def ecommerce_approvals_post(): logger.debug("workflow_approvals()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if request.form.get("action") == "reject": req = request.form.get("action_value") req = req.replace("\'", "\"") req = json.loads(req) user_id = req["user_id"] group_id = req["group_id"] user_wf = okta_admin.get_user(user_id) grps = user_wf["profile"][get_udp_ns_fieldname("access_requests")] grps.remove(group_id) # Remove user attribute organization ( as the request has been rejected) user_data = { "profile": { get_udp_ns_fieldname("access_requests"): grps } } okta_admin.update_user(user_id=user_id, user=user_data) if request.form.get("action") == "approve": req = request.form.get("action_value") req = req.replace("\'", "\"") req = json.loads(req) user_id = req["user_id"] group_id = req["group_id"] # Assign user to group okta_admin.assign_user_to_group(group_id, user_id) user_wf = okta_admin.get_user(user_id) grps = user_wf["profile"][get_udp_ns_fieldname("access_requests")] grps.remove(group_id) # Remove user attribute organization ( as the request has been rejected) user_data = { "profile": { get_udp_ns_fieldname("access_requests"): grps } } okta_admin.update_user(user_id=user_id, user=user_data) return redirect( url_for("ecommerce_views_bp.ecommerce_approvals_get", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]))
def credit_getmorecredit(app_id): logger.debug("credit_getmorecredit()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) app_info = okta_admin.get_applications_by_id(app_id) group_info = okta_admin.get_application_groups(app_id) group_id = group_info[0]["id"] user_id = user["id"] okta_admin.assign_user_to_group(group_id, user_id) app_url = app_info["settings"]["oauthClient"]["initiate_login_uri"] return redirect(app_url)
def gbac_registration_state_post(user_id): logger.debug("gbac_registration_state_post()") logger.debug(request.form.get('password')) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_data = okta_admin.get_user(user_id) if "errorCode" in user_data: logger.error("user_data: {0}".format(user_data)) return render_template("/registration-state.html", userid=user_id, templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_data['errorSummary']) user_data["credentials"] = { "password": { "value": request.form.get('password') }, "recovery_question": { "question": "Company Name, its Okta.", "answer": "Okta" } } logger.debug(user_data) user_update_response = okta_admin.update_user(user_id=user_data["id"], user=user_data) logger.debug(user_update_response) if "errorCode" in user_update_response: return render_template( "/registration-state.html", userid=user_data["id"], templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_update_response['errorCauses'][0]['errorSummary']) nresponse = okta_admin.activate_user(user_data["id"], send_email=False) logger.debug(nresponse) group_info = okta_admin.get_application_groups( session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"]) group_id = group_info[0]["id"] okta_admin.assign_user_to_group(group_id, user_data["id"]) message = "Registration Complete! Please Login Now!" return redirect( url_for("gbac_bp.gbac_login", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=message))
def gbac_user_create(): logger.debug("gbac_user_create") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) first_name = request.form.get('firstname') last_name = request.form.get('lastname') email = request.form.get('email') login = request.form.get('email') mobile_phone = request.form.get('phonenumber') parent_id = request.form.get('parent_id') linked_name = request.form.get('linked_name') user_data = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "login": login, "mobilePhone": mobile_phone } } group_id = request.form.get('group_id') user_create_response = okta_admin.create_user(user_data, True) if "errorCode" not in user_create_response: logging.debug(group_id) if group_id == "None": # do nothing msg = "User {0} {1} was Created".format(first_name, last_name) else: user_group_response = okta_admin.assign_user_to_group( group_id, user_create_response['id']) if "errorCode" not in user_group_response: msg = "User {0} {1} was Created".format(first_name, last_name) else: msg = "Error During Create - " + str( user_group_response["errorCauses"][0]["errorSummary"]) else: msg = "Error During Create - " + str( user_create_response["errorCauses"][0]["errorSummary"]) if not parent_id == "None": logger.debug("ParentID Found") okta_admin.create_linked_users(user_create_response['id'], parent_id, linked_name) return redirect( url_for( "gbac_lo_bp.gbac_linkedobjects", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=msg)) return redirect( url_for("gbac_manageusers_bp.gbac_users", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=msg))
def create_login_response(user_name, password, session): print("create_login_response()") auth_response = {"success": False} okta_auth = OktaAuth(session) okta_admin = OktaAdmin(session) # print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True))) authn_json_response = okta_auth.authenticate( username=session["login_id_prefix"] + user_name, password=password, headers=request.headers) # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True))) if "sessionToken" in authn_json_response: # Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient # Look up if user is in this app/subdomain # TODO: Clean this up to use Terraform setting or Group Rule user_id = authn_json_response["_embedded"]["user"]["id"] #print("user_id: {0}".format(user_id)) # Look up Patient group for this app/subdomain patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"], session["demo_app_name"]) print("patient_group_name: {0}".format(patient_group_name)) patient_groups = okta_admin.get_groups_by_name(patient_group_name) has_patient_group = False if len(patient_groups) != 0: patient_group = okta_admin.get_groups_by_name( patient_group_name)[0] #print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True))) user_groups = okta_admin.get_user_groups(user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) for group in user_groups: if patient_group["id"] == group["id"]: has_patient_group = True break if not has_patient_group: # Assign User to group group_assignment_response = okta_admin.assign_user_to_group( patient_group["id"], user_id) #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True))) session["state"] = str(uuid.uuid4()) oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["state"], auth_options={ "response_mode": "form_post", "prompt": "none", "scope": "openid profile email", "sessionToken": authn_json_response["sessionToken"], }) auth_response["redirectUrl"] = oauth_authorize_url auth_response["success"] = True auth_response["status"] = "SUCCESS" # print("oauth_authorize_url: {0}".format(oauth_authorize_url)) elif "errorSummary" in authn_json_response: auth_response["errorMessage"] = "Login Unsuccessful: {0}".format( authn_json_response["errorSummary"]) else: # pass the message down for further processing like MFA auth_response = authn_json_response return auth_response