def dealer_registration_get():
logger.debug("dealer_registration()")
CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR)
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
setup_options = {
"type_users": [],
"dealerships": [],
"type_user_selected": request.form.get('role'),
"dealership_selected": request.form.get('location')
}
user_data = {
"profile": {
"firstName": "",
"lastName": "",
"email": "",
"login": "",
"mobilePhone": ""
}
}
try:
# Prepopulate choice for setup
# Get Group
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH)
for i in group_get_response:
setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]})
# On a GET display the registration page with the defaults
return render_template(
"{0}/registration.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_data=user_data,
setup_options=setup_options,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
except Exception as e:
return render_template(
"{0}/registration.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=e,
user_data=user_data,
setup_options=setup_options,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def decorated_function(*args, **kws):
logger.debug("check_okta_api_token()")
response = None
if not is_apitoken_valid():
okta_api_token = session[SESSION_INSTANCE_SETTINGS_KEY][
"okta_api_token"]
logger.debug("okta_api_token: {0}".format(okta_api_token))
if okta_api_token:
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
groups = okta_admin.get_groups_by_name("Everyone")
if "errorSummary" in groups:
if "Invalid token provided" == groups["errorSummary"]:
response = gvalidation_bp_error(
"Okta API Token is invalid!")
else:
session[SESSION_IS_APITOKEN_VALID_KEY] = True
else:
response = gvalidation_bp_error("Okta API Token is not set!")
if response:
return response
return f(*args, **kws)
def b2b_requests_get():
logger.debug("b2bworkflow_requests_get()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname(
"access_requests")]
else:
pendingRequest = []
# On a GET display the registration page with the defaults
applist = []
list_group_full = []
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b")
for item in get_user_groups_response:
logging.debug(item)
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
group_id = "{id}".format(id=item["id"])
applist.append(item["profile"]["name"].replace(
CONFIG_GROUP_B2B_STARTSWITH, ""))
logging.debug(applist)
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH,
"") not in applist:
logging.debug(item["profile"]["name"])
group_id = "{id}".format(id=item["id"])
list_group_full.append({
"id":
item["id"],
"name":
item["profile"]["name"],
"description":
item["profile"]["description"],
"status":
"Pending"
if group_id in pendingRequest else "Not Requested"
})
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=list_group_full,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_get_group_by_name(group_name):
logger.debug("gbac_get_group_by_name()")
user_group = None
if group_name:
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_groups = okta_admin.get_groups_by_name(group_name)
if len(user_groups) > 0:
# just grab the first one... there should only be one match for now
logger.debug(user_groups)
user_group = user_groups[0]
return user_group
def get_travel_agency_group_by_name(travel_agency_group_name):
print("get_travel_agency_group_by_name()")
user_group = None
if travel_agency_group_name:
okta_admin = OktaAdmin(default_settings)
user_groups = okta_admin.get_groups_by_name(travel_agency_group_name)
# print("user_groups: {0}".format(user_groups))
if len(user_groups) > 0:
# just grab the first one... there should only be one match for now
user_group = user_groups[0]
# Decorated group info
travel_agency_data = user_group["profile"]["description"].split("||")
user_group["profile"]["description_label"] = travel_agency_data[0]
user_group["profile"]["description_url"] = travel_agency_data[1]
return user_group
def admin_usersadvanced():
logger.debug("admin_usersadvanced()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_groups = okta_admin.get_groups_by_name("everyone")
if len(user_groups) > 0:
# just grab the first one... there should only be one match for now
logger.debug(user_groups)
user_group = user_groups[0]
group_id = user_group["id"]
group_user_list = okta_admin.get_user_list_by_group_id(group_id)
