skoobasteeve/successfactors-python
1
0
Fork 0
mirror of https://github.com/skoobasteeve/successfactors-python.git synced 2026-03-20 03:28:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial working package

Browse Source
This commit is contained in:
Ray Lyon
2023-08-04 21:30:04 +00:00
parent abf4fc9bf7
commit cffd268e67
8 changed files with 191 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
.gitignore vendored
View File

@@ -1 +1,165 @@
sf_private_key.pem sf_private_key.pem
test.py
auth_test.py
test/*
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

24
Lambda/Dockerfile
View File

@@ -1,24 +0,0 @@
FROM public.ecr.aws/lambda/python:3.9
# Install the function's dependencies using file requirements.txt
# from your project folder.
RUN yum install -y \
gcc \
gcc-c++ \
Cython \
make \
libxml2 \
libxslt \
xmlsec1 \
xmlsec1-devel \
xmlsec1-openssl \
libtool-ltdl-devel
COPY requirements.txt .
RUN pip3 install -r requirements.txt --target "${LAMBDA_TASK_ROOT}"
# Copy function code
COPY lambda_function/* ${LAMBDA_TASK_ROOT}/
# Set the CMD to your handler (could also be done as a parameter override outside of the Dockerfile)
CMD [ "lambda_function.lambda_handler" ]

139
Lambda/lambda_function.py
View File

@@ -1,139 +0,0 @@
#!/usr/bin/env python3
import base64
import json
import sys
import os
import requests
import xmlsec
import boto3
from lxml import etree
from datetime import datetime, timedelta
region = os.environ.get('AWS_REGION')
secret_id= os.environ.get('SECRET_ID')
template_file = 'sf_saml_template.xml'
private_keyfile = '/tmp/successfactors-private.pem'
def get_secret(region, secret_name, session):
client = session.client(
service_name='secretsmanager',
region_name=region
)
try:
get_secret_value_response = client.get_secret_value(
SecretId=secret_name
)
if 'SecretString' in get_secret_value_response:
secret = get_secret_value_response['SecretString']
except Exception as x:
print(x)
sys.exit(1)
return secret
def get_access_token(sf_url, company_id, client_id, assertion):
token_request = dict(
client_id=client_id,
company_id=company_id,
grant_type='urn:ietf:params:oauth:grant-type:saml2-bearer',
assertion=assertion
)
response = requests.post(f"{sf_url}/oauth/token", data=token_request)
token_data = response.json()
return token_data['access_token']
def generate_assertion(sf_root_url, user_id, client_id, template_file):
issue_instant = datetime.utcnow()
auth_instant = issue_instant
not_valid_before = issue_instant - timedelta(minutes=10)
not_valid_after = issue_instant + timedelta(minutes=10)
audience = 'www.successfactors.com'
context = dict(
issue_instant=issue_instant.isoformat(),
auth_instant=auth_instant.isoformat(),
not_valid_before=not_valid_before.isoformat(),
not_valid_after=not_valid_after.isoformat(),
sf_root_url=sf_root_url,
audience=audience,
user_id=user_id,
client_id=client_id,
session_id='mock_session_index',
)
saml_template = open(template_file).read()
return saml_template.format(**context)
def sign_assertion(xml_string, private_key):
key = xmlsec.Key.from_file(private_key, xmlsec.KeyFormat.PEM)
root = etree.fromstring(xml_string)
signature_node = xmlsec.tree.find_node(root, xmlsec.Node.SIGNATURE)
sign_context = xmlsec.SignatureContext()
sign_context.key = key
sign_context.sign(signature_node)
return etree.tostring(root)
def auth(sf_url, sf_company_id, sf_oauth_client_id,
sf_admin_user, sf_saml_private_key, template_file):
unsigned_assertion = generate_assertion(sf_url,
sf_admin_user,
sf_oauth_client_id,
template_file)
signed_assertion = sign_assertion(unsigned_assertion, sf_saml_private_key)
signed_assertion_b64 = base64.b64encode(signed_assertion).replace(b'\n', b'')
access_token = get_access_token(sf_url,
sf_company_id,
sf_oauth_client_id,
signed_assertion_b64)
return access_token
def lambda_handler(event, context):
session = boto3.session.Session()
print(event)
if event['rawPath'] == '/token':
body = json.loads(event['body'])
sf_url = body['odata_url']
sf_company_id = body['company_id']
sf_oauth_client_id = body['oauth_client_id']
sf_admin_user = body['admin_user']
private_key = get_secret(region,
secret_id,
session)
with open(private_keyfile, 'w') as f:
f.write(private_key)
token = auth(sf_url, sf_company_id, sf_oauth_client_id, sf_admin_user,
private_keyfile, template_file)
payload = {
"token": token
}
return {
'statusCode': 200,
'body': json.dumps(payload)
}

3
Lambda/requirements.txt
View File

@@ -1,3 +0,0 @@
requests
lxml
xmlsec

22
pyproject.toml Normal file
View File

@@ -0,0 +1,22 @@
[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[project]
name = "successfactors_auth"
version = "0.0.2"
authors = [
{ name="Ray Lyon", email="ray@raylyon.net" },
]
description = "Authenticate to the SuccessFactors API."
readme = "README.md"
requires-python = ">=3.8"
classifiers = [
"Programming Language :: Python :: 3",
"License :: OSI Approved :: Apache Software License",
"Operating System :: OS Independent",
]
[project.urls]
"Homepage" = "https://github.com/skoobasteeve/successfactors-python"
"Bug Tracker" = "https://github.com/skoobasteeve/successfactors-python/issues"

0
src/successfactors_auth/__init__.py Normal file
View File

7
sf_auth.py → src/successfactors_auth/auth.py
View File

@@ -11,7 +11,6 @@ Bearer token.
Derived from: https://github.com/mtrdesign/python-saml-example Derived from: https://github.com/mtrdesign/python-saml-example
This script requires the following additional files: This script requires the following additional files:
-SAML template XML
-Private key file for a previously created SuccessFactors OAuth2 application -Private key file for a previously created SuccessFactors OAuth2 application
Required packages: Required packages:
@@ -28,13 +27,13 @@ token = sf_auth.auth(
SF_OAUTH_CLIENT_ID, SF_OAUTH_CLIENT_ID,
SF_ADMIN_USER, SF_ADMIN_USER,
SF_OAUTH_PRIVATE_KEY_FILE, SF_OAUTH_PRIVATE_KEY_FILE,
SAML_TEMPLATE_FILE
) )
''' '''
import base64 import base64
import requests import requests
import xmlsec import xmlsec
import importlib.resources
from lxml import etree from lxml import etree
from datetime import datetime, timedelta from datetime import datetime, timedelta
@@ -103,7 +102,9 @@ def sign_assertion(xml_string, private_key):
def auth(sf_url, sf_company_id, sf_oauth_client_id, def auth(sf_url, sf_company_id, sf_oauth_client_id,
sf_admin_user, sf_saml_private_key, template_file): sf_admin_user, sf_saml_private_key):
template_file = "sf_saml_template.xml"
# Generate SAML assertion XML from template file # Generate SAML assertion XML from template file
unsigned_assertion = generate_assertion(sf_url, unsigned_assertion = generate_assertion(sf_url,

0
sf_saml_template.xml → src/successfactors_auth/sf_saml_template.xml
View File