def ecommerce_profile(): logger.debug("ecommerce_profile()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_info = get_userinfo() user_info2 = okta_admin.get_user(user_info["sub"]) factors = get_enrolled_factors(user_info["sub"]) if get_udp_ns_fieldname("consent") in user_info2["profile"]: consent = user_info2["profile"][get_udp_ns_fieldname("consent")] if consent.strip() == "": consent = '' session['appointment'] = "No Appointments Currently Set." else: consent = '' crediturl = '' app_info = okta_admin.get_applications_by_user_id(user_info["sub"]) for item in app_info: if "credit Demo (Generated by UDP)" in item["label"]: domain = urlparse( item["settings"]["oauthClient"]["initiate_login_uri"]).netloc crediturl = "https://" + domain return render_template("ecommerce/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=user_info, user_info2=user_info2, consent=consent, factors=factors, config=session[SESSION_INSTANCE_SETTINGS_KEY], crediturl=crediturl)
def profile_bp(): logger.debug("profile_bp_profile()") if request.args.get('refreshtoken') == 'true': okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) auth_options = { "response_mode": "form_post", "prompt": "none", "scope": "openid profile email" } session["oidc_state"] = str(uuid.uuid4()) session[FROM_URI_KEY] = request.url.replace( "http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY] ["app_scheme"])) + "profile" oauth_authorize_url = okta_auth.create_oauth_authorize_url( response_type="code", state=session["oidc_state"], auth_options=auth_options) return redirect(oauth_authorize_url) else: return render_template( "/profile.html", templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def travelagency_profile(): return render_template("travelagency/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def credit_profile(): logger.debug("credit_profile()") return render_template("credit/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def sample_profile(): logger.debug("sample_profile()") return render_template("{0}/profile.html".format(get_app_vertical()), templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY])
def developer_profile(): logger.debug("developer_profile()") return render_template( "developer/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), templatename=get_app_vertical(), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_profile(): logger.debug("ecommerce_profile()") okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user_info = get_userinfo() user_info2 = okta_admin.get_user(user_info["sub"]) factors = get_enrolled_factors(user_info["sub"]) return render_template("ecommerce/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=user_info, user_info2=user_info2, factors=factors, config=session[SESSION_INSTANCE_SETTINGS_KEY])
def b2b_profile(): logger.debug("b2b_profile()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) app_info = okta_admin.get_applications_by_user_id(user["id"]) return render_template("{0}/profile.html".format(get_app_vertical()), templatename=get_app_vertical(), id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), config=session[SESSION_INSTANCE_SETTINGS_KEY], applist=app_info)
def get_userinfo(): logger.debug("get_userinfo()") user_info = None session[SESSION_INSTANCE_SETTINGS_KEY][GET_NEW_TOKEN_URL] = "" if TokenUtil.is_valid_remote(TokenUtil.get_access_token(request.cookies), session[SESSION_INSTANCE_SETTINGS_KEY]): logger.debug("valid") user_info = TokenUtil.get_claims_from_token( TokenUtil.get_id_token(request.cookies)) else: logger.debug("notvalid") session[SESSION_INSTANCE_SETTINGS_KEY][ GET_NEW_TOKEN_URL] = get_oauth_authorize_url() return user_info
def ecommerce_order_summary(orderid): logger.debug("ecommerce_order_summary()") active_order = None user_info = get_userinfo() okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) storefront_system_token = okta_auth.get_oauth_system_token( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'] ['storefront_system_client_id'], session[SESSION_INSTANCE_SETTINGS_KEY] ['settings']['storefront_system_client_secret'], session[SESSION_INSTANCE_SETTINGS_KEY]['settings'] ['storefront_system_client_scopes']) storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), storefront_system_token['access_token']) if orderid is None: active_order = session["just_submitted_order_id"] del session["just_submitted_order_id"] else: active_order = orderid order = storefront.getOrder(active_order) return render_template("ecommerce/ordersummary.html", order=order, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def ecommerce_add_cart(): logger.debug("ecommerce_add_cart()") user_info = get_userinfo() storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), None) productCode = request.form.get("product_code") logger.debug("product code sent in: {product_code}".format( product_code=request.form.get("product_code"))) result = None if user_info: if "customer_cart_id" not in session: logger.debug("No Cart found. Creating a customer cart first.") cartData = storefront.createCustomerCart() logger.debug(cartData) session["customer_cart_id"] = cartData.cartId logger.debug(session["customer_cart_id"]) result = storefront.addItemCart(session["customer_cart_id"], productCode) else: if "guest_cart_id" not in session: logger.debug("No Cart found. Creating an anonymous cart first.") cartData = storefront.createAnonymousCart() logger.debug(cartData) session["guest_cart_id"] = cartData.cartId logger.debug(session["guest_cart_id"]) result = storefront.addItemCart(session['guest_cart_id'], productCode) return result
def decorated_function(*args, **kws): logger.debug("authenticated()") token = TokenUtil.get_access_token(request.cookies) # logger.debug("token: {0}".format(token)) if TokenUtil.is_valid_remote(token, session[SESSION_INSTANCE_SETTINGS_KEY]): return f(*args, **kws) else: logger.debug("Access Denied") session[FROM_URI_KEY] = request.url.replace("http://", "https://") # change to different main return redirect( url_for("gbac_bp.gbac_login", _external="True", _scheme="https"))
def is_admin(token): print("is_admin(token)") result = False okta_auth = OktaAuth(default_settings) check_admin = TokenUtil.get_single_claim_from_token(token,"taa") result = check_admin return result
def ecommerce_order_post(): user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) storefront_system_token = okta_auth.get_oauth_system_token( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'] ['storefront_system_client_id'], session[SESSION_INSTANCE_SETTINGS_KEY] ['settings']['storefront_system_client_secret'], session[SESSION_INSTANCE_SETTINGS_KEY]['settings'] ['storefront_system_client_scopes']) storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), storefront_system_token['access_token']) cartId = None userId = None logger.debug("ecommerce_order_post()") logger.debug(request.form) if not user_info: cartId = session['guest_cart_id'] userId = request.form.get("email") else: cartId = session['customer_cart_id'] userId = user_info['email'] orderAddress = OrderShipAddress(request.form.get("firstName"), request.form.get("lastName"), request.form.get("address"), request.form.get("city"), request.form.get("state"), request.form.get("country"), request.form.get("zip")) orderBilling = OrderBillingInfo(request.form.get("cc-name"), request.form.get("cc-number"), 'visa', request.form.get("cc-expiration-month"), request.form.get("cc-expiration-year"), '1234') order = Order(None, None, orderAddress, orderBilling, None, None, None) #Post the order orderResponse = storefront.order(cartId, userId, order) session["just_submitted_order_id"] = orderResponse["orderId"] if "customer_cart_id" in session: del session['customer_cart_id'] if "guest_cart_id" in session: del session['guest_cart_id'] return redirect( url_for("ecommerce_views_bp.ecommerce_order_summary", _external="True", _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"], message="Order Complete", orderid=orderResponse["orderId"]))
