def admin_temporarypasscode(): logger.debug("admin_temporarypasscode()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_id = request.args.get('user_id') user = okta_admin.get_user(user_id) randcode = random_with_N_digits(6) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) listfactors = okta_admin.list_enrolled_factors(user_id) for factor_info in listfactors: if "question" in factor_info['factorType']: factor_id = factor_info['id'] okta_admin.delete_factor(user_id=user_id, factor_id=factor_id) okta_admin.enroll_securityquestion(user_id, "favorite_security_question", str(randcode)) else: okta_admin.enroll_securityquestion(user_id, "favorite_security_question", str(randcode)) usersname = user["profile"]["firstName"] + " " + user["profile"]["lastName"] message = "{0} - MFA Security Question Set to 'Favorite Security Question'. Users new code is: {1}".format( usersname, str(randcode)) return redirect( url_for("admin_views_bp.admin_usersadvanced", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=message))
def get_profile(): print("get_profile()") user = None factors = None if ("token" in request.cookies and "id_token" in request.cookies): id_token_claims = get_claims_from_token(request.cookies["id_token"]) if "sub" in id_token_claims: okta_admin = OktaAdmin(session) user = okta_admin.get_user(id_token_claims["sub"]) user_profile = user["profile"] app_user = okta_admin.get_user_application_by_current_client_id( user["id"]) print(json.dumps(app_user)) app_user_profile = app_user["profile"] #print("user: {0}".format(user)) # get a list of enrolled factors factors = get_enrolled_factors(user["id"]) response = make_response( render_template("profile.html", site_config=session, user=user, user_profile=user_profile, app_user=app_user_profile, factors=factors, claims=id_token_claims, okta_widget_container_id="okta-login-container", getNewTokenUrl="")) return response
def get_available_factors(user_id): print("get_available_factors()") okta_admin = OktaAdmin(session) available_factors = okta_admin.list_available_factors(user_id) factors = [] for f in available_factors: if f["status"] == "NOT_SETUP": factorType = f["factorType"] provider = f["provider"] try: phone_number = f["_embedded"]["phones"][0]["profile"][ "phoneNumber"] except: phone_number = None factor = { "factorType": factorType, "provider": provider, "phoneNumber": phone_number, "name": get_factor_name(factorType, provider) } factors.append(factor) return json.dumps(factors)
def admin_temporarypasscode(): logger.debug("admin_temporarypasscode()") user_id = request.args.get('user_id') randcode = random_with_N_digits(6) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) listfactors = okta_admin.list_enrolled_factors(user_id) for factor_info in listfactors: if "question" in factor_info['factorType']: factor_id = factor_info['id'] okta_admin.delete_factor(user_id=user_id, factor_id=factor_id) okta_admin.enroll_securityquestion(user_id, "favorite_security_question", str(randcode)) else: okta_admin.enroll_securityquestion(user_id, "favorite_security_question", str(randcode)) message = "Your Temporary Code is: {0}".format(str(randcode)) return redirect( url_for("admin_views_bp.admin_usersadvanced", _external="True", _scheme="https", message=message))
def admin_addkeytouser(): logger.debug("admin_addkeytouser()") user_id = request.args.get('userId') factor_profile_id = request.args.get('factorProfileId') shared_secret = request.args.get('sharedSecret') okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) listfactors = okta_admin.list_enrolled_factors(user_id) logger.debug(listfactors) for factor_info in listfactors: if "token:hotp" in factor_info['factorType']: factor_id = factor_info['id'] okta_admin.delete_factor(user_id=user_id, factor_id=factor_id) response = okta_admin.enroll_hardtoken(user_id, factor_profile_id, shared_secret) logger.debug(response) break else: response = okta_admin.enroll_hardtoken(user_id, factor_profile_id, shared_secret) logger.debug(response) break message = "Your Key is Setup" return message
def get_enrolled_factors(user_id): print("get_enrolled_factors()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) enrolled_factors = okta_admin.list_enrolled_factors(user_id) factors = [] for f in enrolled_factors: logger.debug(f["factorType"]) factor = {} factor["id"] = f["id"] factor["type"] = f["factorType"] factor["provider"] = f["provider"] factor["vendor"] = f["vendorName"] switcher = { 'token:software:totp': totp, 'push': push, 'webauthn': webauthn, 'sms': sms, 'call': call, 'question': question } if f["status"] == "ACTIVE": myfactor = switcher.get(f["factorType"]) else: myfactor = None if myfactor is not None: factor = myfactor(factor, f) factors.append(factor) return factors
def get_available_factors(user_id): print("get_available_factors()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) available_factors = okta_admin.list_available_factors(user_id) factors = [] logging.debug(available_factors) for f in available_factors: if f["status"] == "NOT_SETUP" or f["factorType"] == "webauthn": factorType = f["factorType"] provider = f["provider"] try: phone_number = f["_embedded"]["phones"][0]["profile"][ "phoneNumber"] except Exception: phone_number = None logging.debug(get_factor_name(factorType, provider) + provider) factor = { "factorType": factorType, "provider": provider, "phoneNumber": phone_number, "name": get_factor_name(factorType, provider) } if (provider == "SYMANTEC"): # do nothing continue else: factors.append(factor) return json.dumps(factors)
