def dealer_registration_get(): logger.debug("dealer_registration()") CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR) CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) setup_options = { "type_users": [], "dealerships": [], "type_user_selected": request.form.get('role'), "dealership_selected": request.form.get('location') } user_data = { "profile": { "firstName": "", "lastName": "", "email": "", "login": "", "mobilePhone": "" } } try: # Prepopulate choice for setup # Get Group group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH) for i in group_get_response: setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]}) # On a GET display the registration page with the defaults return render_template( "{0}/registration.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], user_data=user_data, setup_options=setup_options, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) except Exception as e: return render_template( "{0}/registration.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=e, user_data=user_data, setup_options=setup_options, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def decorated_function(*args, **kws): logger.debug("check_okta_api_token()") response = None if not is_apitoken_valid(): okta_api_token = session[SESSION_INSTANCE_SETTINGS_KEY][ "okta_api_token"] logger.debug("okta_api_token: {0}".format(okta_api_token)) if okta_api_token: okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) groups = okta_admin.get_groups_by_name("Everyone") if "errorSummary" in groups: if "Invalid token provided" == groups["errorSummary"]: response = gvalidation_bp_error( "Okta API Token is invalid!") else: session[SESSION_IS_APITOKEN_VALID_KEY] = True else: response = gvalidation_bp_error("Okta API Token is not set!") if response: return response return f(*args, **kws)
def b2b_requests_get(): logger.debug("b2bworkflow_requests_get()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] # On a GET display the registration page with the defaults applist = [] list_group_full = [] # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b") for item in get_user_groups_response: logging.debug(item) if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): group_id = "{id}".format(id=item["id"]) applist.append(item["profile"]["name"].replace( CONFIG_GROUP_B2B_STARTSWITH, "")) logging.debug(applist) get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH, "") not in applist: logging.debug(item["profile"]["name"]) group_id = "{id}".format(id=item["id"]) list_group_full.append({ "id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested" }) return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=list_group_full, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_get_group_by_name(group_name): logger.debug("gbac_get_group_by_name()") user_group = None if group_name: okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_groups = okta_admin.get_groups_by_name(group_name) if len(user_groups) > 0: # just grab the first one... there should only be one match for now logger.debug(user_groups) user_group = user_groups[0] return user_group
def get_travel_agency_group_by_name(travel_agency_group_name): print("get_travel_agency_group_by_name()") user_group = None if travel_agency_group_name: okta_admin = OktaAdmin(default_settings) user_groups = okta_admin.get_groups_by_name(travel_agency_group_name) # print("user_groups: {0}".format(user_groups)) if len(user_groups) > 0: # just grab the first one... there should only be one match for now user_group = user_groups[0] # Decorated group info travel_agency_data = user_group["profile"]["description"].split("||") user_group["profile"]["description_label"] = travel_agency_data[0] user_group["profile"]["description_url"] = travel_agency_data[1] return user_group
def admin_usersadvanced(): logger.debug("admin_usersadvanced()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_groups = okta_admin.get_groups_by_name("everyone") if len(user_groups) > 0: # just grab the first one... there should only be one match for now logger.debug(user_groups) user_group = user_groups[0] group_id = user_group["id"] group_user_list = okta_admin.get_user_list_by_group_id(group_id) return render_template("/admin/users_advanced.html", templatename=get_app_vertical(), user_info=get_userinfo(), userlist=group_user_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], user_group=user_group)
def emailAllMembersOfGroup(self, group_name, subject, message): logger.debug("emailAllMembersOfGroup()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) # Find the Admin Group group_list = okta_admin.get_groups_by_name(group_name) for group in group_list: if group["profile"]["name"] == group_name: group_id = group["id"] # Find All members that will be notified recipients = [] user_list = okta_admin.get_user_list_by_group_id(group_id) for user in user_list: recipients.append({"address": user["profile"]["email"]}) if recipients: email_send = Email.send_mail(subject=subject, message=message, recipients=recipients) return email_send
