Beispiel #1
0
def mfa_verification_poll():
    print "mfa_verification_poll()"
    request_json = request.get_json()
    print "request_json: {0}".format(
        json.dumps(request_json, indent=4, sort_keys=True))
    polling_url = request_json["pollingUrl"]
    user_name = request_json["userName"]

    okta_util = OktaUtil(request.headers, config.okta)
    response = okta_util.execute_get(polling_url, None)

    if "factorResult" in response:
        print "factorResult: {0}".format(response["factorResult"])
        if response[
                "factorResult"] == "SUCCESS":  # Means the user successfully passed the factor, so reset the pasword
            okta_user_id = okta_util.get_user(user_name)["id"]
            password_reset_response = okta_util.reset_user_password(
                okta_user_id)
            print "password_reset_response: {0}".format(
                json.dumps(password_reset_response, indent=4, sort_keys=True))
            response["ott"] = password_reset_response[
                "resetPasswordUrl"].replace(
                    "{0}/reset_password/".format(config.okta["org_host"]), "")

    return json.dumps(response)
Beispiel #2
0
def push_mfa_code():
    print "push_mfa_code()"
    request_json = request.get_json()
    print "request_json: {0}".format(request_json)
    okta_util = OktaUtil(request.headers, config.okta)

    username = request_json["username"]
    factor_type = request_json["factorType"]
    code = None
    if "code" in request_json:
        code = request_json["code"]

    user = okta_util.get_user(username)
    # print "user: {0}".format(user, indent=4, sort_keys=True)

    response = {
        "status": "success",
        "message": "sent"
    }  # alwasy send this down so a malicious user can not farm enrolled factors

    if ("id" in user):
        okta_user_id = user["id"]
        okta_factor_id = None
        enrolled_factors = okta_util.list_factors(okta_user_id)
        # print "enrolled_factors: {0}".format(json.dumps(enrolled_factors, indent=4, sort_keys=True))

        for factor in enrolled_factors:
            # check factor type agains the enroled factor
            print "factor: {0}".format(
                json.dumps(factor, indent=4, sort_keys=True))
            if (factor["factorType"] == factor_type
                    and factor["provider"] == "OKTA") or (factor["provider"]
                                                          == factor_type):
                okta_factor_id = factor["id"]

        print "okta_factor_id: {0}".format(okta_factor_id)

        if okta_factor_id:
            push_response = okta_util.push_factor_verification(
                okta_user_id, okta_factor_id, code)
            # print "push_response: {0}".format(json.dumps(push_response, indent=4, sort_keys=True))

            # Check for a valid factor result
            if "factorResult" in push_response:
                response["factorResult"] = push_response["factorResult"]

                # check if there is a polling link to send back down to the client
                if "_links" in push_response:
                    if "poll" in push_response["_links"]:
                        response["pollingUrl"] = push_response["_links"][
                            "poll"]["href"]

                print "factorResult: {0}".format(push_response["factorResult"])
                if push_response[
                        "factorResult"] == "SUCCESS":  # Means the user successfully passed the factor, so reset the pasword
                    password_reset_response = okta_util.reset_user_password(
                        okta_user_id)
                    print "password_reset_response: {0}".format(
                        json.dumps(password_reset_response,
                                   indent=4,
                                   sort_keys=True))
                    response["ott"] = password_reset_response[
                        "resetPasswordUrl"].replace(
                            "{0}/reset_password/".format(
                                config.okta["org_host"]), "")
            else:
                response["status"] = "failed"
                response["message"] = push_response["errorSummary"]
        else:
            print "WARNING: User '{0}' not enrolled in factor: {1}".format(
                user["profile"]["login"], factor_type)
    else:
        print "WARNING: User '{0}' does not exsist in Okta".format(username)

    return json.dumps(response)