Пример #1
0
def handle_login(form_data):
    print "handle_login()"

    # Authenticate via Okta API to get Session Token
    user = form_data["username"]
    password = form_data["password"]
    session_token = None
    try:
        session_token = get_session_token(username=user, password=password)
    except ValueError as err:
        print(err.args)

    print "session_token: {0}".format(session_token)

    # Use Session Token to generatet OIDC Auth Code URL
    if (session_token):
        okta_util = OktaUtil(request.headers, config.okta)
        oidc_auth_code_url = okta_util.create_oidc_auth_code_url(
            session_token, config.okta["oidc_client_id"],
            config.okta["redirect_uri"])

        print "url: {0}".format(oidc_auth_code_url)
        # redirect to User Auth Code URL to Get OIDC Code
        return redirect(oidc_auth_code_url)

    else:
        return make_response(redirect("/"))
Пример #2
0
def register():

    okta_util = OktaUtil(request.headers)

    first_name = request.form["firstName"]
    last_name = request.form["lastName"]
    email = request.form["email"]
    mobile = request.form["mobile"]
    password = request.form["password"]

    user_info = okta_util.create_user(first_name=first_name,
                                      last_name=last_name,
                                      email=email,
                                      phone=mobile,
                                      password=password)
    print user_info
    user_id = user_info["id"]

    # Authenticate
    auth_response = okta_util.authenticate(username=email, password=password)
    session[okta_util.OKTA_SESSION_TOKEN_KEY] = auth_response["sessionToken"]

    factor_response = okta_util.create_sms_factor(user_id=user_id, phone_number=mobile)
    activate_url = factor_response["_links"]["activate"]["href"]

    # Activate
    activate_response = okta_util.activate_sms_factor(url=activate_url)

    return json.dumps(activate_response)
Пример #3
0
def logout():
    print "logout()"
    okta_util = OktaUtil(request.headers)
    session_response = okta_util.close_session(session[okta_util.OKTA_SESSION_TOKEN_KEY])
    session[okta_util.OKTA_SESSION_ID_KEY] = None

    return json.dumps(session_response)
Пример #4
0
def mfa_verification_poll():
    print "mfa_verification_poll()"
    request_json = request.get_json()
    print "request_json: {0}".format(
        json.dumps(request_json, indent=4, sort_keys=True))
    polling_url = request_json["pollingUrl"]
    user_name = request_json["userName"]

    okta_util = OktaUtil(request.headers, config.okta)
    response = okta_util.execute_get(polling_url, None)

    if "factorResult" in response:
        print "factorResult: {0}".format(response["factorResult"])
        if response[
                "factorResult"] == "SUCCESS":  # Means the user successfully passed the factor, so reset the pasword
            okta_user_id = okta_util.get_user(user_name)["id"]
            password_reset_response = okta_util.reset_user_password(
                okta_user_id)
            print "password_reset_response: {0}".format(
                json.dumps(password_reset_response, indent=4, sort_keys=True))
            response["ott"] = password_reset_response[
                "resetPasswordUrl"].replace(
                    "{0}/reset_password/".format(config.okta["org_host"]), "")

    return json.dumps(response)
Пример #5
0
def push_mfa_code_no_reset():
    print "push_mfa_code_no_reset()"
    request_json = request.get_json()
    print "request_json: {0}".format(request_json)
    okta_util = OktaUtil(request.headers, config.okta)

    username = request_json["username"]
    factor_type = request_json["factorType"]
    verification_url = request_json["verificationUrl"]
    code = None
    if "code" in request_json:
        code = request_json["code"]

    user = okta_util.get_user(username)
    # print "user: {0}".format(user, indent=4, sort_keys=True)

    response = {
        "status": "success",
        "message": "sent"
    }  # alwasy send this down so a malicious user can not farm enrolled factors

    if ("id" in user):
        okta_user_id = user["id"]

        if verification_url:
            #push_response = okta_util.activate_sms_factor_by_id(okta_factor_id, code)
            #push_response = okta_util.push_factor_verification(okta_user_id, okta_factor_id, code)
            push_response = okta_util.activate_sms_factor(
                verification_url, code)
            print "push_response: {0}".format(
                json.dumps(push_response, indent=4, sort_keys=True))

