コード例 #1
0
ファイル: login.py プロジェクト: noinarisak/zartan
def get_oauth_authorize_url(okta_session_token=None, prompt=None):
    logger.debug("get_oauth_authorize_url()")
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    auth_options = {
        "response_mode": "form_post",
        "scope": "openid profile email"
    }

    if prompt is not None:
        auth_options["prompt"] = prompt

    if "state" not in session:
        session["oidc_state"] = str(uuid.uuid4())
    else:
        session["oidc_state"] = session["state"]

    if okta_session_token:
        auth_options["sessionToken"] = okta_session_token

    oauth_authorize_url = okta_auth.create_oauth_authorize_url(
        response_type="code",
        state=session["oidc_state"],
        auth_options=auth_options)

    return oauth_authorize_url
コード例 #2
0
ファイル: profile.py プロジェクト: stevenbarash/zartan
def profile_bp():
    logger.debug("profile_bp_profile()")
    if request.args.get('refreshtoken') == 'true':
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

        auth_options = {
            "response_mode": "form_post",
            "prompt": "none",
            "scope": "openid profile email"
        }

        session["oidc_state"] = str(uuid.uuid4())
        session[FROM_URI_KEY] = request.url.replace(
            "http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY]
                                       ["app_scheme"])) + "profile"

        oauth_authorize_url = okta_auth.create_oauth_authorize_url(
            response_type="code",
            state=session["oidc_state"],
            auth_options=auth_options)

        return redirect(oauth_authorize_url)
    else:

        return render_template(
            "/profile.html",
            templatename=get_app_vertical(),
            id_token=TokenUtil.get_id_token(request.cookies),
            access_token=TokenUtil.get_access_token(request.cookies),
            user_info=get_userinfo(),
            config=session[SESSION_INSTANCE_SETTINGS_KEY])
コード例 #3
0
ファイル: views.py プロジェクト: bhanchand/pp
def pre_reg_password_set():
    print("pre_reg_password_set()")
    json_data = request.get_json()
    print(json_data)

    password_set_response = {"success": False}

    okta_auth = OktaAuth(session)
    reset_response = okta_auth.reset_password_with_state_token(
        json_data["stateToken"], json_data["newPassword"])
    print("reset_response: {0}".format(
        json.dumps(reset_response, indent=4, sort_keys=True)))

    if "errorSummary" in reset_response:
        password_set_response["errorMessage"] = reset_response["errorSummary"]
        if "errorCauses" in reset_response:
            password_set_response["errorMessages"] = []
            for error_cause in reset_response["errorCauses"]:
                password_set_response["errorMessages"].append(
                    {"errorMessage": reset_response["errorSummary"]})
    else:
        password_set_response = create_login_response(json_data["username"],
                                                      json_data["newPassword"],
                                                      session)

    return json.dumps(password_set_response)
コード例 #4
0
def oidc():
    """ handler for the oidc call back of the app """
    print("oidc()")
    #  print(request.form)

    if "error" in request.form:
        print("ERROR: {0}, MESSAGE: {1}".format(
            request.form["error"], request.form["error_description"]))

    if session["state"] == request.form["state"]:
        oidc_code = request.form["code"]
        #  print("oidc_code: {0}".format(oidc_code))
        okta_auth = OktaAuth(okta_config)
        oauth_token = okta_auth.get_oauth_token(
            code=oidc_code,
            grant_type="authorization_code",
            auth_options={
                "client_id": okta_config["client_id"],
                "client_secret": okta_config["client_secret"],
            })
        #  print("oauth_token: {0}".format(json.dumps(oauth_token, indent=4, sort_keys=True)))
        app_landing_page_url = okta_config["app_base_url"]
        response = make_response(redirect(app_landing_page_url))
        response.set_cookie('token', oauth_token["access_token"])
        response.set_cookie('id_token', oauth_token["id_token"])
    else:
        print("FAILED TO MATCH STATE!!!")
        response = make_response(redirect("/"))

    session.pop("state", None)

