def ecommerce_approvals_get():
logger.debug("workflow_approvals()")
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_groups = okta_admin.get_user_groups(user["id"])
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname("access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
logging.debug(group_get_response)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
for clist in user_groups:
if grp == clist['id']:
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_registration_completion_get():
logger.debug("dealer_registration_completion()")
return render_template(
"{0}/registration-completion.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def dealer_myapps_get():
logger.debug("dealer_myapps_get()")
CONFIG_GROUP_LOCATION_STARTSWITH = "{0}_".format(get_udp_ns_fieldname(CONFIG_LOCATION))
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
location = ""
# Find the groups the user belongs to and find the description of the _LOC_* group
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
for item in get_user_groups_response:
if item["profile"]["name"].startswith(CONFIG_GROUP_LOCATION_STARTSWITH):
location = item["profile"]["description"]
get_apps_response = okta_admin.get_applications_by_user_id(user_id)
return render_template(
"{0}/myapps.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
location=location,
apps=get_apps_response,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_main():
logger.debug("gbac_main()")
return render_template(
"{0}/index.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY], state=str(uuid.uuid4()))
def dealer_registration_get():
logger.debug("dealer_registration()")
CONFIG_GROUP_REGULAR = get_udp_ns_fieldname(CONFIG_REGULAR)
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
CONFIG_GROUP_LOCATION_STARTSWITH = get_udp_ns_fieldname(CONFIG_LOCATION)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
setup_options = {
"type_users": [],
"dealerships": [],
"type_user_selected": request.form.get('role'),
"dealership_selected": request.form.get('location')
}
user_data = {
"profile": {
"firstName": "",
"lastName": "",
"email": "",
"login": "",
"mobilePhone": ""
}
}
try:
# Prepopulate choice for setup
# Get Group
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_ADMIN)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_REGULAR)
for i in group_get_response:
setup_options["type_users"].append({"id": i["id"], "description": i["profile"]["description"]})
group_get_response = okta_admin.get_groups_by_name(CONFIG_GROUP_LOCATION_STARTSWITH)
for i in group_get_response:
setup_options["dealerships"].append({"id": i["id"], "description": i["profile"]["description"]})
# On a GET display the registration page with the defaults
return render_template(
"{0}/registration.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_data=user_data,
setup_options=setup_options,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
except Exception as e:
return render_template(
"{0}/registration.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=e,
user_data=user_data,
setup_options=setup_options,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_registration_completion():
logger.debug("ecommerce_registration_completion()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_create_response = None
user_data = {"profile": {}}
logger.debug(user_data)
logger.debug(request.form.get('guestUserId'))
guestUserID = request.form.get('guestUserId')
if guestUserID:
user_data = okta_admin.get_user(request.form.get('guestUserId'))
user_data["profile"]["email"] = request.form.get('email')
user_data["profile"]["login"] = request.form.get('email')
user_data["profile"]["firstName"] = "Guest"
user_data["profile"]["lastName"] = "User"
if "id" in user_data:
user_create_response = okta_admin.update_user(user_id=user_data["id"],
user=user_data)
else:
user_create_response = okta_admin.create_user(user=user_data,
activate_user='******')
logger.debug(user_create_response)
if "id" not in user_create_response:
error_message = "Failed to get a valid response from Okta Create User: user_data:{0} user_create_response:{1}".format(
user_data, user_create_response)
logger.error(error_message)
return render_template("/error.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error_message=error_message)
activation_link = ""
if request.form.get('noemail').lower() == 'true':
logger.debug("no email will be sent")
activation_link = url_for(
"gbac_registration_bp.gbac_registration_state_get",
stateToken=user_create_response["id"],
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
logger.debug("email sent")
ecommerce_email_registration(
recipient={"address": request.form.get('email')},
token=user_create_response["id"])
return render_template(
"ecommerce/registration-completion.html",
email=request.form.get('email'),