def oidc_callback_handler(): """ handler for the oidc call back of the app """ logger.debug("oidc_callback_handler()") response = None logger.debug(request.form) has_app_level_mfa_policy = False if "code" in request.form: oidc_code = request.form["code"] okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) oauth_token = okta_auth.get_oauth_token( code=oidc_code, grant_type="authorization_code", auth_options={ "client_id": session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"], "client_secret": session[SESSION_INSTANCE_SETTINGS_KEY]["client_secret"], }) logger.debug("oauth_token: {0}".format( json.dumps(oauth_token, indent=4, sort_keys=True))) app_landing_page_url = get_post_login_landing_page_url() response = make_response(redirect(app_landing_page_url)) okta_token_cookie = TokenUtil.create_encoded_okta_token_cookie( oauth_token["access_token"], oauth_token["id_token"]) # logger.debug("okta_token_cookie: {0}".format(okta_token_cookie)) response.set_cookie(TokenUtil.OKTA_TOKEN_COOKIE_KEY, okta_token_cookie) elif "error" in request.form: # This is in the case there is an Okta App level MFA policy logger.error("ERROR: {0}, MESSAGE: {1}".format( request.form["error"], request.form["error_description"])) if ("The client specified not to prompt, but the client app requires re-authentication or MFA." == request.form["error_description"]): has_app_level_mfa_policy = True # Error occured with Accessing the app instance if has_app_level_mfa_policy: error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format( request.form["error"], request.form["error_description"]) response = gvalidation_bp_error(error_message) else: # catch all error response = gvalidation_bp_error( "Failed to Authenticate. Check to make sure the user has access to the application." ) return response
def users(): user_info = get_user_info() okta_admin = OktaAdmin(default_settings) token = oidc.get_access_token() group_name = TokenUtil.get_single_claim_from_token(token,"tagrp") user_group = get_travel_agency_group_by_name(group_name) group_id = user_group["id"] group_user_list = okta_admin.get_user_list_by_group_id(group_id) return render_template("users.html", user_info=user_info, oidc=oidc, userlist= group_user_list, config=default_settings, travel_agency_group=user_group)
def healthcare_schedule(): logger.debug("healthcare_schedule") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) dob = "" gender = "" if get_udp_ns_fieldname("dob") in user["profile"]: dob = user["profile"][get_udp_ns_fieldname("dob")] if get_udp_ns_fieldname("gender") in user["profile"]: gender = user["profile"][get_udp_ns_fieldname("gender")] return render_template( "healthcare/schedule.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token(request.cookies), user_info=get_userinfo(), user_info2=user, config=session[SESSION_INSTANCE_SETTINGS_KEY], dob=dob, gender=gender)
def healthcare_profile(): user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) user = okta_admin.get_user(user_info["sub"]) if get_udp_ns_fieldname("consent") in user["profile"]: logging.debug(user) consent = user["profile"][get_udp_ns_fieldname("consent")] logging.debug(consent) if consent.strip() == "": consent = '' session['appointment'] = "No Appointments Currently Set." else: consent = '' logging.debug(consent) factors = get_enrolled_factors(user["id"]) id_token = TokenUtil.get_id_token(request.cookies) patientid = TokenUtil.get_single_claim_from_token(id_token, "extPatientId") is_evident_validated = "" if get_udp_ns_fieldname("is_evident_validated") in user["profile"]: is_evident_validated = user["profile"][get_udp_ns_fieldname( "is_evident_validated")] return render_template("healthcare/profile.html", id_token=TokenUtil.get_id_token(request.cookies), access_token=TokenUtil.get_access_token( request.cookies), user_info=get_userinfo(), user_info2=user, config=session[SESSION_INSTANCE_SETTINGS_KEY], consent=consent, factors=factors, patientid=patientid, is_evident_validated=is_evident_validated)
def ecommerce_order(): logger.debug("ecommerce_order()") user_info = get_userinfo() okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), None) user = okta_admin.get_user(user_info["sub"]) orders = storefront.getOrders() return render_template("ecommerce/order.html", user=user, user_info=get_userinfo(), orders=orders, config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme="https")
