Merge pull request #45 from KelvinTegelaar/master

[pull] master from KelvinTegelaar:master
jn1102 · Jul 12, 2024 · d536a17 · d536a17
2 parents afc824c + af19f65
commit d536a17
Show file tree

Hide file tree

Showing 123 changed files with 2,587 additions and 3,013 deletions.
diff --git a/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1 b/Modules/CIPPCore/Public/Add-CIPPScheduledTask.ps1
@@ -19,19 +19,19 @@ function Add-CIPPScheduledTask {
     $propertiesToCheck = @('Webhook', 'Email', 'PSA')
     $PostExecution = ($propertiesToCheck | Where-Object { $task.PostExecution.$_ -eq $true }) -join ','
     $Parameters = [System.Collections.Hashtable]@{}
-    foreach ($Key in $task.Parameters.Keys) {
+    foreach ($Key in $task.Parameters.PSObject.Properties.Name) {
         $Param = $task.Parameters.$Key
-        if ($Param.Key) {
+        if ($Param -is [System.Collections.IDictionary]) {
             $ht = @{}
-            foreach ($p in $Param) {
-                Write-Host $p.Key
+            foreach ($p in $Param.GetEnumerator()) {
                 $ht[$p.Key] = $p.Value
             }
             $Parameters[$Key] = [PSCustomObject]$ht
         } else {
             $Parameters[$Key] = $Param
         }
     }
+
     $Parameters = ($Parameters | ConvertTo-Json -Depth 10 -Compress)
     $AdditionalProperties = [System.Collections.Hashtable]@{}
     foreach ($Prop in $task.AdditionalProperties) {

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDepTokenExpiry.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertDepTokenExpiry.ps1
@@ -16,7 +16,8 @@ function Get-CIPPAlertDepTokenExpiry {
             $DepTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceManagement/depOnboardingSettings' -tenantid $TenantFilter).value
             $AlertData = foreach ($Dep in $DepTokens) {
                 if ($Dep.tokenExpirationDateTime -lt (Get-Date).AddDays(30) -and $Dep.tokenExpirationDateTime -gt (Get-Date).AddDays(-7)) {
-                    'Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime
+                    $Message = 'Apple Device Enrollment Program token expiring on {0}' -f $Dep.tokenExpirationDateTime
+                    $Dep | Select-Object -Property tokenName, @{Name = 'Message'; Expression = { $Message } }
                 }
             }
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData

diff --git a/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertVppTokenExpiry.ps1 b/Modules/CIPPCore/Public/Alerts/Get-CIPPAlertVppTokenExpiry.ps1
@@ -15,10 +15,12 @@ function Get-CIPPAlertVppTokenExpiry {
             $VppTokens = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/deviceAppManagement/vppTokens' -tenantid $TenantFilter).value
             $AlertData = foreach ($Vpp in $VppTokens) {
                 if ($Vpp.state -ne 'valid') {
-                    'Apple Volume Purchase Program Token is not valid, new token required'
+                    $Message = 'Apple Volume Purchase Program Token is not valid, new token required'
+                    $Vpp | Select-Object -Property organizationName, appleId, vppTokenAccountType, @{Name = 'Message'; Expression = { $Message } }
                 }
                 if ($Vpp.expirationDateTime -lt (Get-Date).AddDays(30) -and $Vpp.expirationDateTime -gt (Get-Date).AddDays(-7)) {
-                    'Apple Volume Purchase Program token expiring on {0}' -f $Vpp.expirationDateTime
+                    $Message = 'Apple Volume Purchase Program token expiring on {0}' -f $Vpp.expirationDateTime
+                    $Vpp | Select-Object -Property organizationName, appleId, vppTokenAccountType, @{Name = 'Message'; Expression = { $Message } }
                 }
             }
             Write-AlertTrace -cmdletName $MyInvocation.MyCommand -tenantFilter $TenantFilter -data $AlertData
@@ -28,4 +30,4 @@ function Get-CIPPAlertVppTokenExpiry {
     } catch {
         # Error handling
     }
-}
+}
diff --git a/...s/CIPPCore/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-GetTenantDomains.ps1 b/...s/CIPPCore/Public/Entrypoints/Activity Triggers/Domain Analyser/Push-GetTenantDomains.ps1
@@ -2,6 +2,6 @@ function Push-GetTenantDomains {
     Param($Item)
     $DomainTable = Get-CippTable -tablename 'Domains'
     $Filter = "PartitionKey eq 'TenantDomains' and TenantGUID eq '{0}'" -f $Item.TenantGUID
-    $Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property RowKey | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }
+    $Domains = Get-CIPPAzDataTableEntity @DomainTable -Filter $Filter -Property PartitionKey, RowKey | Select-Object RowKey, @{n = 'FunctionName'; exp = { 'DomainAnalyserDomain' } }
     return @($Domains)
-}
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-GetPendingWebhooks.ps1
@@ -5,9 +5,9 @@ function Push-GetPendingWebhooks {
     #>
     Param($Item)
     $Table = Get-CIPPTable -TableName WebhookIncoming
-    $Webhooks = Get-CIPPAzDataTableEntity @Table -Property RowKey, FunctionName -First 10000
+    $Webhooks = Get-CIPPAzDataTableEntity @Table -Property PartitionKey, RowKey, FunctionName -First 10000
     $WebhookCount = ($Webhooks | Measure-Object).Count
     $Message = 'Processing {0} webhooks' -f $WebhookCount
     Write-LogMessage -API 'Webhooks' -message $Message -sev Info
     return $Webhooks
-}
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecDurableFunctions.ps1
@@ -51,7 +51,7 @@ function Invoke-ExecDurableFunctions {
             if ($Request.Query.PartitionKey) {
                 $HistoryTable = Get-CippTable -TableName ('{0}History' -f $FunctionName)
                 $Filter = "PartitionKey eq '{0}'" -f $Request.Query.PartitionKey
-                $History = Get-CippAzDataTableEntity @HistoryTable -Filter $Filter -Property RowKey, Timestamp, EventType, Name, IsPlayed, OrchestrationStatus | Select-Object * -ExcludeProperty ETag
+                $History = Get-CippAzDataTableEntity @HistoryTable -Filter $Filter -Property PartitionKey, RowKey, Timestamp, EventType, Name, IsPlayed, OrchestrationStatus | Select-Object * -ExcludeProperty ETag
 