def ecommerce_requests_get(): logger.debug("workflow_requests_get()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] workflow_list = [] # On a GET display the registration page with the defaults list_group_user = [] list_group_full = [] # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) CONFIG_GROUP_EMPLOYEE_STARTSWITH = get_udp_ns_fieldname("employee") CONFIG_GROUP_BUYER_STARTSWITH = get_udp_ns_fieldname("buyer") print(CONFIG_GROUP_BUYER_STARTSWITH) companylist = [] buyerlist = [] for item in get_user_groups_response: if item["profile"]["name"].startswith( CONFIG_GROUP_EMPLOYEE_STARTSWITH): group_id = "{id}".format(id=item["id"]) companylist.append(item["profile"]["name"].replace( CONFIG_GROUP_EMPLOYEE_STARTSWITH, "")) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_BUYER_STARTSWITH): group_id = "{id}".format(id=item["id"]) buyerlist.append(item["profile"]["name"].replace( CONFIG_GROUP_BUYER_STARTSWITH, "")) get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH, "") in companylist: if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH, "") not in buyerlist: group_id = "{id}".format(id=item["id"]) list_group_full.append({ "id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested" }) # Populate the workflow list with groups that the user is absent in set_list1 = set(tuple(sorted(d.items())) for d in list_group_full) set_list2 = set(tuple(sorted(d.items())) for d in list_group_user) set_difference = set_list1 - set_list2 for tuple_element in set_difference: workflow_list = list_group_full return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=workflow_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def create_login_response(user_name, password, session): print("create_login_response()") auth_response = {"success": False} okta_auth = OktaAuth(session) okta_admin = OktaAdmin(session) # print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True))) authn_json_response = okta_auth.authenticate( username=session["login_id_prefix"] + user_name, password=password, headers=request.headers) # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True))) if "sessionToken" in authn_json_response: # Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient # Look up if user is in this app/subdomain # TODO: Clean this up to use Terraform setting or Group Rule user_id = authn_json_response["_embedded"]["user"]["id"] #print("user_id: {0}".format(user_id)) # Look up Patient group for this app/subdomain patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"], session["demo_app_name"]) print("patient_group_name: {0}".format(patient_group_name)) patient_groups = okta_admin.get_groups_by_name(patient_group_name) has_patient_group = False if len(patient_groups) != 0: patient_group = okta_admin.get_groups_by_name( patient_group_name)[0] #print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True))) user_groups = okta_admin.get_user_groups(user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) for group in user_groups: if patient_group["id"] == group["id"]: has_patient_group = True break if not has_patient_group: # Assign User to group group_assignment_response = okta_admin.assign_user_to_group( patient_group["id"], user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) session["state"] = str(uuid.uuid4()) oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options={ "response_mode": "form_post", "prompt": "none", "scope": "openid profile email", "sessionToken": authn_json_response["sessionToken"], }) auth_response["redirectUrl"] = oauth_authorize_url auth_response["success"] = True auth_response["status"] = "SUCCESS" # print("oauth_authorize_url: {0}".format(oauth_authorize_url)) elif "errorSummary" in authn_json_response: auth_response["errorMessage"] = "Login Unsuccessful: {0}".format( authn_json_response["errorSummary"]) else: # pass the message down for further processing like MFA auth_response = authn_json_response return auth_response
def register_basic(): print("register_basic()") login_form_data = request.get_json() register_basic_response = {"success": False} okta_admin = OktaAdmin(session) group_name_lookup = "{0}_{1}_patient".format(session["udp_subdomain"], session["demo_app_name"]) print("group_name_lookup: {0}".format(group_name_lookup)) patient_groups_response = okta_admin.get_groups_by_name(group_name_lookup) print("patient_groups_response: {0}".format( json.dumps(patient_groups_response, indent=4, sort_keys=True))) if "errorSummary" in patient_groups_response: register_basic_response["errorMessage"] = patient_groups_response[ "errorSummary"] if "errorCauses" in patient_groups_response: register_basic_response["errorMessages"] = [] for error_cause in patient_groups_response["errorCauses"]: register_basic_response["errorMessages"].append( {"errorMessage": error_cause["errorSummary"]}) else: patient_group = patient_groups_response[ 0] # Default to first found group by name user = { "profile": { "firstName": "NOT_SET", "lastName": "NOT_SET", "email": login_form_data["username"], "login": session["login_id_prefix"] + login_form_data["username"] }, "credentials": { "password": { "value": login_form_data["password"] } }, "groupIds": [patient_group["id"]] } print("user: {0}".format(json.dumps(user, indent=4, sort_keys=True))) created_user = okta_admin.create_user(user) print("created_user: {0}".format( json.dumps(created_user, indent=4, sort_keys=True))) if "errorSummary" in created_user: register_basic_response["errorMessage"] = created_user[ "errorSummary"] if "errorCauses" in created_user: register_basic_response["errorMessages"] = [] for error_cause in created_user["errorCauses"]: register_basic_response["errorMessages"].append( {"errorMessage": error_cause["errorSummary"]}) else: # Send activation email recipients = [{ "address": { "email": created_user["profile"]["email"] } }] substitution = { "activation_email": created_user["profile"]["email"], "activation_key": created_user["id"], "udp_subdomain": session["udp_subdomain"], "udp_app_name": session["demo_app_name"], "domain": session["remaining_domain"], "logo_url": session["app_logo"] } send_mail(session["spark_post_activate_template_id"], recipients, session["spark_post_api_key"], substitution) register_basic_response["success"] = True register_basic_response["userId"] = created_user["id"] return json.dumps(register_basic_response)