def dealer_myapps_get(): logger.debug("dealer_myapps_get()") CONFIG_GROUP_LOCATION_STARTSWITH = "{0}_".format(get_udp_ns_fieldname(CONFIG_LOCATION)) user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] location = "" # Find the groups the user belongs to and find the description of the _LOC_* group get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH): location = item["profile"]["description"] get_apps_response = okta_admin.get_applications_by_user_id(user_id) return render_template( "{0}/myapps.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], location=location, apps=get_apps_response, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def decorated_function(*args, **kws): logger.debug("check_okta_api_token()") response = None if not is_apitoken_valid(): okta_api_token = session[SESSION_INSTANCE_SETTINGS_KEY][ "okta_api_token"] logger.debug("okta_api_token: {0}".format(okta_api_token)) if okta_api_token: okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) groups = okta_admin.get_groups_by_name("Everyone") if "errorSummary" in groups: if "Invalid token provided" == groups["errorSummary"]: response = gvalidation_bp_error( "Okta API Token is invalid!") else: session[SESSION_IS_APITOKEN_VALID_KEY] = True else: response = gvalidation_bp_error("Okta API Token is not set!") if response: return response return f(*args, **kws)
def gbac_idverification_getverificationcode(): logger.debug("gbac_idverification_bp") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) evidenttoken = "" basicauth = OktaUtil.get_encoded_auth("okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI") headers = { "Accept": "application/json", "Content-Type": "application/json", "Authorization": "Basic {0}".format(basicauth) } my_str = user["profile"]["email"] idx = my_str.index("@") email = my_str[:idx] + str(time.time()) + my_str[idx:] body = { "email": email, "templateId": "1ce55f4e-7bb2-4907-9643-dc61f1f04f4d" } response = RestUtil.execute_post(" https://verify.api.demo.evidentid.com/api/v1/verify/requests", headers=headers, body=body) evidenttoken = response["userIdentityToken"] user_data = {"profile": {get_udp_ns_fieldname("evident_id"): response["id"]}} okta_admin.update_user(user["id"], user_data) return evidenttoken
def gbac_idverification_isverified(): logger.debug("gbac_idverification_isverified") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) verified_date = user["profile"][get_udp_ns_fieldname("last_verified_date")] return verified_date
def streamingservice_mydevices(): logger.debug("streamingservice_mydevices()") user_info = get_userinfo() user_id = user_info["sub"] okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"] user_app_profile = okta_admin.get_user_application_by_client_id(user_id=user_id, client_id=client_id) devices = [] if get_udp_ns_fieldname("authorized_devices") in user_app_profile["profile"]: devices = user_app_profile["profile"][get_udp_ns_fieldname("authorized_devices")] if devices is None: devices = [] else: devices = [] logger.debug(devices) return render_template( "streamingservice/mydevices.html", user_info=get_userinfo(), devices=devices, config=session[SESSION_INSTANCE_SETTINGS_KEY])
def ecommerce_order(): logger.debug("ecommerce_order()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) return render_template("ecommerce/order.html", user=user, user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def ecommerce_accept_terms(): logger.debug("ecommerce_accept_terms()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] now = datetime.datetime.now() # dd/mm/YY H:M:S consent = now.strftime("%d/%m/%Y %H:%M:%S") user_data = {"profile": {get_udp_ns_fieldname("consent"): consent}} user_update_response = okta_admin.update_user(user_id, user_data) if user_update_response: message = "Thank you for completing the Consent Form." else: message = "Error During consent" return redirect( url_for( "ecommerce_views_bp.ecommerce_profile", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], user_id=user_id, message=message))
def ecommerce_emailWorkFlowRequest(group_id): logger.debug("emailWorkFlowRequest()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) activation_link = url_for( "ecommerce_views_bp.ecommerce_approvals_get", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) # Send Activation Email to the Admin subject_admin = "A workflow request was received" message_admin = """\ <p><h1>A new request for access was received.</h1><br> The request is awaiting your approval.<br><br> Click this link to log into your account and review the request<br><br> <a href='{activation_link}'>{activation_link}</a> </p> """.format(activation_link=activation_link) # Find All members that will be notified recipients = [] user_list = okta_admin.get_user_list_by_group_id(group_id) for user in user_list: recipients.append({"address": user["profile"]["email"]}) if recipients: email_send = Email.send_mail(subject=subject_admin, message=message_admin, recipients=recipients) return email_send else: return ''
