def ecommerce_approvals_get(): logger.debug("workflow_approvals()") workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_groups = okta_admin.get_user_groups(user["id"]) user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname("access_requests")]: group_get_response = okta_admin.get_group(id=grp) logging.debug(group_get_response) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } for clist in user_groups: if grp == clist['id']: workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_registration_completion_get(): logger.debug("dealer_registration_completion()") return render_template( "{0}/registration-completion.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_myapps_get(): logger.debug("dealer_myapps_get()") CONFIG_GROUP_LOCATION_STARTSWITH = "{0}_".format(get_udp_ns_fieldname(CONFIG_LOCATION)) user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] location = "" # Find the groups the user belongs to and find the description of the _LOC_* group get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) for item in get_user_groups_response: if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH): location = item["profile"]["description"] get_apps_response = okta_admin.get_applications_by_user_id(user_id) return render_template( "{0}/myapps.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], location=location, apps=get_apps_response, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_main(): logger.debug("gbac_main()") return render_template( "{0}/index.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], state=str(uuid.uuid4()))
def dealer_registration_get(): logger.debug("dealer_registration()") CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR) CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) setup_options = { "type_users": [], "dealerships": [], "type_user_selected": request.form.get('role'), "dealership_selected": request.form.get('location') } user_data = { "profile": { "firstName": "", "lastName": "", "email": "", "login": "", "mobilePhone": "" } } try: # Prepopulate choice for setup # Get Group group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR) for i in group_get_response: setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]}) group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH) for i in group_get_response: setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]}) # On a GET display the registration page with the defaults return render_template( "{0}/registration.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], user_data=user_data, setup_options=setup_options, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) except Exception as e: return render_template( "{0}/registration.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=e, user_data=user_data, setup_options=setup_options, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_registration_completion(): logger.debug("ecommerce_registration_completion()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_create_response = None user_data = {"profile": {}} logger.debug(user_data) logger.debug(request.form.get('guestUserId')) guestUserID = request.form.get('guestUserId') if guestUserID: user_data = okta_admin.get_user(request.form.get('guestUserId')) user_data["profile"]["email"] = request.form.get('email') user_data["profile"]["login"] = request.form.get('email') user_data["profile"]["firstName"] = "Guest" user_data["profile"]["lastName"] = "User" if "id" in user_data: user_create_response = okta_admin.update_user(user_id=user_data["id"], user=user_data) else: user_create_response = okta_admin.create_user(user=user_data, activate_user='******') logger.debug(user_create_response) if "id" not in user_create_response: error_message = "Failed to get a valid response from Okta Create User: user_data:{0} user_create_response:{1}".format( user_data, user_create_response) logger.error(error_message) return render_template("/error.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error_message=error_message) activation_link = "" if request.form.get('noemail').lower() == 'true': logger.debug("no email will be sent") activation_link = url_for( "gbac_registration_bp.gbac_registration_state_get", stateToken=user_create_response["id"], _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: logger.debug("email sent") ecommerce_email_registration( recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template( "ecommerce/registration-completion.html", email=request.form.get('email'), activationlink=activation_link, noemail=request.form.get('noemail').lower(), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def sample_profile(): logger.debug("sample_profile()") return render_template("{0}/profile.html".format(get_app_vertical()), templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def b2b_requests_get(): logger.debug("b2bworkflow_requests_get()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] if get_udp_ns_fieldname("access_requests") in user["profile"]: pendingRequest = user["profile"][get_udp_ns_fieldname( "access_requests")] else: pendingRequest = [] # On a GET display the registration page with the defaults applist = [] list_group_full = [] # Find the groups the user belongs to get_user_groups_response = okta_admin.get_user_groups(user_id=user_id) CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b") for item in get_user_groups_response: logging.debug(item) if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): group_id = "{id}".format(id=item["id"]) applist.append(item["profile"]["name"].replace( CONFIG_GROUP_B2B_STARTSWITH, "")) logging.debug(applist) get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname("")) for