def ecommerce_approvals_get(): logger.debug("workflow_approvals()") workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_groups = okta_admin.get_user_groups(user["id"]) user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname("access_requests")]: group_get_response = okta_admin.get_group(id=grp) logging.debug(group_get_response) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } for clist in user_groups: if grp == clist['id']: workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_get_username(altid): logger.debug("gbac_get_username()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user_list_by_search("profile.mobilePhone eq \"" + altid + "\" or profile.primaryPhone eq \"" + altid + "\"") logger.debug(user) return user[0]["profile"]["login"]
def gbac_finduser_completion(): logger.debug("gbac_finduser_completion()") firstName = request.form.get('firstname') lastName = request.form.get('lastname') primaryPhone = request.form.get('phone') okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_response = "" message = "" email = "" login = "" if primaryPhone: logging.debug("checking primaryPhone") user_response = okta_admin.get_user_list_by_search( "profile.primaryPhone eq \"" + primaryPhone + "\"&limit=1") if not user_response: logging.debug("checking mobilePhone") user_response = okta_admin.get_user_list_by_search( "profile.mobilePhone eq \"" + primaryPhone + "\"&limit=1") else: user_response = okta_admin.get_user_list_by_search( "profile.firstName eq \"" + firstName + "\" and profile.lastName eq \"" + lastName + "\"&limit=1") if user_response: login = user_response[0]['profile']['login'] recipients = [] recipients.append({"address": user_response[0]["profile"]["email"]}) emailLogin(recipients, login) message = "Your Username was found. An email is being sent to: " + user_response[ 0]["profile"]["email"] else: message = "Your Username was not found. Please try again." return redirect( url_for("gbac_findusername_bp.findusername_bp", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], email=email, message=message))
def workflow_approvals_get(): logger.debug("workflow_approvals()") CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] # On a GET display the registration page with the defaults admin_groups = okta_admin.get_user_groups(user_id) admin_group_id = "" # Must be an admin for item in admin_groups: if item["profile"]["name"] == CONFIG_GROUP_ADMIN: admin_group_id = item["id"] if admin_group_id: # access_requests attribute contains workflow request # 'profile.access_requests eq pr" user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname( "access_requests")]: group_get_response = okta_admin.get_group(id=grp) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: return "ERROR: Unauthorized", 401