Skip to content

Commit 0bc4f50

Browse files
committed
Merge branch 'dev' of https://github.com/KelvinTegelaar/CIPP-API into dev
2 parents 933a6dc + d9c6203 commit 0bc4f50

28 files changed

Lines changed: 406 additions & 108 deletions

Modules/CIPPCore/Public/New-CIPPUserTask.ps1

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -81,13 +81,13 @@ function New-CIPPUserTask {
8181
}
8282

8383
if ($UserObj.setManager) {
84-
$ManagerResult = Set-CIPPManager -User $CreationResults.Username -Manager $UserObj.setManager.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
85-
$Results.Add($ManagerResult)
84+
$ManagerResults = Set-CIPPManager -Users $CreationResults.Username -Manager $UserObj.setManager.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
85+
$Results.Add($ManagerResults.Result)
8686
}
8787

8888
if ($UserObj.setSponsor) {
89-
$SponsorResult = Set-CIPPSponsor -User $CreationResults.Username -Sponsor $UserObj.setSponsor.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
90-
$Results.Add($SponsorResult)
89+
$SponsorResults = Set-CIPPSponsor -Users $CreationResults.Username -Sponsor $UserObj.setSponsor.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
90+
$Results.Add($SponsorResults.Result)
9191
}
9292

9393
return @{

Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ function Set-CIPPAuthenticationPolicy {
2626
} catch {
2727
$ErrorMessage = Get-CippException -Exception $_
2828
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)" -sev Error -LogData $ErrorMessage
29-
Return "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)"
29+
return "Could not get CurrentInfo for $AuthenticationMethodId. Error:$($ErrorMessage.NormalizedError)"
3030
}
3131

3232
switch ($AuthenticationMethodId) {
@@ -114,7 +114,7 @@ function Set-CIPPAuthenticationPolicy {
114114
throw "Setting $AuthenticationMethodId to enabled is not allowed"
115115
}
116116
}
117-
Default {
117+
default {
118118
Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error
119119
throw "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive."
120120
}
Lines changed: 39 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,49 @@
11
function Set-CIPPManager {
22
[CmdletBinding()]
33
param (
4-
$User,
5-
$Manager,
4+
[Alias('User')]
5+
[string[]] $Users,
6+
[string] $Manager,
67
$TenantFilter,
78
$APIName = 'Set Manager',
89
$Headers
910
)
1011

11-
try {
12-
$ManagerBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Manager)" }
13-
$ManagerBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $ManagerBody
14-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($User)/manager/`$ref" -tenantid $TenantFilter -type PUT -body $ManagerBodyJSON
15-
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Set $User's manager to $Manager" -Sev 'Info'
16-
} catch {
17-
$ErrorMessage = Get-CippException -Exception $_
18-
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to Set Manager. Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $_
19-
throw "Failed to set manager: $($ErrorMessage.NormalizedError)"
12+
if ($Users.Count -eq 0) {
13+
return @()
2014
}
21-
return "Set $User's manager to $Manager"
22-
}
2315

16+
$RequestId = 0
17+
$Requests = foreach ($User in $Users) {
18+
@{
19+
id = ($RequestId++).ToString()
20+
method = 'PUT'
21+
url = "users/$User/manager/`$ref"
22+
body = @{ '@odata.id' = "https://graph.microsoft.com/beta/users/$Manager" }
23+
headers = @{ 'Content-Type' = 'application/json' }
24+
}
25+
}
26+
27+
$Responses = New-GraphBulkRequest -tenantid $TenantFilter -Requests @($Requests)
28+
29+
$Results = foreach ($Response in @($Responses)) {
30+
$ResponseIndex = [int]$Response.id
31+
$User = $Users[$ResponseIndex]
32+
$Success = [int]$Response.status -in @(200, 204)
33+
$ErrorMessage = if ($Response.body.error.message) { $Response.body.error.message } else { "Unknown error (Status: $($Response.status))" }
34+
$Result = if ($Success) { "Set $User's manager to $Manager" } else { "Failed to set $User's manager: $ErrorMessage" }
35+
$Severity = if ($Success) { 'Info' } else { 'Error' }
36+
37+
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev $Severity
38+
39+
[pscustomobject]@{
40+
User = $User
41+
Manager = $Manager
42+
Success = $Success
43+
Result = $Result
44+
Status = $Response.status
45+
}
46+
}
47+
48+
return @($Results)
49+
}
Lines changed: 39 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,49 @@
11
function Set-CIPPSponsor {
22
[CmdletBinding()]
33
param (
4-
$User,
5-
$Sponsor,
4+
[Alias('User')]
5+
[string[]] $Users,
6+
[string] $Sponsor,
67
$TenantFilter,
78
$APIName = 'Set Sponsor',
89
$Headers
910
)
1011