item in get_groups: if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH): if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH, "") not in applist: logging.debug(item["profile"]["name"]) group_id = "{id}".format(id=item["id"]) list_group_full.append({ "id": item["id"], "name": item["profile"]["name"], "description": item["profile"]["description"], "status": "Pending" if group_id in pendingRequest else "Not Requested" }) return render_template( "{0}/workflow-requests.html".format(get_app_vertical()), templatename=get_app_vertical(), user_info=user_info, workflow_list=list_group_full, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_registration_completion(): logger.debug("gbac_registration_completion()") user_data = { "profile": { "firstName": request.form.get('firstname'), "lastName": request.form.get('lastname'), "email": request.form.get('email'), "login": request.form.get('email'), "primaryPhone": request.form.get('phone'), "mobilePhone": request.form.get('phone') } } logger.debug(user_data) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_create_response = okta_admin.create_user(user=user_data, activate_user='******') logger.debug(user_create_response) if "id" not in user_create_response: error_message = "Failed to get a valid response from Okta Create User: user_data:{0} user_create_response:{1}".format(user_data, user_create_response) logger.error(error_message) return render_template( "/error.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error_message=error_message) activation_link = "" if request.form.get('noemail').lower() == 'true': logger.debug("no email will be sent") activation_link = url_for( "gbac_registration_bp.gbac_registration_state_get", stateToken=user_create_response["id"], _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: logger.debug("email sent") emailRegistration( recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template( "/registration-completion.html", email=request.form.get('email'), activationlink=activation_link, noemail=request.form.get('noemail').lower(), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_registration_state_post(user_id): logger.debug("gbac_registration_state_post()") logger.debug(request.form.get('password')) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_data = okta_admin.get_user(user_id) if "errorCode" in user_data: logger.error("user_data: {0}".format(user_data)) return render_template("/registration-state.html", userid=user_id, templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_data['errorSummary']) user_data["credentials"] = { "password": { "value": request.form.get('password') }, "recovery_question": { "question": "Company Name, its Okta.", "answer": "Okta" } } logger.debug(user_data) user_update_response = okta_admin.update_user(user_id=user_data["id"], user=user_data) logger.debug(user_update_response) if "errorCode" in user_update_response: return render_template( "/registration-state.html", userid=user_data["id"], templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_update_response['errorCauses'][0]['errorSummary']) nresponse = okta_admin.activate_user(user_data["id"], send_email=False) logger.debug(nresponse) group_info = okta_admin.get_application_groups( session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"]) group_id = group_info[0]["id"] okta_admin.assign_user_to_group(group_id, user_data["id"]) message = "Registration Complete! Please Login Now!" return redirect( url_for("gbac_bp.gbac_login", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message=message))
def dealer_registration_state_get(stateToken): logger.debug("dealer_registration_state_get()") user_id = stateToken okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_activate_response = okta_admin.activate_user(user_id, send_email=False) if "errorCode" in user_activate_response: return render_template( "{0}/registration-state.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error=user_activate_response) return render_template( "{0}/registration-state.html".format(get_app_vertical()), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def b2b_profile(): logger.debug("b2b_profile()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) app_info = okta_admin.get_applications_by_user_id(user["id"]) return render_template("{0}/profile.html".format(get_app_vertical()), templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], applist=app_info)
def gbac_apps_createAPI(): logger.debug("gbac_apps_createAPI()") return render_template("/manageapiscreateupdate.html", templatename=get_app_vertical(), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def findusername_bp(): logger.debug("findusername") return render_template( "/findusername.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gvalidation_bp_error(error_message=""): logger.debug("gvalidation_bp_error()") return render_template("/error.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], error_message=Markup(error_message))