    # return response
    print(response)
    return response
コード例 #5
0
def ecommerce_order_summary(orderid):
    logger.debug("ecommerce_order_summary()")
    active_order = None
    user_info = get_userinfo()
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
    storefront_system_token = okta_auth.get_oauth_system_token(
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings']
        ['storefront_system_client_id'], session[SESSION_INSTANCE_SETTINGS_KEY]
        ['settings']['storefront_system_client_secret'],
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings']
        ['storefront_system_client_scopes'])
    storefront = StorefrontFactory.getStorefrontProvider(
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info,
        TokenUtil.get_access_token(request.cookies),
        storefront_system_token['access_token'])

    if orderid is None:
        active_order = session["just_submitted_order_id"]
        del session["just_submitted_order_id"]
    else:
        active_order = orderid

    order = storefront.getOrder(active_order)

    return render_template("ecommerce/ordersummary.html",
                           order=order,
                           config=session[SESSION_INSTANCE_SETTINGS_KEY],
                           _scheme="https")
コード例 #6
0
def ecommerce_order_post():
    user_info = get_userinfo()
    okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
    storefront_system_token = okta_auth.get_oauth_system_token(
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings']
        ['storefront_system_client_id'], session[SESSION_INSTANCE_SETTINGS_KEY]
        ['settings']['storefront_system_client_secret'],
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings']
        ['storefront_system_client_scopes'])
    storefront = StorefrontFactory.getStorefrontProvider(
        session[SESSION_INSTANCE_SETTINGS_KEY]['settings'], user_info,
        TokenUtil.get_access_token(request.cookies),
        storefront_system_token['access_token'])

    cartId = None
    userId = None
    logger.debug("ecommerce_order_post()")
    logger.debug(request.form)

    if not user_info:
        cartId = session['guest_cart_id']
        userId = request.form.get("email")

    else:
        cartId = session['customer_cart_id']
        userId = user_info['email']

    orderAddress = OrderShipAddress(request.form.get("firstName"),
                                    request.form.get("lastName"),
                                    request.form.get("address"),
                                    request.form.get("city"),
                                    request.form.get("state"),
                                    request.form.get("country"),
                                    request.form.get("zip"))
    orderBilling = OrderBillingInfo(request.form.get("cc-name"),
                                    request.form.get("cc-number"), 'visa',
                                    request.form.get("cc-expiration-month"),
                                    request.form.get("cc-expiration-year"),
                                    '1234')
    order = Order(None, None, orderAddress, orderBilling, None, None, None)

    #Post the order
    orderResponse = storefront.order(cartId, userId, order)

    session["just_submitted_order_id"] = orderResponse["orderId"]
    if "customer_cart_id" in session:
        del session['customer_cart_id']
    if "guest_cart_id" in session:
        del session['guest_cart_id']
    return redirect(
        url_for("ecommerce_views_bp.ecommerce_order_summary",
                _external="True",
                _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
                message="Order Complete",
                orderid=orderResponse["orderId"]))
コード例 #7
0
ファイル: login.py プロジェクト: noinarisak/zartan
def gbac_poll_for_push_verification():
    logger.debug("gbac_poll_for_push_verification()")
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    body = request.get_json()
    factor_id = body["factor_id"]
    state_token = body["state_token"]

    response = okta_auth.send_push(factor_id, state_token)
    return json.dumps(response)
コード例 #8
0
ファイル: views.py プロジェクト: bhanchand/pp
def poll_for_push_verification():
    print("poll_for_push_verification()")
    okta_auth = OktaAuth(session)

    body = request.get_json()
    factor_id = body["factor_id"]
    state_token = body["state_token"]

    response = okta_auth.send_push(factor_id, state_token)
    return json.dumps(response)
コード例 #9
0
def oidc_callback_handler():
    """ handler for the oidc call back of the app """
    logger.debug("oidc_callback_handler()")
    response = None
    logger.debug(request.form)
    has_app_level_mfa_policy = False

    if "code" in request.form:
        oidc_code = request.form["code"]
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
        oauth_token = okta_auth.get_oauth_token(
            code=oidc_code,
            grant_type="authorization_code",
            auth_options={
                "client_id":
                session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"],
                "client_secret":
                session[SESSION_INSTANCE_SETTINGS_KEY]["client_secret"],
            })
        logger.debug("oauth_token: {0}".format(
            json.dumps(oauth_token, indent=4, sort_keys=True)))
        app_landing_page_url = get_post_login_landing_page_url()

        response = make_response(redirect(app_landing_page_url))

        okta_token_cookie = TokenUtil.create_encoded_okta_token_cookie(
            oauth_token["access_token"], oauth_token["id_token"])
        # logger.debug("okta_token_cookie: {0}".format(okta_token_cookie))

        response.set_cookie(TokenUtil.OKTA_TOKEN_COOKIE_KEY, okta_token_cookie)
    elif "error" in request.form:
        # This is in the case there is an Okta App level MFA policy
        logger.error("ERROR: {0}, MESSAGE: {1}".format(
            request.form["error"], request.form["error_description"]))
        if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
                == request.form["error_description"]):
            has_app_level_mfa_policy = True

