Merge pull request #26 from KelvinTegelaar/master

[pull] master from KelvinTegelaar:master
AntoJUICT · Mar 31, 2024 · a6d243d · a6d243d
2 parents 3d4702d + c4e343a
commit a6d243d
Show file tree

Hide file tree

Showing 40 changed files with 1,008 additions and 386 deletions.
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddAlert.ps1
@@ -43,6 +43,7 @@ Function Invoke-AddAlert {
                     SecDefaultsUpsell = [bool]$Request.body.SecDefaultsUpsell
                     SharePointQuota   = [int]$Request.body.SharePointQuotaQuota
                     ExpiringLicenses  = [bool]$Request.body.ExpiringLicenses
+                    NewAppApproval    = [bool]$Request.body.NewAppApproval
                     type              = 'Alert'
                     RowKey            = $TenantID
                     PartitionKey      = 'Alert'

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddGroup.ps1
@@ -45,13 +45,23 @@ Function Invoke-AddGroup {
                 }
                 $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/groups' -tenantid $tenant -type POST -body (ConvertTo-Json -InputObject $BodyToship -Depth 10) -verbose
             } else {
-                $Params = @{ 
-                    Name                               = $groupobj.Displayname
-                    Alias                              = $groupobj.username
-                    Description                        = $groupobj.Description
-                    PrimarySmtpAddress                 = $email
-                    Type                               = $groupobj.groupType
-                    RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal
+                if ($groupobj.groupType -eq 'dynamicdistribution') {
+                    $Params = @{ 
+                        Name               = $groupobj.Displayname
+                        RecipientFilter    = $groupobj.membershipRules
+                        PrimarySmtpAddress = $email
+                    }
+                    $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DynamicDistributionGroup' -cmdParams $params
+                } else {
+                    $Params = @{ 
+                        Name                               = $groupobj.Displayname
+                        Alias                              = $groupobj.username
+                        Description                        = $groupobj.Description
+                        PrimarySmtpAddress                 = $email
+                        Type                               = $groupobj.groupType
+                        RequireSenderAuthenticationEnabled = [bool]!$groupobj.AllowExternal
+                    }
+                    $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params
                 }
                 $GraphRequest = New-ExoRequest -tenantid $tenant -cmdlet 'New-DistributionGroup' -cmdParams $params
                 # At some point add logic to use AddOwner/AddMember for New-DistributionGroup, but idk how we're going to brr that - rvdwegen

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddIntuneTemplate.ps1
@@ -35,13 +35,23 @@ Function Invoke-AddIntuneTemplate {
             Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Created intune policy template named $($Request.body.displayname) with GUID $GUID" -Sev 'Debug'
 
             $body = [pscustomobject]@{'Results' = 'Successfully added template' }
-        }
-        else {
+        } else {
             $TenantFilter = $request.query.TenantFilter
             $URLName = $Request.query.URLName
             $ID = $request.query.id
             switch ($URLName) {
-
+                'deviceCompliancePolicies' {
+                    $Type = 'deviceCompliancePolicies'
+                    $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)/$($ID)?`$expand=scheduledActionsForRule(`$expand=scheduledActionConfigurations)" -tenantid $tenantfilter
+                    $DisplayName = $template.displayName
+                    $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress
+                }
+                'managedAppPolicies' {
+                    $Type = 'AppProtection'
+                    $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$($urlname)('$($ID)')" -tenantid $tenantfilter
+                    $DisplayName = $template.displayName
+                    $TemplateJson = ConvertTo-Json -InputObject $Template -Depth 10 -Compress
+                }
                 'configurationPolicies' {
                     $Type = 'Catalog'
                     $Template = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$($urlname)('$($ID)')?`$expand=settings" -tenantid $tenantfilter | Select-Object name, description, settings, platforms, technologies, templateReference
@@ -112,8 +122,7 @@ Function Invoke-AddIntuneTemplate {
 
             $body = [pscustomobject]@{'Results' = 'Successfully added template' }
         }
-    }
-    catch {
+    } catch {
         Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message "Intune Template Deployment failed: $($_.Exception.Message)" -Sev 'Error'
         $body = [pscustomobject]@{'Results' = "Intune Template Deployment failed: $($_.Exception.Message)" }
     }