return render_template("/admin/users_advanced.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
userlist=group_user_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_group=user_group)
def emailAllMembersOfGroup(self, group_name, subject, message):
logger.debug("emailAllMembersOfGroup()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
# Find the Admin Group
group_list = okta_admin.get_groups_by_name(group_name)
for group in group_list:
if group["profile"]["name"] == group_name:
group_id = group["id"]
# Find All members that will be notified
recipients = []
user_list = okta_admin.get_user_list_by_group_id(group_id)
for user in user_list:
recipients.append({"address": user["profile"]["email"]})
if recipients:
email_send = Email.send_mail(subject=subject, message=message, recipients=recipients)
return email_send
def ecommerce_requests_get():
logger.debug("workflow_requests_get()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname(
"access_requests")]
else:
pendingRequest = []
workflow_list = []
# On a GET display the registration page with the defaults
list_group_user = []
list_group_full = []
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
CONFIG_GROUP_EMPLOYEE_STARTSWITH = get_udp_ns_fieldname("employee")
CONFIG_GROUP_BUYER_STARTSWITH = get_udp_ns_fieldname("buyer")
print(CONFIG_GROUP_BUYER_STARTSWITH)
companylist = []
buyerlist = []
for item in get_user_groups_response:
if item["profile"]["name"].startswith(
CONFIG_GROUP_EMPLOYEE_STARTSWITH):
group_id = "{id}".format(id=item["id"])
companylist.append(item["profile"]["name"].replace(
CONFIG_GROUP_EMPLOYEE_STARTSWITH, ""))
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_BUYER_STARTSWITH):
group_id = "{id}".format(id=item["id"])
buyerlist.append(item["profile"]["name"].replace(
CONFIG_GROUP_BUYER_STARTSWITH, ""))
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH,
"") in companylist:
if item["profile"]["name"].replace(CONFIG_GROUP_BUYER_STARTSWITH,
"") not in buyerlist:
group_id = "{id}".format(id=item["id"])
list_group_full.append({
"id":
item["id"],
"name":
item["profile"]["name"],
"description":
item["profile"]["description"],
"status":
"Pending"
if group_id in pendingRequest else "Not Requested"
})
# Populate the workflow list with groups that the user is absent in
set_list1 = set(tuple(sorted(d.items())) for d in list_group_full)
set_list2 = set(tuple(sorted(d.items())) for d in list_group_user)
set_difference = set_list1 - set_list2
for tuple_element in set_difference:
workflow_list = list_group_full
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=workflow_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def create_login_response(user_name, password, session):
print("create_login_response()")
auth_response = {"success": False}
okta_auth = OktaAuth(session)
okta_admin = OktaAdmin(session)
# print("login_form_data: {0}".format(json.dumps(login_form_data, indent=4, sort_keys=True)))
authn_json_response = okta_auth.authenticate(
username=session["login_id_prefix"] + user_name,
password=password,
headers=request.headers)
# print("authn_json_response: {0}".format(json.dumps(authn_json_response, indent=4, sort_keys=True)))
if "sessionToken" in authn_json_response:
# Added to fix issue where users pre exsist but are not assigned to the patient portal app as a patient
# Look up if user is in this app/subdomain
# TODO: Clean this up to use Terraform setting or Group Rule
user_id = authn_json_response["_embedded"]["user"]["id"]
#print("user_id: {0}".format(user_id))
# Look up Patient group for this app/subdomain
patient_group_name = "{0}_{1}_patient".format(session["udp_subdomain"],
session["demo_app_name"])
print("patient_group_name: {0}".format(patient_group_name))
patient_groups = okta_admin.get_groups_by_name(patient_group_name)
has_patient_group = False
if len(patient_groups) != 0:
patient_group = okta_admin.get_groups_by_name(
patient_group_name)[0]
#print("patient_group: {0}".format(json.dumps(patient_group, indent=4, sort_keys=True)))
user_groups = okta_admin.get_user_groups(user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
for group in user_groups:
if patient_group["id"] == group["id"]:
has_patient_group = True
break
if not has_patient_group:
# Assign User to group
group_assignment_response = okta_admin.assign_user_to_group(
patient_group["id"], user_id)
