def streamingservice_device_validatecode():
logger.debug("streamingservice_device_validatecode()")
url = "https://jl0tn0gk0e.execute-api.us-east-2.amazonaws.com/default/prd-zartan-deviceinformation?user_code=" + request.form["user_code"]
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
if ("device_code" in s3response):
logger.debug("Save Device State")
state = str(uuid.uuid4())
session["device_state"] = state
url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate"
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
body = {
"device_code": s3response['device_code'],
"device_id": s3response['device_id'],
"state": state
}
RestUtil.execute_post(url, body, headers=headers)
response = url_for(
"streamingservice_views_bp.streamingservice_device_register",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]
)
else:
response = "invalid"
return response
def get_oauth_token_from_login(code,
grant_type,
auth_options=None,
headers=None):
logger.debug("OktaAuth.get_oauth_token()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers)
redirect_url = url_for(
"streamingservice_views_bp.streamingservice_callback",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
url = ("{issuer}/v1/token?"
"grant_type={grant_type}&"
"code={code}&"
"redirect_uri={redirect_uri}").format(
issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"],
code=code,
redirect_uri=redirect_url,
grant_type=grant_type)
body = {"authorization_code": code}
if auth_options:
for key in auth_options:
url = "{url}&{key}={value}".format(url=url,
key=key,
value=auth_options[key])
return RestUtil.execute_post(url, body, okta_headers)
def get_oauth_token(self,
code,
grant_type,
auth_options=None,
headers=None):
self.logger.debug("OktaAuth.get_oauth_token()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers)
url = ("{issuer}/v1/token?"
"grant_type={grant_type}&"
"code={code}&"
"redirect_uri={redirect_uri}").format(
issuer=self.okta_config["issuer"],
code=code,
redirect_uri=self.okta_config["redirect_uri"],
grant_type=grant_type)
body = {"authorization_code": code}
if auth_options:
for key in auth_options:
url = "{url}&{key}={value}".format(url=url,
key=key,
value=auth_options[key])
return RestUtil.execute_post(url, body, okta_headers)
def create_idp(self, idp):
self.logger.debug("OktaAdmin.create_idp(idp)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/idps".format(
base_url=self.okta_config["okta_org_name"])
self.logger.debug(idp)
return RestUtil.execute_post(url, idp, okta_headers)
def gbac_idverification_getverificationcode():
logger.debug("gbac_idverification_bp")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
evidenttoken = ""
basicauth = OktaUtil.get_encoded_auth("okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI")
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic {0}".format(basicauth)
}
my_str = user["profile"]["email"]
idx = my_str.index("@")
email = my_str[:idx] + str(time.time()) + my_str[idx:]
body = {
"email": email,
"templateId": "1ce55f4e-7bb2-4907-9643-dc61f1f04f4d"
}
response = RestUtil.execute_post(" https://verify.api.demo.evidentid.com/api/v1/verify/requests", headers=headers, body=body)
evidenttoken = response["userIdentityToken"]
user_data = {"profile": {get_udp_ns_fieldname("evident_id"): response["id"]}}
okta_admin.update_user(user["id"], user_data)
return evidenttoken
def send_mail_via_sendgrid(subject, message, recipients):
Email.logger.debug("send_mail_via_sendgrid()")
logging.debug(recipients)
url = "https://api.sendgrid.com/v3/mail/send"
headers = {
"Authorization":
"Bearer {apikey}".format(
apikey=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sendgrid_api_key"]),
"Content-Type":
"application/json"
}
body = {
"personalizations": [{
"to": [{
"email": recipients[0]['address']
}]
}],
"from": {
"email":
"noreply@{domain}".format(
domain=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sendgrid_from_domain"])
},
"subject": subject,
"content": [{
"type": "text/html",
"value": message
}]
}
return RestUtil.execute_post(url, body, headers=headers)
def send_mail_via_sparkpost(subject, message, recipients):
Email.logger.debug("send_mail_via_sparkpost()")
url = "https://api.sparkpost.com/api/v1/transmissions"
headers = {
"Authorization":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
"Content-Type":
"application/json"
}
body = {
"options": {
"sandbox": False
},
"content": {
"from":
"noreply@{domain}".format(
domain=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_from_domain"]),
"subject":
subject,
"html":
message
},
"recipients": recipients
}
return RestUtil.execute_post(url, body, headers=headers)
def get_oauth_token(self,
code,
grant_type,
auth_options=None,
headers=None):
print("OktaAuth.get_oauth_token()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers)
url = ("{host}/oauth2{auth_server}/v1/token?"
