|
|
@ -22,6 +22,8 @@ from http import cookies
|
|
|
|
global gSettingsDict
|
|
|
|
global gSettingsDict
|
|
|
|
from . import ServerSettings
|
|
|
|
from . import ServerSettings
|
|
|
|
import copy
|
|
|
|
import copy
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#Authenticate function ()
|
|
|
|
#Authenticate function ()
|
|
|
|
# return dict
|
|
|
|
# return dict
|
|
|
|
# {
|
|
|
|
# {
|
|
|
@ -33,10 +35,6 @@ def AuthenticateVerify(inRequest):
|
|
|
|
######################################
|
|
|
|
######################################
|
|
|
|
#Way 1 - try to find AuthToken
|
|
|
|
#Way 1 - try to find AuthToken
|
|
|
|
lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
|
|
|
|
lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", ""))
|
|
|
|
inRequest.OpenRPA = {}
|
|
|
|
|
|
|
|
inRequest.OpenRPA["AuthToken"] = None
|
|
|
|
|
|
|
|
inRequest.OpenRPA["Domain"] = None
|
|
|
|
|
|
|
|
inRequest.OpenRPA["User"] = None
|
|
|
|
|
|
|
|
#pdb.set_trace()
|
|
|
|
#pdb.set_trace()
|
|
|
|
if "AuthToken" in lCookies:
|
|
|
|
if "AuthToken" in lCookies:
|
|
|
|
lCookieAuthToken = lCookies.get("AuthToken", "").value
|
|
|
|
lCookieAuthToken = lCookies.get("AuthToken", "").value
|
|
|
@ -193,6 +191,34 @@ def UserAccessCheckBefore(inMethod, inRequest):
|
|
|
|
return lResult
|
|
|
|
return lResult
|
|
|
|
# HTTPRequestHandler class
|
|
|
|
# HTTPRequestHandler class
|
|
|
|
class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
|
|
|
|
# Def to check User Role access grants
|
|
|
|
|
|
|
|
def UserRoleAccessAsk(self, inRoleKeyList):
|
|
|
|
|
|
|
|
lResult = True # Init flag
|
|
|
|
|
|
|
|
lRoleHierarchyDict = self.UserRoleHierarchyGet() # get the Hierarchy
|
|
|
|
|
|
|
|
# Try to get value from key list
|
|
|
|
|
|
|
|
lKeyValue = lRoleHierarchyDict # Init the base
|
|
|
|
|
|
|
|
for lItem in inRoleKeyList:
|
|
|
|
|
|
|
|
if type(lKeyValue) is dict:
|
|
|
|
|
|
|
|
if lItem in lKeyValue: # Has key
|
|
|
|
|
|
|
|
lKeyValue = lKeyValue[lItem] # Get the value and go to the next loop iteration
|
|
|
|
|
|
|
|
else: # Else branch - true or false
|
|
|
|
|
|
|
|
if len(lKeyValue)>0: # False - if Dict has some elements
|
|
|
|
|
|
|
|
lResult = False # Set the False Flag
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
lResult = True # Set the True flag
|
|
|
|
|
|
|
|
break # Stop the loop
|
|
|
|
|
|
|
|
else: # Has element with no detalization - return True
|
|
|
|
|
|
|
|
lResult = True # Set the flag
|
|
|
|
|
|
|
|
break # Close the loop
|
|
|
|
|
|
|
|
return lResult # Return the result
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Def to get hierarchy of the current user roles
|
|
|
|
|
|
|
|
# if return {} - all is available
|
|
|
|
|
|
|
|
def UserRoleHierarchyGet(self):
|
|
|
|
|
|
|
|
lDomainUpperStr = self.OpenRPA["Domain"].upper()
|
|
|
|
|
|
|
|
lUserUpperStr = self.OpenRPA["User"].upper()
|
|
|
|
|
|
|
|
return gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lDomainUpperStr, lUserUpperStr), {}).get("RoleHierarchyAllowedDict", {})
|
|
|
|
|
|
|
|
|
|
|
|
#Tech def
|
|
|
|
#Tech def
|
|
|
|
#return {"headers":[],"body":"","statuscode":111}
|
|
|
|
#return {"headers":[],"body":"","statuscode":111}
|
|
|
|
def URLItemCheckDo(self, inURLItem, inMethod):
|
|
|
|
def URLItemCheckDo(self, inURLItem, inMethod):
|
|
|
@ -287,6 +313,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
# Write content as utf-8 data
|
|
|
|
# Write content as utf-8 data
|
|
|
|
self.wfile.write(inResponseDict["Body"])
|
|
|
|
self.wfile.write(inResponseDict["Body"])
|
|
|
|
def do_GET(self):
|
|
|
|
def do_GET(self):
|
|
|
|
|
|
|
|
self.OpenRPA = {}
|
|
|
|
|
|
|
|
