Exemple #1
0
def get_oauth_authorize_url(okta_session_token=None, prompt=None):
    logger.debug("get_oauth_authorize_url()")
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    auth_options = {
        "response_mode": "form_post",
        "scope": "openid profile email"
    }

    if prompt is not None:
        auth_options["prompt"] = prompt

    if "state" not in session:
        session["oidc_state"] = str(uuid.uuid4())
    else:
        session["oidc_state"] = session["state"]

    if okta_session_token:
        auth_options["sessionToken"] = okta_session_token

    oauth_authorize_url = okta_auth.create_oauth_authorize_url(
        response_type="code",
        state=session["oidc_state"],
        auth_options=auth_options)

    return oauth_authorize_url
Exemple #2
0
def profile_bp():
    logger.debug("profile_bp_profile()")
    if request.args.get('refreshtoken') == 'true':
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

        auth_options = {
            "response_mode": "form_post",
            "prompt": "none",
            "scope": "openid profile email"
        }

        session["oidc_state"] = str(uuid.uuid4())
        session[FROM_URI_KEY] = request.url.replace(
            "http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY]
                                       ["app_scheme"])) + "profile"

        oauth_authorize_url = okta_auth.create_oauth_authorize_url(
            response_type="code",
            state=session["oidc_state"],
            auth_options=auth_options)

        return redirect(oauth_authorize_url)
    else:

        return render_template(
            "/profile.html",
            templatename=get_app_vertical(),
            id_token=TokenUtil.get_id_token(request.cookies),
            access_token=TokenUtil.get_access_token(request.cookies),
            user_info=get_userinfo(),
            config=session[SESSION_INSTANCE_SETTINGS_KEY])
Exemple #3
0
def get_oauth_authorize_url(okta_session_token=None):
    print("get_oauth_authorize_url()")
    okta_auth = OktaAuth(session)

    auth_options = {
        "response_mode": "form_post",
        "prompt": "none",
        "scope": "openid profile email"
    }

    if "state" not in session:
        session["state"] = str(uuid.uuid4())

    if okta_session_token:
        auth_options["sessionToken"] = okta_session_token

    oauth_authorize_url = okta_auth.create_oauth_authorize_url(
        response_type="code",
        state=session["state"],
        auth_options=auth_options)

    return oauth_authorize_url
Exemple #4
0
def login():
    """ Handle either full form post redirect or a json response with redirect url """
    print("login()")
    auth_response = {"success": False}
    login_form_data = request.get_json()
    okta_auth = OktaAuth(okta_config)

    #  print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True)))
    authn_json_response = okta_auth.authenticate(
        username=login_form_data["username"],
        password=login_form_data["password"],
        headers=request.headers)

    #  print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True)))

    if "sessionToken" in authn_json_response:
        session["state"] = str(uuid.uuid4())
        oauth_authorize_url = okta_auth.create_oauth_authorize_url(
            response_type="code",
            state=session["state"],
            auth_options={
                "response_mode": "form_post",
                "prompt": "none",
                "scope": "openid",
                "sessionToken": authn_json_response["sessionToken"],
            })

        auth_response["redirectUrl"] = oauth_authorize_url
        auth_response["success"] = True

        #  return make_response(redirect(oauth_authorize_url))
    else:
        auth_response["errorMessage"] = "Login Unsuccessful: {0}".format(
            authn_json_response["errorSummary"])

    return json.dumps(auth_response)
Exemple #5
0
def create_login_response(user_name, password, session):
    print("create_login_response()")
    auth_response = {"success": False}
    okta_auth = OktaAuth(session)
    okta_admin = OktaAdmin(session)

    #  print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True)))
    authn_json_response = okta_auth.authenticate(
        username=session["login_id_prefix"] + user_name,
        password=password,
        headers=request.headers)

    # print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True)))
    if "sessionToken" in authn_json_response:

        # Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient
        # Look up if user is in  this app/subdomain
        # TODO: Clean this up to use Terraform setting or Group Rule
        user_id = authn_json_response["_embedded"]["user"]["id"]
        #print("user_id: {0}".format(user_id))
        # Look up Patient group for this app/subdomain
        patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"],
                                                      session["demo_app_name"])
        print("patient_group_name: {0}".format(patient_group_name))
        patient_groups = okta_admin.get_groups_by_name(patient_group_name)
        has_patient_group = False

        if len(patient_groups) != 0:
            patient_group = okta_admin.get_groups_by_name(
                patient_group_name)[0]
            #print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True)))

            user_groups = okta_admin.get_user_groups(user_id)
            #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))

            for group in user_groups:
                if patient_group["id"] == group["id"]:
                    has_patient_group = True
                    break

        if not has_patient_group:
            # Assign User to group
            group_assignment_response = okta_admin.assign_user_to_group(
                patient_group["id"], user_id)
            #print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))

        session["state"] = str(uuid.uuid4())
        oauth_authorize_url = okta_auth.create_oauth_authorize_url(
            response_type="code",
            state=session["state"],
            auth_options={
                "response_mode": "form_post",
                "prompt": "none",
                "scope": "openid profile email",
                "sessionToken": authn_json_response["sessionToken"],
            })

        auth_response["redirectUrl"] = oauth_authorize_url
        auth_response["success"] = True
        auth_response["status"] = "SUCCESS"

        #  print("oauth_authorize_url: {0}".format(oauth_authorize_url))
    elif "errorSummary" in authn_json_response:
        auth_response["errorMessage"] = "Login Unsuccessful: {0}".format(
            authn_json_response["errorSummary"])
    else:
        # pass the message down for further processing like MFA
        auth_response = authn_json_response

    return auth_response