def setNameId(request, token): post = request.POST print(post) response = HttpResponse() if 'nameid' in post: version = '{}'.format(IMPERSONATION_VERSION) if version == "1": client = AppsClient('https://' + OKTA_ORG, API_KEY, IMPERSONATION_SAML_APP_ID) response.status_code = client.set_name_id( request.session['user_id'], post['nameid']) if version == "2": u_client = UsersClient('https://' + IMPERSONATION_V2_ORG, IMPERSONATION_V2_ORG_API_KEY) profile = request.session['profile'] users = u_client.list_user( json.loads(profile)['preferred_username']) users = json.loads(users) if "id" in users: client = AppsClient('https://' + IMPERSONATION_V2_ORG, IMPERSONATION_V2_ORG_API_KEY, IMPERSONATION_V2_SAML_APP_ID) response.status_code = client.set_name_id( users["id"], post['nameid']) for key in list(request.session.keys()): del request.session[key] return response
def registration_view3(request): if request.method == 'POST': form = RegistrationForm2(request.POST) if form.is_valid(): fn = form.cleaned_data['firstName'] ln = form.cleaned_data['lastName'] email = form.cleaned_data['email'] user = { "profile": { "firstName": fn, "lastName": ln, "email": email, "login": email } } client = UsersClient('https://' + OKTA_ORG, API_KEY) client.create_user(user=user, activate="false") try: print('create user {0} {1}'.format(fn, ln)) return HttpResponseRedirect(reverse('registration_success2')) except Exception as e: print("Error: {}".format(e)) form.add_error(field=None, error=e) else: form = RegistrationForm2() return render(request, 'register2.html', {'form': form})
def update_user(request, access_token): conf = _get_config(request) response = HttpResponse() response.status_code = 200 if request.method == 'POST': req = request.POST if 'user_id' in req: user_id = req['user_id'] email = '' first_name = '' last_name = '' role = '' company_name = '' deactivate = None if 'email' in req: email = req['email'] if 'firstName' in req: first_name = req['firstName'] if 'lastName' in req: last_name = req['lastName'] if 'role' in req: role = req['role'] if 'deactivate' in req: deactivate = req['deactivate'] if 'companyName' in req: company_name = req['companyName'] client = UsersClient('https://' + conf['org'], config.get_api_key(request)) user = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "login": email, "customer_role": role, "companyName": company_name } } if api_access_admin(conf, access_token): users = client.update_user(user=user, user_id=user_id, deactivate=deactivate) elif api_access_company_admin(conf, access_token): users = client.update_user(user=user, user_id=user_id, deactivate=deactivate) else: return not_authorized(request) response.content = users return response
def list_users(request): get = request.GET startsWith = None if 'startsWith' in get: startsWith = get['startsWith'] client = UsersClient('https://' + OKTA_ORG, API_KEY) users = client.list_users(15, startsWith) response = HttpResponse() response.status_code = 200 response.content = users return response
def add_users(request, access_token): conf = _get_config(request) response = HttpResponse() response.status_code = 200 if request.method == 'POST': req = request.POST email = '' first_name = '' last_name = '' role = '' activate = False profile_dict = request.session['profile'] company_name = '' if 'companyName' in profile_dict: company_name = profile_dict.get('companyName') if 'email' in req: email = req['email'] if 'firstName' in req: first_name = req['firstName'] if 'lastName' in req: last_name = req['lastName'] if 'role' in req: role = req['role'] if 'activate' in req: activate = req['activate'] client = UsersClient('https://' + conf['org'], config.get_api_key(request)) user = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "login": email, "customer_role": role, "companyName": company_name } } if api_access_admin(conf, access_token): users = client.create_user(user=user, activate=activate) elif api_access_company_admin(conf, access_token): users = client.create_user(user=user, activate=activate) else: return not_authorized(request) response.content = users return response
