Skip to content

Commit 7baeb92

Browse files
fixes setup wizard to allow temproary headers.
1 parent affc8b8 commit 7baeb92

5 files changed

Lines changed: 38 additions & 24 deletions

File tree

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecCreateSAMApp.ps1

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,8 @@ function Invoke-ExecCreateSAMApp {
7070
}
7171

7272
try {
73-
$AppPolicyStatus = Update-AppManagementPolicy
73+
74+
$AppPolicyStatus = Update-AppManagementPolicy -Headers @{ authorization = "Bearer $($Token.access_token)" } -ApplicationId $appId.appId
7475
Write-Information $AppPolicyStatus.PolicyAction
7576
} catch {
7677
Write-Warning "Error updating app management policy $($_.Exception.Message)."

Modules/CIPPCore/Public/GraphHelper/New-GraphBulkRequest.ps1

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -12,11 +12,16 @@ function New-GraphBulkRequest {
1212
$Requests,
1313
$NoPaginateIds = @(),
1414
[ValidateSet('v1.0', 'beta')]
15-
$Version = 'beta'
15+
$Version = 'beta',
16+
$Headers
1617
)
1718

1819
if ($NoAuthCheck -or (Get-AuthorisedRequest -Uri $uri -TenantID $tenantid)) {
19-
$headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp
20+
if ($Headers) {
21+
$Headers = $Headers
22+
} else {
23+
$Headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp
24+
}
2025

2126
if ($script:XMsThrottlePriority) {
2227
$headers['x-ms-throttle-priority'] = $script:XMsThrottlePriority
@@ -56,13 +61,14 @@ function New-GraphBulkRequest {
5661
}
5762
Write-Host 'Getting more'
5863
Write-Host $MoreData.body.'@odata.nextLink'
59-
$AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck $NoAuthCheck -scope $scope -AsApp $asapp
64+
$AdditionalValues = New-GraphGetRequest -ComplexFilter -uri $MoreData.body.'@odata.nextLink' -tenantid $tenantid -NoAuthCheck $NoAuthCheck -scope $scope -AsApp $asapp -headers $Headers
6065
$NewValues = [System.Collections.Generic.List[PSCustomObject]]$MoreData.body.value
6166
$AdditionalValues | ForEach-Object { $NewValues.add($_) }
6267
$MoreData.body.value = $NewValues
6368
}
6469

6570
} catch {
71+
Write-Host 'updating graph table because something failed.'
6672
# Try to parse ErrorDetails.Message as JSON
6773
if ($_.ErrorDetails.Message) {
6874
try {
@@ -91,7 +97,6 @@ function New-GraphBulkRequest {
9197
$Tenant.LastGraphError = ''
9298
}
9399
Update-AzDataTableEntity -Force @TenantsTable -Entity $Tenant
94-
95100
return $ReturnedData.responses
96101
} else {
97102
Write-Error 'Not allowed. You cannot manage your own tenant or tenants not under your scope'

Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,8 @@ function New-GraphGetRequest {
1717
[switch]$CountOnly,
1818
[switch]$IncludeResponseHeaders,
1919
[hashtable]$extraHeaders,
20-
[switch]$ReturnRawResponse
20+
[switch]$ReturnRawResponse,
21+
$Headers
2122
)
2223

2324
if ($NoAuthCheck -eq $false) {
@@ -27,12 +28,15 @@ function New-GraphGetRequest {
2728
}
2829

2930
if ($NoAuthCheck -eq $true -or $IsAuthorised) {
30-
if ($scope -eq 'ExchangeOnline') {
31-
$headers = Get-GraphToken -tenantid $tenantid -scope 'https://outlook.office365.com/.default' -AsApp $asapp -SkipCache $skipTokenCache
31+
if ($headers) {
32+
$headers = $Headers
3233
} else {
33-
$headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp -SkipCache $skipTokenCache
34+
if ($scope -eq 'ExchangeOnline') {
35+
$headers = Get-GraphToken -tenantid $tenantid -scope 'https://outlook.office365.com/.default' -AsApp $asapp -SkipCache $skipTokenCache
36+
} else {
37+
$headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp -SkipCache $skipTokenCache
38+
}
3439
}
35-
3640
if ($ComplexFilter) {
3741
$headers['ConsistencyLevel'] = 'eventual'
3842
}

Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,16 @@ function New-GraphPOSTRequest {
1818
$IgnoreErrors = $false,
1919
$returnHeaders = $false,
2020
$maxRetries = 3,
21-
$ScheduleRetry = $false
21+
$ScheduleRetry = $false,
22+
$headers
2223
)
2324

2425
if ($NoAuthCheck -or (Get-AuthorisedRequest -Uri $uri -TenantID $tenantid)) {
25-
$headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp -SkipCache $skipTokenCache
26+
if ($Headers) {
27+
$Headers = $Headers
28+
} else {
29+
$Headers = Get-GraphToken -tenantid $tenantid -scope $scope -AsApp $asapp -SkipCache $skipTokenCache
30+
}
2631
if ($AddedHeaders) {
2732
foreach ($header in $AddedHeaders.GetEnumerator()) {
2833
$headers.Add($header.Key, $header.Value)
@@ -36,8 +41,8 @@ function New-GraphPOSTRequest {
3641
if (!$contentType) {
3742
$contentType = 'application/json; charset=utf-8'
3843
}
39-
40-
$body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body -EscapeForJson
44+
#Only do text replacement if no headers are set.
45+
if (!$headers) { $body = Get-CIPPTextReplacement -TenantFilter $tenantid -Text $body -EscapeForJson }
4146