                 $Body = [PSCustomObject]@{
                     Results = @($History)
@@ -173,4 +173,4 @@ function Invoke-ExecDurableFunctions {
             StatusCode = [HttpStatusCode]::OK
             Body       = $Body
         })
-}
+}
diff --git a/.../Settings/Invoke-ExecExtensionMapping.ps1 → ...xtensions/Invoke-ExecExtensionMapping.ps1 b/.../Settings/Invoke-ExecExtensionMapping.ps1 → ...xtensions/Invoke-ExecExtensionMapping.ps1
diff --git a/...IPP/Settings/Invoke-ExecExtensionSync.ps1 → ...P/Extensions/Invoke-ExecExtensionSync.ps1 b/...IPP/Settings/Invoke-ExecExtensionSync.ps1 → ...P/Extensions/Invoke-ExecExtensionSync.ps1
diff --git a/...IPP/Settings/Invoke-ExecExtensionTest.ps1 → ...P/Extensions/Invoke-ExecExtensionTest.ps1 b/...IPP/Settings/Invoke-ExecExtensionTest.ps1 → ...P/Extensions/Invoke-ExecExtensionTest.ps1
@@ -49,8 +49,11 @@ Function Invoke-ExecExtensionTest {
             'Hudu' {
                 Connect-HuduAPI -configuration $Configuration.Hudu
                 $Version = Get-HuduAppInfo
-                Write-Host ($Version | ConvertTo-Json)
-                $Results = [pscustomobject]@{'Results' = ('Successfully Connected to Hudu, version: {0}' -f $Version.version) }
+                if ($Version.version) {
+                    $Results = [pscustomobject]@{'Results' = ('Successfully Connected to Hudu, version: {0}' -f $Version.version) }
+                } else {
+                    $Results = [pscustomobject]@{'Results' = 'Failed to connect to Hudu' }
+                }
             }
         }
     } catch {

diff --git a/.../Settings/Invoke-ExecExtensionsConfig.ps1 → ...xtensions/Invoke-ExecExtensionsConfig.ps1 b/.../Settings/Invoke-ExecExtensionsConfig.ps1 → ...xtensions/Invoke-ExecExtensionsConfig.ps1
@@ -56,7 +56,11 @@ Function Invoke-ExecExtensionsConfig {
                         $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Request.Body.$APIKey.APIKey)
                     }
                 }
-                $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
+                if ($Request.Body.$APIKey.PSObject.Properties -notcontains 'APIKey') {
+                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
+                } else {
+                    $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
+                }
             }
             $Request.Body.$APIKey = $Request.Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
         }

