def get_user_list_by_group_id(self, id):
self.logger.debug("OktaAdmin.get_user_list_by_group_id(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/groups/{id}/users".format(
base_url=self.okta_config["okta_org_name"], id=id)
return RestUtil.execute_get(url, okta_headers)
def get_groups_by_name(self, name):
self.logger.debug("OktaAdmin.get_groups_by_name(name)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/groups?q={name}".format(
base_url=self.okta_config["okta_org_name"], name=name)
return RestUtil.execute_get(url, okta_headers)
def get_applications_all(self):
self.logger.debug("OktaAdmin.get_applications_all(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/apps/?limit=200".format(
base_url=self.okta_config["okta_org_name"])
return RestUtil.execute_get(url, okta_headers)
def streamingservice_device_validatecode():
logger.debug("streamingservice_device_validatecode()")
url = "https://jl0tn0gk0e.execute-api.us-east-2.amazonaws.com/default/prd-zartan-deviceinformation?user_code=" + request.form["user_code"]
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
if ("device_code" in s3response):
logger.debug("Save Device State")
state = str(uuid.uuid4())
session["device_state"] = state
url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate"
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
body = {
"device_code": s3response['device_code'],
"device_id": s3response['device_id'],
"state": state
}
RestUtil.execute_post(url, body, headers=headers)
response = url_for(
"streamingservice_views_bp.streamingservice_device_register",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"]
)
else:
response = "invalid"
return response
def get_applications_by_user_id(self, user_id):
self.logger.debug("OktaAdmin.get_applications_by_user_id(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/apps/?limit=200&filter=user.id+eq+\"{user_id}\"".format(
base_url=self.okta_config["okta_org_name"], user_id=user_id)
return RestUtil.execute_get(url, okta_headers)
def get_application_groups(self, appid):
self.logger.debug("OktaAdmin.get_application_groups(appid)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/apps/{app_id}/groups".format(
base_url=self.okta_config["okta_org_name"], app_id=appid)
return RestUtil.execute_get(url, okta_headers)
def get_idp_certificate(self, kid):
self.logger.debug("OktaAdmin.get_idp_certificates()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/idps/credentials/keys/{kid}".format(
base_url=self.okta_config["okta_org_name"], kid=kid)
return RestUtil.execute_get(url, okta_headers)
def get_user(self, user_id):
self.logger.debug("OktaAdmin.get_user(user_id)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users/{user_id}".format(
base_url=self.okta_config["okta_org_name"], user_id=user_id)
return RestUtil.execute_get(url, okta_headers)
def get_user_list_by_search(self, search):
# /api/v1/users?search=profile.department eq "Engineering"
self.logger.debug("OktaAdmin.get_user_list_by_search(search)")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/users?search={search}".format(
base_url=self.okta_config["okta_org_name"], search=search)
return RestUtil.execute_get(url, okta_headers)
def list_available_questions(self, user_id):
self.logger.debug("list_available_questions()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{0}/api/v1/users/{1}/factors/questions".format(
self.okta_config["okta_org_name"], user_id)
return RestUtil.execute_get(url, okta_headers)
def list_available_factors(self, user_id):
print("list_available_factors()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{0}/api/v1/users/{1}/factors/catalog".format(
self.okta_config["okta_org_name"], user_id)
return RestUtil.execute_get(url, okta_headers)
def getProductByIdAnonymous(self, product_id):
self.logger.debug("Hybris Get Product By Id")
hybris_headers = self.get_default_hybris_headers()
# self.logger.debug("okta_headers: {0}".format(okta_headers))
#Let's just get 100 products and we'll paginate on our end.
url = "{hybris_url}/rest/v2/electronics/products/{product_id}?fields=FULL".format(
hybris_url=self.hybris_base_url, product_id=product_id)
return RestUtil.execute_get(url, hybris_headers)
def getProductsAnonymous(self, query):
self.logger.debug("Hybris Get Products")
hybris_headers = self.get_default_hybris_headers()
# self.logger.debug("okta_headers: {0}".format(okta_headers))
#Let's just get 100 products and we'll paginate on our end.