11-
try {
12-
$SponsorBody = [PSCustomObject]@{'@odata.id' = "https://graph.microsoft.com/beta/users/$($Sponsor)" }
13-
$SponsorBodyJSON = ConvertTo-Json -Compress -Depth 10 -InputObject $SponsorBody
14-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($User)/sponsors/`$ref" -tenantid $TenantFilter -type PUT -body $SponsorBodyJSON
15-
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Set $User's sponsor to $Sponsor" -Sev 'Info'
16-
} catch {
17-
$ErrorMessage = Get-CippException -Exception $_
18-
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message "Failed to Set Sponsor. Error:$($ErrorMessage.NormalizedError)" -Sev 'Error' -LogData $_
19-
throw "Failed to set sponsor: $($_.Exception.Message)"
12+
if ($Users.Count -eq 0) {
13+
return @()
2014
}
21-
return "Set $user's sponsor to $Sponsor"
15+
16+
$RequestId = 0
17+
$Requests = foreach ($User in $Users) {
18+
@{
19+
id = ($RequestId++).ToString()
20+
method = 'PUT'
21+
url = "users/$User/sponsors/`$ref"
22+
body = @{ '@odata.id' = "https://graph.microsoft.com/beta/users/$Sponsor" }
23+
headers = @{ 'Content-Type' = 'application/json' }
24+
}
25+
}
26+
27+
$Responses = New-GraphBulkRequest -tenantid $TenantFilter -Requests @($Requests)
28+
29+
$Results = foreach ($Response in @($Responses)) {
30+
$ResponseIndex = [int]$Response.id
31+
$User = $Users[$ResponseIndex]
32+
$Success = [int]$Response.status -in @(200, 204)
33+
$ErrorMessage = if ($Response.body.error.message) { $Response.body.error.message } else { "Unknown error (Status: $($Response.status))" }
34+
$Result = if ($Success) { "Set $User's sponsor to $Sponsor" } else { "Failed to set $User's sponsor: $ErrorMessage" }
35+
$Severity = if ($Success) { 'Info' } else { 'Error' }
36+
37+
Write-LogMessage -headers $Headers -API $APIName -tenant $TenantFilter -message $Result -Sev $Severity
38+
39+
[pscustomobject]@{
40+
User = $User
41+
Sponsor = $Sponsor
42+
Success = $Success
43+
Result = $Result
44+
Status = $Response.status
45+
}
46+
}
47+
48+
return @($Results)
2249
}

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-AddJITAdminTemplate.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,8 @@ function Invoke-AddJITAdminTemplate {
112112
if (![string]::IsNullOrWhiteSpace($Request.Body.defaultUserName)) {
113113
$TemplateObject.defaultUserName = $Request.Body.defaultUserName
114114
}
115-
if (![string]::IsNullOrWhiteSpace($Request.Body.defaultUsageLocation)) {
116-
$TemplateObject.defaultUsageLocation = $Request.Body.defaultUsageLocation
115+
if ($Request.Body.defaultUsageLocation) {
116+
$TemplateObject.defaultUsageLocation = $Request.Body.defaultUsageLocation.value ?? $Request.Body.defaultUsageLocation
117117
}
118118

119119
# defaultDomain is only saved for specific tenant templates (not AllTenants)

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditJITAdminTemplate.ps1

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -130,8 +130,8 @@ function Invoke-EditJITAdminTemplate {
130130
if (![string]::IsNullOrWhiteSpace($Request.Body.defaultUserName)) {
131131
$TemplateObject.defaultUserName = $Request.Body.defaultUserName
132132
}
133-
if (![string]::IsNullOrWhiteSpace($Request.Body.defaultUsageLocation)) {
134-
$TemplateObject.defaultUsageLocation = $Request.Body.defaultUsageLocation
133+
if ($Request.Body.defaultUsageLocation) {
134+
$TemplateObject.defaultUsageLocation = $Request.Body.defaultUsageLocation.value ?? $Request.Body.defaultUsageLocation
135135
}
136136