def api_proxy(): authorization = request.form.get('Authorization') url = request.form.get('url') secret = request.form.get('secret') key = request.form.get('key') tid = request.form.get('task_id') title = request.form.get('title') description = request.form.get('description') done = request.form.get('done') api_headers = { "Accept": "application/json", "Content-Type": "application/x-www-form-urlencoded", "Authorization": "Basic {0}".format(OktaUtil.get_encoded_auth(key, secret)) } introspecturl = "{issuer}/v1/introspect?token={token}".format( issuer=session[SESSION_INSTANCE_SETTINGS_KEY]["issuer"], token=authorization) body = {} accesstoken = RestUtil.execute_post(introspecturl, body, headers=api_headers) if "error" not in accesstoken: if accesstoken["active"]: authorization_info = TokenUtil.get_claims_from_token(authorization) scopes = authorization_info["scp"] else: return {"Issue": "Unauthorized"} else: return {"Issue": "Unauthorized"} apiresponse = check_task_event(url=url, tid=tid, title=title, description=description, done=done, scopes=scopes) if not apiresponse: apiresponse = { "Issue": "Error when processing request. Please check your values." } return apiresponse
def ecommerce_remove_cart(): logger.debug("ecommerce_remove_cart()") user_info = get_userinfo() storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), None) if "guest_cart_id" not in session and "customer_cart_id" not in session: return "No cart found. This should not happen!" logger.debug("cart entry code sent in: {entry_id}".format( entry_id=request.form.get("entry_id"))) entryId = request.form.get("entry_id") if user_info: logger.debug("Removing item from customer cart.") return storefront.removeItemCart(session['customer_cart_id'], entryId) else: logger.debug("Removing item from guest cart.") return storefront.removeItemCart(session['guest_cart_id'], entryId)
def upload_route_summary(): if request.method == 'POST': user_info = get_user_info() okta_admin = OktaAdmin(default_settings) # Group Name from Claims token = oidc.get_access_token() group_name = TokenUtil.get_single_claim_from_token(token,"tagrp") user_group = get_travel_agency_group_by_name(group_name) # Create variable for uploaded file f = request.files['fileupload'] #store the file contents as a string fstring = f.read().decode('utf-8') #create list of dictionaries keyed by header row csv_dicts = [{k: v for k, v in row.items()} for row in csv.DictReader(fstring.splitlines(), skipinitialspace=True)] return_list = [] return_users = [] for user_record in csv_dicts: user_data = { "profile": { "firstName": user_record['firstName'].replace("'", ""), "lastName": user_record['lastName'].replace("'", ""), "email": user_record['email'].replace("'", ""), "login": user_record['email'].replace("'", ""), "mobilePhone": user_record['mobilePhone'].replace("'", ""), "travelAgencyGroup": group_name } } return_users.append(user_data) import_users = okta_admin.create_user(user_data,True) return_list.append(import_users) return render_template("upload.html", user_info=user_info, oidc=oidc,returnlist=return_list, userlist=return_users, config=default_settings, travel_agency_group=user_group)
def admincreateuser(): print("Admin Create User()") okta_admin = OktaAdmin(default_settings) first_name = request.form.get('firstname') last_name = request.form.get('lastname') email = request.form.get('email') login = request.form.get('login') mobile_phone = request.form.get('phonenumber') if not login: login = email # Group and find a Travel Agency token = oidc.get_access_token() group_name = TokenUtil.get_single_claim_from_token(token,"tagrp") user_data = { "profile": { "firstName": first_name, "lastName": last_name, "email": email, "login": login, "mobilePhone": mobile_phone, "travelAgencyGroup": group_name } } user_create_response = okta_admin.create_user(user_data) if user_create_response: message = "User " + first_name + " "+ last_name+ " was Created" else: message = "Error During Create" return redirect(url_for("users", _external="True", _scheme="https",message=message))
def ecommerce_get_cart(): #If we don't have a cart yet, we don't necessarily want one. We'll create one on the first "add" to the cart. #Login LOGIC: #If we have a guest cart, and a user cart, then we'll load up both and merge them. #If we have a guest cart, withOUT a user cart, then we'll assign the guest to the user. #If we have only a user cart, let's return that. #If we don't have either a guest cart or a user cart, then return nothing. #If the user isn't logged in, and a guest cart exists, return that. logger.debug("ecommerce_get_cart()") user_info = get_userinfo() storefront = StorefrontFactory.getStorefrontProvider( session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info, TokenUtil.get_access_token(request.cookies), None) guestCart = None guestCartId = None customerCart = None customerCartId = None returnCart = {} #If we have a guest cart, let's pull that. #If we don't get it from our storefront, then we should clear it from session. if "guest_cart_id" in session: guestCart = storefront.getAnonymousCart(session['guest_cart_id']) logger.debug("Guest cart retrieved:") logger.debug(guestCart) if guestCart is None: del session[ 'guest_cart_id'] #We thought we have a valid cart, but Hybris tells us it's not really there. else: guestCartId = guestCart.cartId #A user is logged in, and we think we have a customer cart, let's get it. #Again, if the storefront tells us it's invalid, we should clear it. if user_info and "customer_cart_id" in session: customerCart = storefront.getCustomerCart(session['customer_cart_id']) if customerCart is None: del session[ 'customer_cart_id'] #We thought we have a valid cart, but Hybris tells us it's not really there. else: customerCartId = customerCart.cartId #We're logged in, but we don't know if there's a saved cart yet or not. Let's search the backend for one. elif user_info and not "customer_cart_id" in session: customerCart = storefront.getCustomerCart(None) if customerCart is not None: session["customer_cart_id"] = customerCart.cartId #At this point we've found any carts that we possibly can have. #If we have a guest cart as well as a customer cart, merge them and return that as the customer cart. #TODO- this will fail because we need the cart GUID for this API call, not the cart code (for whatever reason). #TODO- need to abstract out the cart detail. if guestCart is not None and user_info is not None: logger.debug( "We found a guest cart, and a user is logged in- let's merge that in with the customer cart." ) customerCart = storefront.convertAnonymousCartToCustomer( guestCartId, customerCartId) #Since the cart is now merged, it's no longer a guest cart, but rather a customer cart. guestCart = None session["customer_cart_id"] = customerCart.cartId del session["guest_cart_id"] #At this point we have either a guest cart, or a customer cart, or nothing. return. if guestCart is not None: return guestCart.toDict() elif customerCart is not None: return customerCart.toDict() else: return {}
def gbac_id_tokenp(): token = TokenUtil.get_id_token(request.cookies) decodedToken = TokenUtil.get_claims_from_token(token) return json.dumps(decodedToken)
def streamingservice_token_check(): logger.debug("streamingservice_token_check()") access_token = request.form['access_token'] id_token = request.form['id_token'] refresh_token = request.form['refresh_token'] device_id = request.form['device_id'] client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientid"] client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][ "app_deviceflow_clientsecret"] okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY]) okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY]) isactiveID = okta_auth.introspect_with_clientid( id_token, client_id=client_id, client_secret=client_secret, token_type_hint="idtoken") if isactiveID["active"]: id_token_info = TokenUtil.get_claims_from_token(id_token) user_app_profile = okta_admin.get_user_application_by_client_id( user_id=id_token_info["sub"], client_id=client_id) if get_udp_ns_fieldname( "authorized_devices") in user_app_profile["profile"]: devices = user_app_profile["profile"][get_udp_ns_fieldname( "authorized_devices")] if device_id in devices: isactiveAT = okta_auth.introspect_with_clientid( access_token, client_id=client_id, client_secret=client_secret, token_type_hint="access_token") if isactiveAT["active"]: response = "true" else: isactiveRT = okta_auth.introspect_with_clientid( refresh_token, client_id=client_id, client_secret=client_secret, token_type_hint="refresh_token") if isactiveRT['active']: logging.debug("get new AT") responseurl = url_for( "streamingservice_views_bp.streamingservice_devicepage", _external=True, _scheme=session[SESSION_INSTANCE_SETTINGS_KEY] ["app_scheme"]) tokens = okta_auth.get_oauth_token_from_refresh_token( headers=None, refresh_token=refresh_token, client_id=client_id, client_secret=client_secret, grant_type="refresh_token", redirect_uri=responseurl, scopes="openid profile email offline_access") response = tokens else: response = "false" else: response = "false" else: response = "false" else: response = "false" return response