def admin_temporarypasscode():
logger.debug("admin_temporarypasscode()")
user_id = request.args.get('user_id')
randcode = random_with_N_digits(6)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
listfactors = okta_admin.list_enrolled_factors(user_id)
for factor_info in listfactors:
if "question" in factor_info['factorType']:
factor_id = factor_info['id']
okta_admin.delete_factor(user_id=user_id, factor_id=factor_id)
okta_admin.enroll_securityquestion(user_id,
"favorite_security_question",
str(randcode))
else:
okta_admin.enroll_securityquestion(user_id,
"favorite_security_question",
str(randcode))
message = "Your Temporary Code is: {0}".format(str(randcode))
return redirect(
url_for("admin_views_bp.admin_usersadvanced",
_external="True",
_scheme="https",
message=message))
def admin_addkeytouser():
logger.debug("admin_addkeytouser()")
user_id = request.args.get('userId')
factor_profile_id = request.args.get('factorProfileId')
shared_secret = request.args.get('sharedSecret')
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
listfactors = okta_admin.list_enrolled_factors(user_id)
logger.debug(listfactors)
for factor_info in listfactors:
if "token:hotp" in factor_info['factorType']:
factor_id = factor_info['id']
okta_admin.delete_factor(user_id=user_id, factor_id=factor_id)
response = okta_admin.enroll_hardtoken(user_id, factor_profile_id,
shared_secret)
logger.debug(response)
break
else:
response = okta_admin.enroll_hardtoken(user_id, factor_profile_id,
shared_secret)
logger.debug(response)
break
message = "Your Key is Setup"
return message
def get_enrolled_factors(user_id):
print("get_enrolled_factors()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
enrolled_factors = okta_admin.list_enrolled_factors(user_id)
factors = []
for f in enrolled_factors:
logger.debug(f["factorType"])
factor = {}
factor["id"] = f["id"]
factor["type"] = f["factorType"]
factor["provider"] = f["provider"]
factor["vendor"] = f["vendorName"]
switcher = {
'token:software:totp': totp,
'push': push,
'webauthn': webauthn,
'sms': sms,
'call': call,
'question': question
}
if f["status"] == "ACTIVE":
myfactor = switcher.get(f["factorType"])
else:
myfactor = None
if myfactor is not None:
factor = myfactor(factor, f)
factors.append(factor)
return factors
def admin_temporarypasscode():
logger.debug("admin_temporarypasscode()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.args.get('user_id')
user = okta_admin.get_user(user_id)
randcode = random_with_N_digits(6)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
listfactors = okta_admin.list_enrolled_factors(user_id)
for factor_info in listfactors:
if "question" in factor_info['factorType']:
factor_id = factor_info['id']
okta_admin.delete_factor(user_id=user_id, factor_id=factor_id)
okta_admin.enroll_securityquestion(user_id,
"favorite_security_question",
str(randcode))
else:
okta_admin.enroll_securityquestion(user_id,
"favorite_security_question",
str(randcode))
usersname = user["profile"]["firstName"] + " " + user["profile"]["lastName"]
message = "{0} - MFA Security Question Set to 'Favorite Security Question'. Users new code is: {1}".format(
usersname, str(randcode))
return redirect(
url_for("admin_views_bp.admin_usersadvanced",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def admin_getfactors():
logger.debug("admin_userverification()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.args.get('user_id')
listfactors = okta_admin.list_enrolled_factors(user_id)
return json.dumps(listfactors)
def get_enrolled_factors(user_id):
print("get_enrolled_factors()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
enrolled_factors = okta_admin.list_enrolled_factors(user_id)
factors = []
for f in enrolled_factors:
factor = {}
factor["id"] = f["id"]
# default the name to the type, just in case
factor["name"] = f["factorType"]
factor["type"] = f["factorType"]
factor["provider"] = f["provider"]
factor["vendor"] = f["vendorName"]
# factor["profile"] = f["profile"]
factor["sortOrder"] = 100
factorType = factor["type"]
provider = factor["provider"]
if (factorType == "token:software:totp"):
if (provider == "GOOGLE"):
factor["name"] = "Google Authenticator"
factor["profile"] = f["profile"]["credentialId"]
factor["sortOrder"] = 20
elif (provider == "OKTA"):
# don't list Okta Verify OTP
continue
elif (factorType == "push"):
factor["name"] = "Okta Verify"
if "profile" in f:
factor["profile"] = f["profile"]["name"]
else:
factor["profile"] = None
factor["sortOrder"] = 10
elif (factorType == "sms"):
factor["name"] = "SMS"
factor["profile"] = f["profile"]["phoneNumber"]
factor["sortOrder"] = 30
elif (factorType == "call"):
factor["name"] = "Voice Call"
factor["profile"] = f["profile"]["phoneNumber"]
factor["sortOrder"] = 40
elif (factorType == "question"):
factor["name"] = "Security Question"
factor["profile"] = f["profile"]["questionText"]
factor["sortOrder"] = 50
else:
# don't list Okta Verify OTP
continue
factors.append(factor)
# return the sorted array
return sorted(factors, key=lambda i: i["sortOrder"])