def add_users(request, token): response = HttpResponse() response.status_code = 200 if request.method == 'POST': req = request.POST email = '' firstName = '' lastName = '' role = '' activate = False #profile_dict = json.loads(request.session['profile']) profile_dict = request.session['profile'] companyName = '' if 'companyName' in profile_dict: companyName = profile_dict.get('companyName') if 'email' in req: email = req['email'] if 'firstName' in req: firstName = req['firstName'] if 'lastName' in req: lastName = req['lastName'] if 'role' in req: role = req['role'] if 'activate' in req: activate = req['activate'] client = UsersClient('https://' + OKTA_ORG, API_KEY) user = { "profile": { "firstName": firstName, "lastName": lastName, "email": email, "login": email, "customer_role": role, "companyName": companyName } } if api_access_admin(token): users = client.create_user(user=user, activate=activate) elif api_access_company_admin(token): users = client.create_user(user=user, activate=activate) # users = client.create_user_scoped(user=user, activate="false", group="") else: return not_authorized(request) response.content = users return response
def list_user(request, token): get = request.GET user_id = None if 'user' in get: user_id = get['user'] client = UsersClient('https://' + OKTA_ORG, API_KEY) if api_access_admin(token) or api_access_company_admin(token): users = client.list_user(user_id) else: return not_authorized(request) response = HttpResponse() response.status_code = 200 response.content = users return response
def list_users(request, access_token): conf = _get_config(request) get = request.GET starts_with = None if 'startsWith' in get: starts_with = get['startsWith'] client = UsersClient('https://' + conf['org'], config.get_api_key(request)) is_org_token = False try: token_obj = parse_bearer_token(access_token) if token_obj['iss'] == 'https://{0}'.format(conf['org']): is_org_token = True except Exception as e: print(e) if is_org_token: client.set_bearer_token(access_token) users = client.list_users(15, starts_with) else: profile_dict = request.session['profile'] company_name = profile_dict.get('companyName') if api_access_admin(conf, access_token): users = client.list_users(15, starts_with) elif api_access_company_admin(conf, access_token): users = client.list_users_scoped(15, company_name, starts_with) else: return not_authorized(request) response = HttpResponse() response.status_code = 200 response.content = users return response
def list_user(request, access_token): conf = _get_config(request) get = request.GET user_id = None if 'user' in get: user_id = get['user'] client = UsersClient('https://' + conf['org'], config.get_api_key(request)) if api_access_admin(conf, access_token) or api_access_company_admin( conf, access_token): users = client.list_user(user_id) else: return not_authorized(request) response = HttpResponse() response.status_code = 200 response.content = users return response
def activation_view(request, slug): name = None username = None user_id = None if slug: auth = AuthClient('https://' + OKTA_ORG) response = auth.recovery(slug) if response.status_code == 200: user = json.loads(response.content)['_embedded']['user'] name = user['profile']['firstName'] username = user['profile']['login'] user_id = user['id'] else: return HttpResponseRedirect(reverse('not_authenticated')) if request.method == 'POST': if user_id is None: return HttpResponseRedirect(reverse('not_authenticated')) try: form = ActivationForm(request.POST) if form.is_valid(): pw = form.cleaned_data['password1'] user = {"credentials": {"password": {"value": pw}}} client = UsersClient('https://' + OKTA_ORG, API_KEY) client.set_password(user_id=user_id, user=user) res = auth.authn(username, pw) if res.status_code == 200: session_token = json.loads(res.content)['sessionToken'] return redirect('https://' + OKTA_ORG + LOGIN_NOPROMPT_BOOKMARK + '?sessionToken={}'.format(session_token)) return HttpResponseRedirect(reverse('registration_success')) except Exception as e: print("Error: {}".format(e)) form.add_error(field=None, error=e) else: form = ActivationForm() return render(request, 'activate.html', { 'form': form, 'slug': slug, 'firstName': name })