def ecommerce_approvals_get(): logger.debug("workflow_approvals()") workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_groups = okta_admin.get_user_groups(user["id"]) user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname("access_requests")]: group_get_response = okta_admin.get_group(id=grp) logging.debug(group_get_response) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } for clist in user_groups: if grp == clist['id']: workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_updateuser(): logger.debug("ecommerce_updateuser()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) logger.debug(request) firstname = request.args["firstName"] lastname = request.args["lastName"] email = request.args["email"] primaryPhone = request.args["phone"] mobilePhone = request.args["phone"] streetAddress = request.args["streetAddress"] city = request.args["city"] state = request.args["state"] zipCode = request.args["zipCode"] countryCode = request.args["countryCode"] user_data = { "profile": { "firstName": firstname, "lastName": lastname, "email": email, "primaryPhone": primaryPhone, "mobilePhone": mobilePhone, "streetAddress": streetAddress, "city": city, "state": state, "zipCode": zipCode, "countryCode": countryCode } } logger.debug(user_data) response = okta_admin.update_user(user_id=user_info["sub"], user=user_data) logger.debug(response) return response
def ecommerce_requests_post(): logger.debug("workflow_requests_post()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] if request.form.get("request_access"): group_id = request.form.get("request_access") if group_id not in pendingRequest: pendingRequest.append(group_id) # Remove user attribute organization ( as the request has been rejected) # organization": "[ '{id}' ]".format(id=request.form.get('location')) user_data = { "profile": { get_udp_ns_fieldname("access_requests"): pendingRequest } } test = okta_admin.update_user(user_id=user_id, user=user_data) print(test) ecommerce_emailWorkFlowRequest(group_id) return redirect( url_for("ecommerce_views_bp.ecommerce_requests_get", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]))
def ecommerce_profile(): logger.debug("ecommerce_profile()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_info = get_userinfo() user_info2 = okta_admin.get_user(user_info["sub"]) factors = get_enrolled_factors(user_info["sub"]) if get_udp_ns_fieldname("consent") in user_info2["profile"]: consent = user_info2["profile"][get_udp_ns_fieldname("consent")] if consent.strip() == "": consent = '' session['appointment'] = "No Appointments Currently Set." else: consent = '' crediturl = '' app_info = okta_admin.get_applications_by_user_id(user_info["sub"]) for item in app_info: if "credit Demo (Generated by UDP)" in item["label"]: domain = urlparse( item["settings"]["oauthClient"]["initiate_login_uri"]).netloc crediturl = "https://" + domain return render_template("ecommerce/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=user_info, user_info2=user_info2, consent=consent, factors=factors, config=session[SESSION_INSTANCE_SETTINGS_KEY], crediturl=crediturl)
def gbac_registration_completion(): logger.debug("gbac_registration_completion()") user_data = { "profile": { "firstName": request.form.get('firstname'), "lastName": request.form.get('lastname'), "email": request.form.get('email'), "login": request.form.get('email'), "primaryPhone": request.form.get('phone'), "mobilePhone": request.form.get('phone') } } logger.debug(user_data) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_create_response = okta_admin.create_user(user=user_data, activate_user='******') logger.debug(user_create_response) emailRegistration(recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template("/registration-completion.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def progressiveprofile_bp(): logger.debug("progressiveprofile_bp_profile()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) street = safe_get_dict(request.form, 'street') city = safe_get_dict(request.form, 'city') state = safe_get_dict(request.form, 'state') postal = safe_get_dict(request.form, 'postal') userid = safe_get_dict(request.form, 'userid') user_data = {"profile": { "streetAddress": street, "city": city, "state": state, "zipCode": postal }} user_update_response = okta_admin.update_user(userid, user_data) if "error" in user_update_response: message = "Error During Update: " + user_update_response else: message = user_update_response return message
def updateuserinfo(): user_info = get_user_info() okta_admin = OktaAdmin(default_settings) user_id = request.form.get('user_id') first_name = request.form.get('firstname') last_name = request.form.get('lastname') email = request.form.get('email') mobile_phone = request.form.get('phonenumber') user_data = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "mobilePhone": mobile_phone } } user_update_response = okta_admin.update_user(user_id,user_data) if user_update_response: message = "User " + first_name + " "+ last_name+ " was Updated" else: message = "Error During Update" return redirect(url_for("userupdate", _external="True", _scheme="https",user_id=user_id,message=message))
