fixes universal search

twoplus1 · Apr 12, 2024 · 5a336f7 · 5a336f7
1 parent a28feb2
commit 5a336f7
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 5 deletions.
diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPAlertNewAppApproval.ps1
@@ -6,7 +6,7 @@ function Push-CIPPAlertNewAppApproval {
         [pscustomobject]$Item
     )
     try {
-        $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant
+        $Approvals = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/identityGovernance/appConsent/appConsentRequests' -tenantid $item.tenant | Where-Object -Property requestStatus -EQ 'inProgress'
         if ($Approvals.count -gt 1) {
             Write-AlertMessage -tenant $($Item.tenant) -message "There is are $($Approvals.count) App Approvals waiting."
         }

diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Conditional/Invoke-ExecCACheck.ps1
@@ -0,0 +1,58 @@
+using namespace System.Net
+
+Function Invoke-ExecCaCheck {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    $Tenant = $request.body.tenantFilter
+    $UserID = $request.body.userId.value
+    if ($Request.body.IncludeApplications.value) {
+        $IncludeApplications = $Request.body.IncludeApplications.value
+    } else {
+        $IncludeApplications = '67ad5377-2d78-4ac2-a867-6300cda00e85'
+    }
+    $results = try {
+        $CAContext = @{
+            '@odata.type'         = '#microsoft.graph.whatIfApplicationContext'
+            'includeApplications' = @($IncludeApplications)
+        }
+        $ConditionalAccessWhatIfDefinition = @{
+            'conditionalAccessWhatIfSubject'    = @{
+                '@odata.type' = '#microsoft.graph.userSubject'
+                'userId'      = "$userId"
+            }
+            'conditionalAccessContext'          = $CAContext
+            'conditionalAccessWhatIfConditions' = @{}
+        }
+        $whatIfConditions = $ConditionalAccessWhatIfDefinition.conditionalAccessWhatIfConditions
+        if ($Request.body.UserRiskLevel) { $whatIfConditions.userRiskLevel = $Request.body.UserRiskLevel.value }
+        if ($Request.body.SignInRiskLevel) { $whatIfConditions.signInRiskLevel = $Request.body.SignInRiskLevel.value }
+        if ($Request.body.ClientAppType) { $whatIfConditions.clientAppType = $Request.body.ClientAppType.value }
+        if ($Request.body.DevicePlatform) { $whatIfConditions.devicePlatform = $Request.body.DevicePlatform.value }
+        if ($Request.body.Country) { $whatIfConditions.country = $Request.body.Country.value }
+        if ($Request.body.IpAddress) { $whatIfConditions.ipAddress = $Request.body.IpAddress.value }
+
+        $JSONBody = $ConditionalAccessWhatIfDefinition | ConvertTo-Json -Depth 10
+        Write-Host $JSONBody
+        $Request = New-GraphPOSTRequest -uri 'https://graph.microsoft.com/beta/identity/conditionalAccess/evaluate' -tenantid $tenant -type POST -body $JsonBody -AsApp $true
+        $Request 
+    } catch {
+        "Failed to execute check: $($_.Exception.Message)"
+    }
+
+    $body = [pscustomobject]@{'Results' = $results }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $body
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecUniversalSearch.ps1
@@ -19,8 +19,29 @@ Function Invoke-ExecUniversalSearch {
 
     try {
         $tenantfilter = Get-Tenants
-        $payload = '{ "returnsPartialResults":true, "displayName":"getUsers", "target": { "allTenants":true }, "operationDefinition": { "values":["@sys.normalize([ConsistencyLevel: eventual GET /v1.0/users?$top=5&$search=\"userPrincipalName:' + $request.query.name + '\" OR \"displayName:' + $request.query.name + '\"])"] }, "aggregationDefinition": { "values":["@sys.append([/result],50)"] } }'
-        $GraphRequest = (New-GraphPOSTRequest -noauthcheck $true -type 'POST' -uri 'https://graph.microsoft.com/beta/tenantRelationships/managedTenants/managedTenantOperations' -tenantid $env:TenantID -body $payload).result.Results | ConvertFrom-Json | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId }
+        $payload = [PSCustomObject]@{
+            returnsPartialResults = $false
+            displayName           = 'getUsers'
+            target                = [PSCustomObject]@{
+                allTenants = $true
+            }
+            operationDefinition   = [PSCustomObject]@{
+                values = @(
+                    "@sys.normalize([ConsistencyLevel: eventual GET /v1.0/users?`$top=5&`$search=`"userPrincipalName:$($Request.query.name)`" OR `"displayName:$($Request.query.name)`"])"
+                )
+            }
+            aggregationDefinition = [PSCustomObject]@{
+                values = @(
+                    '@sys.append([/result],50)'
+                )
+            }
+        } | ConvertTo-Json -Depth 10
+        $GraphRequest = (New-GraphPOSTRequest -noauthcheck $true -type 'POST' -uri 'https://graph.microsoft.com/beta/tenantRelationships/managedTenants/managedTenantOperations' -tenantid $env:TenantID -body $payload -IgnoreErrors $true)
+        if (!$GraphRequest.result.results) {
+            $GraphRequest = ($GraphRequest.error.message | ConvertFrom-Json).result.results | ConvertFrom-Json | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId }
+        } else {
+            $GraphRequest.result.Results | ConvertFrom-Json -ErrorAction SilentlyContinue | Where-Object { $_.'_TenantId' -in $tenantfilter.customerId }
+        }
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message

diff --git a/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1 b/Modules/CIPPCore/Public/GraphHelper/New-GraphPOSTRequest.ps1
@@ -1,5 +1,5 @@
 
-function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $NoAuthCheck, $skipTokenCache, $AddedHeaders, $contentType) {
+function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $NoAuthCheck, $skipTokenCache, $AddedHeaders, $contentType, $IgnoreErrors) {
     <#
     .FUNCTIONALITY
     Internal
@@ -20,7 +20,7 @@ function New-GraphPOSTRequest ($uri, $tenantid, $body, $type, $scope, $AsApp, $N
             $contentType = 'application/json; charset=utf-8'
         }
         try {
-            $ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType)
+            $ReturnedData = (Invoke-RestMethod -Uri $($uri) -Method $TYPE -Body $body -Headers $headers -ContentType $contentType -SkipHttpErrorCheck:$IgnoreErrors)
         } catch {
             $Message = if ($_.ErrorDetails.Message) {
                 Get-NormalizedError -Message $_.ErrorDetails.Message