            # Check for a valid factor result
            if "factorResult" in push_response:
                response["factorResult"] = push_response["factorResult"]

                # check if there is a polling link to send back down to the client
                if "_links" in push_response:
                    if "poll" in push_response["_links"]:
                        response["pollingUrl"] = push_response["_links"][
                            "poll"]["href"]

                print "factorResult: {0}".format(push_response["factorResult"])
                if push_response["factorResult"] == "SUCCESS":
                    response["status"] = "success"
            elif "status" in push_response:
                print "HAS STATUS"
                if push_response["status"] == "ACTIVE":
                    response["status"] = "success"
                    response["factorResult"] = "SUCCESS"
            else:
                response["status"] = "failed"
                response["message"] = push_response["errorSummary"]
        else:
            print "WARNING: User '{0}' not enrolled in factor: {1}".format(
                user["profile"]["login"], factor_type)
    else:
        print "WARNING: User '{0}' does not exsist in Okta".format(username)

    return json.dumps(response)
Пример #6
0
    def decorated_function(*args, **kws):
        """ Decorator fucntion to make endpoint authorization checks easier for read only scopes defined in Okta """
        print("authorize_read_access()")
        authorization_header = None
        has_access = False
        # If
        if "Authorization" in request.headers:
            authorization_header = request.headers["Authorization"]
            authorization_token = authorization_header.replace(
                "Bearer ", "")  # Just get the access toke for introspection
            okta_util = OktaUtil(request.headers, config.okta)
            introspection_response = okta_util.introspect_oauth_token(
                authorization_token)
            # print "introspection_response: {0}".format(json.dumps(introspection_response, indent=4, sort_keys=True))
            if "active" in introspection_response:
                if introspection_response["scope"] == "read_only":
                    has_access = True

        # print "authorization_header: {0}".format(authorization_header)

        if has_access:
            return f(*args, **kws)
        else:
            print("Unauthorized")
            json_response = {"status": "failed"}

            return json.dumps(json_response,
                              default=default_date_to_string_converter)
Пример #7
0
def call_read_api():
    """ Calls the read_api endpoint as a client server/app would"""
    print("call_read_api()")
    # Get Okta OAuth Token
    access_token = None
    json_response = {"status": "false", "timestamp": datetime.datetime.now()}
    okta_util = OktaUtil(request.headers, config.okta)
    oauth_url = "{0}/oauth2/{1}/v1/token?clientId={2}&grant_type=client_credentials&scope=read_only".format(
        config.okta["org_host"], config.okta["auth_server_id"],
        config.okta["oidc_client_id"])

    oauth_response = okta_util.execute_post(oauth_url, {},
                                            okta_util.OKTA_OAUTH_HEADERS)
    print("oauth_response: {0}".format(
        json.dumps(oauth_response, indent=4, sort_keys=True)))
    if "access_token" in oauth_response:
        access_token = oauth_response["access_token"]
        # print "access_token: {0}".format(access_token)
        # Use OAuth token in header and request read_api endpoint
        headers = {
            "Accept": "application/json",
            "Content-Type": "application/json",
            "Authorization": "Bearer {0}".format(access_token)
        }
        json_response = okta_util.execute_get(
            "{0}/read_api".format(config.okta["app_host"]), {}, headers)
        print("json_response: {0}".format(
            json.dumps(json_response,
                       default=default_date_to_string_converter)))

    return json.dumps(json_response, default=default_date_to_string_converter)
Пример #8
0
def change_password():
    """ handler actually change the password, requires the ott"""
    print "show_change_password()"
    print "request.form: {0}".format(json.dumps(request.form, indent=4, sort_keys=True))

    response = redirect(config.okta["app_host"]) # redirect to home page if there is no ott

    if "ott" in request.form:
        ott = request.form["ott"]
        password = request.form["password"]
        confirm_password = request.form["confirmPassword"]
        is_completed = False
        has_errors = "false"
        message = ""

