From d1189657c530fc4e8e8cacbb2dd85d689b4e2b1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=98=D0=B2=D0=B0=D0=BD=20=D0=9C=D0=B0=D1=81=D0=BB=D0=BE?=
 =?UTF-8?q?=D0=B2?= <ivan.maslov@pyopenrpa.ru>
Date: Tue, 13 Dec 2022 10:33:14 +0300
Subject: [PATCH] =?UTF-8?q?orc:=20-=20-=20=D0=9F=D1=80=D0=B0=D0=B2=D0=B0?=
 =?UTF-8?q?=20=D0=B4=D0=BE=D1=81=D1=82=D1=83=D0=BF=D0=B0=20=D0=B2=20=D1=81?=
 =?UTF-8?q?=D0=BB=D1=83=D1=87=D0=B0=D0=B5=20=D0=BD=D0=B5=D0=B7=D0=B0=D1=8F?=
 =?UTF-8?q?=D0=B2=D0=BB=D0=B5=D0=BD=D0=BD=D0=BE=D0=B3=D0=BE=20=D0=BF=D0=BE?=
 =?UTF-8?q?=D0=BB=D1=8C=D0=B7=D0=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8F=20?=
 =?UTF-8?q?(Hotfix)=20-=20-=20=D0=92=D0=BE=D0=B7=D0=BC=D0=BE=D0=B6=D0=BD?=
 =?UTF-8?q?=D0=BE=D1=81=D1=82=D1=8C=20=D0=B0=D0=B2=D1=82=D0=BE=D1=80=D0=B8?=
 =?UTF-8?q?=D0=B7=D0=B0=D1=86=D0=B8=D0=B8=20=D0=B2=20=D1=84=D0=BE=D1=80?=
 =?UTF-8?q?=D0=BC=D0=B0=D1=82=D0=B5=20login@domain?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Sources/pyOpenRPA/Orchestrator/Server.py      | 55 ++++++++++++-------
 .../pyOpenRPA/Orchestrator/ServerSettings.py  |  2 +-
 2 files changed, 35 insertions(+), 22 deletions(-)

diff --git a/Sources/pyOpenRPA/Orchestrator/Server.py b/Sources/pyOpenRPA/Orchestrator/Server.py
index 7c2f4b24..23b1fd58 100755
--- a/Sources/pyOpenRPA/Orchestrator/Server.py
+++ b/Sources/pyOpenRPA/Orchestrator/Server.py
@@ -79,29 +79,41 @@ def IdentifyAuthorize(inRequest:Request, inResponse:Response,
             if "\\" in lUser:
                 lDomain = lUser.split("\\")[0]
                 lUser = lUser.split("\\")[1]
+            elif "@" in lUser:
+                lDomain = lUser.split("@")[1]
+                lUser = lUser.split("@")[0]
             lLogonBool = __Orchestrator__.OSCredentialsVerify(inUserStr=lUser, inPasswordStr=lPassword, inDomainStr=lDomain)
             #Check result
-            if lLogonBool:
-                lResult["Domain"] = lDomain
-                lResult["User"] = lUser
-                #Create token
-                lAuthToken=str(uuid.uuid1())
-                __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken] = {}
-                __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["Domain"] = lResult["Domain"]
-                __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
-                __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["FlagDoNotExpire"] = False
-                __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
-                #Set-cookie
-                inResponse.set_cookie(key="AuthToken",value=lAuthToken)
-                mOpenRPA={}
-                mOpenRPA["AuthToken"] = lAuthToken
-                mOpenRPA["Domain"] = lResult["Domain"]
-                mOpenRPA["User"] = lResult["User"]
-                mOpenRPA["IsSuperToken"] = __Orchestrator__.GSettingsGet().get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(mOpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False)
-                return lAuthToken
-                #inRequest.OpenRPASetCookie = {}
-                #New engine of server
-                #inRequest.OpenRPAResponseDict["SetCookies"]["AuthToken"] = lAuthToken
+            if lLogonBool: # check user in gsettings rules
+                lLogonBool = False
+                gSettings = __Orchestrator__.GSettingsGet()  # Set the global settings
+                lUserTurple = (lDomain.upper(),lUser.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]
+                lUserTurple2 = ("",lUser.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]
+                if lUserTurple in gSettings.get("ServerDict",{}).get("AccessUsers", {}).get("RuleDomainUserDict", {}): lLogonBool = True
+                elif lUserTurple2 in gSettings.get("ServerDict",{}).get("AccessUsers", {}).get("RuleDomainUserDict", {}): lLogonBool = True
+                if lLogonBool: # If user exists in UAC Dict
+                    lResult["Domain"] = lDomain
+                    lResult["User"] = lUser
+                    #Create token
+                    lAuthToken=str(uuid.uuid1())
+                    __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken] = {}
+                    __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["Domain"] = lResult["Domain"]
+                    __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["User"] = lResult["User"]
+                    __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["FlagDoNotExpire"] = False
+                    __Orchestrator__.GSettingsGet()["ServerDict"]["AccessUsers"]["AuthTokensDict"][lAuthToken]["TokenDatetime"] = datetime.datetime.now()
+                    #Set-cookie
+                    inResponse.set_cookie(key="AuthToken",value=lAuthToken)
+                    mOpenRPA={}
+                    mOpenRPA["AuthToken"] = lAuthToken
+                    mOpenRPA["Domain"] = lResult["Domain"]
+                    mOpenRPA["User"] = lResult["User"]
+                    mOpenRPA["IsSuperToken"] = __Orchestrator__.GSettingsGet().get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(mOpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False)
+                    return lAuthToken
+                    #inRequest.OpenRPASetCookie = {}
+                    #New engine of server
+                    #inRequest.OpenRPAResponseDict["SetCookies"]["AuthToken"] = lAuthToken
+                else:
+                    raise HTTPException(status_code=401, detail="Попытка авторизации не прошла успешно (для пользователя не заявлен доступ к оркестратору pyOpenRPA. Обратитесь в техническую поддержку)", headers={})
             else:
                 raise HTTPException(status_code=401, detail="Попытка авторизации не прошла успешно (неверная пара логин / пароль)", headers={})
         ######################################
@@ -111,6 +123,7 @@ def IdentifyAuthorize(inRequest:Request, inResponse:Response,
 
 
 
+
 lRouteList =[]
 for lItem in app.router.routes:
     lRouteList.append(lItem)
diff --git a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py
index 8369912a..25368f09 100755
--- a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py
+++ b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py
@@ -148,7 +148,7 @@ async def pyOpenRPA_ServerData(inRequest: Request, inAuthTokenStr:str=Depends(Id
             "CPDict": HiddenCPDictGenerate(inAuthTokenStr=inAuthTokenStr),
             "RDPDict": HiddenRDPDictGenerate(inAuthTokenStr=inAuthTokenStr),
             "AgentDict": HiddenAgentDictGenerate(inAuthTokenStr=inAuthTokenStr),
-            "UserDict": {"UACClientDict": {}, "CWDPathStr": os.getcwd(), "VersionStr": inGSettings["VersionStr"]},
+            "UserDict": {"UACClientDict": __Orchestrator__.WebUserUACHierarchyGet(inAuthTokenStr=inAuthTokenStr), "CWDPathStr": os.getcwd(), "VersionStr": inGSettings["VersionStr"]},
         }
         # Create JSON
         lServerDataDictJSONStr = json.dumps(lServerDataDict)