def profile_bp(): logger.debug("profile_bp_profile()") if request.args.get('refreshtoken') == 'true': okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) auth_options = { "response_mode": "form_post", "prompt": "none", "scope": "openid profile email" } session["oidc_state"] = str(uuid.uuid4()) session[FROM_URI_KEY] = request.url.replace( "http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY] ["app_scheme"])) + "profile" oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["oidc_state"], auth_options=auth_options) return redirect(oauth_authorize_url) else: return render_template( "/profile.html", templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def gbac_registration_completion(): logger.debug("gbac_registration_completion()") user_data = { "profile": { "firstName": request.form.get('firstname'), "lastName": request.form.get('lastname'), "email": request.form.get('email'), "login": request.form.get('email'), "primaryPhone": request.form.get('phone'), "mobilePhone": request.form.get('phone') } } logger.debug(user_data) okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_create_response = okta_admin.create_user(user=user_data, activate_user='******') logger.debug(user_create_response) emailRegistration(recipient={"address": request.form.get('email')}, token=user_create_response["id"]) return render_template("/registration-completion.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def ecommerce_credit(): logger.debug("ecommerce_credit()") return render_template("ecommerce/credit.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], user_info=get_userinfo(), _scheme="https")
def ecommerce_registration(): logger.debug("ecommerce_registration()") return render_template( "ecommerce/pp_registration.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def developer_manage_api(): logger.debug("developer_manage_apps()") return render_template("/developer/manage_apps.html", templatename=get_app_vertical(), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def registration_bp(): logger.debug("Registration") return render_template( "/registration.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def workflow_approvals_get(): logger.debug("workflow_approvals()") CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN) workflow_list = [] user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) user_id = user["id"] # On a GET display the registration page with the defaults admin_groups = okta_admin.get_user_groups(user_id) admin_group_id = "" # Must be an admin for item in admin_groups: if item["profile"]["name"] == CONFIG_GROUP_ADMIN: admin_group_id = item["id"] if admin_group_id: # access_requests attribute contains workflow request # 'profile.access_requests eq pr" user_get_response = okta_admin.get_user_list_by_search( 'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests"))) for list in user_get_response: for grp in list["profile"][get_udp_ns_fieldname( "access_requests")]: group_get_response = okta_admin.get_group(id=grp) var = { "requestor": list["profile"]["login"], "request": group_get_response["profile"]["description"], "usr_grp": { "user_id": list["id"], "group_id": grp } } workflow_list.append(var) return render_template( "{0}/workflow-approvals.html".format(get_app_vertical()), templatename=get_app_vertical(), workflow_list=workflow_list, user_info=user_info, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]) else: return "ERROR: Unauthorized", 401
def gbac_registration_state_get(stateToken): logger.debug("gbac_registration_state_get()") user_id = stateToken return render_template("/registration-state.html", templatename=get_app_vertical(), userid=user_id, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def gbac_main(): logger.debug("gbac_main()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) appurl = "" if session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_loginmethod"] == "custom-widget": apps = okta_admin.get_applications_all() for app in apps: if app["id"] == session[SESSION_INSTANCE_SETTINGS_KEY][ "client_id"]: appurl = app["_links"]["appLinks"][0]["href"] return render_template("{0}/index.html".format(get_app_vertical()), templatename=get_app_vertical(), appurl=appurl, user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], state=str(uuid.uuid4()))
def ecommerce_shop(): logger.debug("ecommerce_shop()") products = requests.get(url=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_ecomm_products"]) return render_template( "ecommerce/shop.html", templatename=get_app_vertical(), products=products.json(), config=session[SESSION_INSTANCE_SETTINGS_KEY], user_info=get_userinfo(), _scheme="https")
def gbac_create_update_page(): logger.debug("gbac_create_update_page") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_id = request.args.get('user_id') user_info2 = okta_admin.get_user(user_id) return render_template("/manageusercreateupdate.html", templatename=get_app_vertical(), user_info=get_userinfo(), user_info2=user_info2, config=session[SESSION_INSTANCE_SETTINGS_KEY])
def developer_profile(): logger.debug("developer_profile()") return render_template( "developer/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), templatename=get_app_vertical(), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_shop(): logger.debug("ecommerce_shop()") products = requests.get( url="https://dz-static-test.s3.amazonaws.com/dell.json") return render_template("ecommerce/shop.html", templatename=get_app_vertical(), products=products.json(), config=session[SESSION_INSTANCE_SETTINGS_KEY], user_info=get_userinfo(), _scheme="https")
def gbac_userapps_mfa(): logger.debug("gbac_userapps_mfa()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) app_info = okta_admin.get_applications_by_user_id(user["id"]) return render_template("/userapps.html", user_info=get_userinfo(), templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], applist=app_info)
def gbac_stepupauth_mfa(): logger.debug("gbac_stepupauth_mfa()") idtoken = request.form['id_token'] okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) test_token = okta_auth.introspect_mfa( idtoken, session[SESSION_INSTANCE_SETTINGS_KEY]["settings"] ["app_stepup_auth_clientid"]) return render_template("/mfa.html", templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY], idtoken=idtoken, test_token=test_token)