def ecommerce_approvals_get():
logger.debug("workflow_approvals()")
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_groups = okta_admin.get_user_groups(user["id"])
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname("access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
logging.debug(group_get_response)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
for clist in user_groups:
if grp == clist['id']:
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_myapps_get():
logger.debug("dealer_myapps_get()")
CONFIG_GROUP_LOCATION_STARTSWITH = "{0}_".format(get_udp_ns_fieldname(CONFIG_LOCATION))
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
location = ""
# Find the groups the user belongs to and find the description of the _LOC_* group
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH):
location = item["profile"]["description"]
get_apps_response = okta_admin.get_applications_by_user_id(user_id)
return render_template(
"{0}/myapps.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
location=location,
apps=get_apps_response,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def b2b_requests_get():
logger.debug("b2bworkflow_requests_get()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname(
"access_requests")]
else:
pendingRequest = []
# On a GET display the registration page with the defaults
applist = []
list_group_full = []
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b")
for item in get_user_groups_response:
logging.debug(item)
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
group_id = "{id}".format(id=item["id"])
applist.append(item["profile"]["name"].replace(
CONFIG_GROUP_B2B_STARTSWITH, ""))
logging.debug(applist)
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH,
"") not in applist:
logging.debug(item["profile"]["name"])
group_id = "{id}".format(id=item["id"])
list_group_full.append({
"id":
item["id"],
"name":
item["profile"]["name"],
"description":
item["profile"]["description"],
"status":
"Pending"
if group_id in pendingRequest else "Not Requested"
})
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=list_group_full,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def workflow_approvals_get():
logger.debug("workflow_approvals()")
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
# On a GET display the registration page with the defaults
admin_groups = okta_admin.get_user_groups(user_id)
admin_group_id = ""
# Must be an admin
for item in admin_groups:
if item["profile"]["name"] == CONFIG_GROUP_ADMIN:
admin_group_id = item["id"]
if admin_group_id:
# access_requests attribute contains workflow request
# 'profile.access_requests eq pr"
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname(
"access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
return "ERROR: Unauthorized", 401
def gbac_users():
logger.debug("gbac_users()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
group_id = request.args.get('group_id')
if group_id:
selectedgroup_id = group_id
user_group = okta_admin.get_group(selectedgroup_id)
else:
user_group = gbac_get_group_by_name("everyone")
selectedgroup_id = user_group["id"]
group_user_list = okta_admin.get_user_list_by_group_id(selectedgroup_id)
group_list = okta_admin.get_user_groups(user_info["sub"])
return render_template("/manageusers.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
userlist=group_user_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
group_list=group_list,
user_group=user_group)
def ecommerce_requests_get():
logger.debug("workflow_requests_get()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname(
"access_requests")]
else:
pendingRequest = []
workflow_list = []
# On a GET display the registration page with the defaults
list_group_user = []
list_group_full = []
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
CONFIG_GROUP_EMPLOYEE_STARTSWITH = get_udp_ns_fieldname("employee")
CONFIG_GROUP_BUYER_STARTSWITH = get_udp_ns_fieldname("buyer")
print(CONFIG_GROUP_BUYER_STARTSWITH)
companylist = []
buyerlist = []
for item in get_user_groups_response:
if item["profile"]["name"].startswith(
CONFIG_GROUP_EMPLOYEE_STARTSWITH):
group_id = "{id}".format(id=item["id"])
companylist.append(item["profile"]["name"].replace(
CONFIG_GROUP_EMPLOYEE_STARTSWITH, ""))
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_BUYER_STARTSWITH):
group_id = "{id}".format(id=item["id"])
buyerlist.append(item["profile"]["name"].replace(
CONFIG_GROUP_BUYER_STARTSWITH, ""))
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH,
"") in companylist:
if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH,
"") not in buyerlist:
group_id = "{id}".format(id=item["id"])
list_group_full.append({
"id":
item["id"],
"name":
item["profile"]["name"],
"description":
item["profile"]["description"],
"status":
"Pending"