        if password == confirm_password:
            okta_util = OktaUtil(request.headers, config.okta)
            verify_ott_response = okta_util.verify_password_reset_token(ott)
            #print "verify_ott_response: {0}".format(json.dumps(verify_ott_response, indent=4, sort_keys=True))
            user = {
                "id": verify_ott_response["_embedded"]["user"]["id"],
                "credentials": {
                    "password" : { "value": password }
                }
            }
            change_password_response = okta_util.update_user(user)
            #print "change_password_response: {0}".format(json.dumps(change_password_response, indent=4, sort_keys=True))

            is_completed = True
            ##test for error on password update"""

            if 'errorCode' in change_password_response:
                print "update user error msg = ",change_password_response['errorCauses']
                has_errors ="true"
                is_completed=False

        else:
            has_errors = "true"
            message = "Passwords do not match"


        response = make_response(
            render_template("change_password.html",
                okta_config=config.okta,
                message=message,
                is_completed=is_completed,
                has_errors=has_errors,
                ott=ott,orgUrls=app.orgUrls))


    if is_completed:
        response = make_response(
            render_template("password_success.html",
                okta_config=config.okta,
                ott=ott,
                orgUrls=app.orgUrls))

    return response
Пример #9
0
def get_oauth_token(oauth_code):
    print "get_oauth_token()"
    okta_util = OktaUtil(request.headers, config.okta)

    oauth_token_response_json = okta_util.get_oauth_token(
        oauth_code, config.okta["redirect_uri"])
    print "oauth_token_response_json: {0}".format(oauth_token_response_json)

    return oauth_token_response_json["access_token"]
Пример #10
0
def get_session_token(username, password):
    print "get_session_token()"
    okta_util = OktaUtil(request.headers, config.okta)
    session_token = None

    authn_reponse_json = okta_util.get_session_token(username, password)
    if "sessionToken" in authn_reponse_json:
        session_token = authn_reponse_json["sessionToken"]

    return session_token
Пример #11
0
def refresh_okta_api_token():
    """ Helper method to refresh the okta api token when deployed live for continual testing.  Helps to prevent the API key from expiring from no use """
    print "refresh_okta_api_token()"
    response = { "status": "fail" }
    okta_util = OktaUtil(request.headers, config.okta)

    groups = okta_util.search_groups("Everyone", 1);  # Search for the default 'Everyone' group in Okta
    if len(groups) == 1:
        response["status"] = "success"

    return json.dumps(response);
Пример #12
0
def get_current_user(user_token_data):
    print "get_current_user()"
    current_user = None

    if "uid" in user_token_data:
        user_id = user_token_data["uid"]
        print "Looking up user by id: {0}".format(user_id)
        okta_util = OktaUtil(request.headers, config.okta)
        current_user = okta_util.get_user(user_id)

    return current_user
Пример #13
0
def get_user():
    print "get_user()"
    response = {}
    try:
        okta_util = OktaUtil(request.headers)
        user_info = okta_util.get_curent_user(session[okta_util.OKTA_SESSION_ID_KEY])
        print json.dumps(user_info, indent=4, sort_keys=False)
        response["firstName"] = user_info["profile"]["firstName"]
        response["lastName"] = user_info["profile"]["lastName"]
        response["hpsMemberRecords"] = user_info["profile"]["hpsMemberRecords"]
    except:
        print "no user logged in"

    return json.dumps(response)
Пример #14
0
def activate():
    print "activate()"
    okta_util = OktaUtil(request.headers)
    response = {"factorResult": "FAILED"}

    activate_url = request.form["refurl"]
    pass_code = request.form["passCode"]
    # Verify sms factor
    activate_response = okta_util.activate_sms_factor(url=activate_url, pass_code=pass_code)

    if activate_response["status"] == "ACTIVE":
        response["factorResult"] = "SUCCESS"

    return json.dumps(response)
Пример #15
0
def is_logged_in():
    print "is_logged_in()"
    result = False
    okta_util = OktaUtil(request.headers, config.okta)
    # first check there is a token
    if("token" in request.cookies):
        token = request.cookies["token"]
        if token != "" and token != "NO_TOKEN":
            # introspect token
            introspection_results_json = okta_util.introspect_oauth_token(token)