        # Error occured with Accessing the app instance
        if has_app_level_mfa_policy:
            error_message = "Failed to Authenticate.  Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format(
                request.form["error"], request.form["error_description"])
            response = gvalidation_bp_error(error_message)
        else:
            error_message = "Failed to Authenticate.  Check to make sure the user has access to the application. Error: {0} - {1}".format(
                request.form["error"], request.form["error_description"])

            response = gvalidation_bp_error(error_message)
    else:
        # catch all error
        response = gvalidation_bp_error(
            "Failed to Authenticate.  Check to make sure the user has access to the application."
        )

    return response
コード例 #10
0
ファイル: views.py プロジェクト: bhanchand/pp
def verify_answer():
    print("verify_answer()")
    okta_auth = OktaAuth(session)

    body = request.get_json()
    factor_id = body["factor_id"]
    state_token = body["state_token"]
    answer = body["answer"]

    response = okta_auth.verify_answer(factor_id, state_token, answer)
    return json.dumps(response)
コード例 #11
0
def gbac_stepupauth_mfa():
    logger.debug("gbac_stepupauth_mfa()")
    idtoken = request.form['id_token']
    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
    test_token = okta_auth.introspect_mfa(
        idtoken, session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
        ["app_stepup_auth_clientid"])
    return render_template("/mfa.html",
                           templatename=get_app_vertical(),
                           config=session[SESSION_INSTANCE_SETTINGS_KEY],
                           idtoken=idtoken,
                           test_token=test_token)
コード例 #12
0
def is_token_valid_remote(token):
    print("is_token_valid_remote(token)")
    result = False
    okta_auth = OktaAuth(default_settings)

    instrospect_response = okta_auth.introspect(token=token)
    print("instrospect_response: {0}".format(instrospect_response))

    if "active" in instrospect_response:
        result = instrospect_response["active"]

    return result
コード例 #13
0
ファイル: login.py プロジェクト: noinarisak/zartan
def gbac_verify_answer():
    logger.debug("gbac_verify_answer()")

    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    body = request.get_json()
    factor_id = body["factor_id"]
    state_token = body["state_token"]
    answer = body["answer"]

    response = okta_auth.verify_answer(factor_id, state_token, answer)

    return json.dumps(response)
コード例 #14
0
ファイル: views.py プロジェクト: bhanchand/pp
def index():
    """ handler for the root url path of the app """
    print("index()")
    user = None
    modal_options = None
    state_token = request.args.get("stateToken")
    show_mfa_enroll = request.args.get("showMFAEnroll")
    show_bdv = request.args.get("showBDV")
    getNewTokenUrl = ""

    #print("state_token: {0}".format(state_token))
    #print("show_mfa_enroll: {0}".format(state_token))
    #print("show_bdv: {0}".format(state_token))

    session["current_title"] = "{0} | {1} Home".format(session["base_title"],
                                                       session["app_title"])

    if (state_token):
        print("User needs to set credentials and prove who they are")
        okta_auth = OktaAuth(session)
        token_state = okta_auth.get_transaction_state(state_token)
        print("token_state: {0}".format(
            json.dumps(token_state, indent=4, sort_keys=True)))

    # Get user Claims from Id Token for signed in display
    if ("token" in request.cookies and "id_token" in request.cookies):
        id_token_claims = get_claims_from_token(request.cookies["id_token"])
        if id_token_claims:
            if "sub" in id_token_claims:
                okta_admin = OktaAdmin(session)
                user = okta_admin.get_user(id_token_claims["sub"])
                # print("user: {0}".format(user))
                modal_options = get_modal_options(id_token_claims["sub"])

    if not user:
        getNewTokenUrl = get_oauth_authorize_url()

    response = make_response(
        render_template("index.html",
                        site_config=session,
                        user=user,
                        modal_options=modal_options,
                        state_token=state_token,
                        show_mfa_enroll=show_mfa_enroll,
                        show_bdv=show_bdv,
                        okta_widget_container_id="okta-login-container",
                        getNewTokenUrl=getNewTokenUrl))

    handle_invalid_tokens(session, response)

    return response
コード例 #15
0
def streamingservice_revoketoken():
    logger.debug("streamingservice_revoketoken()")

    client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"]
    client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientsecret"]

    token = request.form['token']
    tokenhint = request.form['tokenhint']

    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    okta_auth.revoke_token_with_clientid(token, client_id=client_id, client_secret=client_secret, token_type_hint=tokenhint)

    return "Completed"
コード例 #16
0
ファイル: mfaenrollment.py プロジェクト: udplabs/zartan
def get_available_factors_by_state(state_token):
    """ Get all factors available by State Token """
    print("get_available_factors_by_state()")