def load_users(): print("load_users()") response = {"status": "success", "number_of_users_created": 0} with open("./test_users.csv", mode='r', encoding='utf-8-sig') as csv_file: csv_reader = csv.DictReader(csv_file) okta_admin = OktaAdmin(session) patient_group = okta_admin.get_groups_by_name("{0}_{1}_patient".format( session["udp_subdomain"], session["demo_app_name"]))[ 0] # Default to first found group by name for row in csv_reader: print(row) exsisting_user = okta_admin.get_user(row["email"]) if "id" not in exsisting_user: print("user: '******' not found. Creating.".format(row["email"])) new_user = { "profile": { "login": row["email"], "email": row["email"], "firstName": row["first_name"], "lastName": row["last_name"] }, "groupIds": [patient_group["id"]] } created_user = okta_admin.create_user(new_user, activate_user=False) if "id" in created_user: app_user = { "profile": { "dob": row["dob"], "requires_validation": True } } okta_admin.update_application_user_profile( created_user["id"], app_user) # Send activation email recipients = [{ "address": { "email": created_user["profile"]["email"] } }] substitution = { "activation_email": created_user["profile"]["email"], "activation_key": created_user["id"], "udp_subdomain": session["udp_subdomain"], "udp_app_name": session["demo_app_name"], "domain": session["remaining_domain"], "logo_url": session["app_logo"], "first_name": created_user["profile"]["firstName"], "last_name": created_user["profile"]["lastName"] } send_mail("invite-to-app", recipients, session["spark_post_api_key"], substitution) response["number_of_users_created"] += 1 else: print("Failed to created user: '******' reason: {1}".format( row["email"], json.dumps(created_user, indent=4, sort_keys=True))) return json.dumps(response)
def workflow_requests_get(): logger.debug("workflow_requests_get()") CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION) user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname("access_requests")] else: pendingRequest = [] workflow_list = [] # On a GET display the registration page with the defaults list_group_user = [] list_group_full = [] is_user_dealership = False # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH): is_user_dealership = True if item["profile"]["name"] != "Everyone": # Ignore the Everyone group group_id = "{id}".format(id=item["id"]) list_group_user.append({"id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested"}) # If not a user of a dealership, cannot request access to applications if is_user_dealership: # Find the groups for this portal that start with name "DEALER_" get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: group_id = "{id}".format(id=item["id"]) list_group_full.append({"id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested"}) # Populate the workflow list with groups that the user is absent in set_list1 = set(tuple(sorted(d.items())) for d in list_group_full) set_list2 = set(tuple(sorted(d.items())) for d in list_group_user) set_difference = set_list1 - set_list2 for tuple_element in set_difference: workflow_list.append(dict((x, y) for x, y in tuple_element)) return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=workflow_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: # If not a user of a dealership, cannot request access to applications return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, error="You have not been assigned to a dealership. Only users of a dealership can request access to applications", config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_registration_post(): logger.debug("dealer_registration()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) setup_options = { "type_users": [], "dealerships": [], "type_user_selected": request.form.get('role'), "dealership_selected": request.form.get('location') } # Prepopulate user_data = { "profile": { "firstName": request.form.get('firstname'), "lastName": request.form.get('lastname'), "email": request.form.get('email'), "login": request.form.get('email'), "mobilePhone": request.form.get('phonenumber'), get_udp_ns_fieldname("access_requests"): ['{id}'.format(id=request.form.get('location'))] }, "credentials": { "password": {"value": request.form.get('password')} }, "groupIds": [] } user_data["groupIds"].append(setup_options["type_user_selected"]) user_create_response = okta_admin.create_user(user_data, activate_user=False) if "errorCode" in user_create_response: CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR) CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION) # Prepopulate choice for setup # Get Group group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH) for i in group_get_response: setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]}) return render_template( "{0}/registration.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_create_response, user_data=user_data, setup_options=setup_options) # Send Activation Email to the user EmailServices().emailRegistration( recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template( "{0}/registration-completion.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], email=request.form.get('email'), _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])