#print("user_groups: {0}".format(json.dumps(user_groups, indent=4, sort_keys=True)))
session["state"] = str(uuid.uuid4())
oauth_authorize_url = okta_auth.create_oauth_authorize_url(
response_type="code",
state=session["state"],
auth_options={
"response_mode": "form_post",
"prompt": "none",
"scope": "openid profile email",
"sessionToken": authn_json_response["sessionToken"],
})
auth_response["redirectUrl"] = oauth_authorize_url
auth_response["success"] = True
auth_response["status"] = "SUCCESS"
# print("oauth_authorize_url: {0}".format(oauth_authorize_url))
elif "errorSummary" in authn_json_response:
auth_response["errorMessage"] = "Login Unsuccessful: {0}".format(
authn_json_response["errorSummary"])
else:
# pass the message down for further processing like MFA
auth_response = authn_json_response
return auth_response
def register_basic():
print("register_basic()")
login_form_data = request.get_json()
register_basic_response = {"success": False}
okta_admin = OktaAdmin(session)
group_name_lookup = "{0}_{1}_patient".format(session["udp_subdomain"],
session["demo_app_name"])
print("group_name_lookup: {0}".format(group_name_lookup))
patient_groups_response = okta_admin.get_groups_by_name(group_name_lookup)
print("patient_groups_response: {0}".format(
json.dumps(patient_groups_response, indent=4, sort_keys=True)))
if "errorSummary" in patient_groups_response:
register_basic_response["errorMessage"] = patient_groups_response[
"errorSummary"]
if "errorCauses" in patient_groups_response:
register_basic_response["errorMessages"] = []
for error_cause in patient_groups_response["errorCauses"]:
register_basic_response["errorMessages"].append(
{"errorMessage": error_cause["errorSummary"]})
else:
patient_group = patient_groups_response[
0] # Default to first found group by name
user = {
"profile": {
"firstName": "NOT_SET",
"lastName": "NOT_SET",
"email": login_form_data["username"],
"login":
session["login_id_prefix"] + login_form_data["username"]
},
"credentials": {
"password": {
"value": login_form_data["password"]
}
},
"groupIds": [patient_group["id"]]
}
print("user: {0}".format(json.dumps(user, indent=4, sort_keys=True)))
created_user = okta_admin.create_user(user)
print("created_user: {0}".format(
json.dumps(created_user, indent=4, sort_keys=True)))
if "errorSummary" in created_user:
register_basic_response["errorMessage"] = created_user[
"errorSummary"]
if "errorCauses" in created_user:
register_basic_response["errorMessages"] = []
for error_cause in created_user["errorCauses"]:
register_basic_response["errorMessages"].append(
{"errorMessage": error_cause["errorSummary"]})
else:
# Send activation email
recipients = [{
"address": {
"email": created_user["profile"]["email"]
}
}]
substitution = {
"activation_email": created_user["profile"]["email"],
"activation_key": created_user["id"],
"udp_subdomain": session["udp_subdomain"],
"udp_app_name": session["demo_app_name"],
"domain": session["remaining_domain"],
"logo_url": session["app_logo"]
}
send_mail(session["spark_post_activate_template_id"], recipients,
session["spark_post_api_key"], substitution)
register_basic_response["success"] = True
register_basic_response["userId"] = created_user["id"]
return json.dumps(register_basic_response)
def load_users():
print("load_users()")
response = {"status": "success", "number_of_users_created": 0}
with open("./test_users.csv", mode='r', encoding='utf-8-sig') as csv_file:
csv_reader = csv.DictReader(csv_file)
okta_admin = OktaAdmin(session)
patient_group = okta_admin.get_groups_by_name("{0}_{1}_patient".format(
session["udp_subdomain"], session["demo_app_name"]))[
0] # Default to first found group by name
for row in csv_reader:
print(row)
exsisting_user = okta_admin.get_user(row["email"])
if "id" not in exsisting_user:
print("user: '******' not found. Creating.".format(row["email"]))
new_user = {
"profile": {
"login": row["email"],
"email": row["email"],
"firstName": row["first_name"],
"lastName": row["last_name"]
},
"groupIds": [patient_group["id"]]
}
created_user = okta_admin.create_user(new_user,
activate_user=False)
if "id" in created_user:
app_user = {
"profile": {
"dob": row["dob"],
"requires_validation": True
}
}
okta_admin.update_application_user_profile(
created_user["id"], app_user)
# Send activation email
recipients = [{
"address": {
"email": created_user["profile"]["email"]