            if("active" in introspection_results_json):
                result = True

    return result
Пример #16
0
def verifyFactor():
    print "verifyFactor()"

    okta_util = OktaUtil(request.headers)

    verify_url = request.form["refurl"]
    verification_Value = request.form["passCode"]

    factor_response = okta_util.factor_verification(verify_url=verify_url,
                                                    verification_Value=verification_Value)

    session_response = okta_util.create_session(session[okta_util.OKTA_SESSION_TOKEN_KEY])
    session[okta_util.OKTA_SESSION_ID_KEY] = session_response["id"]

    return json.dumps(factor_response)
Пример #17
0
def is_logged_in():
    print "is_logged_in()"

    result = {"isLoggedIn": False}

    try:
        okta_util = OktaUtil(request.headers)
        session_response = okta_util.validate_session(session[okta_util.OKTA_SESSION_ID_KEY])
        print session_response
        url = session_response["_links"]["refresh"]["href"]
        okta_util.extend_session(url)
        result["isLoggedIn"] = True
    except:
        print "not logged in"

    return json.dumps(result)
Пример #18
0
def create_user():
    print "create_user"
    okta_util = OktaUtil(request.headers)

    first_name = request.form["firstName"]
    last_name = request.form["lastName"]
    email = request.form["email"]
    mobile = request.form["mobile"]
    password = request.form["password"]

    user_info = okta_util.create_user(first_name=first_name,
                                      last_name=last_name,
                                      email=email,
                                      phone=mobile,
                                      password=password)

    return json.dumps(user_info)
Пример #19
0
def create_session():
    print "create_session()"
    result = {"success": False}

    try:
        okta_util = OktaUtil(request.headers)
        # Create Session
        session_response = okta_util.create_session(session[okta_util.OKTA_SESSION_TOKEN_KEY])
        session[okta_util.OKTA_SESSION_ID_KEY] = session_response["id"]

        url = session_response["_links"]["refresh"]["href"]
        okta_util.extend_session(url)
        result["success"] = True
    except:
        print "failed to create session"

    return json.dumps(result)
Пример #20
0
def login():
    print "login()"
    print request.form

    okta_util = OktaUtil(request.headers, config.okta)

    # Authenticate via Okta API to get Session Token
    session_token = None
    try:
        if "auth_token" in request.form:
            session_token = okta_util.authenticate_via_activation_token(
                request.form["auth_token"])
        else:
            session_token = get_session_token(
                username=request.form["username"],
                password=request.form["password"])
    except ValueError as err:
        print(err.args)

    print "session_token: {0}".format(session_token)

    # Use Session Token to generatet OIDC Auth Code URL
    if (session_token):
        oidc_auth_code_url = okta_util.create_oidc_auth_code_url(
            session_token, config.okta["oidc_client_id"],
            config.okta["redirect_uri"])

        print "url: {0}".format(oidc_auth_code_url)
        # redirect to User Auth Code URL to Get OIDC Code
        return redirect(oidc_auth_code_url)

    else:
        error_list = {
            "messages": [{
                "message": "Bad user name and/or password"
            }]
        }
        response = make_response(
            render_template("index.html",
                            user={},
                            error_list=error_list,
                            form_data={},
                            okta_config=config.okta,
                            is_admin=False))
        return response
Пример #21
0
def update_user(user_id):
    print "update_user"
    okta_util = OktaUtil(request.headers)

    first_name = request.form["firstName"]
    last_name = request.form["lastName"]
    email = request.form["email"]
    mobile = request.form["mobile"]
    hpsMemberRecords = request.form["hpsMemberRecords"]

    user_info = okta_util.update_user(user_id=user_id,
                                      first_name=first_name,
                                      last_name=last_name,
                                      email=email,
                                      phone=mobile,
                                      hpsMemberRecords=hpsMemberRecords)

    return json.dumps(user_info)
Пример #22
0
def index():
    """ handler for the root url path of the app """
    print("index()")

    okta_util = OktaUtil(request.headers)
    o365_groups = okta_util.get_o365_groups()
    report = {"data": []}

    print("Total Groups: {0}".format(len(o365_groups)))

    for group in o365_groups:
        group_id = group["id"]
        users = okta_util.get_users_by_group_id(group_id)
        print("Total Users for Group: {0}:{1}".format(group["profile"]["name"], len(users)))

        for user in users:
            record = {}

            record["GroupName"] = group["profile"]["name"]
            record["FirstName"] = user["profile"]["firstName"]
            record["LastName"] = user["profile"]["lastName"]

            report["data"].append(record)