    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    transaction_state = okta_auth.get_transaction_state(state_token)

    print("transaction_state: {0}".format(
        json.dumps(transaction_state, indent=4, sort_keys=True)))

    # available_factors = okta_admin.list_available_factors(transaction_state["_embedded"]["user"]["id"])

    return json.dumps(transaction_state)
コード例 #17
0
ファイル: views.py プロジェクト: bhanchand/pp
def verify_totp():
    print("verify_totp()")
    okta_auth = OktaAuth(session)

    body = request.get_json()
    pass_code = None
    factor_id = body["factor_id"]
    state_token = body["state_token"]

    if "pass_code" in body:
        pass_code = body["pass_code"]

    print("verifying factor ID {0} with code {1} ({2})".format(
        factor_id, pass_code, state_token))
    response = okta_auth.verify_totp(factor_id, state_token, pass_code)
    return json.dumps(response)
コード例 #18
0
ファイル: views.py プロジェクト: bhanchand/pp
def resend_push():
    print("resend_push()")

    body = request.get_json()
    factor_id = body["factor_id"]

    if "state_token" in body:
        okta_auth = OktaAuth(session)
        state_token = body["state_token"]
        response = okta_auth.resend_push(factor_id, state_token)
    else:
        okta_admin = OktaAdmin(session)
        user_id = body["user_id"]
        response = okta_admin.resend_push(user_id, factor_id)

    return json.dumps(response)
コード例 #19
0
ファイル: views.py プロジェクト: bhanchand/pp
def poll_for_push_enrollment():
    print("poll_for_push_enrollment()")

    body = request.get_json()
    factor_id = body["factor_id"]

    if "state_token" in body:
        state_token = body["state_token"]
        okta_auth = OktaAuth(session)
        response = okta_auth.poll_for_enrollment_push(factor_id, state_token)
    else:
        user_id = body["user_id"]
        okta_admin = OktaAdmin(session)
        response = okta_admin.poll_for_enrollment_push(user_id, factor_id)

    return json.dumps(response)
コード例 #20
0
ファイル: login.py プロジェクト: noinarisak/zartan
def gbac_resend_push():
    logger.debug("gbac_resend_push()")

    body = request.get_json()
    factor_id = body["factor_id"]

    if "state_token" in body:
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
        state_token = body["state_token"]
        response = okta_auth.resend_push(factor_id, state_token)
    else:
        okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
        user_id = body["user_id"]
        response = okta_admin.resend_push(user_id, factor_id)

    return json.dumps(response)
コード例 #21
0
def gbac_verify_totp():
    logger.debug("gbac_verify_totp()")

    okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])

    body = request.get_json()
    pass_code = None
    factor_id = body["factor_id"]
    state_token = body["state_token"]
    # get state with token

    if "pass_code" in body:
        pass_code = body["pass_code"]

    logger.debug("verifying factor ID {0} with code {1} ({2})".format(factor_id, pass_code, state_token))
    response = okta_auth.verify_totp(factor_id, state_token, pass_code)
    return json.dumps(response)
コード例 #22
0
ファイル: views.py プロジェクト: bhanchand/pp
def enroll_totp():
    print("enroll_totp()")

    body = request.get_json()
    factor_type = body["factor_type"]
    provider = body["provider"]

    if "stateToken" in body:
        okta_auth = OktaAuth(session)
        state_token = body["state_token"]
        response = okta_auth.enroll_totp(state_token, factor_type, provider)
    else:
        okta_admin = OktaAdmin(session)
        user_id = body["user_id"]
        response = okta_admin.enroll_totp(user_id, factor_type, provider)

    return json.dumps(response)
コード例 #23
0
ファイル: views.py プロジェクト: bhanchand/pp
def activate_totp():
    print("activate_totp()")

    body = request.get_json()
    factor_id = body["factor_id"]
    pass_code = body["pass_code"]

    if "state_token" in body:
        okta_auth = OktaAuth(session)
        state_token = body["state_token"]
        response = okta_auth.activate_totp(factor_id, state_token, pass_code)
    else:
        okta_admin = OktaAdmin(session)
        user_id = body["user_id"]
        response = okta_admin.activate_totp(user_id, factor_id, pass_code)

    return json.dumps(response)
コード例 #24
0
def is_admin(token):
    print("is_admin(token)")
    result = False
    okta_auth = OktaAuth(default_settings)
    check_admin = TokenUtil.get_single_claim_from_token(token,"taa")
    result = check_admin

    return result
コード例 #25
0
ファイル: views.py プロジェクト: bhanchand/pp
def activate(user_id, okta_session_id):
    print("activate(user_id, okta_session_id)")