url = "{hybris_url}/rest/v2/electronics/products/search?query={query}&fields=FULL&pageSize=100¤tPage=1".format(
hybris_url=self.hybris_base_url, query=query)
return RestUtil.execute_get(url, hybris_headers)
def get_remote_config(udp_subdomain, udp_app_name):
logger.debug("get_remote_config()")
remote_config = None
if (is_udp_config_valid(udp_config)):
json_headers["Authorization"] = "Bearer {0}".format(
get_udp_oauth_access_token(udp_config))
remote_config_url = "{udp_config_url}/api/configs/{udp_subdomain}/{udp_app_name}".format(
udp_config_url=os.getenv("UDP_CONFIG_URL", ""),
udp_subdomain=udp_subdomain,
udp_app_name=udp_app_name)
remote_api_token_url = "{udp_config_url}/api/subdomains/{udp_subdomain}".format(
udp_config_url=os.getenv("UDP_CONFIG_URL", ""),
udp_subdomain=udp_subdomain)
if "http" in remote_config_url:
logger.debug(
"Pulling remote config from: {0}".format(remote_config_url))
remote_config = RestUtil.execute_get(remote_config_url,
json_headers)
# logger.debug("config_json: {0}".format(json.dumps(remote_config, indent=4, sort_keys=True)))
if "http" in remote_api_token_url:
logger.debug(
"Pulling remote config from: {0}".format(remote_api_token_url))
api_token_config = RestUtil.execute_get(remote_api_token_url,
json_headers)
# logger.debug("config_json: {0}".format(json.dumps(api_token_config, indent=4, sort_keys=True)))
if remote_config:
if "okta_api_token" in api_token_config:
remote_config["okta_api_token"] = api_token_config[
"okta_api_token"]
logger.debug("config_json: {0}".format(
json.dumps(remote_config, indent=4, sort_keys=True)))
else:
logger.warning("Invalid UDP Config, Skipping remote configuration...")
return remote_config
def get_user_application_by_current_client_id(self, user_id):
self.logger.debug("OktaAdmin.get_user_application_by_current_client_id()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/apps/{app_id}/users/{user_id}".format(
base_url=self.okta_config["okta_org_name"],
app_id=self.okta_config["client_id"],
user_id=user_id)
return RestUtil.execute_get(url, okta_headers)
def streamingservice_device_register():
logger.debug("streamingservice_device_register()")
client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"]
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
idplist = okta_admin.get_idps()
facebook = ""
google = ""
linkedin = ""
microsoft = ""
idp = ""
idptype = ""
appname = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_appname"]
if appname is None:
appname = ""
for idp in idplist:
if idp["type"] == "FACEBOOK":
facebook = idp["id"]
idp = "true"
elif idp["type"] == "GOOGLE":
google = idp["id"]
idp = "true"
elif idp["type"] == "LINKEDIN":
linkedin = idp["id"]
idp = "true"
elif idp["type"] == "MICROSOFT":
microsoft = idp["id"]
idp = "true"
elif idp["type"] == "SAML2":
idptype = "SAML2"
idp = "true"
url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate?state={0}".format(session["device_state"])
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
del s3response['state']
return render_template(
"streamingservice/device_register.html",
templatename=get_app_vertical(),
config=session[SESSION_INSTANCE_SETTINGS_KEY],
state=session["device_state"],
facebook=facebook,
google=google,
linkedin=linkedin,
microsoft=microsoft,
idp=idp,
idptype=idptype,
appname=appname,
client_id=client_id,
deviceinfo=json.dumps(s3response, sort_keys=True, indent=4))
def gbac_idverification_updateidentity():
logger.debug("gbac_idverification_updateidentity")
user_info = get_userinfo()
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
user = okta_admin.get_user(user_info["sub"])
basicauth = OktaUtil.get_encoded_auth(
"okta", "Ry4EZf8SyxKyStLK6BqxBBLXEW4SrIo6hc0m2rR3PoI")
headers = {
"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Basic {0}".format(basicauth)
}
evident_id = user["profile"][get_udp_ns_fieldname("evident_id")]
response = RestUtil.execute_get(
"https://verify.api.demo.evidentid.com/api/v1/verify/requests/{0}".