    # prep csv conversion for output
    csv_data_io = io.StringIO()
    csv_columns = [
        "GroupName",
        "FirstName",
        "LastName"
    ]
    cw = csv.DictWriter(csv_data_io, fieldnames=csv_columns, dialect='excel')
    cw.writeheader()
    for item in report["data"]:
        cw.writerow(item)

    response = Response(
        csv_data_io.getvalue(),
        mimetype="text/csv",
        headers={"Content-disposition":
                 "attachment; filename=export.csv"})

    return response
Пример #23
0
def get_current_user_token():
    print "get_current_user_token()"
    user_results_json = None
    okta_util = OktaUtil(request.headers, config.okta)

    if ("token" in request.cookies):
        introspection_results_json = okta_util.introspect_oauth_token(
            request.cookies.get("token"))

        if ("active" in introspection_results_json):
            if (introspection_results_json["active"]):
                print "Has active token"
                user_results_json = {
                    "active": introspection_results_json["active"],
                    "username": introspection_results_json["username"],
                    "uid": introspection_results_json["uid"]
                }
            else:
                print "Has inactive token"
        else:
            print "has inactive token error"
            check_okta_session_url = okta_util.create_oidc_auth_code_url(
                None, config.okta["oidc_client_id"],
                config.okta["redirect_uri"])
            user_results_json = {
                "active": False,
                "redirect_url": check_okta_session_url
            }
    else:
        print "has no token"
        check_okta_session_url = okta_util.create_oidc_auth_code_url(
            None, config.okta["oidc_client_id"], config.okta["redirect_uri"])
        user_results_json = {
            "active": False,
            "redirect_url": check_okta_session_url
        }

    if (not user_results_json):
        print "has no token default"
        user_results_json = {"active": False}

    return user_results_json
Пример #24
0
def loginMFA():
    print "loginMFA()"

    okta_util = OktaUtil(request.headers)

    user = request.form["user"]
    pwd = request.form["password"]

    auth = okta_util.authenticate(username=user, password=pwd)
    try:
        session[okta_util.OKTA_SESSION_TOKEN_KEY] = auth["sessionToken"]
        user_id = auth["_embedded"]["user"]["id"]
        factors = okta_util.list_factors(user_id=user_id)
        factor_id = factors[0]["id"]
        push_factor_response = okta_util.push_factor_verification(user_id=user_id, factor_id=factor_id)
    except:
        session[okta_util.OKTA_SESSION_TOKEN_KEY] = None
        user_id = None
        push_factor_response = {"status":"FAILED", "message":"Authentication Failed"}

    return json.dumps(push_factor_response)
Пример #25
0
def login():
    print "login()"

    okta_util = OktaUtil(request.headers)

    user = request.form["user"]
    pwd = request.form["password"]

    auth = okta_util.authenticate(username=user, password=pwd)

    try:
        session[okta_util.OKTA_SESSION_TOKEN_KEY] = auth["sessionToken"]
        user_id = auth["_embedded"]["user"]["id"]
        session_response = okta_util.create_session(session[okta_util.OKTA_SESSION_TOKEN_KEY])
        session[okta_util.OKTA_SESSION_ID_KEY] = session_response["id"]
    except:
        session[okta_util.OKTA_SESSION_TOKEN_KEY] = None
        user_id = None
        session_response = {"status":"FAILED", "message":"Authentication Failed"}

    return json.dumps(session_response)
Пример #26
0
def oidc():
    print "oidc()"
    print request.form

    redirect_url = ""

    if("error" in request.form):
        oauth_token = "NO_TOKEN"
        redirect_url = config.okta["app_host"]
    else:
        okta_util = OktaUtil(request.headers, config.okta)
        oidc_code = request.form["code"]
        print "oidc_code: {0}".format(oidc_code)
        oauth_response = okta_util.get_oauth_token(oidc_code, config.okta["redirect_uri"])
        print "oauth_response: {0}".format(json.dumps(oauth_response, indent=4, sort_keys=True))
        oauth_token = oauth_response["id_token"]
        redirect_url = config.okta["post_oidc_redirect"]