    activation_response = {}
    auth_response = make_response(redirect("/"))

    okta_admin = OktaAdmin(session)

    user = okta_admin.get_user(user_id)

    if user:
        activation_response = okta_admin.activate_user(user_id,
                                                       send_email=False)
        print("activation_response: {0}".format(
            json.dumps(activation_response, indent=4, sort_keys=True)))

    if "okta_session_id":
        print("Clearing exsisting session")
        clear_session_response = okta_admin.close_session(okta_session_id)
        print("clear_session_response: {0}".format(
            json.dumps(clear_session_response, indent=4, sort_keys=True)))

    if "activationToken" in activation_response:
        okta_auth = OktaAuth(session)
        auth_response = okta_auth.authenticate_with_activation_token(
            activation_response["activationToken"])
        # print("auth_response: {0}".format(json.dumps(auth_response, indent=4, sort_keys=True)))
        if "sessionToken" in auth_response:
            auth_response = login_token(auth_response["sessionToken"])
            # status = MFA_ENROLL
            # status = PASSWORD_RESET
        elif "stateToken" in auth_response:
            if "MFA_ENROLL" == auth_response["status"]:
                auth_response = make_response(
                    redirect("/?stateToken={0}&showMFAEnroll=true".format(
                        auth_response["stateToken"])))
            elif "PASSWORD_RESET" == auth_response["status"]:
                auth_response = make_response(
                    redirect("/?stateToken={0}&showBDV=true".format(
                        auth_response["stateToken"])))
            else:
                auth_response = make_response(
                    redirect("/?stateToken={0}".format(
                        auth_response["stateToken"])))

    return auth_response
コード例 #26
0
ファイル: mfaenrollment.py プロジェクト: udplabs/zartan
def enroll_webauthn():
    print("enroll_webauthn()")

    body = request.get_json()
    factor_type = body["factor_type"]
    provider = body["provider"]

    if "stateToken" in body:
        okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
        state_token = body["state_token"]
        response = okta_auth.enroll_webauthn(state_token, factor_type,
                                             provider)
    else:
        okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
        user_id = body["user_id"]
        response = okta_admin.enroll_webauthn(user_id, factor_type, provider)

    return json.dumps(response)
コード例 #27
0
ファイル: views.py プロジェクト: bhanchand/pp
def enroll_push():
    print("enroll_push()")

    body = request.get_json()
    factor_type = body["factor_type"]
    provider = body["provider"]

    if "state_token" in body:
        # this is an enrollment during the authN process
        okta_auth = OktaAuth(session)
        state_token = body["state_token"]
        response = okta_auth.enroll_push(state_token, factor_type, provider)
    else:
        user_id = body["user_id"]
        okta_admin = OktaAdmin(session)
        response = okta_admin.enroll_push(user_id, factor_type, provider)

    return json.dumps(response)
コード例 #28
0
ファイル: views.py プロジェクト: bhanchand/pp
def test():
    print("test()")

    if ("token" in request.cookies):
        okta_auth = OktaAuth(session)
        introspection_results_json = okta_auth.introspect(
            token=request.cookies.get("token"), headers=request.headers)
        print("introspection_results_json: {0}".format(
            json.dumps(introspection_results_json, indent=4, sort_keys=True)))

        if "active" in introspection_results_json:
            if introspection_results_json["active"]:
                print("Token is Valid")
            else:
                print("Token is Invalid")
        else:
            print("Token is Invalid")

    return "TEST"
コード例 #29
0
ファイル: views.py プロジェクト: bhanchand/pp
def get_authorize_url():
    print("get_authorize_url()")
    okta_auth = OktaAuth(session)

    body = request.get_json()
    session_token = body["session_token"]
    session["state"] = str(uuid.uuid4())
    oauth_authorize_url = get_oauth_authorize_url(session_token)

    response = {"authorize_url": oauth_authorize_url}
    return json.dumps(response)
コード例 #30
0
ファイル: view.py プロジェクト: bhanchand/pp
def get_oauth_authorize_url(okta_session_token=None):
    print("get_oauth_authorize_url()")
    okta_auth = OktaAuth(session)

    auth_options = {
        "response_mode": "form_post",
        "prompt": "none",
        "scope": "openid profile email"
    }

    if "state" not in session:
        session["state"] = str(uuid.uuid4())

    if okta_session_token:
        auth_options["sessionToken"] = okta_session_token

    oauth_authorize_url = okta_auth.create_oauth_authorize_url(
        response_type="code",
        state=session["state"],
        auth_options=auth_options)

    return oauth_authorize_url