Skip to content

Commit

Permalink
Merge branch 'KelvinTegelaar:master' into master
Browse files Browse the repository at this point in the history
  • Loading branch information
daveroyer authored Apr 1, 2024
2 parents 2b9a4da + c4e343a commit 00dbdff
Show file tree
Hide file tree
Showing 40 changed files with 1,008 additions and 386 deletions.
1 change: 1 addition & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ Function Invoke-AddAlert {
SecDefaultsUpsell = [bool]$Request.body.SecDefaultsUpsell
SharePointQuota = [int]$Request.body.SharePointQuotaQuota
ExpiringLicenses = [bool]$Request.body.ExpiringLicenses
NewAppApproval = [bool]$Request.body.NewAppApproval
type = 'Alert'
RowKey = $TenantID
PartitionKey = 'Alert'
Expand Down
24 changes: 17 additions & 7 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,23 @@ Function Invoke-AddGroup {
}
$GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose
} else {
$Params = @{
Name = $groupobj.Displayname
Alias = $groupobj.username
Description = $groupobj.Description
PrimarySmtpAddress = $email
Type = $groupobj.groupType
RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal
if ($groupobj.groupType -eq 'dynamicdistribution') {
$Params = @{
Name = $groupobj.Displayname
RecipientFilter = $groupobj.membershipRules
PrimarySmtpAddress = $email
}
$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $params
} else {
$Params = @{
Name = $groupobj.Displayname
Alias = $groupobj.username
Description = $groupobj.Description
PrimarySmtpAddress = $email
Type = $groupobj.groupType
RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal
}
$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params
}
$GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params
# At some point add logic to use AddOwner/AddMember for New-DistributionGroup, but idk how we're going to brr that - rvdwegen
Expand Down
19 changes: 14 additions & 5 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,23 @@ Function Invoke-AddIntuneTemplate {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'

$body = [pscustomobject]@{'Results' = 'Successfully added template' }
}
else {
} else {
$TenantFilter = $request.query.TenantFilter
$URLName = $Request.query.URLName
$ID = $request.query.id
switch ($URLName) {

'deviceCompliancePolicies' {
$Type = 'deviceCompliancePolicies'
$Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)?`$expand=scheduledActionsForRule(`$expand=scheduledActionConfigurations)" -tenantid $tenantfilter
$DisplayName = $template.displayName
$TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress
}
'managedAppPolicies' {
$Type = 'AppProtection'
$Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$($urlname)('$($ID)')" -tenantid $tenantfilter
$DisplayName = $template.displayName
$TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress
}
'configurationPolicies' {
$Type = 'Catalog'
$Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)('$($ID)')?`$expand=settings" -tenantid $tenantfilter | Select-Object name, description, settings, platforms, technologies, templateReference
Expand Down Expand Up @@ -112,8 +122,7 @@ Function Invoke-AddIntuneTemplate {

$body = [pscustomobject]@{'Results' = 'Successfully added template' }
}
}
catch {
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error'
$body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" }
}
Expand Down
21 changes: 21 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,27 @@ Function Invoke-AddPolicy {
}
try {
switch ($Request.body.TemplateType) {
'AppProtection' {
$TemplateType = ($RawJSON | ConvertFrom-Json).'@odata.type' -replace '#microsoft.graph.', ''
$TemplateTypeURL = "$($TemplateType)s"
$CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant
if ($displayname -in $CheckExististing.displayName) {
Throw "Policy with Display Name $($Displayname) Already exists"
}
$CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON
}
'deviceCompliancePolicies' {
$TemplateTypeURL = 'deviceCompliancePolicies'
$CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant
if ($displayname -in $CheckExististing.displayName) {
Throw "Policy with Display Name $($Displayname) Already exists"
}
$JSON = $RawJSON | ConvertFrom-Json | Select-Object * -ExcludeProperty id, createdDateTime, lastModifiedDateTime, version, '[email protected]', '@odata.context'
$JSON.scheduledActionsForRule = @($JSON.scheduledActionsForRule | Select-Object * -ExcludeProperty '[email protected]')
$RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress
Write-Host $RawJSON
$CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJson
}
'Admin' {
$TemplateTypeURL = 'groupPolicyConfigurations'
$CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}'
Expand Down
52 changes: 52 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
using namespace System.Net

Function Invoke-AddUserBulk {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
param($Request, $TriggerMetadata)