activationlink=activation_link,
noemail=request.form.get('noemail').lower(),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def sample_profile():
logger.debug("sample_profile()")
return render_template("{0}/profile.html".format(get_app_vertical()),
templatename=get_app_vertical(),
id_token=TokenUtil.get_id_token(request.cookies),
access_token=TokenUtil.get_access_token(
request.cookies),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def b2b_requests_get():
logger.debug("b2bworkflow_requests_get()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
if get_udp_ns_fieldname("access_requests") in user["profile"]:
pendingRequest = user["profile"][get_udp_ns_fieldname(
"access_requests")]
else:
pendingRequest = []
# On a GET display the registration page with the defaults
applist = []
list_group_full = []
# Find the groups the user belongs to
get_user_groups_response = okta_admin.get_user_groups(user_id=user_id)
CONFIG_GROUP_B2B_STARTSWITH = get_udp_ns_fieldname("b2b")
for item in get_user_groups_response:
logging.debug(item)
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
group_id = "{id}".format(id=item["id"])
applist.append(item["profile"]["name"].replace(
CONFIG_GROUP_B2B_STARTSWITH, ""))
logging.debug(applist)
get_groups = okta_admin.get_groups_by_name(get_udp_ns_fieldname(""))
for item in get_groups:
if item["profile"]["name"].startswith(CONFIG_GROUP_B2B_STARTSWITH):
if item["profile"]["name"].replace(CONFIG_GROUP_B2B_STARTSWITH,
"") not in applist:
logging.debug(item["profile"]["name"])
group_id = "{id}".format(id=item["id"])
list_group_full.append({
"id":
item["id"],
"name":
item["profile"]["name"],
"description":
item["profile"]["description"],
"status":
"Pending"
if group_id in pendingRequest else "Not Requested"
})
return render_template(
"{0}/workflow-requests.html".format(get_app_vertical()),
templatename=get_app_vertical(),
user_info=user_info,
workflow_list=list_group_full,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_registration_completion():
logger.debug("gbac_registration_completion()")
user_data = {
"profile": {
"firstName": request.form.get('firstname'),
"lastName": request.form.get('lastname'),
"email": request.form.get('email'),
"login": request.form.get('email'),
"primaryPhone": request.form.get('phone'),
"mobilePhone": request.form.get('phone')
}
}
logger.debug(user_data)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_create_response = okta_admin.create_user(user=user_data, activate_user='******')
logger.debug(user_create_response)
if "id" not in user_create_response:
error_message = "Failed to get a valid response from Okta Create User: user_data:{0} user_create_response:{1}".format(user_data, user_create_response)
logger.error(error_message)
return render_template(
"/error.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error_message=error_message)
activation_link = ""
if request.form.get('noemail').lower() == 'true':
logger.debug("no email will be sent")
activation_link = url_for(
"gbac_registration_bp.gbac_registration_state_get",
stateToken=user_create_response["id"],
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
logger.debug("email sent")
emailRegistration(
recipient={"address": request.form.get('email')},
token=user_create_response["id"])
return render_template(
"/registration-completion.html",
email=request.form.get('email'),
activationlink=activation_link,
noemail=request.form.get('noemail').lower(),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gbac_registration_state_post(user_id):
logger.debug("gbac_registration_state_post()")
logger.debug(request.form.get('password'))
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_data = okta_admin.get_user(user_id)
if "errorCode" in user_data:
logger.error("user_data: {0}".format(user_data))
return render_template("/registration-state.html",
userid=user_id,
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_data['errorSummary'])
user_data["credentials"] = {
"password": {
"value": request.form.get('password')
},
"recovery_question": {
"question": "Company Name, its Okta.",
"answer": "Okta"
}
}
logger.debug(user_data)
user_update_response = okta_admin.update_user(user_id=user_data["id"],
user=user_data)
logger.debug(user_update_response)
if "errorCode" in user_update_response:
return render_template(
"/registration-state.html",
userid=user_data["id"],
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_update_response['errorCauses'][0]['errorSummary'])
nresponse = okta_admin.activate_user(user_data["id"], send_email=False)
logger.debug(nresponse)
group_info = okta_admin.get_application_groups(
session[SESSION_INSTANCE_SETTINGS_KEY]["client_id"])
group_id = group_info[0]["id"]
okta_admin.assign_user_to_group(group_id, user_data["id"])
message = "Registration Complete! Please Login Now!"
