From fa67b83b7713413204937c2545334949f609a264 Mon Sep 17 00:00:00 2001 From: Ivan Maslov Date: Wed, 16 Dec 2020 17:07:15 +0300 Subject: [PATCH] Change log message about sesitive params - dont show it in logs... Security reasons, because logs can be shown on the web. --- Sources/pyOpenRPA/Orchestrator/Processor.py | 1 + Sources/pyOpenRPA/Orchestrator/Server.py | 14 +++++-- .../pyOpenRPA/Orchestrator/ServerSettings.py | 41 +++++++++++++++++++ .../Orchestrator/__Orchestrator__.py | 7 ++++ changelog.md | 4 ++ 5 files changed, 64 insertions(+), 3 deletions(-) diff --git a/Sources/pyOpenRPA/Orchestrator/Processor.py b/Sources/pyOpenRPA/Orchestrator/Processor.py index 1966db6d..78dd6e6e 100644 --- a/Sources/pyOpenRPA/Orchestrator/Processor.py +++ b/Sources/pyOpenRPA/Orchestrator/Processor.py @@ -34,6 +34,7 @@ def ActivityListExecute(inGSettings, inActivityList): lResultList = [] # init the result list try: for lActivityItem in inActivityList: # Iterate throught the activity list + if lL: lL.info(f'Processor.ActivityListExecute:: Def:{str(lActivityItem["Def"])}. Parameters are not available to see.') lDef = None # Def variable if callable(lActivityItem["Def"]): # CHeck if def is callable lDef = lActivityItem["Def"] # Get the def diff --git a/Sources/pyOpenRPA/Orchestrator/Server.py b/Sources/pyOpenRPA/Orchestrator/Server.py index 339b0956..5fba4e58 100644 --- a/Sources/pyOpenRPA/Orchestrator/Server.py +++ b/Sources/pyOpenRPA/Orchestrator/Server.py @@ -435,8 +435,7 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): if gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("FlagCredentialsAsk", False): lAuthenticateDict = AuthenticateVerify(self) # Get Flag is supertoken (True|False) - lIsSuperToken = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get( - self.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False) + lIsSuperToken = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(self.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False) if not lAuthenticateDict["User"]: lFlagAccessUserBlock=True if lFlagAccessUserBlock: @@ -478,7 +477,16 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): self.end_headers() # Logging info about processor activity if not SuperToken () if not lIsSuperToken: - if lL: lL.info(f"Server:: User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, Activity: {lInputObject}") + lActivityTypeListStr = "" + try: + if type(lInputObject) is list: + for lActivityItem in lInputObject: + lActivityTypeListStr+=f"{lActivityItem['Type']}; " + else: + lActivityTypeListStr += f"{lInputObject['Type']}" + except Exception as e: + lActivityTypeListStr = "Has some error with Activity Type read" + if lL: lL.info(f"Server:: !ATTENTION! /Utils/Processor will be deprecated in future. Use /pyOpenRPA/Processor or /pyOpenRPA/ActivityListExecute. User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}") # Send message back to client message = json.dumps(ProcessorOld.ActivityListOrDict(lInputObject)) # Write content as utf-8 data diff --git a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py index 611b776c..cf23ef20 100644 --- a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py +++ b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py @@ -1,6 +1,7 @@ import json, os import copy from inspect import signature # For detect count of def args +from . import __Orchestrator__ #ControlPanelDict from desktopmagic.screengrab_win32 import ( getDisplayRects, saveScreenToBmp, saveRectToBmp, getScreenAsImage, @@ -257,6 +258,7 @@ def pyOpenRPA_Screenshot(inRequest,inGlobalDict): # Add activity item or activity list to the processor queue # Body is Activity item or Activity List def pyOpenRPA_Processor(inRequest, inGSettings): + lL = inGSettings["Logger"] # Recieve the data lValueStr = None if inRequest.headers.get('Content-Length') is not None: @@ -266,12 +268,32 @@ def pyOpenRPA_Processor(inRequest, inGSettings): lInput = json.loads(lInputByteArray.decode('utf8')) # If list - operator plus if type(lInput) is list: + # Logging info about processor activity if not SuperToken () + if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings): + lActivityTypeListStr = "" + try: + for lActivityItem in lInput: + lActivityTypeListStr += f"{lActivityItem['Def']}; " + except Exception as e: + lActivityTypeListStr = "Has some error with Activity Type read" + if lL: lL.info(f"ServerSettings.pyOpenRPA_Processor. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}") + # Append in list inGSettings["ProcessorDict"]["ActivityList"]+=lInput else: + # Logging info about processor activity if not SuperToken () + if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings): + lActivityTypeListStr = "" + try: + lActivityTypeListStr = lInput['Def'] + except Exception as e: + lActivityTypeListStr = "Has some error with Activity Type read" + if lL: lL.info(f"ServerSettings.pyOpenRPA_Processor. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}") + # Append in list inGSettings["ProcessorDict"]["ActivityList"].append(lInput) # Execute activity list def pyOpenRPA_ActivityListExecute(inRequest, inGSettings): # Recieve the data + lL = inGSettings["Logger"] lValueStr = None if inRequest.headers.get('Content-Length') is not None: lInputByteArrayLength = int(inRequest.headers.get('Content-Length')) @@ -280,9 +302,28 @@ def pyOpenRPA_ActivityListExecute(inRequest, inGSettings): lInput = json.loads(lInputByteArray.decode('utf8')) # If list - operator plus if type(lInput) is list: + # Logging info about processor activity if not SuperToken () + if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings): + lActivityTypeListStr = "" + try: + for lActivityItem in lInput: + lActivityTypeListStr += f"{lActivityItem['Def']}; " + except Exception as e: + lActivityTypeListStr = "Has some error with Activity Type read" + if lL: lL.info(f"ServerSettings.pyOpenRPA_ActivityListExecute. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}") + # Execution lResultList = Processor.ActivityListExecute(inGSettings = inGSettings, inActivityList = lInput) inRequest.OpenRPAResponseDict["Body"] = bytes(json.dumps(lResultList), "utf8") else: + # Logging info about processor activity if not SuperToken () + if not __Orchestrator__.WebUserIsSuperToken(inRequest=inRequest, inGSettings=inGSettings): + lActivityTypeListStr = "" + try: + lActivityTypeListStr = lInput['Def'] + except Exception as e: + lActivityTypeListStr = "Has some error with Activity Type read" + if lL: lL.info(f"ServerSettings.pyOpenRPA_ActivityListExecute. User activity from web. Domain: {inRequest.OpenRPA['Domain']}, Username: {inRequest.OpenRPA['User']}, ActivityType: {lActivityTypeListStr}") + # Execution lResultList = Processor.ActivityListExecute(inGSettings = inGSettings, inActivityList = [lInput]) inRequest.OpenRPAResponseDict["Body"] = bytes(json.dumps(lResultList[0]), "utf8") diff --git a/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py b/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py index 217e5c4c..eaff0de7 100644 --- a/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py +++ b/Sources/pyOpenRPA/Orchestrator/__Orchestrator__.py @@ -285,6 +285,13 @@ def WebUserInfoGet(inRequest): lUserUpperStr = inRequest.OpenRPA["User"].upper() return {"DomainUpperStr": lDomainUpperStr, "UserNameUpperStr": lUserUpperStr} +# Return bool if request is authentificated with supetoken (token which is never expires) +def WebUserIsSuperToken(inRequest, inGSettings): + lIsSuperTokenBool = False + # Get Flag is supertoken (True|False) + lIsSuperTokenBool = inGSettings.get("ServerDict", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get(inRequest.OpenRPA["AuthToken"], {}).get("FlagDoNotExpire", False) + return lIsSuperTokenBool + # Return User UAC Hierarchy DICT Return {...} def WebUserUACHierarchyGet(inRequest): return inRequest.UserRoleHierarchyGet() diff --git a/changelog.md b/changelog.md index 57d7177f..d8ebe357 100644 --- a/changelog.md +++ b/changelog.md @@ -103,6 +103,10 @@ - Update def RDPSessionReconnect(inGSettings, inRDPSessionKeyStr, inRDPTemplateDict=None): # RDP Session reconnect - Add alg which find dublicates in RDPList if connection lost was appeared - important to catch 2+ RDP to one RDP configs + +- def WebUserIsSuperToken(inRequest, inGSettings): # Return bool if request is authentificated with supetoken (token which is never expires) + + [1.1.0] After 2 month test prefinal with new improovements (+RobotRDPActive in Orchestrator + Easy ControlPanelTemplate) Beta before 1.1.0 (new way of OpenRPA with improvements. Sorry, but no backward compatibility)/ Backward compatibility will start from 1.0.1