def get_user_list_by_group_id(self, id): self.logger.debug("OktaAdmin.get_user_list_by_group_id(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/groups/{id}/users".format( base_url=self.okta_config["okta_org_name"], id=id) return RestUtil.execute_get(url, okta_headers)
def get_groups_by_name(self, name): self.logger.debug("OktaAdmin.get_groups_by_name(name)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/groups?q={name}".format( base_url=self.okta_config["okta_org_name"], name=name) return RestUtil.execute_get(url, okta_headers)
def get_applications_all(self): self.logger.debug("OktaAdmin.get_applications_all(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/apps/?limit=200".format( base_url=self.okta_config["okta_org_name"]) return RestUtil.execute_get(url, okta_headers)
def streamingservice_device_validatecode(): logger.debug("streamingservice_device_validatecode()") url = "https://jl0tn0gk0e.execute-api.us-east-2.amazonaws.com/default/prd-zartan-deviceinformation?user_code=" + request.form["user_code"] headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) if ("device_code" in s3response): logger.debug("Save Device State") state = str(uuid.uuid4()) session["device_state"] = state url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate" headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } body = { "device_code": s3response['device_code'], "device_id": s3response['device_id'], "state": state } RestUtil.execute_post(url, body, headers=headers) response = url_for( "streamingservice_views_bp.streamingservice_device_register", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"] ) else: response = "invalid" return response
def get_applications_by_user_id(self, user_id): self.logger.debug("OktaAdmin.get_applications_by_user_id(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/apps/?limit=200&filter=user.id+eq+\"{user_id}\"".format( base_url=self.okta_config["okta_org_name"], user_id=user_id) return RestUtil.execute_get(url, okta_headers)
def get_application_groups(self, appid): self.logger.debug("OktaAdmin.get_application_groups(appid)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/apps/{app_id}/groups".format( base_url=self.okta_config["okta_org_name"], app_id=appid) return RestUtil.execute_get(url, okta_headers)
def get_idp_certificate(self, kid): self.logger.debug("OktaAdmin.get_idp_certificates()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/idps/credentials/keys/{kid}".format( base_url=self.okta_config["okta_org_name"], kid=kid) return RestUtil.execute_get(url, okta_headers)
def get_user(self, user_id): self.logger.debug("OktaAdmin.get_user(user_id)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users/{user_id}".format( base_url=self.okta_config["okta_org_name"], user_id=user_id) return RestUtil.execute_get(url, okta_headers)
def get_user_list_by_search(self, search): # /api/v1/users?search=profile.department eq "Engineering" self.logger.debug("OktaAdmin.get_user_list_by_search(search)") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/users?search={search}".format( base_url=self.okta_config["okta_org_name"], search=search) return RestUtil.execute_get(url, okta_headers)
def list_available_questions(self, user_id): self.logger.debug("list_available_questions()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{0}/api/v1/users/{1}/factors/questions".format( self.okta_config["okta_org_name"], user_id) return RestUtil.execute_get(url, okta_headers)
def list_available_factors(self, user_id): print("list_available_factors()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{0}/api/v1/users/{1}/factors/catalog".format( self.okta_config["okta_org_name"], user_id) return RestUtil.execute_get(url, okta_headers)
def getProductByIdAnonymous(self, product_id): self.logger.debug("Hybris Get Product By Id") hybris_headers = self.get_default_hybris_headers() # self.logger.debug("okta_headers: {0}".format(okta_headers)) #Let's just get 100 products and we'll paginate on our end. url = "{hybris_url}/rest/v2/electronics/products/{product_id}?fields=FULL".format( hybris_url=self.hybris_base_url, product_id=product_id) return RestUtil.execute_get(url, hybris_headers)
def getProductsAnonymous(self, query): self.logger.debug("Hybris Get Products") hybris_headers = self.get_default_hybris_headers() # self.logger.debug("okta_headers: {0}".format(okta_headers)) #Let's just get 100 products and we'll paginate on our end. url = "{hybris_url}/rest/v2/electronics/products/search?query={query}&fields=FULL&pageSize=100¤tPage=1".format( hybris_url=self.hybris_base_url, query=query) return RestUtil.execute_get(url, hybris_headers)