    response = make_response(redirect(redirect_url))
    response.set_cookie('token', oauth_token)

    return response
Пример #27
0
def mfa_multiple_sms_numbers():
    print "mfa_multiple_sms_numbers()"
    request_json = request.get_json()
    print "request_json: {0}".format(
        json.dumps(request_json, indent=4, sort_keys=True))
    user_name = request_json["userName"]

    okta_util = OktaUtil(request.headers, config.okta)
    user = okta_util.get_user(user_name)

    print "user: {0}".format(json.dumps(user, indent=4, sort_keys=True))

    json_response = {"primary_sms": "", "available_sms_numbers": ""}

    if "profile" in user:
        if config.okta["multi_sms_allowed_numbers"] in user["profile"]:
            json_response["primary_sms"] = user["profile"][
                config.okta["multi_sms_primary_number"]]
            json_response["available_sms_numbers"] = user["profile"][
                config.okta["multi_sms_allowed_numbers"]]

    return json.dumps(json_response)
Пример #28
0
def show_change_password():
    """ handler for the change password screen"""
    print "show_change_password()"
    print "request.form: {0}".format(json.dumps(request.form, indent=4, sort_keys=True))

    response = redirect(config.okta["app_host"]) # redirect to home page if there is no ott

    if "ott" in request.form:
        ott = request.form["ott"]
        if ott:
            okta_util = OktaUtil(request.headers, config.okta)
            message = ""

            response = make_response(
                render_template("change_password.html",
                    okta_config=config.okta,
                    message=message,
                    ott=ott, has_errors = "false",
                    orgUrls=app.orgUrls))

    return response
Пример #29
0
def push_mfa_code():
    print "push_mfa_code()"
    request_json = request.get_json()
    print "request_json: {0}".format(request_json)
    okta_util = OktaUtil(request.headers, config.okta)

    username = request_json["username"]
    factor_type = request_json["factorType"]
    code = None
    if "code" in request_json:
        code = request_json["code"]

    user = okta_util.get_user(username)
    # print "user: {0}".format(user, indent=4, sort_keys=True)

    response = {
        "status": "success",
        "message": "sent"
    }  # alwasy send this down so a malicious user can not farm enrolled factors

    if ("id" in user):
        okta_user_id = user["id"]
        okta_factor_id = None
        enrolled_factors = okta_util.list_factors(okta_user_id)
        # print "enrolled_factors: {0}".format(json.dumps(enrolled_factors, indent=4, sort_keys=True))

        for factor in enrolled_factors:
            # check factor type agains the enroled factor
            print "factor: {0}".format(
                json.dumps(factor, indent=4, sort_keys=True))
            if (factor["factorType"] == factor_type
                    and factor["provider"] == "OKTA") or (factor["provider"]
                                                          == factor_type):
                okta_factor_id = factor["id"]

        print "okta_factor_id: {0}".format(okta_factor_id)

        if okta_factor_id:
            push_response = okta_util.push_factor_verification(
                okta_user_id, okta_factor_id, code)
            # print "push_response: {0}".format(json.dumps(push_response, indent=4, sort_keys=True))

            # Check for a valid factor result
            if "factorResult" in push_response:
                response["factorResult"] = push_response["factorResult"]

                # check if there is a polling link to send back down to the client
                if "_links" in push_response:
                    if "poll" in push_response["_links"]:
                        response["pollingUrl"] = push_response["_links"][
                            "poll"]["href"]

