def emailAllMembersOfGroup(self, group_name, subject, message):
logger.debug("emailAllMembersOfGroup()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
# Find the Admin Group
group_list = okta_admin.get_groups_by_name(group_name)
for group in group_list:
if group["profile"]["name"] == group_name:
group_id = group["id"]
# Find All members that will be notified
recipients = []
user_list = okta_admin.get_user_list_by_group_id(group_id)
for user in user_list:
recipients.append({"address": user["profile"]["email"]})
if recipients:
email_send = Email.send_mail(subject=subject, message=message, recipients=recipients)
return email_send
def gbac_user_suspend():
logger.debug("gbac_user_suspend()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.args.get('user_id')
suspend_user = okta_admin.suspend_user(user_id)
user_info2 = okta_admin.get_user(user_id)
if not suspend_user:
message = "User {0} {1} Suspended".format(
user_info2['profile']['firstName'],
user_info2['profile']['lastName'])
else:
message = "Error During Suspension"
return redirect(
url_for("gbac_manageusers_bp.gbac_users",
_external="True",
_scheme="https",
message=message))
def gbac_user_resetpassword():
logger.debug("gbac_user_resetpassword")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.args.get('user_id')
reset_password = okta_admin.reset_password_for_user(user_id)
user_info2 = okta_admin.get_user(user_id)
if not reset_password:
message = "Password Reset for User {0} {1}".format(
user_info2['profile']['firstName'],
user_info2['profile']['lastName'])
else:
message = "Error During Password Reset"
return redirect(
url_for("gbac_manageusers_bp.gbac_users",
_external="True",
_scheme="https",
message=message))
def gbac_user_create():
logger.debug("gbac_user_create")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
first_name = request.form.get('firstname')
last_name = request.form.get('lastname')
email = request.form.get('email')
login = request.form.get('email')
mobile_phone = request.form.get('phonenumber')
user_data = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": login,
"mobilePhone": mobile_phone
}
}
group_id = request.form.get('group_id')
user_create_response = okta_admin.create_user(user_data, True)
if "errorCode" not in user_create_response:
logging.debug(group_id)
if group_id == "None":
# do nothing
message = "User {0} {1} was Created".format(first_name, last_name)
else:
user_group_response = okta_admin.assign_user_to_group(
group_id, user_create_response['id'])
if "errorCode" not in user_group_response:
message = "User {0} {1} was Created".format(
first_name, last_name)
else:
message = "Error During Create - " + str(
user_group_response["errorCauses"][0]["errorSummary"])
else:
message = "Error During Create - " + str(
user_create_response["errorCauses"][0]["errorSummary"])
return redirect(
url_for("gbac_manageusers_bp.gbac_users",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def register_default():
print("register_default()")
user_form_data = request.get_json()
register_default_response = {"success": False}
id_token = request.cookies.get("id_token")
user_id = get_claims_from_token(id_token)["sub"]
okta_admin = OktaAdmin(session)
user = {
"profile": {
"firstName": user_form_data["firstName"],
"lastName": user_form_data["lastName"]
}
}
app_user = {
"profile": {
"height": user_form_data["height"],
"weight": user_form_data["weight"]
}
}
updated_user = okta_admin.update_user(user_id, user)
# print("updated_user: {0}".format(json.dumps(updated_user, indent=4, sort_keys=True)))
updated_app_user = okta_admin.update_application_user_profile(
user_id, app_user)
if "errorSummary" in updated_user:
register_default_response["errorMessage"] = updated_user[
"errorSummary"]
if "errorCauses" in updated_user:
register_default_response["errorMessages"] = []
for error_cause in updated_user["errorCauses"]:
register_default_response["errorMessages"].append(
{"errorMessage": error_cause["errorSummary"]})
else:
register_default_response["success"] = True
register_default_response["app_user"] = updated_app_user
register_default_response["user"] = updated_user
return json.dumps(register_default_response)
def healthcare_accept_terms():
logger.debug("healthcare_accept_terms()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
now = datetime.datetime.now()