def get_remote_config(udp_subdomain, udp_app_name): logger.debug("get_remote_config()") remote_config = None if (is_udp_config_valid(udp_config)): json_headers["Authorization"] = "Bearer {0}".format( get_udp_oauth_access_token(udp_config)) remote_config_url = "{udp_config_url}/api/configs/{udp_subdomain}/{udp_app_name}".format( udp_config_url=os.getenv("UDP_CONFIG_URL", ""), udp_subdomain=udp_subdomain, udp_app_name=udp_app_name) remote_api_token_url = "{udp_config_url}/api/subdomains/{udp_subdomain}".format( udp_config_url=os.getenv("UDP_CONFIG_URL", ""), udp_subdomain=udp_subdomain) if "http" in remote_config_url: logger.debug( "Pulling remote config from: {0}".format(remote_config_url)) remote_config = RestUtil.execute_get(remote_config_url, json_headers) # logger.debug("config_json: {0}".format(json.dumps(remote_config, indent=4, sort_keys=True))) if "http" in remote_api_token_url: logger.debug( "Pulling remote config from: {0}".format(remote_api_token_url)) api_token_config = RestUtil.execute_get(remote_api_token_url, json_headers) # logger.debug("config_json: {0}".format(json.dumps(api_token_config, indent=4, sort_keys=True))) if remote_config: if "okta_api_token" in api_token_config: remote_config["okta_api_token"] = api_token_config[ "okta_api_token"] logger.debug("config_json: {0}".format( json.dumps(remote_config, indent=4, sort_keys=True))) else: logger.warning("Invalid UDP Config, Skipping remote configuration...") return remote_config
def get_user_application_by_current_client_id(self, user_id): self.logger.debug("OktaAdmin.get_user_application_by_current_client_id()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/apps/{app_id}/users/{user_id}".format( base_url=self.okta_config["okta_org_name"], app_id=self.okta_config["client_id"], user_id=user_id) return RestUtil.execute_get(url, okta_headers)
def streamingservice_device_register(): logger.debug("streamingservice_device_register()") client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"] okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) idplist = okta_admin.get_idps() facebook = "" google = "" linkedin = "" microsoft = "" idp = "" idptype = "" appname = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_appname"] if appname is None: appname = "" for idp in idplist: if idp["type"] == "FACEBOOK": facebook = idp["id"] idp = "true" elif idp["type"] == "GOOGLE": google = idp["id"] idp = "true" elif idp["type"] == "LINKEDIN": linkedin = idp["id"] idp = "true" elif idp["type"] == "MICROSOFT": microsoft = idp["id"] idp = "true" elif idp["type"] == "SAML2": idptype = "SAML2" idp = "true" url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate?state={0}".format(session["device_state"]) headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) del s3response['state'] return render_template( "streamingservice/device_register.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], state=session["device_state"], facebook=facebook, google=google, linkedin=linkedin, microsoft=microsoft, idp=idp, idptype=idptype, appname=appname, client_id=client_id, deviceinfo=json.dumps(s3response, sort_keys=True, indent=4))
def gbac_idverification_updateidentity(): logger.debug("gbac_idverification_updateidentity") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) basicauth = OktaUtil.get_encoded_auth( "okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI") headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": "Basic {0}".format(basicauth) } evident_id = user["profile"][get_udp_ns_fieldname("evident_id")] response = RestUtil.execute_get( "https://verify.api.demo.evidentid.com/api/v1/verify/requests/{0}". format(evident_id), headers=headers) now = datetime.datetime.now() # dd/mm/YY H:M:S verifydate = now.strftime("%d/%m/%Y %H:%M:%S") user_data = { "profile": { get_udp_ns_fieldname("last_verified_date"): str(verifydate) } } status = "" for item in response["attributes"]: status = item["status"] if status == "pending": break if item["type"] == "core.firstname": user_data["profile"]["firstName"] = item["values"][0] if item["type"] == "core.lastname": user_data["profile"]["lastName"] = item["values"][0] if item["type"] == "core.address.zipcode": user_data["profile"]["zipCode"] = item["values"][0] if item["type"] == "core.address.city": user_data["profile"]["city"] = item["values"][0] if item["type"] == "core.address.state": user_data["profile"]["state"] = item["values"][0] if status == "pending": return status else: logging.debug(user_data) okta_admin.update_user(user["id"], user_data) return response
