
     #go next if user is identified
     lUserDict = None
     if lAuthToken:
         lUserDict = mGlobalDict["Server"]["AccessUsers"]["AuthTokensDict"][lAuthToken]
+    #pdb.set_trace()
+    ########################################
+    ########################################
+    #Check general before rule (without User domain)
     #Check rules
-    for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDict", {}).get((lUserDict["Domain"], lUserDict["User"]), {}).get("MethodMatchURLBeforeList", []):
+    for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []):
         #Go next execution if flag is false
         if not lResult:
             #Check if Method is identical
@@ -153,6 +160,36 @@ def UserAccessCheckBefore(inMethod, inRequest):
                 elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
                     if lAccessRuleItem["URL"] == inRequest.path:
                         lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
+    #########################################
+    #########################################
+    #Do check if lResult is false
+    if not lResult:
+        #Check access by User Domain
+        #Check rules to find first appicable
+        #Check rules
+        for lAccessRuleItem in mGlobalDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []):
+            #Go next execution if flag is false
+            if not lResult:
+                #Check if Method is identical
+                if lAccessRuleItem["Method"].upper() == inMethod:
+                    #check Match type variant: BeginWith
+                    if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
+                        if inRequest.path.startswith(lAccessRuleItem["URL"]):
+                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
+                    #check Match type variant: Contains
+                    elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
+                        if inRequest.path.contains(lAccessRuleItem["URL"]):
+                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
+                    # check Match type variant: Equal
+                    elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
+                        if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
+                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
+                    # check Match type variant: EqualCase
+                    elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
+                        if lAccessRuleItem["URL"] == inRequest.path:
+                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, mGlobalDict, lUserDict)
+    #####################################
+    #####################################
     #Return lResult
     return lResult
 # HTTPRequestHandler class
@@ -164,7 +201,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
         # Send headers
         self.send_header('Content-type', inContentType)
         #Check if var exist
-        if hasattr(self, "OpenRPA"):
+        if hasattr(self, "OpenRPASetCookie"):
             self.send_header("Set-Cookie", f"AuthToken={self.OpenRPA['AuthToken']}")
         self.end_headers()
         lFileObject = open(inFilePath, "rb") 
@@ -261,6 +298,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
                     # check if file in FileURL - File Path Mapping Dict
                     if lFileURL.lower() in mGlobalDict["FileManager"]["FileURLFilePathDict"]:
                         self.SendResponseContentTypeFile('application/octet-stream',mGlobalDict["FileManager"]["FileURLFilePathDict"][lFileURL])
+            else:
+                #Set access denied code
+                # Send response status code
+                self.send_response(403)
+                # Send headers
+                self.end_headers()
     # POST
     def do_POST(self):
         #####################################

Sources/pyOpenRPA/Orchestrator/__main__.py

@@ -1,4 +1,4 @@
 import sys
 lFolderPath = "\\".join(__file__.split("\\")[:-2])
-sys.path.append(lFolderPath)
+sys.path.insert(0, lFolderPath)
 from Orchestrator import Orchestrator