def setNameId(request, token):
post = request.POST
print(post)
response = HttpResponse()
if 'nameid' in post:
version = '{}'.format(IMPERSONATION_VERSION)
if version == "1":
client = AppsClient('https://' + OKTA_ORG, API_KEY,
IMPERSONATION_SAML_APP_ID)
response.status_code = client.set_name_id(
request.session['user_id'], post['nameid'])
if version == "2":
u_client = UsersClient('https://' + IMPERSONATION_V2_ORG,
IMPERSONATION_V2_ORG_API_KEY)
profile = request.session['profile']
users = u_client.list_user(
json.loads(profile)['preferred_username'])
users = json.loads(users)
if "id" in users:
client = AppsClient('https://' + IMPERSONATION_V2_ORG,
IMPERSONATION_V2_ORG_API_KEY,
IMPERSONATION_V2_SAML_APP_ID)
response.status_code = client.set_name_id(
users["id"], post['nameid'])
for key in list(request.session.keys()):
del request.session[key]
return response
def registration_view3(request):
if request.method == 'POST':
form = RegistrationForm2(request.POST)
if form.is_valid():
fn = form.cleaned_data['firstName']
ln = form.cleaned_data['lastName']
email = form.cleaned_data['email']
user = {
"profile": {
"firstName": fn,
"lastName": ln,
"email": email,
"login": email
}
}
client = UsersClient('https://' + OKTA_ORG, API_KEY)
client.create_user(user=user, activate="false")
try:
print('create user {0} {1}'.format(fn, ln))
return HttpResponseRedirect(reverse('registration_success2'))
except Exception as e:
print("Error: {}".format(e))
form.add_error(field=None, error=e)
else:
form = RegistrationForm2()
return render(request, 'register2.html', {'form': form})
def update_user(request, access_token):
conf = _get_config(request)
response = HttpResponse()
response.status_code = 200
if request.method == 'POST':
req = request.POST
if 'user_id' in req:
user_id = req['user_id']
email = ''
first_name = ''
last_name = ''
role = ''
company_name = ''
deactivate = None
if 'email' in req:
email = req['email']
if 'firstName' in req:
first_name = req['firstName']
if 'lastName' in req:
last_name = req['lastName']
if 'role' in req:
role = req['role']
if 'deactivate' in req:
deactivate = req['deactivate']
if 'companyName' in req:
company_name = req['companyName']
client = UsersClient('https://' + conf['org'],
config.get_api_key(request))
user = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": email,
"customer_role": role,
"companyName": company_name
}
}
if api_access_admin(conf, access_token):
users = client.update_user(user=user,
user_id=user_id,
deactivate=deactivate)
elif api_access_company_admin(conf, access_token):
users = client.update_user(user=user,
user_id=user_id,
deactivate=deactivate)
else:
return not_authorized(request)
response.content = users
return response
def list_users(request):
get = request.GET
startsWith = None
if 'startsWith' in get:
startsWith = get['startsWith']
client = UsersClient('https://' + OKTA_ORG, API_KEY)
users = client.list_users(15, startsWith)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def add_users(request, access_token):
conf = _get_config(request)
response = HttpResponse()
response.status_code = 200
if request.method == 'POST':
req = request.POST
email = ''
first_name = ''
last_name = ''
role = ''
activate = False
profile_dict = request.session['profile']
company_name = ''
if 'companyName' in profile_dict:
company_name = profile_dict.get('companyName')
if 'email' in req:
email = req['email']
if 'firstName' in req:
first_name = req['firstName']
if 'lastName' in req:
last_name = req['lastName']
if 'role' in req:
role = req['role']
if 'activate' in req:
activate = req['activate']
client = UsersClient('https://' + conf['org'],
config.get_api_key(request))
user = {
"profile": {
"firstName": first_name,
"lastName": last_name,
"email": email,
"login": email,
"customer_role": role,
"companyName": company_name
}
}
if api_access_admin(conf, access_token):
users = client.create_user(user=user, activate=activate)
elif api_access_company_admin(conf, access_token):
users = client.create_user(user=user, activate=activate)
else:
return not_authorized(request)
response.content = users
return response
def add_users(request, token):
response = HttpResponse()
response.status_code = 200
if request.method == 'POST':
req = request.POST
email = ''