def streamingservice_device_complete(): logger.debug("streamingservice_device_complete()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"] user_id = request.args.get('user_id') if user_id is not None: user_app_profile = okta_admin.get_user_application_by_client_id(user_id=user_id, client_id=client_id) devices = [] if get_udp_ns_fieldname("authorized_devices") in user_app_profile["profile"]: devices = user_app_profile["profile"][get_udp_ns_fieldname("authorized_devices")] if devices is None: devices = [] else: devices = [] device_id = request.args.get('device_id') devices.append(device_id) user_data = { "profile": { get_udp_ns_fieldname("authorized_devices"): devices } } okta_admin.update_application_user_profile_by_clientid(user_id=user_id, app_user_profile=user_data, client_id=client_id) url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken?device_code=" + request.args.get('device_code') headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) del s3response['device_id'] del s3response['device_code'] return render_template( "streamingservice/device_complete.html", config=session[SESSION_INSTANCE_SETTINGS_KEY], deviceinfo=json.dumps(s3response, sort_keys=True, indent=4)) else: redirect_url = url_for( "streamingservice_views_bp.streamingservice_device_activate", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) return redirect(redirect_url)
def streamingservice_token(): logger.debug("streamingservice_token()") device_code = request.args.get('device_code') url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken?device_code=" + device_code headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sparkpost_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) if "device_code" in s3response: response = s3response else: response = {"error": "authorization_pending"} return response
def get_idps(self): self.logger.debug("OktaAdmin.get_idps()") okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config) url = "{base_url}/api/v1/idps".format( base_url=self.okta_config["okta_org_name"]) return RestUtil.execute_get(url, okta_headers)
def systemGetGuestDeliveryModes(self, cart): self.logger.debug("Hybris add delivery mode to cart") hybris_headers = self.get_post_hybris_headers(self.system_token) url = "{hybris_url}/rest/v2/electronics/users/anonymous/carts/{cart_id}/deliverymodes".format( hybris_url=self.hybris_base_url, cart_id=cart) return RestUtil.execute_get(url, hybris_headers)
def systemGetOrder(self, orderId): self.logger.debug("Hybris get order") hybris_headers = self.get_default_hybris_headers(self.system_token) url = "{hybris_url}/rest/v2/electronics/orders/{orderid}".format( hybris_url=self.hybris_base_url, orderid=orderId) return RestUtil.execute_get(url, hybris_headers)
def getLoggedInCustomerOrders(self): self.logger.debug("Hybris get order") hybris_headers = self.get_default_hybris_headers(self.user_token) url = "{hybris_url}/rest/v2/electronics/users/current/orders".format( hybris_url=self.hybris_base_url) return RestUtil.execute_get(url, hybris_headers)
def getAnonymousCart(self, cart_guid): self.logger.debug("Hybris get guest cart") hybris_headers = self.get_default_hybris_headers() url = "{hybris_url}/rest/v2/electronics/users/anonymous/carts/{cart_guid}".format( hybris_url=self.hybris_base_url, cart_guid=cart_guid) return RestUtil.execute_get(url, hybris_headers)
def getLoggedInCustomerCart(self, cart_id): self.logger.debug("Hybris get customer cart") hybris_headers = self.get_default_hybris_headers(self.user_token) url = "{hybris_url}/rest/v2/electronics/users/current/carts/{cart_guid}".format( hybris_url=self.hybris_base_url, cart_guid=cart_id) return RestUtil.execute_get(url, hybris_headers)
def findLoggedInCustomerCart(self): self.logger.debug("Hybris find customer cart") hybris_headers = self.get_default_hybris_headers(self.user_token) url = "{hybris_url}/rest/v2/electronics/users/current/carts".format( hybris_url=self.hybris_base_url) return RestUtil.execute_get(url, hybris_headers)["carts"]