                print "factorResult: {0}".format(push_response["factorResult"])
                if push_response[
                        "factorResult"] == "SUCCESS":  # Means the user successfully passed the factor, so reset the pasword
                    password_reset_response = okta_util.reset_user_password(
                        okta_user_id)
                    print "password_reset_response: {0}".format(
                        json.dumps(password_reset_response,
                                   indent=4,
                                   sort_keys=True))
                    response["ott"] = password_reset_response[
                        "resetPasswordUrl"].replace(
                            "{0}/reset_password/".format(
                                config.okta["org_host"]), "")
            else:
                response["status"] = "failed"
                response["message"] = push_response["errorSummary"]
        else:
            print "WARNING: User '{0}' not enrolled in factor: {1}".format(
                user["profile"]["login"], factor_type)
    else:
        print "WARNING: User '{0}' does not exsist in Okta".format(username)

    return json.dumps(response)
Пример #30
0
def push_multi_sms_mfa_code():
    print "push_multi_sms_mfa_code()"
    has_valid_sms = False
    request_json = request.get_json()
    print "request_json: {0}".format(request_json)
    user_name = request_json["username"]
    selected_sms_number = request_json["smsNumber"]

    okta_util = OktaUtil(request.headers, config.okta)
    user = okta_util.get_user(user_name)
    # print "user: {0}".format(json.dumps(user, indent=4, sort_keys=True))

    response = {
        "status": "success",
        "message": "sent"
    }  # alwasy send this down so a malicious user can not farm enrolled factors

    if ("id" in user):
        okta_user_id = user["id"]
        okta_factor_id = None

        # 1) Verify Phone Number is valid in list
        if "profile" in user:
            if config.okta["multi_sms_allowed_numbers"] in user["profile"]:
                if selected_sms_number in user["profile"][
                        config.okta["multi_sms_allowed_numbers"]]:
                    has_valid_sms = True

        # 2) Enroll or re-enroll number
        enrolled_factors = okta_util.list_factors(okta_user_id)
        print "enrolled_factors: {0}".format(
            json.dumps(enrolled_factors, indent=4, sort_keys=True))
        for factor in enrolled_factors:
            # check factor type agains the enroled factor
            if (factor["factorType"] == "sms"):
                okta_factor_id = factor["id"]
                break

        if okta_factor_id:
            unenroll_factor_response = okta_util.unenroll_factor(
                okta_user_id, okta_factor_id)
            # print "unenroll_factor_response: {0}".format(json.dumps(unenroll_factor_response, indent=4, sort_keys=True))
        print "selected_sms_number: {0}".format(selected_sms_number)
        factor_createion_response = okta_util.create_sms_factor(
            okta_user_id, selected_sms_number)
        okta_factor_id = factor_createion_response["id"]
        print "factor_createion_response: {0}".format(
            json.dumps(factor_createion_response, indent=4, sort_keys=True))

        if "_links" in factor_createion_response:
            if "verify" in factor_createion_response["_links"]:
                verify_url = factor_createion_response["_links"]["verify"][
                    "href"]
                push_factor_response = okta_util.factor_verification(
                    verify_url, None)
                response["verifyUrl"] = verify_url

            elif "activate" in factor_createion_response["_links"]:
                verify_url = factor_createion_response["_links"]["activate"][
                    "href"]
                push_factor_response = okta_util.factor_verification(
                    verify_url, None)
                response["verifyUrl"] = verify_url

        #push_factor_response = okta_util.push_factor_verification(okta_user_id, okta_factor_id)
        print "okta_factor_id: {0}".format(okta_factor_id)
        print "factor_createion_response: {0}".format(
            json.dumps(factor_createion_response, indent=4, sort_keys=True))

    else:
        print "WARNING: User '{0}' does not exsist in Okta".format(user_name)

    return json.dumps(response)
Пример #31
0
def deactivate_user(user_id):
    okta_util = OktaUtil(request.headers)

    user_info = okta_util.deactivate_user(user_id=user_id)

    return json.dumps(user_info)
Пример #32
0
def list_users():
    okta_util = OktaUtil(request.headers)

    user_list = okta_util.list_users(100) #  TODO: make this configurable

    return json.dumps(user_list)
Пример #33
0
def reset_hps():
    print "reset_hps()"
    okta_util = OktaUtil(request.headers)
    response = okta_util.reset_hps()
    return json.dumps(response)
Пример #34
0
def get_user_schema():
    print "get_user_schema()"
    okta_util = OktaUtil(request.headers)
    response = okta_util.list_user_schema()
    return json.dumps(response)