Merge pull request #13 from johnduprey/dev

Fix auth endpoint
JohnDuprey · Dec 9, 2022 · c7bc637 · c7bc637
2 parents 946f48d + 642a46b
commit c7bc637
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 62 deletions.
diff --git a/Docs/Send-DuoAuth.md b/Docs/Send-DuoAuth.md
@@ -15,31 +15,13 @@ Duo Auth
 ### Username (Default)
 ```
 Send-DuoAuth -Username <String> [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async]
- [<CommonParameters>]
+ [-Device <String>] [-Type <String>] [-DisplayUsername <String>] [-Passcode] [<CommonParameters>]
 ```
 
 ### UserId
 ```
 Send-DuoAuth -UserId <String> [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async]
- [<CommonParameters>]
-```
-
-### PhoneSms
-```
-Send-DuoAuth [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async] [-Device <String>]
- [<CommonParameters>]
-```
-
-### Push
-```
-Send-DuoAuth [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async] [-Device <String>] [-Type]
- [-PushInfo <Hashtable>] [-DisplayUsername <String>] [<CommonParameters>]
-```
-
-### Passcode
-```
-Send-DuoAuth [-Factor <String>] [-IpAddr <String>] [-Hostname <String>] [-Async] [-Passcode]
- [<CommonParameters>]
+ [-Device <String>] [-Type <String>] [-DisplayUsername <String>] [-Passcode] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -97,7 +79,8 @@ Currently, the following choices are supported:
 | auto     | Use the out-of-band factor (push or phone) recommended by Duo as the best for the user's devices.
 | push     | Authenticate the user with Duo Push.
 | passcode | Authenticate the user with a passcode (from Duo Mobile, SMS, hardware token, or bypass code).
-| sms	   | Send a new batch of SMS passcodes to the user. Note that this will not actually authenticate the user (it will automatically return "deny" Thus, if the user elects to do this then you should re-prompt to authenticate after the call has completed.
+| sms	   | Send a new batch of SMS passcodes to the user.
+Note that this will not actually authenticate the user (it will automatically return "deny" Thus, if the user elects to do this then you should re-prompt to authenticate after the call has completed.
 | phone    | Authenticate the user with phone callback.
 
 ```yaml
@@ -169,7 +152,7 @@ Default: auto
 
 ```yaml
 Type: String
-Parameter Sets: PhoneSms, Push
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -188,24 +171,8 @@ With type specified, the notification text changes to "Verify request" and shows
 Duo Mobile shows the equivalent localization in the languagues supported by the app, but does not attempt to localize your custom string or support multiple string values (for different languages).
 
 ```yaml
-Type: SwitchParameter
-Parameter Sets: Push
-Aliases:
-
-Required: False
-Position: Named
-Default value: False
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -PushInfo
-A set of key/value pairs with additional contextual information associated with this authentication attempt.
-The Duo Mobile app will display this information to the user.
-
-```yaml
-Type: Hashtable
-Parameter Sets: Push
+Type: String
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -220,7 +187,7 @@ String to display in Duo Mobile in place of the user's Duo username.
 
 ```yaml
 Type: String
-Parameter Sets: Push
+Parameter Sets: (All)
 Aliases:
 
 Required: False
@@ -235,10 +202,10 @@ Passcode entered by the user.
 
 ```yaml
 Type: SwitchParameter
-Parameter Sets: Passcode
+Parameter Sets: (All)
 Aliases:
 
-Required: True
+Required: False
 Position: Named
 Default value: False
 Accept pipeline input: False

diff --git a/DuoSecurity/Private/Invoke/Invoke-DuoRequest.ps1 b/DuoSecurity/Private/Invoke/Invoke-DuoRequest.ps1
@@ -124,16 +124,23 @@ function Invoke-DuoRequest {
         'X-Duo-Date'    = $XDuoDate
         'Authorization' = $AuthString
     }
+    if ($Method -eq 'POST') {
+        $Headers.'Content-Type' = 'application/x-www-form-urlencoded'
+        $Body = $Request
+    }
 
     if ($NoAuth) {
         $Headers = @{}
     }
 
     # Make API call URI
     $UriBuilder = [System.UriBuilder]('https://{0}{1}' -f $ApiHost, $Path)
-    $UriBuilder.Query = $Request
+
+    if ($Method -ne 'POST') {
+        $UriBuilder.Query = $Request
+    }
 
-    Write-Verbose ( '[{0}]' -f $UriBuilder.Uri )
+    Write-Verbose ( '{0} [{1}]' -f $Method, $UriBuilder.Uri )
 
     $RestMethod = @{
         Method             = $Method
@@ -142,10 +149,14 @@ function Invoke-DuoRequest {
         SkipHttpErrorCheck = $true
     }
 
+    if ($Body) {
+        $RestMethod.Body = $Body
+    }
+
     if ($FilePath) {
         $RestMethod.OutFile = $FilePath
     }
-    
+
     $Results = Invoke-RestMethod @RestMethod
 
     $Results

diff --git a/DuoSecurity/Public/Auth API/Send-DuoAuth.ps1 b/DuoSecurity/Public/Auth API/Send-DuoAuth.ps1
@@ -47,9 +47,6 @@ function Send-DuoAuth {
     .PARAMETER DisplayUsername
     String to display in Duo Mobile in place of the user's Duo username.
     
-    .PARAMETER PushInfo
-    A set of key/value pairs with additional contextual information associated with this authentication attempt. The Duo Mobile app will display this information to the user.
-    
     .PARAMETER Passcode
     Passcode entered by the user.
     
@@ -86,20 +83,16 @@ function Send-DuoAuth {
         [Parameter()]
         [switch]$Async,
 
-        [Parameter(ParameterSetName = 'Push')]
-        [Parameter(ParameterSetName = 'PhoneSms')]
+        [Parameter()]
         [string]$Device = 'auto',
 
-        [Parameter(ParameterSetName = 'Push')]
-        [switch]$Type,
-
-        [Parameter(ParameterSetName = 'Push')]
-        [hashtable]$PushInfo,
+        [Parameter()]
+        [string]$Type,
 
-        [Parameter(ParameterSetName = 'Push')]
+        [Parameter()]
         [string]$DisplayUsername,
 
-        [Parameter(Mandatory = $true, ParameterSetName = 'Passcode')]
+        [Parameter()]
         [switch]$Passcode
     )
 
@@ -112,10 +105,17 @@ function Send-DuoAuth {
         if ($IpAddr) { $Params.ipaddr = $IpAddr }
         if ($Hostname) { $Params.hostname = $Hostname }
         if ($Async.IsPresent) { $Params.async = 1 }
-        if ($Device) { $Params.device = $Device }
-        if ($Type) { $Params.type = $Type }
-        if ($PushInfo) { $Params.pushinfo = $PushInfo }
-        if ($Passcode) { $Params.passcode = $Passcode }
+        if ($Factor -eq 'Passcode') {
+            if ($Passcode) { $Params.passcode = $Passcode }
+        }
+        else {
+            if ($Device) { $Params.device = $Device }
+
+            if ($Factor -eq 'Push') {
+                if ($Type) { $Params.type = $Type }
+                if ($DisplayUsername) { $Params.display_username = $DisplayUsername }
+            }
+        }
 
         $DuoRequest = @{
             Method = 'POST'