Change log message about sesitive params - dont show it in logs... Security reasons, because logs can be shown on the web.

Sources/pyOpenRPA/Orchestrator/Processor.py

@@ -34,6 +34,7 @@ def ActivityListExecute(inGSettings, inActivityList):
     lResultList = [] # init the result list
     try:
         for lActivityItem in inActivityList:  # Iterate throught the activity list
+            if lL: lL.info(f'Processor.ActivityListExecute:: Def:{str(lActivityItem["Def"])}. Parameters are not available to see.')
             lDef = None  # Def variable
             if callable(lActivityItem["Def"]):  # CHeck if def is callable
                 lDef = lActivityItem["Def"]  # Get the def

Sources/pyOpenRPA/Orchestrator/Server.py

@@ -435,8 +435,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
             if gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("FlagCredentialsAsk", False):
                 lAuthenticateDict = AuthenticateVerify(self)
                 # Get Flag is supertoken (True|False)
-                lIsSuperToken = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(
-                    self.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False)
+                lIsSuperToken = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(self.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False)
                 if not lAuthenticateDict["User"]:
                     lFlagAccessUserBlock=True
             if lFlagAccessUserBlock:
@@ -478,7 +477,16 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
                         self.end_headers()
                         # Logging info about processor activity if not SuperToken ()
                         if not lIsSuperToken:
-                            if lL: lL.info(f"Server:: User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, Activity: {lInputObject}")
+                            lActivityTypeListStr = ""
+                            try:
+                                if type(lInputObject) is list:
+                                    for lActivityItem in lInputObject:
+                                        lActivityTypeListStr+=f"{lActivityItem['Type']}; "
+                                else:
+                                    lActivityTypeListStr += f"{lInputObject['Type']}"
+                            except Exception as e:
+                                lActivityTypeListStr = "Has some error with Activity Type read"
+                            if lL: lL.info(f"Server:: !ATTENTION! /Utils/Processor will be deprecated in future. Use /pyOpenRPA/Processor or /pyOpenRPA/ActivityListExecute. User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}")
                         # Send message back to client
                         message = json.dumps(ProcessorOld.ActivityListOrDict(lInputObject))
                         # Write content as utf-8 data

Sources/pyOpenRPA/Orchestrator/ServerSettings.py

@@ -1,6 +1,7 @@
 import json, os
 import copy
 from inspect import signature # For detect count of def args
+from . import __Orchestrator__
 #ControlPanelDict
 from desktopmagic.screengrab_win32 import (
 	getDisplayRects, saveScreenToBmp, saveRectToBmp, getScreenAsImage,
@@ -257,6 +258,7 @@ def pyOpenRPA_Screenshot(inRequest,inGlobalDict):
 # Add activity item or activity list to the processor queue
 # Body is Activity item or Activity List
 def pyOpenRPA_Processor(inRequest, inGSettings):
+    lL = inGSettings["Logger"]
     # Recieve the data
     lValueStr = None
     if inRequest.headers.get('Content-Length') is not None:
@@ -266,12 +268,32 @@ def pyOpenRPA_Processor(inRequest, inGSettings):
         lInput = json.loads(lInputByteArray.decode('utf8'))
     # If list - operator plus
     if type(lInput) is list:
+        # Logging info about processor activity if not SuperToken ()
+        if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings):
+            lActivityTypeListStr = ""
+            try:
+                for lActivityItem in lInput:
+                    lActivityTypeListStr += f"{lActivityItem['Def']}; "
+            except Exception as e:
+                lActivityTypeListStr = "Has some error with Activity Type read"
+            if lL: lL.info(f"ServerSettings.pyOpenRPA_Processor. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}")
+        # Append in list
         inGSettings["ProcessorDict"]["ActivityList"]+=lInput
     else:
+        # Logging info about processor activity if not SuperToken ()
+        if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings):
+            lActivityTypeListStr = ""
+            try:
+                lActivityTypeListStr = lInput['Def']
+            except Exception as e:
+                lActivityTypeListStr = "Has some error with Activity Type read"
+            if lL: lL.info(f"ServerSettings.pyOpenRPA_Processor. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}")
+        # Append in list
         inGSettings["ProcessorDict"]["ActivityList"].append(lInput)
 # Execute activity list
 def pyOpenRPA_ActivityListExecute(inRequest, inGSettings):
     # Recieve the data
+    lL = inGSettings["Logger"]
     lValueStr = None
     if inRequest.headers.get('Content-Length') is not None:
         lInputByteArrayLength = int(inRequest.headers.get('Content-Length'))
@@ -280,9 +302,28 @@ def pyOpenRPA_ActivityListExecute(inRequest, inGSettings):
         lInput = json.loads(lInputByteArray.decode('utf8'))
     # If list - operator plus
     if type(lInput) is list:
+        # Logging info about processor activity if not SuperToken ()
+        if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings):
+            lActivityTypeListStr = ""
+            try:
+                for lActivityItem in lInput:
+                    lActivityTypeListStr += f"{lActivityItem['Def']}; "
+            except Exception as e:
+                lActivityTypeListStr = "Has some error with Activity Type read"
+            if lL: lL.info(f"ServerSettings.pyOpenRPA_ActivityListExecute. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}")
+        # Execution
         lResultList = Processor.ActivityListExecute(inGSettings = inGSettings, inActivityList = lInput)
         inRequest.OpenRPAResponseDict["Body"] = bytes(json.dumps(lResultList), "utf8")
     else:
+        # Logging info about processor activity if not SuperToken ()
+        if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings):
+            lActivityTypeListStr = ""
+            try:
+                lActivityTypeListStr = lInput['Def']
+            except Exception as e:
+                lActivityTypeListStr = "Has some error with Activity Type read"
+            if lL: lL.info(f"ServerSettings.pyOpenRPA_ActivityListExecute. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}")
+        # Execution
         lResultList = Processor.ActivityListExecute(inGSettings = inGSettings, inActivityList = [lInput])
         inRequest.OpenRPAResponseDict["Body"] = bytes(json.dumps(lResultList[0]), "utf8")
 

Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py

@@ -285,6 +285,13 @@ def WebUserInfoGet(inRequest):
     lUserUpperStr = inRequest.OpenRPA["User"].upper()
     return {"DomainUpperStr": lDomainUpperStr, "UserNameUpperStr": lUserUpperStr}
 
+# Return bool if request is authentificated with supetoken (token which is never expires)
+def WebUserIsSuperToken(inRequest, inGSettings):
+    lIsSuperTokenBool = False
+    # Get Flag is supertoken (True|False)
+    lIsSuperTokenBool = inGSettings.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(inRequest.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False)
+    return lIsSuperTokenBool
+
 # Return User UAC Hierarchy DICT Return {...}
 def WebUserUACHierarchyGet(inRequest):
     return inRequest.UserRoleHierarchyGet()

changelog.md

@@ -103,6 +103,10 @@
 - Update def RDPSessionReconnect(inGSettings, inRDPSessionKeyStr, inRDPTemplateDict=None): # RDP Session reconnect
 
 - Add alg which find dublicates in RDPList if connection lost was appeared - important to catch 2+ RDP to one RDP configs
+
+- def WebUserIsSuperToken(inRequest, inGSettings): # Return bool if request is authentificated with supetoken (token which is never expires)
+
+
 [1.1.0]
 After 2 month test prefinal with new improovements (+RobotRDPActive in Orchestrator + Easy ControlPanelTemplate)
 Beta before 1.1.0 (new way of OpenRPA with improvements. Sorry, but no backward compatibility)/ Backward compatibility will start from 1.0.1