def setNameId(request, token): post = request.POST print(post) response = HttpResponse() if 'nameid' in post: name_id = post['nameid'] admin = request.session['profile']['preferred_username'] version = '{}'.format(IMPERSONATION_VERSION) if version == "1": client = AppsClient('https://' + OKTA_ORG, API_KEY, IMPERSONATION_SAML_APP_ID) response.status_code = client.set_name_id( request.session['id_token']['sub'], name_id) if version == "2": u_client = UsersClient('https://' + OKTA_ORG, API_KEY) target = json.loads(u_client.list_user(name_id)) target_profile = target["profile"] target_groups = json.loads(u_client.get_user_groups(target["id"])) groupsIds = [] for g in target_groups: if g["type"] != 'BUILT_IN': groupsIds.append(g["id"]) now = datetime.datetime.now() new_login = "******" + now.strftime('%Y%m%d%H%M%S') + admin.split( "@")[0].replace(".", "") + "AS" + target_profile["login"] target_profile["login"] = new_login target_profile["email"] = new_login temp_user = {"profile": target_profile, "groupIds": groupsIds} u_client.create_user(user=temp_user, activate=True) u_client = UsersClient('https://' + IMPERSONATION_V2_ORG, IMPERSONATION_V2_ORG_API_KEY) users = u_client.list_user(admin) users = json.loads(users) if "id" in users: client = AppsClient('https://' + IMPERSONATION_V2_ORG, IMPERSONATION_V2_ORG_API_KEY, IMPERSONATION_V2_SAML_APP_ID) response.status_code = client.set_name_id( users["id"], new_login) for key in list(request.session.keys()): del request.session[key] return response
def list_users(request): get = request.GET startsWith = None if 'startsWith' in get: startsWith = get['startsWith'] client = UsersClient('https://' + OKTA_ORG, API_KEY) if 'admin' in request.session: users = client.list_users(15, startsWith) elif 'department_admin' in request.session: users = client.list_users_scoped(15, request.session.get('department', ''), startsWith) else: return not_authorized(request) response = HttpResponse() response.status_code = 200 response.content = users return response
def list_users(request, token): get = request.GET startsWith = None if 'startsWith' in get: startsWith = get['startsWith'] client = UsersClient('https://' + OKTA_ORG, API_KEY) profile_dict = request.session['profile'] #profile_dict = json.loads(profile) companyName = profile_dict.get('companyName') if api_access_admin(token): users = client.list_users(15, startsWith) elif api_access_company_admin(token): users = client.list_users_scoped(15, companyName, startsWith) else: return not_authorized(request) response = HttpResponse() response.status_code = 200 response.content = users return response
def activation_wo_token_view(request): state = None if request.method == 'POST': form = ActivationWithEmailForm(request.POST) if form.is_valid(): state = form.cleaned_data['state'] email = form.cleaned_data['email'] otp = form.cleaned_data['verificationCode'] password1 = form.cleaned_data['password1'] password2 = form.cleaned_data['password2'] print('state={}'.format(state)) client = UsersClient('https://' + OKTA_ORG, API_KEY) user = json.loads(client.get_user(email)) if state == 'verify-email': state = 'verify-token' print(user) if user['status'] == 'PROVISIONED': enroll_status = client.enroll_email_factor( user['id'], email) print(enroll_status.status_code) #if enroll_status.status_code == 200: response = client.list_factors(user['id']) factors = json.loads(response) for factor in factors: if factor['factorType'] == 'email': request.session['email_factor_id'] = factor['id'] request.session['verification_username'] = email request.session['verification_user_id'] = user[ 'id'] client.verify_email_factor(user['id'], factor['id']) elif state == 'verify-token': state = 'set-password' user_id = request.session['verification_user_id'] factor_id = request.session['email_factor_id'] response = client.verify_email_factor(user_id=user_id, factor_id=factor_id, pass_code=otp) print(response.content) elif state == 'set-password': payload = {"credentials": {"password": {"value": password1}}} client.set_password( user_id=request.session['verification_user_id'], user=payload) auth = AuthClient('https://' + OKTA_ORG) res = auth.authn(request.session['verification_username'], password1) if res.status_code == 200: session_token = json.loads(res.content)['sessionToken'] return redirect('https://' + OKTA_ORG + IDP_DISCO_PAGE + '?sessionToken={}'.format(session_token)) else: print('invalid form') else: state = 'verify-email' form = ActivationWithEmailForm() return render(request, 'activate_w_email.html', { 'form': form, 'state': state })