self.OpenRPA["AuthToken"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["Domain"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["User"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["DefUserRoleAccessAsk"]=self.UserRoleAccessAsk # Alias for def
|
|
|
|
|
|
|
|
self.OpenRPA["DefUserRoleHierarchyGet"]=self.UserRoleHierarchyGet # Alias for def
|
|
|
|
# Prepare result dict
|
|
|
|
# Prepare result dict
|
|
|
|
lResponseDict = {"Headers": {}, "SetCookies": {}, "Body": b"", "StatusCode": None}
|
|
|
|
lResponseDict = {"Headers": {}, "SetCookies": {}, "Body": b"", "StatusCode": None}
|
|
|
|
self.OpenRPAResponseDict = lResponseDict
|
|
|
|
self.OpenRPAResponseDict = lResponseDict
|
|
|
@ -350,6 +382,13 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
self.end_headers()
|
|
|
|
self.end_headers()
|
|
|
|
# POST
|
|
|
|
# POST
|
|
|
|
def do_POST(self):
|
|
|
|
def do_POST(self):
|
|
|
|
|
|
|
|
lL = gSettingsDict["Logger"]
|
|
|
|
|
|
|
|
self.OpenRPA = {}
|
|
|
|
|
|
|
|
self.OpenRPA["AuthToken"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["Domain"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["User"] = None
|
|
|
|
|
|
|
|
self.OpenRPA["DefUserRoleAccessAsk"]=self.UserRoleAccessAsk # Alias for def
|
|
|
|
|
|
|
|
self.OpenRPA["DefUserRoleHierarchyGet"]=self.UserRoleHierarchyGet # Alias for def
|
|
|
|
# Prepare result dict
|
|
|
|
# Prepare result dict
|
|
|
|
#pdb.set_trace()
|
|
|
|
#pdb.set_trace()
|
|
|
|
lResponseDict = {"Headers": {}, "SetCookies":{}, "Body": b"", "StatusCode": None}
|
|
|
|
lResponseDict = {"Headers": {}, "SetCookies":{}, "Body": b"", "StatusCode": None}
|
|
|
@ -360,8 +399,14 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
#####################################
|
|
|
|
#####################################
|
|
|
|
lFlagAccessUserBlock=False
|
|
|
|
lFlagAccessUserBlock=False
|
|
|
|
lAuthenticateDict = {"Domain": "", "User": ""}
|
|
|
|
lAuthenticateDict = {"Domain": "", "User": ""}
|
|
|
|
|
|
|
|
lIsSuperToken = False # Is supertoken
|
|
|
|
if gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("FlagCredentialsAsk", False):
|
|
|
|
if gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("FlagCredentialsAsk", False):
|
|
|
|
lAuthenticateDict = AuthenticateVerify(self)
|
|
|
|
lAuthenticateDict = AuthenticateVerify(self)
|
|
|
|
|
|
|
|
# Get Flag is supertoken (True|False)
|
|
|
|
|
|
|
|
lDomainUpperStr = self.OpenRPA["Domain"].upper()
|
|
|
|
|
|
|
|
lUserUpperStr = self.OpenRPA["User"].upper()
|
|
|
|
|
|
|
|
lIsSuperToken = gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(
|
|
|
|
|
|
|
|
(lDomainUpperStr, lUserUpperStr), {}).get("FlagDoNotExpire", False)
|
|
|
|
if not lAuthenticateDict["User"]:
|
|
|
|
if not lAuthenticateDict["User"]:
|
|
|
|
lFlagAccessUserBlock=True
|
|
|
|
lFlagAccessUserBlock=True
|
|
|
|
if lFlagAccessUserBlock:
|
|
|
|
if lFlagAccessUserBlock:
|
|
|
@ -401,6 +446,9 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
|
|
|
|
# Send headers
|
|
|
|
# Send headers
|
|
|
|
self.send_header('Content-type','application/json')
|
|
|
|
self.send_header('Content-type','application/json')
|
|
|
|
self.end_headers()
|
|
|
|
self.end_headers()
|
|
|
|
|
|
|
|
# Logging info about processor activity if not SuperToken ()
|
|
|
|
|
|
|
|
if not lIsSuperToken:
|
|
|
|
|
|
|
|
if lL: lL.info(f"Server:: User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, Activity: {lInputObject}")
|
|
|
|
# Send message back to client
|
|
|
|
# Send message back to client
|
|
|
|
message = json.dumps(Processor.ActivityListOrDict(lInputObject))
|
|
|
|
message = json.dumps(Processor.ActivityListOrDict(lInputObject))
|
|
|
|
# Write content as utf-8 data
|
|
|
|
# Write content as utf-8 data
|
|
|
|