diff --git a/...s/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1 b/...s/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ListExtensionSync.ps1
@@ -0,0 +1,59 @@
+using namespace System.Net
+
+Function Invoke-ListExtensionSync {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.Extension.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+    $ScheduledTasksTable = Get-CIPPTable -TableName 'ScheduledTasks'
+    $ScheduledTasks = Get-CIPPAzDataTableEntity @ScheduledTasksTable -Filter 'Hidden eq true' | Where-Object { $_.Command -match 'CippExtension' }
+
+    $AllowedTenants = Test-CIPPAccess -Request $Request -TenantList
+    $TenantList = Get-Tenants -IncludeErrors
+    $AllTasksArrayList = [system.collections.generic.list[object]]::new()
+
+    foreach ($Task in $ScheduledTasks) {
+        if ($Task.Results -and (Test-Json -Json $Task.Results -ErrorAction SilentlyContinue)) {
+            $Results = $Task.Results | ConvertFrom-Json
+        } else {
+            $Results = $Task.Results
+        }
+
+        $TaskEntry = [PSCustomObject]@{
+            RowKey        = $Task.RowKey
+            PartitionKey  = $Task.PartitionKey
+            Tenant        = $Task.Tenant
+            Name          = $Task.Name
+            SyncType      = $Task.SyncType
+            ScheduledTime = $Task.ScheduledTime
+            ExecutedTime  = $Task.ExecutedTime
+            RepeatsEvery  = $Task.Recurrence
+            Results       = $Results
+        }
+
+        if ($AllowedTenants -notcontains 'AllTenants') {
+            $Tenant = $TenantList | Where-Object -Property defaultDomainName -EQ $Task.Tenant
+            if ($AllowedTenants -contains $Tenant.customerId) {
+                $AllTasksArrayList.Add($TaskEntry)
+            }
+        } else {
+            $AllTasksArrayList.Add($TaskEntry)
+        }
+    }
+    Write-Host ($AllTasksArrayList | ConvertTo-Json -Depth 5 -Compress)
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = ConvertTo-Json -Depth 5 -InputObject $($AllTasksArrayList)
+        })
+}
diff --git a/...lic/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1 b/...lic/Entrypoints/HTTP Functions/Identity/Administration/Groups/Invoke-AddGroupTemplate.ps1
@@ -9,7 +9,6 @@ Function Invoke-AddGroupTemplate {
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
-
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
@@ -36,8 +35,7 @@ Function Invoke-AddGroupTemplate {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created Group template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
 
         $body = [pscustomobject]@{'Results' = 'Successfully added template' }
-    }
-    catch {
+    } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Group Template Creation failed: $($_.Exception.Message)" -Sev 'Error'
         $body = [pscustomobject]@{'Results' = "Group Template Creation failed: $($_.Exception.Message)" }
     }

diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecClrImmId.ps1
@@ -20,13 +20,13 @@ Function Invoke-ExecClrImmId {
     Try {
         $TenantFilter = $Request.Query.TenantFilter
         $UserID = $Request.Query.ID
-        $Body = [pscustomobject] @{
-            onPremisesImmutableId = $null
-        } | ConvertTo-Json
-        $GraphRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
+        $Body = [pscustomobject]@{ onPremisesImmutableId = $null }
+        $Body = ConvertTo-Json -InputObject $Body -Depth 5 -Compress
+        $null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$UserID" -tenantid $TenantFilter -type PATCH -body $Body
         $Results = [pscustomobject]@{'Results' = 'Successfully Cleared ImmutableId' }
     } catch {
-        $Results = [pscustomobject]@{'Results' = "Failed. $_.Exception.Message"; colour = 'danger' }
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception
+        $Results = [pscustomobject]@{'Results' = "Failed. $ErrorMessage"; colour = 'danger' }
         $_.Exception
     }
 
@@ -35,5 +35,4 @@ Function Invoke-ExecClrImmId {
             StatusCode = [HttpStatusCode]::OK
             Body       = $Results
         })
-
 }
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -11,7 +11,9 @@ Function Invoke-ExecJITAdmin {
     param($Request, $TriggerMetadata)
 