}
}]
substitution = {
"activation_email": created_user["profile"]["email"],
"activation_key": created_user["id"],
"udp_subdomain": session["udp_subdomain"],
"udp_app_name": session["demo_app_name"],
"domain": session["remaining_domain"],
"logo_url": session["app_logo"],
"first_name": created_user["profile"]["firstName"],
"last_name": created_user["profile"]["lastName"]
}
send_mail("invite-to-app", recipients,
session["spark_post_api_key"], substitution)
response["number_of_users_created"] += 1
else:
print("Failed to created user: '******' reason: {1}".format(
row["email"],
json.dumps(created_user, indent=4, sort_keys=True)))
return json.dumps(response)
def workflow_requests_get():
logger.debug("workflow_requests_get()")
CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION)
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname("access_requests")]
else:
pendingRequest = []
workflow_list = []
# On a GET display the registration page with the defaults
list_group_user = []
list_group_full = []
is_user_dealership = False
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH):
is_user_dealership = True
if item["profile"]["name"] != "Everyone": # Ignore the Everyone group
group_id = "{id}".format(id=item["id"])
list_group_user.append({"id": item["id"],
"name": item["profile"]["name"],
"description": item["profile"]["description"],
"status": "Pending" if group_id in pendingRequest else "Not Requested"})
# If not a user of a dealership, cannot request access to applications
if is_user_dealership:
# Find the groups for this portal that start with name "DEALER_"
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
group_id = "{id}".format(id=item["id"])
list_group_full.append({"id": item["id"],
"name": item["profile"]["name"],
"description": item["profile"]["description"],
"status": "Pending" if group_id in pendingRequest else "Not Requested"})
# Populate the workflow list with groups that the user is absent in
set_list1 = set(tuple(sorted(d.items())) for d in list_group_full)
set_list2 = set(tuple(sorted(d.items())) for d in list_group_user)
set_difference = set_list1 - set_list2
for tuple_element in set_difference:
workflow_list.append(dict((x, y) for x, y in tuple_element))
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=workflow_list,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else: # If not a user of a dealership, cannot request access to applications
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
error="You have not been assigned to a dealership. Only users of a dealership can request access to applications",
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_registration_post():
logger.debug("dealer_registration()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
setup_options = {
"type_users": [],
"dealerships": [],
"type_user_selected": request.form.get('role'),
"dealership_selected": request.form.get('location')
}
# Prepopulate
user_data = {
"profile": {
"firstName": request.form.get('firstname'),
"lastName": request.form.get('lastname'),
"email": request.form.get('email'),
"login": request.form.get('email'),
"mobilePhone": request.form.get('phonenumber'),
get_udp_ns_fieldname("access_requests"): ['{id}'.format(id=request.form.get('location'))]
},
"credentials": {
"password": {"value": request.form.get('password')}
},
"groupIds": []
}
user_data["groupIds"].append(setup_options["type_user_selected"])
user_create_response = okta_admin.create_user(user_data, activate_user=False)
if "errorCode" in user_create_response:
CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR)
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION)
# Prepopulate choice for setup
# Get Group
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH)
for i in group_get_response:
setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]})
return render_template(
"{0}/registration.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_create_response,
user_data=user_data,
setup_options=setup_options)
# Send Activation Email to the user
EmailServices().emailRegistration(
recipient={"address": request.form.get('email')},
token=user_create_response["id"])
return render_template(
"{0}/registration-completion.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
email=request.form.get('email'),
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