def gbac_user_update(): logger.debug("gbac_user_update") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_id = request.form.get('user_id') first_name = request.form.get('firstname') last_name = request.form.get('lastname') email = request.form.get('email') mobile_phone = request.form.get('phonenumber') user_data = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "mobilePhone": mobile_phone } } user_update_response = okta_admin.update_user(user_id, user_data) if user_update_response: message = "User {0} {1} was Updated".format(first_name, last_name) else: message = "Error During Update" return redirect( url_for("gbac_manageusers_bp.gbac_users", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], user_id=user_id, message=message))
def gbac_apps_delete(): logger.debug("gbac_apps_delete()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) app_id = request.args.get('appid') okta_admin.delete_application(app_id) message = "Application Deleted" return redirect(url_for("gbac_manageapps_bp.gbac_apps", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=message))
def streamingservice_device_complete(): logger.debug("streamingservice_device_complete()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientid"] user_id = request.args.get('user_id') user_app_profile = okta_admin.get_user_application_by_client_id( user_id=user_id, client_id=client_id) devices = [] if get_udp_ns_fieldname( "authorized_devices") in user_app_profile["profile"]: user_devices = user_app_profile["profile"][get_udp_ns_fieldname( "authorized_devices")] if user_devices is None: devices = [] else: devices = [] device_id = request.args.get('device_id') devices.append(device_id) user_data = { "profile": { get_udp_ns_fieldname("authorized_devices"): devices } } okta_admin.update_application_user_profile_by_clientid( user_id=user_id, app_user_profile=user_data, client_id=client_id) return render_template("streamingservice/device_complete.html", config=session[SESSION_INSTANCE_SETTINGS_KEY])
def gbac_get_username(altid): logger.debug("gbac_get_username()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user_list_by_search("profile.mobilePhone eq \"" + altid + "\" or profile.primaryPhone eq \"" + altid + "\"") logger.debug(user) return user[0]["profile"]["login"]
def profile(): user_info = get_user_info() okta_admin = OktaAdmin(default_settings) user = okta_admin.get_user(user_info["sub"]) user_group = get_travel_agency_group_by_user(user) app_info = okta_admin.get_applications_by_user_id(user["id"]) return render_template("profile.html", oidc=oidc, applist=app_info, user_info=user_info, config=default_settings, travel_agency_group=user_group)
def gbac_apps_create_cc(): logger.debug("gbac_apps_create_cc()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) app_name = request.args.get('appname') create_app = okta_admin.create_clientcredential_application(app_name) okta_admin.assign_user_to_application(user_info["sub"], user_info["email"], create_app["id"]) return create_app
def admin_getfactors(): logger.debug("admin_userverification()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_id = request.args.get('user_id') listfactors = okta_admin.list_enrolled_factors(user_id) return json.dumps(listfactors)
def ecommerce_registration_completion(): logger.debug("ecommerce_registration_completion()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_create_response = None user_data = {"profile": {}} logger.debug(user_data) logger.debug(request.form.get('guestUserId')) guestUserID = request.form.get('guestUserId') if guestUserID: user_data = okta_admin.get_user(request.form.get('guestUserId')) user_data["profile"]["email"] = request.form.get('email') user_data["profile"]["login"] = request.form.get('email') user_data["profile"]["firstName"] = "Guest" user_data["profile"]["lastName"] = "User" if "id" in user_data: user_create_response = okta_admin.update_user(user_id=user_data["id"], user=user_data) else: user_create_response = okta_admin.create_user(user=user_data, activate_user='******') logger.debug(user_create_response) if "id" not in user_create_response: error_message = "Failed to get a valid response from Okta Create User: user_data:{0} user_create_response:{1}".format( user_data, user_create_response) logger.error(error_message) return render_template("/error.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error_message=error_message) activation_link = "" if request.form.get('noemail').lower() == 'true': logger.debug("no email will be sent") activation_link = url_for( "gbac_registration_bp.gbac_registration_state_get", stateToken=user_create_response["id"], _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: logger.debug("email sent") ecommerce_email_registration( recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template( "ecommerce/registration-completion.html", email=request.form.get('email'), activationlink=activation_link, noemail=request.form.get('noemail').lower(), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])