137137
# defaultDomain is only saved for specific tenant templates (not AllTenants)

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-EditUser.ps1

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -242,13 +242,13 @@ function Invoke-EditUser {
242242
}
243243

244244
if ($Request.body.setManager.value) {
245-
$ManagerResult = Set-CIPPManager -User $UserPrincipalName -Manager $Request.body.setManager.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
246-
$Results.Add($ManagerResult)
245+
$ManagerResults = Set-CIPPManager -Users $UserPrincipalName -Manager $Request.body.setManager.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
246+
$Results.Add($ManagerResults.Result)
247247
}
248248

249249
if ($Request.body.setSponsor.value) {
250-
$SponsorResult = Set-CIPPSponsor -User $UserPrincipalName -Sponsor $Request.body.setSponsor.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
251-
$Results.Add($SponsorResult)
250+
$SponsorResults = Set-CIPPSponsor -Users $UserPrincipalName -Sponsor $Request.body.setSponsor.value -TenantFilter $UserObj.tenantFilter -Headers $Headers
251+
$Results.Add($SponsorResults.Result)
252252
}
253253

254254
return ([HttpResponseContext]@{

Modules/CIPPHTTP/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1

Lines changed: 35 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ function Invoke-ExecJITAdmin {
6363
'FirstName' = $Request.Body.FirstName
6464
'LastName' = $Request.Body.LastName
6565
'UserPrincipalName' = $Username
66-
'UsageLocation' = $Request.Body.usageLocation
66+
'UsageLocation' = $Request.Body.usageLocation.value ?? $Request.Body.usageLocation
6767
}
6868
Expiration = $Expiration
6969
StartDate = $Start
@@ -129,14 +129,42 @@ function Invoke-ExecJITAdmin {
129129
#Region TAP creation
130130
if ($Request.Body.UseTAP) {
131131
try {
132-
if ($Start -gt (Get-Date)) {
133-
$TapParams = @{
134-
startDateTime = [System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate).DateTime
132+
$LifetimeMinutes = $null
133+
$RequestedMinutes = $null
134+
$ParsedRequestLifetime = $false
135+
if (![string]::IsNullOrWhiteSpace($Request.Body.tapLifetimeInMinutes)) {
136+
try {
137+
$RequestedMinutes = [int]$Request.Body.tapLifetimeInMinutes
138+
$ParsedRequestLifetime = $true
139+
} catch {
140+
Write-Warning "Failed to parse TAP lifetime from request: $($_.Exception.Message)"
141+
}
142+
}
143+
144+
if ($null -eq $RequestedMinutes) {
145+
$RequestedMinutes = [int](($Expiration - $Start).TotalMinutes)
146+
}
147+
148+
try {
149+
$Policy = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/TemporaryAccessPass' -tenantid $TenantFilter
150+
$PolicyMax = [int]($Policy.maximumLifetimeInMinutes ?? 1440)
151+
$PolicyMin = [Math]::Min([int]($Policy.minimumLifetimeInMinutes ?? 1), $PolicyMax)
152+
$LifetimeMinutes = [Math]::Min([Math]::Max($RequestedMinutes, $PolicyMin), $PolicyMax)
153+
} catch {
154+
Write-Warning "Failed to determine TAP lifetime from policy: $($_.Exception.Message)"
155+
if ($ParsedRequestLifetime) {
156+
$LifetimeMinutes = $RequestedMinutes
135157
}
136-
$TapBody = ConvertTo-Json -Depth 5 -InputObject $TapParams
137-
} else {
138-
$TapBody = '{}'
139158
}
159+
160+
$TapParams = @{}
161+
if ($Start -gt (Get-Date)) {
162+
$TapParams.startDateTime = [System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate).DateTime
163+
}
164+
if ($LifetimeMinutes -gt 0) {
165+
$TapParams.lifetimeInMinutes = [int]$LifetimeMinutes
166+
}
167+
$TapBody = if ($TapParams.Count) { ConvertTo-Json -Depth 5 -InputObject $TapParams } else { '{}' }
140168
# Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
141169
# Retry creating the TAP up to 10 times, since it can fail due to the user not being fully created yet. Sometimes it takes 2 reties, sometimes it takes 8+. Very annoying. -Bobby
142170
$Retries = 0

0 commit comments

Comments
 (0)