def streamingservice_callback(): """ handler for the oidc call back of the app """ logger.debug("streamingservice_callback()") response = None has_app_level_mfa_policy = False client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientid"] client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientsecret"] if "code" in request.form: oidc_code = request.form["code"] oidc_state = request.form["state"] okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) oauth_token = get_oauth_token_from_login( code=oidc_code, grant_type="authorization_code", auth_options={ "client_id": client_id, "client_secret": client_secret, }) url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate?state={0}".format( oidc_state) headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sparkpost_api_key"], } s3response = RestUtil.execute_get(url, headers=headers) url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken" headers = { "x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["sparkpost_api_key"], } body = { "device_code": s3response["device_code"], "device_id": s3response["device_id"], "access_token": oauth_token["access_token"], "id_token": oauth_token['id_token'], "refresh_token": oauth_token['refresh_token'] } RestUtil.execute_post(url, body, headers=headers) user = okta_auth.introspect_with_clientid(oauth_token['id_token'], client_id=client_id, client_secret=client_secret, token_type_hint="idtoken") responseurl = url_for( "streamingservice_views_bp.streamingservice_device_complete", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) responseurl = responseurl + "?device_id={0}&user_id={1}".format( s3response["device_id"], user["sub"]) response = redirect(responseurl) elif "error" in request.form: # This is in the case there is an Okta App level MFA policy logger.error("ERROR: {0}, MESSAGE: {1}".format( request.form["error"], request.form["error_description"])) if ("The client specified not to prompt, but the client app requires re-authentication or MFA." == request.form["error_description"]): has_app_level_mfa_policy = True # Error occured with Accessing the app instance if has_app_level_mfa_policy: error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: # catch all error response = gvalidation_bp_error( "Failed to Authenticate. Check to make sure the user has access to the application." ) return response
def decorated_function(*args, **kws): print("apply_remote_config()") if "is_config_set" not in session: session["is_config_set"] = False print("session['is_config_set']: {0}".format(session["is_config_set"])) # Request from service to get app config, if not is session or cache well_known_default_settings_url = None if not session["is_config_set"]: print("No session set") # Assumes the first two components are what we need split_domain_parts = get_domain_parts_from_request(request) session["udp_subdomain"] = split_domain_parts["udp_subdomain"] session["demo_app_name"] = split_domain_parts["demo_app_name"] session["remaining_domain"] = split_domain_parts[ "remaining_domain"] # aply default sessting always map_config(default_settings, session) # look for remote config well_known_default_settings_url = get_configs_url( session["udp_subdomain"], session["demo_app_name"]) print("well_known_default_settings_url: {0}".format( well_known_default_settings_url)) config_json = RestUtil.execute_get(well_known_default_settings_url, json_headers) print("config_json: {0}".format( json.dumps(config_json, indent=4, sort_keys=True))) # If invalid response, default to default / environment setting if "status" in config_json: if config_json["status"] == "ready": print("Remote config success. Mapping config to session") map_config(config_json, session) # print("Session Dump: {0}".format(session)) subdomain_config_url = os.getenv("UDP_SUBDOMAIN_URL", "{udp_subdomain}") # print("subdomain_config_url: {0}".format(subdomain_config_url)) subdomain_config_url = subdomain_config_url.format( udp_subdomain=session["udp_subdomain"]) # print("subdomain_config_url: {0}".format(subdomain_config_url)) # print("json_headers: {0}".format(json_headers)) subdomain_config_json = RestUtil.execute_get( subdomain_config_url, json_headers) print("subdomain_config_json: {0}".format( json.dumps(subdomain_config_json, indent=4, sort_keys=True))) if "okta_api_token" in subdomain_config_json: session["okta_api_token"] = subdomain_config_json[ "okta_api_token"] session["okta_org_name"] = subdomain_config_json[ "okta_org_name"] else: raise Exception( "Failed to get the Okta API Key from config") else: print( "Remote config not ready. Default to the local container env and default config" ) session["is_config_set"] = True else: print("Failed to load remote config from: {0}".format( well_known_default_settings_url)) response = make_response( render_template( "error.html", site_config=session, error_message= "Subdomain '{0}' is not configured. Check to make sure it is correct." .format(session["udp_subdomain"]))) return response print("Session Dump: {0}".format(session)) return f(*args, **kws)