# dd/mm/YY H:M:S
consent = now.strftime("%d/%m/%Y %H:%M:%S")
user_data = {"profile": {get_udp_ns_fieldname("consent"): consent}}
user_update_response = okta_admin.update_user(user_id, user_data)
logger.debug(user_update_response)
return redirect(
url_for("healthcare_views_bp.healthcare_profile",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
user_id=user_id))
def gbac_trustedorigins_edit():
logger.debug("gbac_trustedorigins_edit()")
# user_info = get_userinfo()
trustedoriginid = request.args.get('trustedoriginid')
if trustedoriginid:
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
trustedorigin = okta_admin.get_trusted_origin(id=trustedoriginid)
return render_template("/managetrustedoriginscreateupdate.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
trustedorigin=trustedorigin)
else:
return redirect(
url_for(
"gbac_managetrustedorigins_bp.gbac_trustedorigins",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]))
def gbac_apps_update():
logger.debug("gbac_apps_update()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
oidcclientid = request.args.get('oidcclientid')
oidcloginredirecturi = request.args.get('oidcloginredirecturi')
oidcapplabel = request.args.get('oidcapplabel')
if oidcclientid != "" and oidcloginredirecturi != "" and oidcapplabel != "":
okta_admin.update_web_application(app_label=oidcapplabel,
redirect_uris=oidcloginredirecturi,
app_id=oidcclientid)
return redirect(
url_for(
gbac_app,
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message="Application Updated"))
else:
return "", 500
def gbac_apps_edit():
logger.debug("gbac_apps_edit()")
app_id = request.args.get('appid')
if app_id:
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
appinfo = okta_admin.get_applications_by_id(app_id)
return render_template("/manageappscreateupdate.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
appid=app_id,
appinfo=appinfo)
else:
return redirect(
url_for(
"gbac_manageapps_bp.gbac_apps",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]))
def enroll_sms_voice():
print("enroll_sms_voice()")
body = request.get_json()
factor_type = body["factor_type"]
provider = body["provider"]
phone_number = body["phone_number"]
if "state_token" in body:
okta_auth = OktaAuth(session)
state_token = body["state_token"]
response = okta_auth.enroll_sms_voice(state_token, factor_type,
provider, phone_number)
else:
okta_admin = OktaAdmin(session)
user_id = body["user_id"]
response = okta_admin.enroll_sms_voice(user_id, factor_type, provider,
phone_number)
return json.dumps(response)
def gbac_saml_idps():
logger.debug("gbac_saml_idps()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
idp_list = okta_admin.get_idps("SAML2")
# Grab the runtime details we care about and stuff them into a JSON object
# for easy display.
for idp in idp_list:
detail = {
"acs_url": idp['_links']['acs']['href'],
"metadata_url": idp['_links']['metadata']['href']
}
idp["detailJSON"] = json.dumps(detail)
logger.debug(idp_list)
return render_template("/managesamlidps.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
idplist=idp_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def gbac_finduser_completion():
logger.debug("gbac_finduser_completion()")
firstName = request.form.get('firstname')
lastName = request.form.get('lastname')
primaryPhone = request.form.get('phone')
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_response = ""
message = ""
email = ""
login = ""
if primaryPhone:
logging.debug("checking primaryPhone")
user_response = okta_admin.get_user_list_by_search(
"profile.primaryPhone eq \"" + primaryPhone + "\"&limit=1")
if not user_response:
logging.debug("checking mobilePhone")
user_response = okta_admin.get_user_list_by_search(
"profile.mobilePhone eq \"" + primaryPhone + "\"&limit=1")
else:
user_response = okta_admin.get_user_list_by_search(
"profile.firstName eq \"" + firstName +
"\" and profile.lastName eq \"" + lastName + "\"&limit=1")
if user_response:
login = user_response[0]['profile']['login']
recipients = []
recipients.append({"address": user_response[0]["profile"]["email"]})
emailLogin(recipients, login)
message = "Your Username was found. An email is being sent to: " + user_response[
0]["profile"]["email"]
else:
message = "Your Username was not found. Please try again."