if group_id in pendingRequest else "Not Requested"
})
# Populate the workflow list with groups that the user is absent in
set_list1 = set(tuple(sorted(d.items())) for d in list_group_full)
set_list2 = set(tuple(sorted(d.items())) for d in list_group_user)
set_difference = set_list1 - set_list2
for tuple_element in set_difference:
workflow_list = list_group_full
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=workflow_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def create_login_response(user_name, password, session):
print("create_login_response()")
auth_response = {"success": False}
okta_auth = OktaAuth(session)
okta_admin = OktaAdmin(session)
# print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True)))
authn_json_response = okta_auth.authenticate(
username=session["login_id_prefix"] + user_name,
password=password,
headers=request.headers)
# print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True)))
if "sessionToken" in authn_json_response:
# Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient
# Look up if user is in this app/subdomain
# TODO: Clean this up to use Terraform setting or Group Rule
user_id = authn_json_response["_embedded"]["user"]["id"]
#print("user_id: {0}".format(user_id))
# Look up Patient group for this app/subdomain
patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"],
session["demo_app_name"])
print("patient_group_name: {0}".format(patient_group_name))
patient_groups = okta_admin.get_groups_by_name(patient_group_name)
has_patient_group = False
if len(patient_groups) != 0:
patient_group = okta_admin.get_groups_by_name(
patient_group_name)[0]
#print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True)))
user_groups = okta_admin.get_user_groups(user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
for group in user_groups:
if patient_group["id"] == group["id"]:
has_patient_group = True
break
if not has_patient_group:
# Assign User to group
group_assignment_response = okta_admin.assign_user_to_group(
patient_group["id"], user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
session["state"] = str(uuid.uuid4())
oauth_authorize_url = okta_auth.create_oauth_authorize_url(
response_type="code",
state=session["state"],
auth_options={
"response_mode": "form_post",
"prompt": "none",
"scope": "openid profile email",
"sessionToken": authn_json_response["sessionToken"],
})
auth_response["redirectUrl"] = oauth_authorize_url
auth_response["success"] = True
auth_response["status"] = "SUCCESS"
# print("oauth_authorize_url: {0}".format(oauth_authorize_url))
elif "errorSummary" in authn_json_response:
auth_response["errorMessage"] = "Login Unsuccessful: {0}".format(
authn_json_response["errorSummary"])
else:
# pass the message down for further processing like MFA
auth_response = authn_json_response
return auth_response
def workflow_requests_get():
logger.debug("workflow_requests_get()")
CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION)
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname("access_requests")]
else:
pendingRequest = []
workflow_list = []
# On a GET display the registration page with the defaults
list_group_user = []
list_group_full = []
is_user_dealership = False
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH):
is_user_dealership = True
if item["profile"]["name"] != "Everyone": # Ignore the Everyone group
group_id = "{id}".format(id=item["id"])
list_group_user.append({"id": item["id"],
"name": item["profile"]["name"],
"description": item["profile"]["description"],
"status": "Pending" if group_id in pendingRequest else "Not Requested"})
# If not a user of a dealership, cannot request access to applications
if is_user_dealership:
# Find the groups for this portal that start with name "DEALER_"
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
group_id = "{id}".format(id=item["id"])
list_group_full.append({"id": item["id"],
"name": item["profile"]["name"],
"description": item["profile"]["description"],
"status": "Pending" if group_id in pendingRequest else "Not Requested"})
# Populate the workflow list with groups that the user is absent in
set_list1 = set(tuple(sorted(d.items())) for d in list_group_full)
set_list2 = set(tuple(sorted(d.items())) for d in list_group_user)
set_difference = set_list1 - set_list2
for tuple_element in set_difference:
workflow_list.append(dict((x, y) for x, y in tuple_element))
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=workflow_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else: # If not a user of a dealership, cannot request access to applications
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
error="You have not been assigned to a dealership. Only users of a dealership can request access to applications",
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
