def ecommerce_approvals_get(): logger.debug("workflow_approvals()") workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_groups = okta_admin.get_user_groups(user["id"]) user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname("access_requests")]: group_get_response = okta_admin.get_group(id=grp) logging.debug(group_get_response) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } for clist in user_groups: if grp == clist['id']: workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_myapps_get(): logger.debug("dealer_myapps_get()") CONFIG_GROUP_LOCATION_STARTSWITH = "{0}_".format(get_udp_ns_fieldname(CONFIG_LOCATION)) user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] location = "" # Find the groups the user belongs to and find the description of the _LOC_* group get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH): location = item["profile"]["description"] get_apps_response = okta_admin.get_applications_by_user_id(user_id) return render_template( "{0}/myapps.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], location=location, apps=get_apps_response, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def b2b_requests_get(): logger.debug("b2bworkflow_requests_get()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] # On a GET display the registration page with the defaults applist = [] list_group_full = [] # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b") for item in get_user_groups_response: logging.debug(item) if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): group_id = "{id}".format(id=item["id"]) applist.append(item["profile"]["name"].replace( CONFIG_GROUP_B2B_STARTSWITH, "")) logging.debug(applist) get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH, "") not in applist: logging.debug(item["profile"]["name"]) group_id = "{id}".format(id=item["id"]) list_group_full.append({ "id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested" }) return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=list_group_full, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def workflow_approvals_get(): logger.debug("workflow_approvals()") CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] # On a GET display the registration page with the defaults admin_groups = okta_admin.get_user_groups(user_id) admin_group_id = "" # Must be an admin for item in admin_groups: if item["profile"]["name"] == CONFIG_GROUP_ADMIN: admin_group_id = item["id"] if admin_group_id: # access_requests attribute contains workflow request # 'profile.access_requests eq pr" user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname( "access_requests")]: group_get_response = okta_admin.get_group(id=grp) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: return "ERROR: Unauthorized", 401
def gbac_users(): logger.debug("gbac_users()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) group_id = request.args.get('group_id') if group_id: selectedgroup_id = group_id user_group = okta_admin.get_group(selectedgroup_id) else: user_group = gbac_get_group_by_name("everyone") selectedgroup_id = user_group["id"] group_user_list = okta_admin.get_user_list_by_group_id(selectedgroup_id) group_list = okta_admin.get_user_groups(user_info["sub"]) return render_template("/manageusers.html", templatename=get_app_vertical(), user_info=get_userinfo(), userlist=group_user_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], group_list=group_list, user_group=user_group)
def ecommerce_requests_get(): logger.debug("workflow_requests_get()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] workflow_list = [] # On a GET display the registration page with the defaults list_group_user = [] list_group_full = [] # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) CONFIG_GROUP_EMPLOYEE_STARTSWITH = get_udp_ns_fieldname("employee") CONFIG_GROUP_BUYER_STARTSWITH = get_udp_ns_fieldname("buyer") print(CONFIG_GROUP_BUYER_STARTSWITH) companylist = [] buyerlist = [] for item in get_user_groups_response: if item["profile"]["name"].startswith( CONFIG_GROUP_EMPLOYEE_STARTSWITH): group_id = "{id}".format(id=item["id"]) companylist.append(item["profile"]["name"].replace( CONFIG_GROUP_EMPLOYEE_STARTSWITH, "")) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_BUYER_STARTSWITH): group_id = "{id}".format(id=item["id"]) buyerlist.append(item["profile"]["name"].replace( CONFIG_GROUP_BUYER_STARTSWITH, "")) get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH, "") in companylist: if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH, "") not in buyerlist: group_id = "{id}".format(id=item["id"]) list_group_full.append({ "id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested" }) # Populate the workflow list with groups that the user is absent in set_list1 = set(tuple(sorted(d.items())) for d in list_group_full) set_list2 = set(tuple(sorted(d.items())) for d in list_group_user) set_difference = set_list1 - set_list2 for tuple_element in set_difference: workflow_list = list_group_full return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=workflow_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def create_login_response(user_name, password, session): print("create_login_response()") auth_response = {"success": False} okta_auth = OktaAuth(session) okta_admin = OktaAdmin(session) # print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True))) authn_json_response = okta_auth.authenticate( username=session["login_id_prefix"] + user_name, password=password, headers=request.headers) # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True))) if "sessionToken" in authn_json_response: # Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient # Look up if user is in this app/subdomain # TODO: Clean this up to use Terraform setting or Group Rule user_id = authn_json_response["_embedded"]["user"]["id"] #print("user_id: {0}".format(user_id)) # Look up Patient group for this app/subdomain patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"], session["demo_app_name"]) print("patient_group_name: {0}".format(patient_group_name)) patient_groups = okta_admin.get_groups_by_name(patient_group_name) has_patient_group = False if len(patient_groups) != 0: patient_group = okta_admin.get_groups_by_name( patient_group_name)[0] #print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True))) user_groups = okta_admin.get_user_groups(user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) for group in user_groups: if patient_group["id"] == group["id"]: has_patient_group = True break if not has_patient_group: # Assign User to group group_assignment_response = okta_admin.assign_user_to_group( patient_group["id"], user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) session["state"] = str(uuid.uuid4()) oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options={ "response_mode": "form_post", "prompt": "none", "scope": "openid profile email", "sessionToken": authn_json_response["sessionToken"], }) auth_response["redirectUrl"] = oauth_authorize_url auth_response["success"] = True auth_response["status"] = "SUCCESS" # print("oauth_authorize_url: {0}".format(oauth_authorize_url)) elif "errorSummary" in authn_json_response: auth_response["errorMessage"] = "Login Unsuccessful: {0}".format( authn_json_response["errorSummary"]) else: # pass the message down for further processing like MFA auth_response = authn_json_response return auth_response
def workflow_requests_get(): logger.debug("workflow_requests_get()") CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION) user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname("access_requests")] else: pendingRequest = [] workflow_list = [] # On a GET display the registration page with the defaults list_group_user = [] list_group_full = [] is_user_dealership = False # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH): is_user_dealership = True if item["profile"]["name"] != "Everyone": # Ignore the Everyone group group_id = "{id}".format(id=item["id"]) list_group_user.append({"id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested"}) # If not a user of a dealership, cannot request access to applications if is_user_dealership: # Find the groups for this portal that start with name "DEALER_" get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: group_id = "{id}".format(id=item["id"]) list_group_full.append({"id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested"}) # Populate the workflow list with groups that the user is absent in set_list1 = set(tuple(sorted(d.items())) for d in list_group_full) set_list2 = set(tuple(sorted(d.items())) for d in list_group_user) set_difference = set_list1 - set_list2 for tuple_element in set_difference: workflow_list.append(dict((x, y) for x, y in tuple_element)) return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=workflow_list, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: # If not a user of a dealership, cannot request access to applications return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, error="You have not been assigned to a dealership. Only users of a dealership can request access to applications", config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])