return redirect(
url_for("gbac_findusername_bp.findusername_bp",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
email=email,
message=message))
def gbac_create_update_saml_idp_page():
logger.debug("gbac_create_update_saml_idp_page()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
idp_id = request.args.get('idpId')
idp_info = okta_admin.get_idp(idp_id)
if 'id' in idp_info:
cert_info = okta_admin.get_idp_certificate(
idp_info['protocol']['credentials']['trust']['kid'])
cert_display_data = IDPUtil.getCertificateDisplayValues(
cert_info['x5c'][0])
idp_info['cert_expiry'] = cert_display_data.not_valid_after
idp_info['cert_issuer'] = cert_display_data.issuer.rfc4514_string()
logger.debug("Retrieved IDP: {0}".format(idp_info))
return render_template("/managesamlidp.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
idp_info=idp_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def enroll_question():
print("enroll_question()")
body = request.get_json()
factor_type = body["factor_type"]
provider = body["provider"]
question = body["question"]
answer = body["answer"]
if "state_token" in body:
okta_auth = OktaAuth(session)
state_token = body["state_token"]
response = okta_auth.enroll_question(state_token, factor_type,
provider, question, answer)
else:
okta_admin = OktaAdmin(session)
user_id = body["user_id"]
response = okta_admin.enroll_question(user_id, factor_type, provider,
question, answer)
return json.dumps(response)
def healthcare_schedule():
logger.debug("healthcare_schedule")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
dob = ""
gender = ""
if get_udp_ns_fieldname("dob") in user["profile"]:
dob = user["profile"][get_udp_ns_fieldname("dob")]
if get_udp_ns_fieldname("gender") in user["profile"]:
gender = user["profile"][get_udp_ns_fieldname("gender")]
return render_template(
"healthcare/schedule.html",
id_token=TokenUtil.get_id_token(request.cookies),
access_token=TokenUtil.get_access_token(request.cookies),
user_info=get_userinfo(),
user_info2=user,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
dob=dob,
gender=gender)
def gbac_linkedobjects():
logger.debug("gbac_linkedobjects()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
try:
schemas = okta_admin.get_user_schemas()
except Exception:
schemas = ""
nfamily = ""
logger.debug(schemas)
if schemas:
family = "["
for schema in schemas:
family = family + "{" + \
"\"pname\":\"" + schema['primary']['name'] + "\"," + \
"\"ptitle\":\"" + schema['primary']['title'] + "\"," + \
"\"aname\":\"" + schema['associated']['name'] + "\"," + \
"\"atitle\":\"" + schema['associated']['title'] + "\"," + \
"\"users\": [ "
users = okta_admin.get_linked_users(user_info['sub'],
schema['associated']['name'])
for user in users:
userid = user['_links']['self']['href'].rsplit('/', 1)[-1]
associateduser = okta_admin.get_user(userid)
family = family + json.dumps(associateduser) + ","
family = family[:-1] + "]},"
family = family[:-1] + "]"
nfamily = json.loads(family)
return render_template("/managelinkedobjects.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
nfamily=nfamily)
def signupcreateuser():
print("Signup Create User()")
okta_admin = OktaAdmin(default_settings)
first_name = request.form.get('firstname')
last_name = request.form.get('lastname')
email = request.form.get('email')
login = request.form.get('login')
mobile_phone = request.form.get('phonenumber')
password = request.form.get('password')
group_name = request.form.get('groupname')
if not login:
login = email
user_data = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": login,
"mobilePhone": mobile_phone,
"travelAgencyGroup": group_name
},
"credentials": {
"password" : { "value": password }
}
}
user_create_response = okta_admin.create_user(user_data)
if "errorCode" in user_create_response:
print(user_create_response)
message = "<p>Error During Registration</p>" + user_create_response['errorCauses'][0]['errorSummary']
return redirect(url_for("signup", _external="True", _scheme="https",message=message))
else:
print(user_create_response)
print("User " + first_name + " "+ last_name + " was Created")
return redirect(url_for("login", _external="True", _scheme="https"))
return redirect(url_for("signup", _external="True", _scheme="https",message=message))
def gbac_registration_completion():
logger.debug("gbac_registration_completion()")
user_data = {
"profile": {
"firstName": request.form.get('firstname'),
"lastName": request.form.get('lastname'),
"email": request.form.get('email'),
"login": request.form.get('email'),
"primaryPhone": request.form.get('phone'),
"mobilePhone": request.form.get('phone')
}
}
logger.debug(user_data)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_create_response = okta_admin.create_user(user=user_data,
activate_user='******')
logger.debug(user_create_response)
activation_link = ""
if request.form.get('noemail').lower() == 'true':
logger.debug("no email will be sent")
activation_link = url_for(
"gbac_registration_bp.gbac_registration_state_get",
stateToken=user_create_response["id"],
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
logger.debug("email sent")
emailRegistration(recipient={"address": request.form.get('email')},
token=user_create_response["id"])
return render_template(
"/registration-completion.html",
email=request.form.get('email'),
activationlink=activation_link,
noemail=request.form.get('noemail').lower(),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_approvals_get():
logger.debug("workflow_approvals()")
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_groups = okta_admin.get_user_groups(user["id"])
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname("access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
logging.debug(group_get_response)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
for clist in user_groups:
if grp == clist['id']:
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_registration_state_post(user_id):
logger.debug("gbac_registration_state_post()")
logger.debug(request.form.get('password'))
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_data = okta_admin.get_user(user_id)
if "errorCode" in user_data:
logger.error("user_data: {0}".format(user_data))
return render_template("/registration-state.html",
userid=user_id,
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_data['errorSummary'])
user_data["credentials"] = {
"password": {
"value": request.form.get('password')
},
"recovery_question": {
"question": "Company Name, its Okta.",
"answer": "Okta"
}
}
logger.debug(user_data)
user_update_response = okta_admin.update_user(user_id=user_data["id"],
user=user_data)
logger.debug(user_update_response)
if "errorCode" in user_update_response:
return render_template(
"/registration-state.html",
userid=user_data["id"],
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_update_response['errorCauses'][0]['errorSummary'])
nresponse = okta_admin.activate_user(user_data["id"], send_email=False)
logger.debug(nresponse)
group_info = okta_admin.get_application_groups(
session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"])
group_id = group_info[0]["id"]
okta_admin.assign_user_to_group(group_id, user_data["id"])
message = "Registration Complete! Please Login Now!"