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddPolicy.ps1
@@ -24,6 +24,27 @@ Function Invoke-AddPolicy {
         }
         try {
             switch ($Request.body.TemplateType) {
+                'AppProtection' {
+                    $TemplateType = ($RawJSON | ConvertFrom-Json).'@odata.type' -replace '#microsoft.graph.', ''
+                    $TemplateTypeURL = "$($TemplateType)s"
+                    $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant
+                    if ($displayname -in $CheckExististing.displayName) {
+                        Throw "Policy with Display Name $($Displayname) Already exists"
+                    }
+                    $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceAppManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJSON
+                }
+                'deviceCompliancePolicies' {
+                    $TemplateTypeURL = 'deviceCompliancePolicies'
+                    $CheckExististing = New-GraphGETRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant
+                    if ($displayname -in $CheckExististing.displayName) {
+                        Throw "Policy with Display Name $($Displayname) Already exists"
+                    }
+                    $JSON = $RawJSON | ConvertFrom-Json | Select-Object * -ExcludeProperty id, createdDateTime, lastModifiedDateTime, version, '[email protected]', '@odata.context'
+                    $JSON.scheduledActionsForRule = @($JSON.scheduledActionsForRule | Select-Object * -ExcludeProperty '[email protected]')
+                    $RawJSON = ConvertTo-Json -InputObject $JSON -Depth 20 -Compress
+                    Write-Host $RawJSON
+                    $CreateRequest = New-GraphPOSTRequest -uri "https://graph.microsoft.com/beta/deviceManagement/$TemplateTypeURL" -tenantid $tenant -type POST -body $RawJson
+                }
                 'Admin' {
                     $TemplateTypeURL = 'groupPolicyConfigurations'
                     $CreateBody = '{"description":"' + $description + '","displayName":"' + $displayname + '","roleScopeTagIds":["0"]}'

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-AddUserBulk.ps1
@@ -0,0 +1,52 @@
+using namespace System.Net
+
+Function Invoke-AddUserBulk {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = 'AddUserBulk'
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+    $TenantFilter = $Request.body.TenantFilter
+    $Results = [System.Collections.ArrayList]@()
+    foreach ($userobj in $request.body.BulkUser) {
+        Write-Host 'PowerShell HTTP trigger function processed a request.'
+        try {
+            $password = if ($userobj.password) { $userobj.password } else { New-passwordString }
+            $UserprincipalName = "$($UserObj.mailNickName)@$($UserObj.domain)"
+            $BodyToship = $userobj
+            #Remove domain from body to ship
+            $BodyToship = $BodyToship | Select-Object * -ExcludeProperty password, domain
+            $BodyToship | Add-Member -NotePropertyName accountEnabled -NotePropertyValue $true -Force
+            $BodyToship | Add-Member -NotePropertyName userPrincipalName -NotePropertyValue $UserprincipalName -Force
+            $BodyToship | Add-Member -NotePropertyName passwordProfile -NotePropertyValue @{'password' = $password; 'forceChangePasswordNextSignIn' = $true } -Force
+            Write-Host "body is now: $($BodyToship | ConvertTo-Json -Depth 10 -Compress)"
+            if ($userobj.businessPhones) { $bodytoShip.businessPhones = @($userobj.businessPhones) }
+            $bodyToShip = ConvertTo-Json -Depth 10 -InputObject $BodyToship -Compress
+            Write-Host "Our body to ship is $bodyToShip"
+            $GraphRequest = New-GraphPostRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter -type POST -body $BodyToship -verbose
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Created user $($userobj.displayname) with id $($GraphRequest.id) " -Sev 'Info'
+            $results.add("Created user $($UserprincipalName). Password is $password")
+        } catch {
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -tenant $($TenantFilter) -message "Failed to create user. Error:$($_.Exception.Message)" -Sev 'Error'
+            $body = $results.add("Failed to create user. $($_.Exception.Message)" )
+        }
+    }
+    $body = [pscustomobject] @{
+        'Results'  = @($results) 
+        'Username' = $UserprincipalName
+        'Password' = $password
+        'CopyFrom' = $copyFromResults
+    }
+
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
+
+}
diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-EditUser.ps1
@@ -42,7 +42,6 @@ Function Invoke-EditUser {
             'displayName'       = $UserObj.Displayname
             'postalCode'        = $userobj.postalCode
             'companyName'       = $userobj.companyName
-            'mailNickname'      = $UserObj.username
             'jobTitle'          = $UserObj.JobTitle
             'userPrincipalName' = $Email
             'usageLocation'     = $UserObj.usageLocation

