Skip to content

Commit

Permalink
Merge pull request #1231 from KelvinTegelaar/dev
Browse files Browse the repository at this point in the history 
Dev
  • Loading branch information
@KelvinTegelaar
KelvinTegelaar authored Jan 16, 2025
2 parents 17f65df + 3533643 commit 98f7f61
Show file tree
Hide file tree
Showing 9 changed files with 55 additions and 28 deletions.
1 change: 0 additions & 1 deletion Modules/CIPPCore/Public/AuditLogs/Get-CippAuditLogSearchResults.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ function Get-CippAuditLogSearchResults {
process {
$GraphRequest = @{
Uri = ('https://graph.microsoft.com/beta/security/auditLog/queries/{0}/records?$top=999&$count=true' -f $QueryId)
Method = 'GET'
AsApp = $true
tenantid = $TenantFilter
}
Expand Down
7 changes: 2 additions & 5 deletions Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-UpdateTenants.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@ function Push-UpdateTenants {
Param($Item)
$QueueReference = 'UpdateTenants'
$RunningQueue = Invoke-ListCippQueue | Where-Object { $_.Reference -eq $QueueReference -and $_.Status -ne 'Completed' -and $_.Status -ne 'Failed' }
if ($RunningQueue) {
Write-Host 'Update Tenants already running'
return
}

$Queue = New-CippQueueEntry -Name 'Update Tenants' -Reference $QueueReference -TotalTasks 1
try {
$QueueTask = @{
Expand All @@ -30,4 +27,4 @@ function Push-UpdateTenants {
$QueueTask.Status = 'Failed'
Set-CippQueueTask @QueueTask
}
}
}
27 changes: 19 additions & 8 deletions ...PPCore/Public/Entrypoints/HTTP Functions/Endpoint/Autopilot/Invoke-ExecAssignAPDevice.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,35 @@ Function Invoke-ExecAssignAPDevice {
[CmdletBinding()]
param($Request, $TriggerMetadata)
$APIName = $TriggerMetadata.FunctionName
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
$tenantfilter = $Request.Body.TenantFilter
$User = $request.headers.'x-ms-client-principal'
Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
$TenantFilter = $Request.body.tenantFilter


try {
$UserObject = $Request.body.user.addedFields
$DeviceObject = $Request.body.device
$SerialNumber = $Request.body.serialNumber
$body = @{
UserPrincipalName = $Request.body.UserPrincipalName
addressableUserName = $Request.body.addressableUserName
userPrincipalName = $UserObject.userPrincipalName
addressableUserName = $UserObject.addressableUserName
} | ConvertTo-Json
New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($request.body.Device)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST
$Results = "Successfully assigned device to $($Request.body.UserPrincipalName) for $($tenantfilter)"
New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/windowsAutopilotDeviceIdentities/$($DeviceObject)/UpdateDeviceProperties" -tenantid $TenantFilter -body $body -method POST | Out-Null
Write-LogMessage -user $User -API $APINAME -message "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)" -Sev Info
$Results = "Successfully assigned device: $DeviceObject with Serial: $SerialNumber to $($UserObject.userPrincipalName) for $($TenantFilter)"
$StatusCode = [HttpStatusCode]::OK
} catch {
$Results = "Could not $($Request.body.UserPrincipalName) to $($Request.body.device) for $($tenantfilter) Error: $($_.Exception.Message)"
$ErrorMessage = Get-CippException -Exception $_
Write-LogMessage -user $User -API $APINAME -message "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)" -Sev Error -LogData $ErrorMessage
$Results = "Could not assign $($UserObject.userPrincipalName) to $($DeviceObject) for $($TenantFilter) Error: $($ErrorMessage.NormalizedError)"
$StatusCode = [HttpStatusCode]::BadRequest
}

$Results = [pscustomobject]@{'Results' = "$results" }

# Associate values to output bindings by calling 'Push-OutputBinding'.
Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
StatusCode = [HttpStatusCode]::OK
StatusCode = $StatusCode
Body = $Results
})

Expand Down
13 changes: 8 additions & 5 deletions ...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ Function Invoke-ExecJITAdmin {
Start-Sleep -Seconds 1
}