$APIName = 'AddUserBulk'
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
$TenantFilter = $Request.body.TenantFilter
$Results = [System.Collections.ArrayList]@()
foreach ($userobj in $request.body.BulkUser) {
Write-Host 'PowerShell HTTP trigger function processed a request.'
try {
$password = if ($userobj.password) { $userobj.password } else { New-passwordString }
$UserprincipalName = "$($UserObj.mailNickName)@$($UserObj.domain)"
$BodyToship = $userobj
#Remove domain from body to ship
$BodyToship = $BodyToship | Select-Object * -ExcludeProperty password, domain
$BodyToship | Add-Member -NotePropertyName accountEnabled -NotePropertyValue $true -Force
$BodyToship | Add-Member -NotePropertyName userPrincipalName -NotePropertyValue $UserprincipalName -Force
$BodyToship | Add-Member -NotePropertyName passwordProfile -NotePropertyValue @{'password' = $password; 'forceChangePasswordNextSignIn' = $true } -Force
Write-Host "body is now: $($BodyToship | ConvertTo-Json -Depth 10 -Compress)"
if ($userobj.businessPhones) { $bodytoShip.businessPhones = @($userobj.businessPhones) }
$bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress
Write-Host "Our body to ship is $bodyToShip"
$GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter -type POST -body $BodyToship -verbose
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev 'Info'
$results.add("Created user $($UserprincipalName). Password is $password")
} catch {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error'
$body = $results.add("Failed to create user. $($_.Exception.Message)" )
}
}
$body = [pscustomobject] @{
'Results' = @($results)
'Username' = $UserprincipalName
'Password' = $password
'CopyFrom' = $copyFromResults
}


# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
Body = $Body
})

}
1 change: 0 additions & 1 deletion Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@ Function Invoke-EditUser {
'displayName' = $UserObj.Displayname
'postalCode' = $userobj.postalCode
'companyName' = $userobj.companyName
'mailNickname' = $UserObj.username
'jobTitle' = $UserObj.JobTitle
'userPrincipalName' = $Email
'usageLocation' = $UserObj.usageLocation
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,30 +11,30 @@ Function Invoke-ExecCPVPermissions {
$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'


# Write to the Azure Functions log stream.
Write-Host 'PowerShell HTTP trigger function processed a request.'
$TenantFilter = (get-tenants -IncludeAll -IncludeErrors | Where-Object -Property customerId -EQ $Request.query.Tenantfilter).defaultDomainName
Write-Host "Our Tenantfilter is $TenantFilter"
$Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $Request.Query.TenantFilter | Select-Object -First 1

Write-Host "Our tenant is $($Tenant.displayName) - $($Tenant.defaultDomainName)"

$CPVConsentParams = @{
Tenantfilter = $TenantFilter
TenantFilter = $Request.Query.TenantFilter
}
if ($Request.Query.ResetSP -eq 'true') {
$CPVConsentParams.ResetSP = $true
}

$GraphRequest = try {
Set-CIPPCPVConsent @CPVConsentParams
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
$Success = $true
} catch {
"Failed to update permissions for $($TenantFilter): $($_.Exception.Message)"
"Failed to update permissions for $($Tenant.displayName): $($_.Exception.Message)"
$Success = $false
}

$Tenant = Get-Tenants -IncludeAll -IncludeErrors | Where-Object -Property defaultDomainName -EQ $Tenantfilter
$Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
Expand Down
82 changes: 82 additions & 0 deletions Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
using namespace System.Net
Function Invoke-ExecMailTest {
<#
.FUNCTIONALITY
Entrypoint
#>
[CmdletBinding()]
param($Request, $TriggerMetadata)

$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'

# Write to the Azure Functions log stream.
Write-Host 'PowerShell HTTP trigger function processed a request.'

try {
switch ($Request.Query.Action) {
'CheckConfig' {
$GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true
$AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token
$Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,proxyAddresses' -NoAuthCheck $true
if ($AccessTokenDetails.Scope -contains 'Mail.Read') {
$Message = 'Mail.Read - Delegated was found in the token scope.'
$HasMailRead = $true
} else {
$Message = 'Please add Mail.Read - Delegated to the API permissions for CIPP-SAM.'
$HasMailRead = $false
}

$Body = [PSCustomObject]@{
Message = $Message
HasMailRead = $HasMailRead
MailUser = $Me.displayName
MailAddresses = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } }
}
}
default {
$Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true
$Results = foreach ($Message in $Messages) {
$AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value
$AuthResult = $AuthResult -split ';\s*'
$AuthResult = $AuthResult | ForEach-Object {
if ($_ -match '^(?<Name>.+?)=\s*(?<Status>.+?)\s(?<Info>.+)$') {
[PSCustomObject]@{
Name = $Matches.Name
Status = $Matches.Status
Info = $Matches.Info
}
}
}
[PSCustomObject]@{
Received = $Message.receivedDateTime
Subject = $Message.subject
Sender = $Message.sender.emailAddress.name
From = $Message.sender.emailAddress.address
Link = $Message.webLink
Headers = $Message.internetMessageHeaders
AuthResult = $AuthResult
}
}
$Body = [PSCustomObject]@{
Results = @($Results)
Metadata = [PSCustomObject]@{
Count = ($Results | Measure-Object).Count
}
}
}
}
$StatusCode = [HttpStatusCode]::OK
} catch {
$ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
$StatusCode = [HttpStatusCode]::BadRequest
$Body = [PSCustomObject]@{
Results = @($ErrorMessage)
}
}
# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = $StatusCode
Body = $Body
})
}
Loading

0 comments on commit 00dbdff

Please sign in to comment.