def ecommerce_approvals_post():
logger.debug("workflow_approvals()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if request.form.get("action") == "reject":
req = request.form.get("action_value")
req = req.replace("\'", "\"")
req = json.loads(req)
user_id = req["user_id"]
group_id = req["group_id"]
user_wf = okta_admin.get_user(user_id)
grps = user_wf["profile"][get_udp_ns_fieldname("access_requests")]
grps.remove(group_id)
# Remove user attribute organization ( as the request has been rejected)
user_data = {
"profile": {
get_udp_ns_fieldname("access_requests"): grps
}
}
okta_admin.update_user(user_id=user_id, user=user_data)
if request.form.get("action") == "approve":
req = request.form.get("action_value")
req = req.replace("\'", "\"")
req = json.loads(req)
user_id = req["user_id"]
group_id = req["group_id"]
# Assign user to group
okta_admin.assign_user_to_group(group_id, user_id)
user_wf = okta_admin.get_user(user_id)
grps = user_wf["profile"][get_udp_ns_fieldname("access_requests")]
grps.remove(group_id)
# Remove user attribute organization ( as the request has been rejected)
user_data = {
"profile": {
get_udp_ns_fieldname("access_requests"): grps
}
}
okta_admin.update_user(user_id=user_id, user=user_data)
return redirect(
url_for("ecommerce_views_bp.ecommerce_approvals_get",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]))
def credit_getmorecredit(app_id):
logger.debug("credit_getmorecredit()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
app_info = okta_admin.get_applications_by_id(app_id)
group_info = okta_admin.get_application_groups(app_id)
group_id = group_info[0]["id"]
user_id = user["id"]
okta_admin.assign_user_to_group(group_id, user_id)
app_url = app_info["settings"]["oauthClient"]["initiate_login_uri"]
return redirect(app_url)
def gbac_registration_state_post(user_id):
logger.debug("gbac_registration_state_post()")
logger.debug(request.form.get('password'))
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_data = okta_admin.get_user(user_id)
if "errorCode" in user_data:
logger.error("user_data: {0}".format(user_data))
return render_template("/registration-state.html",
userid=user_id,
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_data['errorSummary'])
user_data["credentials"] = {
"password": {
"value": request.form.get('password')
},
"recovery_question": {
"question": "Company Name, its Okta.",
"answer": "Okta"
}
}
logger.debug(user_data)
user_update_response = okta_admin.update_user(user_id=user_data["id"],
user=user_data)
logger.debug(user_update_response)
if "errorCode" in user_update_response:
return render_template(
"/registration-state.html",
userid=user_data["id"],
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_update_response['errorCauses'][0]['errorSummary'])
nresponse = okta_admin.activate_user(user_data["id"], send_email=False)
logger.debug(nresponse)
group_info = okta_admin.get_application_groups(
session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"])
group_id = group_info[0]["id"]
okta_admin.assign_user_to_group(group_id, user_data["id"])
message = "Registration Complete! Please Login Now!"
return redirect(
url_for("gbac_bp.gbac_login",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def gbac_user_create():
logger.debug("gbac_user_create")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
first_name = request.form.get('firstname')
last_name = request.form.get('lastname')
email = request.form.get('email')
login = request.form.get('email')
mobile_phone = request.form.get('phonenumber')
parent_id = request.form.get('parent_id')
linked_name = request.form.get('linked_name')
user_data = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": login,
"mobilePhone": mobile_phone
}
}
group_id = request.form.get('group_id')
user_create_response = okta_admin.create_user(user_data, True)
if "errorCode" not in user_create_response:
logging.debug(group_id)
if group_id == "None":
# do nothing
msg = "User {0} {1} was Created".format(first_name, last_name)
else:
user_group_response = okta_admin.assign_user_to_group(
group_id, user_create_response['id'])
if "errorCode" not in user_group_response:
msg = "User {0} {1} was Created".format(first_name, last_name)
else:
msg = "Error During Create - " + str(
user_group_response["errorCauses"][0]["errorSummary"])
else:
msg = "Error During Create - " + str(
user_create_response["errorCauses"][0]["errorSummary"])
if not parent_id == "None":
logger.debug("ParentID Found")
okta_admin.create_linked_users(user_create_response['id'], parent_id,
linked_name)
return redirect(
url_for(
"gbac_lo_bp.gbac_linkedobjects",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=msg))
return redirect(
url_for("gbac_manageusers_bp.gbac_users",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=msg))
def create_login_response(user_name, password, session):
print("create_login_response()")
auth_response = {"success": False}
okta_auth = OktaAuth(session)
okta_admin = OktaAdmin(session)
# print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True)))
authn_json_response = okta_auth.authenticate(
username=session["login_id_prefix"] + user_name,
password=password,
headers=request.headers)
# print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True)))
if "sessionToken" in authn_json_response:
# Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient
# Look up if user is in this app/subdomain
# TODO: Clean this up to use Terraform setting or Group Rule
user_id = authn_json_response["_embedded"]["user"]["id"]
#print("user_id: {0}".format(user_id))
# Look up Patient group for this app/subdomain
patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"],
session["demo_app_name"])
print("patient_group_name: {0}".format(patient_group_name))
patient_groups = okta_admin.get_groups_by_name(patient_group_name)
has_patient_group = False
if len(patient_groups) != 0:
patient_group = okta_admin.get_groups_by_name(
patient_group_name)[0]
#print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True)))
user_groups = okta_admin.get_user_groups(user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
for group in user_groups:
if patient_group["id"] == group["id"]:
has_patient_group = True
break
if not has_patient_group:
# Assign User to group
group_assignment_response = okta_admin.assign_user_to_group(
patient_group["id"], user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
session["state"] = str(uuid.uuid4())
oauth_authorize_url = okta_auth.create_oauth_authorize_url(
response_type="code",
state=session["state"],
auth_options={
"response_mode": "form_post",
"prompt": "none",
"scope": "openid profile email",
"sessionToken": authn_json_response["sessionToken"],
})
auth_response["redirectUrl"] = oauth_authorize_url
auth_response["success"] = True
auth_response["status"] = "SUCCESS"
# print("oauth_authorize_url: {0}".format(oauth_authorize_url))
elif "errorSummary" in authn_json_response:
auth_response["errorMessage"] = "Login Unsuccessful: {0}".format(
authn_json_response["errorSummary"])
else:
# pass the message down for further processing like MFA
auth_response = authn_json_response
return auth_response