return redirect(
url_for("gbac_bp.gbac_login",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def ecommerce_clear_consent(userid):
logger.debug("ecommerce_clear_consent")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_data = {"profile": {
get_udp_ns_fieldname("consent"): "",
}}
user_update_response = okta_admin.update_user(userid, user_data)
if "error" in user_update_response:
message = "Error During Update: " + user_update_response
else:
message = ""
return redirect(
url_for(
"ecommerce_views_bp.ecommerce_profile",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
user_id=userid,
message=message))
def get_modal_options(okta_user_id):
print("get_modal_options(okta_user_id)")
# print("okta_user_id: {0}".format(okta_user_id))
okta_admin = OktaAdmin(session)
user = okta_admin.get_user(okta_user_id)
# print("user: {0}".format(json.dumps(user, indent=4, sort_keys=True)))
curent_application = okta_admin.get_user_application_by_current_client_id(
okta_user_id)
# print("curent_application: {0}".format(json.dumps(curent_application, indent=4, sort_keys=True)))
# print("user: {0}".format(json.dumps(user, indent=4, sort_keys=True)))
# Apply Rules based on user and app combo
modal_options = {
"showConsent":
show_user_consent(curent_application),
"showRegistrationDefault":
show_user_reg_form_default(user, curent_application),
"showRegistrationAlt1":
show_user_reg_form_alt1(user, curent_application)
}
return modal_options
def ecommerce_order_post():
logger.debug("ecommerce_order_post()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
logger.debug(request)
firstname = request.form.get("firstName")
lastname = request.form.get("lastName")
email = request.form.get("email")
streetAddress = request.form.get("address")
city = request.form.get("city")
state = request.form.get("state")
zipCode = request.form.get("zip")
countryCode = request.form.get("country")
user_data = {
"profile": {
"firstName": firstname,
"lastName": lastname,
"email": email,
"streetAddress": streetAddress,
"city": city,
"state": state,
"zipCode": zipCode,
"countryCode": countryCode
}
}
logger.debug(user_data)
response = okta_admin.update_user(user_id=user_info["sub"], user=user_data)
logger.debug(response)
# /ecommerce/order?message=Order Complete
# return render_template("ecommerce/order.html", user=user, user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
return redirect(
url_for(
"ecommerce_views_bp.ecommerce_order",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message="Order Complete"))
def gbac_idverification_getverificationcode():
logger.debug("gbac_idverification_bp")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
evidenttoken = ""
basicauth = OktaUtil.get_encoded_auth(
"okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI")
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic {0}".format(basicauth)
}
my_str = user["profile"]["email"]
idx = my_str.index("@")
email = my_str[:idx] + str(time.time()) + my_str[idx:]
body = {
"email": email,
"templateId": "1ce55f4e-7bb2-4907-9643-dc61f1f04f4d"
}
response = RestUtil.execute_post(
" https://verify.api.demo.evidentid.com/api/v1/verify/requests",
headers=headers,
body=body)
evidenttoken = response["userIdentityToken"]
user_data = {
"profile": {
get_udp_ns_fieldname("evident_id"): response["id"]
}
}
okta_admin.update_user(user["id"], user_data)
return evidenttoken
def verify_dob():
print("verify_dob()")
json_data = request.get_json()
# print(json_data)
verify_dob_response = {"success": False}
okta_auth = OktaAuth(session)
token_state = okta_auth.get_transaction_state(json_data["stateToken"])
# print("token_state: {0}".format(json.dumps(token_state, indent=4, sort_keys=True)))
if "errorSummary" in token_state:
verify_dob_response["errorMessage"] = token_state["errorSummary"]
else:
okta_admin = OktaAdmin(session)
user = okta_admin.get_user(token_state["_embedded"]["user"]["id"])
app_user = okta_admin.get_user_application_by_current_client_id(
user["id"])
# print("user: {0}".format(json.dumps(user, indent=4, sort_keys=True)))
# print("app_user: {0}".format(json.dumps(app_user, indent=4, sort_keys=True)))
if "errorSummary" in user:
verify_dob_response["errorMessage"] = user["errorSummary"]
if "errorCauses" in user:
verify_dob_response["errorMessages"] = []
for error_cause in user["errorCauses"]:
verify_dob_response["errorMessages"].append(
{"errorMessage": user["errorSummary"]})
else:
if app_user["profile"]["dob"] == json_data["dob"]:
verify_dob_response["user"] = user
verify_dob_response["app_user"] = user
verify_dob_response["success"] = True,
else:
verify_dob_response[
"errorMessage"] = "Your date of birth does not match our records"
return json.dumps(verify_dob_response)
def gbac_createschemas():
logger.debug("gbac_linkedobjects()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
ptitle = request.form.get('primarytitle')
pname = request.form.get('primaryfieldname')
pdesc = request.form.get('primarydescription')
atitle = request.form.get('associatedtitle')
aname = request.form.get('associatedfieldname')
adesc = request.form.get('associateddescription')
try:
okta_admin.create_schema(pname.lower(), ptitle, pdesc, aname.lower(),
atitle, adesc)
message = "Schema Created"
except Exception:
message = "Cannot Create Schemas. Please contact your adminstrator."
return redirect(
url_for("gbac_lo_bp.gbac_schemas",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def accept_consent():
print("accept_consent()")
concent_accept_response = {"success": False}
id_token = request.cookies.get("id_token")
okta_admin = OktaAdmin(session)
user_id = get_claims_from_token(id_token)["sub"]
app = okta_admin.get_user_application_by_current_client_id(user_id)
app_id = session["client_id"]
app["profile"]["userConsentDate"] = datetime.today().strftime('%Y-%m-%d')
app["profile"]["userConsentToS"] = "1.0"
update_response = okta_admin.update_application_user_profile(user_id, app)
if "errorSummary" in update_response:
concent_accept_response["errorMessage"] = update_response[
"errorSummary"]
else:
concent_accept_response["success"] = True
return json.dumps(concent_accept_response)
def gbac_users():
logger.debug("gbac_users()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
group_id = request.args.get('group_id')
if group_id:
selectedgroup_id = group_id
user_group = okta_admin.get_group(selectedgroup_id)
else:
user_group = gbac_get_group_by_name("everyone")
selectedgroup_id = user_group["id"]
group_user_list = okta_admin.get_user_list_by_group_id(selectedgroup_id)
group_list = okta_admin.get_user_groups(user_info["sub"])
return render_template("/manageusers.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
userlist=group_user_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
group_list=group_list,
user_group=user_group)
def ecommerce_user_update():
logger.debug("ecommerce_user_update")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.form.get('user_id')
logging.debug(request.form.to_dict())
first_name = safe_get_dict(request.form, 'firstname')
last_name = safe_get_dict(request.form, 'lastname')
email = safe_get_dict(request.form, 'email')
mobile_phone = safe_get_dict(request.form, 'mobilePhone')
consent = safe_get_dict(request.form, 'nconsent')
user_data = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"mobilePhone": mobile_phone,
get_udp_ns_fieldname("consent"): consent,
}
}
logging.debug(user_data)
user_update_response = okta_admin.update_user(user_id, user_data)
logging.debug(user_update_response)
if "error" in user_update_response:
message = "Error During Update: " + user_update_response
else:
message = "User Updated!"
return redirect(
url_for("ecommerce_views_bp.ecommerce_profile",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
user_id=user_id,
message=message))
def admincreateuser():
print("Admin Create User()")
okta_admin = OktaAdmin(default_settings)
first_name = request.form.get('firstname')
last_name = request.form.get('lastname')
email = request.form.get('email')
login = request.form.get('login')
mobile_phone = request.form.get('phonenumber')
if not login:
login = email
# Group and find a Travel Agency
token = oidc.get_access_token()
group_name = TokenUtil.get_single_claim_from_token(token,"tagrp")
user_data = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": login,
"mobilePhone": mobile_phone,
"travelAgencyGroup": group_name
}
}
user_create_response = okta_admin.create_user(user_data)
if user_create_response:
message = "User " + first_name + " "+ last_name+ " was Created"
else:
message = "Error During Create"
return redirect(url_for("users", _external="True", _scheme="https",message=message))