firstName = ''
lastName = ''
role = ''
activate = False
#profile_dict = json.loads(request.session['profile'])
profile_dict = request.session['profile']
companyName = ''
if 'companyName' in profile_dict:
companyName = profile_dict.get('companyName')
if 'email' in req:
email = req['email']
if 'firstName' in req:
firstName = req['firstName']
if 'lastName' in req:
lastName = req['lastName']
if 'role' in req:
role = req['role']
if 'activate' in req:
activate = req['activate']
client = UsersClient('https://' + OKTA_ORG, API_KEY)
user = {
"profile": {
"firstName": firstName,
"lastName": lastName,
"email": email,
"login": email,
"customer_role": role,
"companyName": companyName
}
}
if api_access_admin(token):
users = client.create_user(user=user, activate=activate)
elif api_access_company_admin(token):
users = client.create_user(user=user, activate=activate)
# users = client.create_user_scoped(user=user, activate="false", group="")
else:
return not_authorized(request)
response.content = users
return response
def list_user(request, token):
get = request.GET
user_id = None
if 'user' in get:
user_id = get['user']
client = UsersClient('https://' + OKTA_ORG, API_KEY)
if api_access_admin(token) or api_access_company_admin(token):
users = client.list_user(user_id)
else:
return not_authorized(request)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def list_users(request, access_token):
conf = _get_config(request)
get = request.GET
starts_with = None
if 'startsWith' in get:
starts_with = get['startsWith']
client = UsersClient('https://' + conf['org'], config.get_api_key(request))
is_org_token = False
try:
token_obj = parse_bearer_token(access_token)
if token_obj['iss'] == 'https://{0}'.format(conf['org']):
is_org_token = True
except Exception as e:
print(e)
if is_org_token:
client.set_bearer_token(access_token)
users = client.list_users(15, starts_with)
else:
profile_dict = request.session['profile']
company_name = profile_dict.get('companyName')
if api_access_admin(conf, access_token):
users = client.list_users(15, starts_with)
elif api_access_company_admin(conf, access_token):
users = client.list_users_scoped(15, company_name, starts_with)
else:
return not_authorized(request)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def list_user(request, access_token):
conf = _get_config(request)
get = request.GET
user_id = None
if 'user' in get:
user_id = get['user']
client = UsersClient('https://' + conf['org'], config.get_api_key(request))
if api_access_admin(conf, access_token) or api_access_company_admin(
conf, access_token):
users = client.list_user(user_id)
else:
return not_authorized(request)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def activation_view(request, slug):
name = None
username = None
user_id = None
if slug:
auth = AuthClient('https://' + OKTA_ORG)
response = auth.recovery(slug)
if response.status_code == 200:
user = json.loads(response.content)['_embedded']['user']
name = user['profile']['firstName']
username = user['profile']['login']
user_id = user['id']
else:
return HttpResponseRedirect(reverse('not_authenticated'))
if request.method == 'POST':
if user_id is None:
return HttpResponseRedirect(reverse('not_authenticated'))
try:
form = ActivationForm(request.POST)
if form.is_valid():
pw = form.cleaned_data['password1']
user = {"credentials": {"password": {"value": pw}}}
client = UsersClient('https://' + OKTA_ORG, API_KEY)
client.set_password(user_id=user_id, user=user)
res = auth.authn(username, pw)
if res.status_code == 200:
session_token = json.loads(res.content)['sessionToken']
return redirect('https://' + OKTA_ORG +
LOGIN_NOPROMPT_BOOKMARK +
'?sessionToken={}'.format(session_token))
return HttpResponseRedirect(reverse('registration_success'))
except Exception as e:
print("Error: {}".format(e))
form.add_error(field=None, error=e)
else:
form = ActivationForm()
return render(request, 'activate.html', {
'form': form,
'slug': slug,
'firstName': name
})
def setNameId(request, token):
post = request.POST
print(post)
response = HttpResponse()
if 'nameid' in post:
name_id = post['nameid']
admin = request.session['profile']['preferred_username']
version = '{}'.format(IMPERSONATION_VERSION)
if version == "1":
client = AppsClient('https://' + OKTA_ORG, API_KEY,