"grant_type={grant_type}&"
"code={code}&"
"redirect_uri={redirect_uri}").format(
host=self.okta_config["org_url"],
auth_server=OktaUtil.get_authserver_id(
self.okta_config["auth_server_id"]),
code=code,
redirect_uri=self.okta_config["redirect_uri"],
grant_type=grant_type)
body = {"authorization_code": code}
if auth_options:
for key in auth_options:
url = "{url}&{key}={value}".format(url=url,
key=key,
value=auth_options[key])
return RestUtil.execute_post(url, body, okta_headers)
def userinfo(self, token, headers=None):
self.logger.debug("OktaAuth.userinfo()")
okta_headers = OktaUtil.get_oauth_okta_bearer_token_headers(headers, token)
# self.logger.debug("okta_headers: {0}".format(okta_headers))
url = "{issuer}/v1/userinfo".format(issuer=self.okta_config["issuer"])
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def get_udp_oauth_access_token(udp_config):
logger.debug("get_app_vertical()")
results = None
udp_issuer = udp_config["issuer"]
udp_token_endpoint = "{issuer}/v1/token".format(issuer=udp_issuer)
udp_oauth_client_id = udp_config["client_id"]
udp_oauth_client_secret = udp_config["client_secret"]
basic_auth_encoded = OktaUtil.get_encoded_auth(udp_oauth_client_id,
udp_oauth_client_secret)
oauth2_headers = {
"Accept": "application/json",
"Content-Type": "application/x-www-form-urlencoded",
"Authorization": "Basic {0}".format(basic_auth_encoded)
}
# logger.debug(oauth2_headers)
url = "{0}?grant_type=client_credentials&scope=secrets:read".format(
udp_token_endpoint)
responseData = RestUtil.execute_post(url, headers=oauth2_headers)
# logger.debug(responseData)
if "access_token" in responseData:
results = responseData["access_token"]
else:
logger.warning(
"Failed to get UDP Service OAuth token: {message}".format(
message=responseData))
return results
def upload_idp_certificate(self, idp_cert):
self.logger.debug("OktaAdmin.upload_idp_certificate(idp_cert)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/idps/credentials/keys".format(
base_url=self.okta_config["okta_org_name"])
return RestUtil.execute_post(url, idp_cert, okta_headers)
def deactivate_idp(self, idp_id):
self.logger.debug("OktaAdmin.deactivate_idp(idp_id)")
# self.logger.debug("User profile: {0}".format(json.dumps(user)))
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/idps/{idp_id}/lifecycle/deactivate".format(
base_url=self.okta_config["okta_org_name"], idp_id=idp_id)
return RestUtil.execute_post(url, {}, okta_headers)
def create_user(self, user, activate_user=False):
print("OktaAdmin.create_user(user)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users?activate={activate_user}".format(
base_url=self.okta_config["okta_org_name"],
activate_user=activate_user)
return RestUtil.execute_post(url, user, okta_headers)
def update_user(self, user_id, user):
self.logger.debug("OktaAdmin.update_user()")
# self.logger.debug("User profile: {0}".format(json.dumps(user)))
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users/{user_id}".format(
base_url=self.okta_config["okta_org_name"], user_id=user_id)
return RestUtil.execute_post(url, user, okta_headers)
def reset_password_for_user(self, user_id):
self.logger.debug("OktaAdmin.unsuspend_user(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users/{user_id}/lifecycle/reset_password".format(
base_url=self.okta_config["okta_org_name"], user_id=user_id)
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def activate_push(self, factor_id, state_token, headers=None):
self.logger.debug("activate_push()")
okta_headers = OktaUtil.get_default_okta_headers(headers)
url = "{0}/api/v1/authn/factors/{1}/lifecycle/activate".format(
self.okta_config["okta_org_name"], factor_id)
body = {"stateToken": state_token}
return RestUtil.execute_post(url, body, okta_headers)
def poll_for_push(self, factor_id, state_token, headers=None):
print("poll_for_push()")
okta_headers = OktaUtil.get_default_okta_headers(headers)
url = "{0}/api/v1/authn/factors/{1}/verify".format(
self.okta_config["okta_org_name"], factor_id)
body = {"stateToken": state_token}
return RestUtil.execute_post(url, body, okta_headers)
def enroll_totp(self, user_id, factor_type, provider, headers=None):
self.logger.debug("enroll_totp()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{0}/api/v1/users/{1}/factors".format(
self.okta_config["okta_org_name"], user_id)
body = {"factorType": factor_type, "provider": provider}