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1
@@ -11,30 +11,30 @@ Function Invoke-ExecCPVPermissions {
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
-
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
-    $TenantFilter = (get-tenants -IncludeAll -IncludeErrors | Where-Object -Property customerId -EQ $Request.query.Tenantfilter).defaultDomainName
-    Write-Host "Our Tenantfilter is $TenantFilter"
+    $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $Request.Query.TenantFilter | Select-Object -First 1
+
+    Write-Host "Our tenant is $($Tenant.displayName) - $($Tenant.defaultDomainName)"
 
     $CPVConsentParams = @{
-        Tenantfilter = $TenantFilter
+        TenantFilter = $Request.Query.TenantFilter
     }
     if ($Request.Query.ResetSP -eq 'true') {
         $CPVConsentParams.ResetSP = $true
     }
 
     $GraphRequest = try {
         Set-CIPPCPVConsent @CPVConsentParams
-        Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
-        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
+        Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
+        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
         $Success = $true
     } catch {
-        "Failed to update permissions for $($TenantFilter): $($_.Exception.Message)"
+        "Failed to update permissions for $($Tenant.displayName): $($_.Exception.Message)"
         $Success = $false
     }
 
-    $Tenant = Get-Tenants -IncludeAll -IncludeErrors | Where-Object -Property defaultDomainName -EQ $Tenantfilter
+    $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1
@@ -0,0 +1,82 @@
+using namespace System.Net
+Function Invoke-ExecMailTest {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    try {
+        switch ($Request.Query.Action) {
+            'CheckConfig' {
+                $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true
+                $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token
+                $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,proxyAddresses' -NoAuthCheck $true
+                if ($AccessTokenDetails.Scope -contains 'Mail.Read') {
+                    $Message = 'Mail.Read - Delegated was found in the token scope.'
+                    $HasMailRead = $true
+                } else {
+                    $Message = 'Please add Mail.Read - Delegated to the API permissions for CIPP-SAM.'
+                    $HasMailRead = $false
+                }
+
+                $Body = [PSCustomObject]@{
+                    Message       = $Message
+                    HasMailRead   = $HasMailRead
+                    MailUser      = $Me.displayName
+                    MailAddresses = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } }
+                }
+            }
+            default {
+                $Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true
+                $Results = foreach ($Message in $Messages) {
+                    $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value
+                    $AuthResult = $AuthResult -split ';\s*'
+                    $AuthResult = $AuthResult | ForEach-Object {
+                        if ($_ -match '^(?<Name>.+?)=\s*(?<Status>.+?)\s(?<Info>.+)$') {
+                            [PSCustomObject]@{
+                                Name   = $Matches.Name
+                                Status = $Matches.Status
+                                Info   = $Matches.Info
+                            }
+                        }
+                    }
+                    [PSCustomObject]@{
+                        Received   = $Message.receivedDateTime
+                        Subject    = $Message.subject
+                        Sender     = $Message.sender.emailAddress.name
+                        From       = $Message.sender.emailAddress.address
+                        Link       = $Message.webLink
+                        Headers    = $Message.internetMessageHeaders 
+                        AuthResult = $AuthResult
+                    }
+                }
+                $Body = [PSCustomObject]@{
+                    Results  = @($Results)
+                    Metadata = [PSCustomObject]@{
+                        Count = ($Results | Measure-Object).Count
+                    }
+                }
+            }
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::BadRequest
+        $Body = [PSCustomObject]@{
+            Results = @($ErrorMessage)
+        }
+    }
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = $Body
+        })
+}