def mfa_verification_poll():
print "mfa_verification_poll()"
request_json = request.get_json()
print "request_json: {0}".format(
json.dumps(request_json, indent=4, sort_keys=True))
polling_url = request_json["pollingUrl"]
user_name = request_json["userName"]
okta_util = OktaUtil(request.headers, config.okta)
response = okta_util.execute_get(polling_url, None)
if "factorResult" in response:
print "factorResult: {0}".format(response["factorResult"])
if response[
"factorResult"] == "SUCCESS": # Means the user successfully passed the factor, so reset the pasword
okta_user_id = okta_util.get_user(user_name)["id"]
password_reset_response = okta_util.reset_user_password(
okta_user_id)
print "password_reset_response: {0}".format(
json.dumps(password_reset_response, indent=4, sort_keys=True))
response["ott"] = password_reset_response[
"resetPasswordUrl"].replace(
"{0}/reset_password/".format(config.okta["org_host"]), "")
return json.dumps(response)
def push_mfa_code():
print "push_mfa_code()"
request_json = request.get_json()
print "request_json: {0}".format(request_json)
okta_util = OktaUtil(request.headers, config.okta)
username = request_json["username"]
factor_type = request_json["factorType"]
code = None
if "code" in request_json:
code = request_json["code"]
user = okta_util.get_user(username)
# print "user: {0}".format(user, indent=4, sort_keys=True)
response = {
"status": "success",
"message": "sent"
} # alwasy send this down so a malicious user can not farm enrolled factors
if ("id" in user):
okta_user_id = user["id"]
okta_factor_id = None
enrolled_factors = okta_util.list_factors(okta_user_id)
# print "enrolled_factors: {0}".format(json.dumps(enrolled_factors, indent=4, sort_keys=True))
for factor in enrolled_factors:
# check factor type agains the enroled factor
print "factor: {0}".format(
json.dumps(factor, indent=4, sort_keys=True))
if (factor["factorType"] == factor_type
and factor["provider"] == "OKTA") or (factor["provider"]
== factor_type):
okta_factor_id = factor["id"]
print "okta_factor_id: {0}".format(okta_factor_id)
if okta_factor_id:
push_response = okta_util.push_factor_verification(
okta_user_id, okta_factor_id, code)
# print "push_response: {0}".format(json.dumps(push_response, indent=4, sort_keys=True))
# Check for a valid factor result
if "factorResult" in push_response:
response["factorResult"] = push_response["factorResult"]
# check if there is a polling link to send back down to the client
if "_links" in push_response:
if "poll" in push_response["_links"]:
response["pollingUrl"] = push_response["_links"][
"poll"]["href"]
print "factorResult: {0}".format(push_response["factorResult"])
if push_response[
"factorResult"] == "SUCCESS": # Means the user successfully passed the factor, so reset the pasword
password_reset_response = okta_util.reset_user_password(
okta_user_id)
print "password_reset_response: {0}".format(
json.dumps(password_reset_response,
indent=4,
sort_keys=True))
response["ott"] = password_reset_response[
"resetPasswordUrl"].replace(
"{0}/reset_password/".format(
config.okta["org_host"]), "")
else:
response["status"] = "failed"
response["message"] = push_response["errorSummary"]
else:
print "WARNING: User '{0}' not enrolled in factor: {1}".format(
user["profile"]["login"], factor_type)
else:
print "WARNING: User '{0}' does not exsist in Okta".format(username)
return json.dumps(response)