#Region TAP creation
if ($Request.Body.UseTAP) {
try {
if ($Start -gt (Get-Date)) {
Expand All @@ -102,19 +103,20 @@ Function Invoke-ExecJITAdmin {
} else {
$TapBody = '{}'
}
Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
# Retry creating the TAP up to 5 times, since it can fail due to the user not being fully created yet
# Write-Information "https://graph.microsoft.com/beta/users/$Username/authentication/temporaryAccessPassMethods"
# Retry creating the TAP up to 10 times, since it can fail due to the user not being fully created yet. Sometimes it takes 2 reties, sometimes it takes 8+. Very annoying. -Bobby
$Retries = 0
$MAX_TAP_RETRIES = 10
do {
try {
$TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $TenantFilter -type POST -body $TapBody
} catch {
Start-Sleep -Seconds 2
Write-Information 'ERROR: Failed to create TAP, retrying'
Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
Write-Information "ERROR: Run $Retries of $MAX_TAP_RETRIES : Failed to create TAP, retrying"
# Write-Information ( ConvertTo-Json -Depth 5 -InputObject (Get-CippException -Exception $_))
}
$Retries++
} while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le 5 )
} while ( $null -eq $TapRequest.temporaryAccessPass -and $Retries -le $MAX_TAP_RETRIES )

$TempPass = $TapRequest.temporaryAccessPass
$PasswordExpiration = $TapRequest.LifetimeInMinutes
Expand All @@ -135,6 +137,7 @@ Function Invoke-ExecJITAdmin {
}
}
}
#EndRegion TAP creation

$Parameters = @{
TenantFilter = $TenantFilter
Expand Down
15 changes: 14 additions & 1 deletion ...ore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Tenant/Invoke-ListTenants.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,20 @@ Function Invoke-ListTenants {
return
}
if ($Request.Query.TriggerRefresh) {
Get-Tenants -IncludeAll -TriggerRefresh
if ($Request.Query.TenantFilter -and $Request.Query.TenantFilter -ne 'AllTenants') {
Get-Tenants -TriggerRefresh -TenantFilter $Request.Query.TenantFilter
} else {
$InputObject = [PSCustomObject]@{
Batch = @(
@{
FunctionName = 'UpdateTenants'
}
)
OrchestratorName = 'UpdateTenants'
SkipLog = $true
}
Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Compress -Depth 5)
}
}
try {
$tenantfilter = $Request.Query.TenantFilter
Expand Down
6 changes: 3 additions & 3 deletions ...PPCore/Public/Entrypoints/HTTP Functions/Tenant/GDAP/Invoke-ExecDeleteGDAPRoleMapping.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,13 @@ Function Invoke-ExecDeleteGDAPRoleMapping {
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
$Table = Get-CIPPTable -TableName 'GDAPRoles'

Write-Host $Table
$GroupId = $Request.Query.GroupId ?? $Request.Body.GroupId
try {
$Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $Request.Query.GroupId
$Filter = "PartitionKey eq 'Roles' and RowKey eq '{0}'" -f $GroupId
$Entity = Get-CIPPAzDataTableEntity @Table -Filter $Filter
Remove-AzDataTableEntity -Force @Table -Entity $Entity
$Results = [pscustomobject]@{'Results' = 'Success. GDAP relationship mapping deleted' }
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($Request.Query.GroupId)" -Sev 'Info'
Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "GDAP relationship mapping deleted for $($GroupId)" -Sev 'Info'

} catch {
$Results = [pscustomobject]@{'Results' = "Failed. $($_.Exception.Message)" }
Expand Down
5 changes: 2 additions & 3 deletions ...PCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-listStandardTemplates.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,12 @@ Function Invoke-listStandardTemplates {
[CmdletBinding()]
param($Request, $TriggerMetadata)

$APIName = $TriggerMetadata.FunctionName

$Table = Get-CippTable -tablename 'templates'
$Filter = "PartitionKey eq 'StandardsTemplateV2'"
$Templates = (Get-CIPPAzDataTableEntity @Table -Filter $Filter) | ForEach-Object {
$data = $_.JSON | ConvertFrom-Json -Depth 100
$data = $_.JSON | ConvertFrom-Json -Depth 100 -ErrorAction SilentlyContinue
$data | Add-Member -NotePropertyName 'GUID' -NotePropertyValue $_.GUID -Force
if ($data.excludedTenants) { $data.excludedTenants = @($data.excludedTenants) }
$data
} | Sort-Object -Property templateName

Expand Down
7 changes: 6 additions & 1 deletion Modules/CIPPCore/Public/GraphHelper/New-GraphGetRequest.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,12 @@ function New-GraphGetRequest {
[switch]$CountOnly,
[switch]$IncludeResponseHeaders
)
$IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid

if ($NoAuthCheck -eq $false) {
$IsAuthorised = Get-AuthorisedRequest -Uri $uri -TenantID $tenantid
} else {
$IsAuthorised = $true
}

if ($NoAuthCheck -eq $true -or $IsAuthorised) {
if ($scope -eq 'ExchangeOnline') {
Expand Down
2 changes: 1 addition & 1 deletion version_latest.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
7.0.3
7.0.4

0 comments on commit 98f7f61

Please sign in to comment.