     $APIName = 'ExecJITAdmin'
-    Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $User = $Request.Headers.'x-ms-client-principal'
+
+    Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     if ($Request.Query.Action -eq 'List') {
         $Schema = Get-CIPPSchemaExtensions | Where-Object { $_.id -match '_cippUser' }
@@ -61,14 +63,14 @@ Function Invoke-ExecJITAdmin {
         if ($Request.Body.UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
             $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.UserId)" -tenantid $Request.Body.TenantFilter).userPrincipalName
         }
-        Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message "Executing JIT Admin for $Username" -Sev 'Info'
+        Write-LogMessage -user $User -API $APINAME -message "Executing JIT Admin for $Username" -Sev 'Info'
 
         $Start = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate)).DateTime.ToLocalTime()
         $Expiration = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.EndDate)).DateTime.ToLocalTime()
         $Results = [System.Collections.Generic.List[string]]::new()
 
-        if ($Request.Body.useraction -eq 'create') {
-            Write-LogMessage -user $Request.Headers.'x-ms-client-principal' -API $APINAME -message "Creating JIT Admin user $($Request.Body.UserPrincipalName)" -Sev 'Info'
+        if ($Request.Body.useraction -eq 'Create') {
+            Write-LogMessage -user $User -API $APINAME -message "Creating JIT Admin user $($Request.Body.UserPrincipalName)" -Sev 'Info'
             Write-Information "Creating JIT Admin user $($Request.Body.UserPrincipalName)"
             $JITAdmin = @{
                 User         = @{
@@ -86,7 +88,7 @@ Function Invoke-ExecJITAdmin {
             if (!$Request.Body.UseTAP) {
                 $Results.Add("Password: $($CreateResult.password)")
             }
-            $Results.Add("JIT Expires: $($Expiration)")
+            $Results.Add("JIT Admin Expires: $($Expiration)")
             Start-Sleep -Seconds 1
         }
 
@@ -101,14 +103,27 @@ Function Invoke-ExecJITAdmin {
                     $TapBody = '{}'
                 }
                 Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
-                $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $Request.Body.TenantFilter -type POST -body $TapBody
+                # Retry creating the TAP up to 5 times, since it can fail due to the user not being fully created yet
+                $Retries = 0
+                do {
+                    try {
+                        $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $Request.Body.TenantFilter -type POST -body $TapBody
+                    } catch {
+                        Start-Sleep -Seconds 2
+                        Write-Information 'ERROR: Failed to create TAP, retrying'
+                        Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
+                    }
+                    $Retries++
+                } while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le 5 )
 
                 $TempPass = $TapRequest.temporaryAccessPass
                 $PasswordExpiration = $TapRequest.LifetimeInMinutes
 
                 $PasswordLink = New-PwPushLink -Payload $TempPass
                 if ($PasswordLink) {
                     $Password = $PasswordLink
+                } else {
+                    $Password = $TempPass
                 }
                 $Results.Add("Temporary Access Pass: $Password")
                 $Results.Add("This TAP is usable starting at $($TapRequest.startDateTime) UTC for the next $PasswordExpiration minutes")
@@ -147,7 +162,9 @@ Function Invoke-ExecJITAdmin {
                 }
             }
             Add-CIPPScheduledTask -Task $TaskBody -hidden $false
-            Set-CIPPUserJITAdminProperties -TenantFilter $Request.Body.TenantFilter -UserId $Request.Body.UserId -Expiration $Expiration
+            if ($Request.Body.useraction -ne 'Create') {
+                Set-CIPPUserJITAdminProperties -TenantFilter $Request.Body.TenantFilter -UserId $Request.Body.UserId -Expiration $Expiration
+            }
             $Results.Add("Scheduling JIT Admin enable task for $Username")
         } else {
             $Results.Add("Executing JIT Admin enable task for $Username")
@@ -176,7 +193,7 @@ Function Invoke-ExecJITAdmin {
             }
             ScheduledTime = $Request.Body.EndDate
         }
-        Add-CIPPScheduledTask -Task $DisableTaskBody -hidden $false
+        $null = Add-CIPPScheduledTask -Task $DisableTaskBody -hidden $false
         $Results.Add("Scheduling JIT Admin $($Request.Body.ExpireAction) task for $Username")
         $Body = @{
             Results = @($Results)

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomains.ps1
@@ -21,7 +21,7 @@ Function Invoke-ListDomains {
     $TenantFilter = $Request.Query.TenantFilter
 
     try {
-        $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | Select-Object id, isdefault, isinitial | Sort-Object isdefault
+        $GraphRequest = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/domains' -tenantid $TenantFilter | Select-Object id, isdefault, isinitial | Sort-Object isdefault -Descending
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message