format(evident_id),
headers=headers)
now = datetime.datetime.now()
# dd/mm/YY H:M:S
verifydate = now.strftime("%d/%m/%Y %H:%M:%S")
user_data = {
"profile": {
get_udp_ns_fieldname("last_verified_date"): str(verifydate)
}
}
status = ""
for item in response["attributes"]:
status = item["status"]
if status == "pending":
break
if item["type"] == "core.firstname":
user_data["profile"]["firstName"] = item["values"][0]
if item["type"] == "core.lastname":
user_data["profile"]["lastName"] = item["values"][0]
if item["type"] == "core.address.zipcode":
user_data["profile"]["zipCode"] = item["values"][0]
if item["type"] == "core.address.city":
user_data["profile"]["city"] = item["values"][0]
if item["type"] == "core.address.state":
user_data["profile"]["state"] = item["values"][0]
if status == "pending":
return status
else:
logging.debug(user_data)
okta_admin.update_user(user["id"], user_data)
return response
def streamingservice_device_complete():
logger.debug("streamingservice_device_complete()")
okta_admin = OktaAdmin(session[SESSION_INSTANCE_SETTINGS_KEY])
client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["app_deviceflow_clientid"]
user_id = request.args.get('user_id')
if user_id is not None:
user_app_profile = okta_admin.get_user_application_by_client_id(user_id=user_id, client_id=client_id)
devices = []
if get_udp_ns_fieldname("authorized_devices") in user_app_profile["profile"]:
devices = user_app_profile["profile"][get_udp_ns_fieldname("authorized_devices")]
if devices is None:
devices = []
else:
devices = []
device_id = request.args.get('device_id')
devices.append(device_id)
user_data = {
"profile": {
get_udp_ns_fieldname("authorized_devices"): devices
}
}
okta_admin.update_application_user_profile_by_clientid(user_id=user_id, app_user_profile=user_data, client_id=client_id)
url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken?device_code=" + request.args.get('device_code')
headers = {
"x-api-key": session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]["aws_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
del s3response['device_id']
del s3response['device_code']
return render_template(
"streamingservice/device_complete.html",
config=session[SESSION_INSTANCE_SETTINGS_KEY],
deviceinfo=json.dumps(s3response, sort_keys=True, indent=4))
else:
redirect_url = url_for(
"streamingservice_views_bp.streamingservice_device_activate",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
return redirect(redirect_url)
def streamingservice_token():
logger.debug("streamingservice_token()")
device_code = request.args.get('device_code')
url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken?device_code=" + device_code
headers = {
"x-api-key":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
if "device_code" in s3response:
response = s3response
else:
response = {"error": "authorization_pending"}
return response
def get_idps(self):
self.logger.debug("OktaAdmin.get_idps()")
okta_headers = OktaUtil.get_protected_okta_headers(self.okta_config)
url = "{base_url}/api/v1/idps".format(
base_url=self.okta_config["okta_org_name"])
return RestUtil.execute_get(url, okta_headers)
def systemGetGuestDeliveryModes(self, cart):
self.logger.debug("Hybris add delivery mode to cart")
hybris_headers = self.get_post_hybris_headers(self.system_token)
url = "{hybris_url}/rest/v2/electronics/users/anonymous/carts/{cart_id}/deliverymodes".format(
hybris_url=self.hybris_base_url, cart_id=cart)
return RestUtil.execute_get(url, hybris_headers)
def systemGetOrder(self, orderId):
self.logger.debug("Hybris get order")
hybris_headers = self.get_default_hybris_headers(self.system_token)
url = "{hybris_url}/rest/v2/electronics/orders/{orderid}".format(
hybris_url=self.hybris_base_url, orderid=orderId)
return RestUtil.execute_get(url, hybris_headers)
def getLoggedInCustomerOrders(self):
self.logger.debug("Hybris get order")
hybris_headers = self.get_default_hybris_headers(self.user_token)
url = "{hybris_url}/rest/v2/electronics/users/current/orders".format(
hybris_url=self.hybris_base_url)
return RestUtil.execute_get(url, hybris_headers)
def getAnonymousCart(self, cart_guid):
self.logger.debug("Hybris get guest cart")
hybris_headers = self.get_default_hybris_headers()
url = "{hybris_url}/rest/v2/electronics/users/anonymous/carts/{cart_guid}".format(
hybris_url=self.hybris_base_url, cart_guid=cart_guid)
return RestUtil.execute_get(url, hybris_headers)
def getLoggedInCustomerCart(self, cart_id):
self.logger.debug("Hybris get customer cart")
hybris_headers = self.get_default_hybris_headers(self.user_token)
url = "{hybris_url}/rest/v2/electronics/users/current/carts/{cart_guid}".format(
hybris_url=self.hybris_base_url, cart_guid=cart_id)
return RestUtil.execute_get(url, hybris_headers)
def findLoggedInCustomerCart(self):
self.logger.debug("Hybris find customer cart")
hybris_headers = self.get_default_hybris_headers(self.user_token)
url = "{hybris_url}/rest/v2/electronics/users/current/carts".format(
hybris_url=self.hybris_base_url)
return RestUtil.execute_get(url, hybris_headers)["carts"]
def streamingservice_callback():
""" handler for the oidc call back of the app """
logger.debug("streamingservice_callback()")
response = None
has_app_level_mfa_policy = False
client_id = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientid"]