return redirect(
url_for("gbac_bp.gbac_login",
_external="True",
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"],
message=message))
def dealer_registration_state_get(stateToken):
logger.debug("dealer_registration_state_get()")
user_id = stateToken
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_activate_response = okta_admin.activate_user(user_id, send_email=False)
if "errorCode" in user_activate_response:
return render_template(
"{0}/registration-state.html".format(get_app_vertical()),
templatename=get_app_vertical(), config=session[SESSION_INSTANCE_SETTINGS_KEY],
error=user_activate_response)
return render_template(
"{0}/registration-state.html".format(get_app_vertical()),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY], _scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def b2b_profile():
logger.debug("b2b_profile()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
app_info = okta_admin.get_applications_by_user_id(user["id"])
return render_template("{0}/profile.html".format(get_app_vertical()),
templatename=get_app_vertical(),
id_token=TokenUtil.get_id_token(request.cookies),
access_token=TokenUtil.get_access_token(
request.cookies),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
applist=app_info)
def gbac_apps_createAPI():
logger.debug("gbac_apps_createAPI()")
return render_template("/manageapiscreateupdate.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def findusername_bp():
logger.debug("findusername")
return render_template(
"/findusername.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def gvalidation_bp_error(error_message=""):
logger.debug("gvalidation_bp_error()")
return render_template("/error.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
error_message=Markup(error_message))
def profile_bp():
logger.debug("profile_bp_profile()")
if request.args.get('refreshtoken') == 'true':
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
auth_options = {
"response_mode": "form_post",
"prompt": "none",
"scope": "openid profile email"
}
session["oidc_state"] = str(uuid.uuid4())
session[FROM_URI_KEY] = request.url.replace(
"http://", "{0}://".format(session[SESSION_INSTANCE_SETTINGS_KEY]
["app_scheme"])) + "profile"
oauth_authorize_url = okta_auth.create_oauth_authorize_url(
response_type="code",
state=session["oidc_state"],
auth_options=auth_options)
return redirect(oauth_authorize_url)
else:
return render_template(
"/profile.html",
templatename=get_app_vertical(),
id_token=TokenUtil.get_id_token(request.cookies),
access_token=TokenUtil.get_access_token(request.cookies),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def gbac_registration_completion():
logger.debug("gbac_registration_completion()")
user_data = {
"profile": {
"firstName": request.form.get('firstname'),
"lastName": request.form.get('lastname'),
"email": request.form.get('email'),
"login": request.form.get('email'),
"primaryPhone": request.form.get('phone'),
"mobilePhone": request.form.get('phone')
}
}
logger.debug(user_data)
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_create_response = okta_admin.create_user(user=user_data,
activate_user='******')
logger.debug(user_create_response)
emailRegistration(recipient={"address": request.form.get('email')},
token=user_create_response["id"])
return render_template("/registration-completion.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme="https")
def ecommerce_credit():
logger.debug("ecommerce_credit()")
return render_template("ecommerce/credit.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_info=get_userinfo(),
_scheme="https")
def ecommerce_registration():
logger.debug("ecommerce_registration()")
return render_template(
"ecommerce/pp_registration.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def developer_manage_api():
logger.debug("developer_manage_apps()")
return render_template("/developer/manage_apps.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def registration_bp():
logger.debug("Registration")
return render_template(
"/registration.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def workflow_approvals_get():
logger.debug("workflow_approvals()")
CONFIG_GROUP_ADMIN = get_udp_ns_fieldname(CONFIG_ADMIN)