4247
$RetryCount = 0
4348
$RequestSuccessful = $false

Modules/CIPPCore/Public/GraphHelper/Update-AppManagementPolicy.ps1

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@ function Update-AppManagementPolicy {
1515
[CmdletBinding()]
1616
param(
1717
$TenantFilter = $env:TenantID,
18-
$ApplicationId = $env:ApplicationID
18+
$ApplicationId = $env:ApplicationID,
19+
$headers
1920
)
2021

2122
try {
@@ -39,8 +40,7 @@ function Update-AppManagementPolicy {
3940
)
4041

4142
# Execute bulk request
42-
$Results = New-GraphBulkRequest -Requests $Requests -NoAuthCheck $true -asapp $true -tenantid $TenantFilter
43-
43+
$Results = New-GraphBulkRequest -Requests $Requests -NoAuthCheck $true -asapp $true -tenantid $TenantFilter -headers $headers
4444
# Parse results
4545
$DefaultPolicy = ($Results | Where-Object { $_.id -eq 'defaultPolicy' }).body
4646
$AppPolicies = ($Results | Where-Object { $_.id -eq 'appPolicies' }).body.value
@@ -60,8 +60,7 @@ function Update-AppManagementPolicy {
6060
})
6161

6262
if ($AppliesToRequests.Count -gt 0) {
63-
$AppliesToResults = New-GraphBulkRequest -Requests $AppliesToRequests -NoAuthCheck $true -asapp $true -tenantid $TenantFilter
64-
63+
$AppliesToResults = New-GraphBulkRequest -Requests $AppliesToRequests -NoAuthCheck $true -asapp $true -tenantid $TenantFilter -headers $headers
6564
# Find which policy (if any) targets the app
6665
$CIPPPolicyResult = $AppliesToResults | Where-Object { $_.body.value.appId -contains $ApplicationId } | Select-Object -First 1
6766
if ($CIPPPolicyResult) {
@@ -171,18 +170,18 @@ function Update-AppManagementPolicy {
171170

172171
if ($CIPPAppPolicyId) {
173172
# Update existing policy that's already assigned to the app
174-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$CIPPAppPolicyId" -type PATCH -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true -tenantid $TenantFilter
173+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$CIPPAppPolicyId" -type PATCH -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true -tenantid $TenantFilter -headers $headers
175174
$PolicyAction = "Updated existing policy $CIPPAppPolicyId to allow credentials"
176175
} elseif ($ExistingExemptionPolicy) {
177176
# Exemption policy exists but not assigned to app - update and assign it
178-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$($ExistingExemptionPolicy.id)" -type PATCH -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true
177+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/policies/appManagementPolicies/$($ExistingExemptionPolicy.id)" -type PATCH -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true -headers $headers
179178

180179
if ($CIPPApp.id) {
181180
# Assign existing policy to CIPP-SAM application
182181
$AssignBody = @{
183182
'@odata.id' = "https://graph.microsoft.com/beta/policies/appManagementPolicies/$($ExistingExemptionPolicy.id)"
184183
}
185-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/applications/$($CIPPApp.id)/appManagementPolicies/`$ref" -type POST -body ($AssignBody | ConvertTo-Json) -asapp $true -NoAuthCheck $true -tenantid $TenantFilter
184+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/applications/$($CIPPApp.id)/appManagementPolicies/`$ref" -type POST -body ($AssignBody | ConvertTo-Json) -asapp $true -NoAuthCheck $true -tenantid $TenantFilter -headers $headers
186185
$PolicyAction = "Updated and assigned existing policy $($ExistingExemptionPolicy.id) to CIPP-SAM"
187186
$CIPPAppPolicyId = $ExistingExemptionPolicy.id
188187
$CIPPAppTargeted = $true
@@ -191,14 +190,14 @@ function Update-AppManagementPolicy {
191190
}
192191
} else {
193192
# Create new policy and assign to CIPP-SAM app
194-
$CreatedPolicy = New-GraphPostRequest -uri 'https://graph.microsoft.com/v1.0/policies/appManagementPolicies' -type POST -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true
193+
$CreatedPolicy = New-GraphPostRequest -uri 'https://graph.microsoft.com/v1.0/policies/appManagementPolicies' -type POST -body ($PolicyBody | ConvertTo-Json -Depth 10) -asapp $true -NoAuthCheck $true -headers $headers
195194

196195
if ($CIPPApp.id) {
197196
# Assign policy to CIPP-SAM application using beta endpoint
198197
$AssignBody = @{
199198
'@odata.id' = "https://graph.microsoft.com/beta/policies/appManagementPolicies/$($CreatedPolicy.id)"
200199
}
201-
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/applications/$($CIPPApp.id)/appManagementPolicies/`$ref" -type POST -body ($AssignBody | ConvertTo-Json) -asapp $true -NoAuthCheck $true
200+
$null = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/applications/$($CIPPApp.id)/appManagementPolicies/`$ref" -type POST -body ($AssignBody | ConvertTo-Json) -asapp $true -NoAuthCheck $true -headers $headers
202201
$PolicyAction = "Created new policy $($CreatedPolicy.id) and assigned to CIPP-SAM"
203202
$CIPPAppPolicyId = $CreatedPolicy.id
204203
$CIPPAppTargeted = $true

0 commit comments

Comments
 (0)