return RestUtil.execute_post(url, body, okta_headers)
def get_transaction_state(self, token, headers=None):
self.logger.debug("OktaAuth.authenticate_with_activation_token()")
url = "{host}/api/v1/authn".format(
host=self.okta_config["okta_org_name"])
okta_headers = OktaUtil.get_default_okta_headers(self.okta_config)
body = {"stateToken": token}
return RestUtil.execute_post(url, body, okta_headers)
def resend_push(self, user_id, factor_id, headers=None):
self.logger.debug("resend_push()")
okta_headers = OktaUtil.get_default_okta_headers(headers)
url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate".format(
self.okta_config["okta_org_name"], user_id, factor_id)
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def poll_for_enrollment_push(self, user_id, factor_id, headers=None):
self.logger.debug("poll_for_enrollment_push()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate/poll".format(
self.okta_config["okta_org_name"], user_id, factor_id)
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def activate_totp(self, factor_id, state_token, pass_code, headers=None):
print("enroll_totp()")
okta_headers = OktaUtil.get_default_okta_headers(headers)
url = "{0}/api/v1/authn/factors/{1}/lifecycle/activate".format(
self.okta_config["okta_org_name"], factor_id)
body = {"stateToken": state_token, "passCode": pass_code}
return RestUtil.execute_post(url, body, okta_headers)
def authenticate_with_activation_token(self, token, headers=None):
print("OktaAuth.authenticate_with_activation_token()")
url = "{host}/api/v1/authn".format(
host=self.okta_config["okta_org_name"])
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
body = {"token": token}
return RestUtil.execute_post(url, body, okta_headers)
def activate_totp(self, user_id, factor_id, pass_code, headers=None):
self.logger.debug("verify_totp()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{0}/api/v1/users/{1}/factors/{2}/lifecycle/activate".format(
self.okta_config["okta_org_name"], user_id, factor_id)
body = {"passCode": pass_code}
return RestUtil.execute_post(url, body, okta_headers)
def reset_password_with_state_token(self, token, password, headers=None):
self.logger.debug("OktaAuth.reset_password_with_state_token()")
url = "{host}/api/v1/authn/credentials/reset_password".format(
host=self.okta_config["okta_org_name"])
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
body = {"stateToken": token, "newPassword": password}
return RestUtil.execute_post(url, body, okta_headers)
def introspect_mfa(self, token, client_id):
self.logger.debug("OktaAuth.introspect_mfa()")
okta_headers = OktaUtil.get_introspect_mfa_okta_headers()
url = "{baseurl}/oauth2/v1/introspect".format(
baseurl=self.okta_config["okta_org_name"])
body = "&token={token}&client_id={client_id}&token_type_hint=id_token".format(
token=token, client_id=client_id)
return RestUtil.execute_post(url=url, body=body, headers=okta_headers)
def verify_answer(self, factor_id, state_token, answer, headers=None):
self.logger.debug("verify_answer()")
okta_headers = OktaUtil.get_default_okta_headers(headers)
url = "{0}/api/v1/authn/factors/{1}/verify".format(
self.okta_config["okta_org_name"], factor_id)
body = {"stateToken": state_token, "answer": answer}
return RestUtil.execute_post(url, body, okta_headers)
def introspect(self, token, headers=None):
self.logger.debug("OktaAuth.introspect()")
okta_headers = OktaUtil.get_oauth_okta_headers(headers, self.okta_config["client_id"], self.okta_config["client_secret"])
url = "{issuer}/v1/introspect?token={token}".format(
issuer=self.okta_config["issuer"],
token=token)
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def userinfo(self, token, headers=None):
print("OktaAuth.userinfo()")
okta_headers = OktaUtil.get_oauth_okta_bearer_token_headers(
headers, token)
url = "{issuer}/v1/userinfo?token={token}".format(
issuer=self.okta_config["issuer"], token=token)
body = {}
return RestUtil.execute_post(url, body, okta_headers)
def activate_user(self, user_id, send_email=True):
self.logger.debug("OktaAdmin.activate_user(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users/{user_id}/lifecycle/activate/?sendEmail={send_email}".format(
base_url=self.okta_config["okta_org_name"],
user_id=user_id,
send_email=str(send_email).lower())
body = {}
return RestUtil.execute_post(url, body, okta_headers)