workflow_list = []
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
user_id = user["id"]
# On a GET display the registration page with the defaults
admin_groups = okta_admin.get_user_groups(user_id)
admin_group_id = ""
# Must be an admin
for item in admin_groups:
if item["profile"]["name"] == CONFIG_GROUP_ADMIN:
admin_group_id = item["id"]
if admin_group_id:
# access_requests attribute contains workflow request
# 'profile.access_requests eq pr"
user_get_response = okta_admin.get_user_list_by_search(
'profile.{0} pr '.format(get_udp_ns_fieldname("access_requests")))
for list in user_get_response:
for grp in list["profile"][get_udp_ns_fieldname(
"access_requests")]:
group_get_response = okta_admin.get_group(id=grp)
var = {
"requestor": list["profile"]["login"],
"request": group_get_response["profile"]["description"],
"usr_grp": {
"user_id": list["id"],
"group_id": grp
}
}
workflow_list.append(var)
return render_template(
"{0}/workflow-approvals.html".format(get_app_vertical()),
templatename=get_app_vertical(),
workflow_list=workflow_list,
user_info=user_info,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
else:
return "ERROR: Unauthorized", 401
def gbac_registration_state_get(stateToken):
logger.debug("gbac_registration_state_get()")
user_id = stateToken
return render_template("/registration-state.html",
templatename=get_app_vertical(),
userid=user_id,
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme="https")
def gbac_main():
logger.debug("gbac_main()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
appurl = ""
if session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_loginmethod"] == "custom-widget":
apps = okta_admin.get_applications_all()
for app in apps:
if app["id"] == session[SESSION_INSTANCE_SETTINGS_KEY][
"client_id"]:
appurl = app["_links"]["appLinks"][0]["href"]
return render_template("{0}/index.html".format(get_app_vertical()),
templatename=get_app_vertical(),
appurl=appurl,
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
state=str(uuid.uuid4()))
def ecommerce_shop():
logger.debug("ecommerce_shop()")
products = requests.get(url=session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_ecomm_products"])
return render_template(
"ecommerce/shop.html",
templatename=get_app_vertical(),
products=products.json(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_info=get_userinfo(),
_scheme="https")
def gbac_create_update_page():
logger.debug("gbac_create_update_page")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user_id = request.args.get('user_id')
user_info2 = okta_admin.get_user(user_id)
return render_template("/manageusercreateupdate.html",
templatename=get_app_vertical(),
user_info=get_userinfo(),
user_info2=user_info2,
config=session[SESSION_INSTANCE_SETTINGS_KEY])
def developer_profile():
logger.debug("developer_profile()")
return render_template(
"developer/profile.html",
id_token=TokenUtil.get_id_token(request.cookies),
access_token=TokenUtil.get_access_token(request.cookies),
templatename=get_app_vertical(),
user_info=get_userinfo(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
def ecommerce_shop():
logger.debug("ecommerce_shop()")
products = requests.get(
url="https://dz-static-test.s3.amazonaws.com/dell.json")
return render_template("ecommerce/shop.html",
templatename=get_app_vertical(),
products=products.json(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
user_info=get_userinfo(),
_scheme="https")
def gbac_userapps_mfa():
logger.debug("gbac_userapps_mfa()")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
app_info = okta_admin.get_applications_by_user_id(user["id"])
return render_template("/userapps.html",
user_info=get_userinfo(),
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
applist=app_info)
def gbac_stepupauth_mfa():
logger.debug("gbac_stepupauth_mfa()")
idtoken = request.form['id_token']
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
test_token = okta_auth.introspect_mfa(
idtoken, session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["app_stepup_auth_clientid"])
return render_template("/mfa.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
idtoken=idtoken,
test_token=test_token)