client_secret = session[SESSION_INSTANCE_SETTINGS_KEY]["settings"][
"app_deviceflow_clientsecret"]
if "code" in request.form:
oidc_code = request.form["code"]
oidc_state = request.form["state"]
okta_auth = OktaAuth(session[SESSION_INSTANCE_SETTINGS_KEY])
oauth_token = get_oauth_token_from_login(
code=oidc_code,
grant_type="authorization_code",
auth_options={
"client_id": client_id,
"client_secret": client_secret,
})
url = "https://d9qgirtrci.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicestate?state={0}".format(
oidc_state)
headers = {
"x-api-key":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
}
s3response = RestUtil.execute_get(url, headers=headers)
url = "https://sngfyrr4b2.execute-api.us-east-2.amazonaws.com/default/prd-zartan-devicetoken"
headers = {
"x-api-key":
session[SESSION_INSTANCE_SETTINGS_KEY]["settings"]
["sparkpost_api_key"],
}
body = {
"device_code": s3response["device_code"],
"device_id": s3response["device_id"],
"access_token": oauth_token["access_token"],
"id_token": oauth_token['id_token'],
"refresh_token": oauth_token['refresh_token']
}
RestUtil.execute_post(url, body, headers=headers)
user = okta_auth.introspect_with_clientid(oauth_token['id_token'],
client_id=client_id,
client_secret=client_secret,
token_type_hint="idtoken")
responseurl = url_for(
"streamingservice_views_bp.streamingservice_device_complete",
_external=True,
_scheme=session[SESSION_INSTANCE_SETTINGS_KEY]["app_scheme"])
responseurl = responseurl + "?device_id={0}&user_id={1}".format(
s3response["device_id"], user["sub"])
response = redirect(responseurl)
elif "error" in request.form:
# This is in the case there is an Okta App level MFA policy
logger.error("ERROR: {0}, MESSAGE: {1}".format(
request.form["error"], request.form["error_description"]))
if ("The client specified not to prompt, but the client app requires re-authentication or MFA."
== request.form["error_description"]):
has_app_level_mfa_policy = True
# Error occured with Accessing the app instance
if has_app_level_mfa_policy:
error_message = "Failed to Authenticate. Please remove App Level MFA Policy and use a Global MFA Policy. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
error_message = "Failed to Authenticate. Check to make sure the user has access to the application. Error: {0} - {1}".format(
request.form["error"], request.form["error_description"])
response = gvalidation_bp_error(error_message)
else:
# catch all error
response = gvalidation_bp_error(
"Failed to Authenticate. Check to make sure the user has access to the application."
)
return response
def decorated_function(*args, **kws):
print("apply_remote_config()")
if "is_config_set" not in session:
session["is_config_set"] = False
print("session['is_config_set']: {0}".format(session["is_config_set"]))
# Request from service to get app config, if not is session or cache
well_known_default_settings_url = None
if not session["is_config_set"]:
print("No session set")
# Assumes the first two components are what we need
split_domain_parts = get_domain_parts_from_request(request)
session["udp_subdomain"] = split_domain_parts["udp_subdomain"]
session["demo_app_name"] = split_domain_parts["demo_app_name"]
session["remaining_domain"] = split_domain_parts[
"remaining_domain"]
# aply default sessting always
map_config(default_settings, session)
# look for remote config
well_known_default_settings_url = get_configs_url(
session["udp_subdomain"], session["demo_app_name"])
print("well_known_default_settings_url: {0}".format(
well_known_default_settings_url))
config_json = RestUtil.execute_get(well_known_default_settings_url,
json_headers)
print("config_json: {0}".format(
json.dumps(config_json, indent=4, sort_keys=True)))
# If invalid response, default to default / environment setting
if "status" in config_json:
if config_json["status"] == "ready":
print("Remote config success. Mapping config to session")
map_config(config_json, session)
# print("Session Dump: {0}".format(session))
subdomain_config_url = os.getenv("UDP_SUBDOMAIN_URL",
"{udp_subdomain}")
# print("subdomain_config_url: {0}".format(subdomain_config_url))
subdomain_config_url = subdomain_config_url.format(
udp_subdomain=session["udp_subdomain"])
# print("subdomain_config_url: {0}".format(subdomain_config_url))
# print("json_headers: {0}".format(json_headers))
subdomain_config_json = RestUtil.execute_get(
subdomain_config_url, json_headers)
print("subdomain_config_json: {0}".format(
json.dumps(subdomain_config_json,
indent=4,
sort_keys=True)))
if "okta_api_token" in subdomain_config_json:
session["okta_api_token"] = subdomain_config_json[
"okta_api_token"]
session["okta_org_name"] = subdomain_config_json[
"okta_org_name"]
else:
raise Exception(
"Failed to get the Okta API Key from config")
else:
print(
"Remote config not ready. Default to the local container env and default config"
)
session["is_config_set"] = True
else:
print("Failed to load remote config from: {0}".format(
well_known_default_settings_url))
response = make_response(
render_template(
"error.html",
site_config=session,
error_message=
"Subdomain '{0}' is not configured. Check to make sure it is correct."
.format(session["udp_subdomain"])))
return response
print("Session Dump: {0}".format(session))
return f(*args, **kws)