IMPERSONATION_SAML_APP_ID)
response.status_code = client.set_name_id(
request.session['id_token']['sub'], name_id)
if version == "2":
u_client = UsersClient('https://' + OKTA_ORG, API_KEY)
target = json.loads(u_client.list_user(name_id))
target_profile = target["profile"]
target_groups = json.loads(u_client.get_user_groups(target["id"]))
groupsIds = []
for g in target_groups:
if g["type"] != 'BUILT_IN':
groupsIds.append(g["id"])
now = datetime.datetime.now()
new_login = "******" + now.strftime('%Y%m%d%H%M%S') + admin.split(
"@")[0].replace(".", "") + "AS" + target_profile["login"]
target_profile["login"] = new_login
target_profile["email"] = new_login
temp_user = {"profile": target_profile, "groupIds": groupsIds}
u_client.create_user(user=temp_user, activate=True)
u_client = UsersClient('https://' + IMPERSONATION_V2_ORG,
IMPERSONATION_V2_ORG_API_KEY)
users = u_client.list_user(admin)
users = json.loads(users)
if "id" in users:
client = AppsClient('https://' + IMPERSONATION_V2_ORG,
IMPERSONATION_V2_ORG_API_KEY,
IMPERSONATION_V2_SAML_APP_ID)
response.status_code = client.set_name_id(
users["id"], new_login)
for key in list(request.session.keys()):
del request.session[key]
return response
def list_users(request):
get = request.GET
startsWith = None
if 'startsWith' in get:
startsWith = get['startsWith']
client = UsersClient('https://' + OKTA_ORG, API_KEY)
if 'admin' in request.session:
users = client.list_users(15, startsWith)
elif 'department_admin' in request.session:
users = client.list_users_scoped(15,
request.session.get('department', ''),
startsWith)
else:
return not_authorized(request)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def list_users(request, token):
get = request.GET
startsWith = None
if 'startsWith' in get:
startsWith = get['startsWith']
client = UsersClient('https://' + OKTA_ORG, API_KEY)
profile_dict = request.session['profile']
#profile_dict = json.loads(profile)
companyName = profile_dict.get('companyName')
if api_access_admin(token):
users = client.list_users(15, startsWith)
elif api_access_company_admin(token):
users = client.list_users_scoped(15, companyName, startsWith)
else:
return not_authorized(request)
response = HttpResponse()
response.status_code = 200
response.content = users
return response
def activation_wo_token_view(request):
state = None
if request.method == 'POST':
form = ActivationWithEmailForm(request.POST)
if form.is_valid():
state = form.cleaned_data['state']
email = form.cleaned_data['email']
otp = form.cleaned_data['verificationCode']
password1 = form.cleaned_data['password1']
password2 = form.cleaned_data['password2']
print('state={}'.format(state))
client = UsersClient('https://' + OKTA_ORG, API_KEY)
user = json.loads(client.get_user(email))
if state == 'verify-email':
state = 'verify-token'
print(user)
if user['status'] == 'PROVISIONED':
enroll_status = client.enroll_email_factor(
user['id'], email)
print(enroll_status.status_code)
#if enroll_status.status_code == 200:
response = client.list_factors(user['id'])
factors = json.loads(response)
for factor in factors:
if factor['factorType'] == 'email':
request.session['email_factor_id'] = factor['id']
request.session['verification_username'] = email
request.session['verification_user_id'] = user[
'id']
client.verify_email_factor(user['id'],
factor['id'])
elif state == 'verify-token':
state = 'set-password'
user_id = request.session['verification_user_id']
factor_id = request.session['email_factor_id']
response = client.verify_email_factor(user_id=user_id,
factor_id=factor_id,
pass_code=otp)
print(response.content)
elif state == 'set-password':
payload = {"credentials": {"password": {"value": password1}}}
client.set_password(
user_id=request.session['verification_user_id'],
user=payload)
auth = AuthClient('https://' + OKTA_ORG)
res = auth.authn(request.session['verification_username'],
password1)
if res.status_code == 200:
session_token = json.loads(res.content)['sessionToken']
return redirect('https://' + OKTA_ORG + IDP_DISCO_PAGE +
'?sessionToken={}'.format(session_token))
else:
print('invalid form')
else:
state = 'verify-email'
form = ActivationWithEmailForm()
return render(request, 'activate_w_email.html', {
'form': form,
'state': state
})
