Merge pull request #42 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev
bmsimp · Jan 31, 2025 · 1c904d2 · 1c904d2
2 parents 760bb7e + 79e8524
commit 1c904d2
Show file tree

Hide file tree

Showing 4 changed files with 160 additions and 148 deletions.
diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1
@@ -150,7 +150,11 @@ Function Invoke-ExecSAMSetup {
                 $SetupPhase = $rows.tenantid = [string]($TenantId)
                 Add-CIPPAzDataTableEntity @Table -Entity $Rows -Force | Out-Null
                 if ($PartnerSetup) {
-                    $app = Get-Content '.\Cache_SAMSetup\SAMManifest.json' | ConvertFrom-Json
+                    #$app = Get-Content '.\Cache_SAMSetup\SAMManifest.json' | ConvertFrom-Json
+                    $ModuleBase = Get-Module -Name CIPPCore | Select-Object -ExpandProperty ModuleBase
+                    $SamManifestFile = Get-Item (Join-Path $ModuleBase 'Public\SAMManifest.json')
+                    $app = Get-Content $SamManifestFile.FullName | ConvertFrom-Json
+
                     $App.web.redirectUris = @($App.web.redirectUris + $URL)
                     $app = $app | ConvertTo-Json -Depth 15
                     $AppId = (Invoke-RestMethod 'https://graph.microsoft.com/v1.0/applications' -Headers @{ authorization = "Bearer $($Token.access_token)" } -Method POST -Body $app -ContentType 'application/json')

diff --git a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1
@@ -25,7 +25,7 @@ function Get-CIPPMFAState {
     $CAState = [System.Collections.Generic.List[object]]::new()
 
     Try {
-        $MFARegistration = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails' -tenantid $TenantFilter)
+        $MFARegistration = (New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/reports/authenticationMethods/userRegistrationDetails' -tenantid $TenantFilter -asapp $true)
     } catch {
         $CAState.Add('Not Licensed for Conditional Access') | Out-Null
         $MFARegistration = $null

diff --git a/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1 b/Modules/CIPPCore/Public/Remove-CIPPUserMFA.ps1
@@ -27,7 +27,12 @@ function Remove-CIPPUserMFA {
     )
 
     Write-Information "Getting auth methods for $UserPrincipalName"
-    $AuthMethods = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$UserPrincipalName/authentication/methods" -tenantid $TenantFilter -AsApp $true
+    try {
+        $AuthMethods = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$UserPrincipalName/authentication/methods" -tenantid $TenantFilter -AsApp $true
+    } catch {
+        Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to get MFA methods for user $UserPrincipalName" -sev 'Error' -LogData (Get-CippException -Exception $_)
+        return "Failed to get MFA methods for user $UserPrincipalName - $($_.Exception.Message)"
+    }
     $Requests = [System.Collections.Generic.List[object]]::new()
     foreach ($Method in $AuthMethods) {
         if ($Method.'@odata.type' -and $Method.'@odata.type' -ne '#microsoft.graph.passwordAuthenticationMethod') {
@@ -41,23 +46,18 @@ function Remove-CIPPUserMFA {
     }
     if (($Requests | Measure-Object).Count -eq 0) {
         Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "No MFA methods found for user $UserPrincipalName" -sev 'Info'
-        $Results = "No MFA methods found for user $($Request.Query.ID)"
-        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
-                StatusCode = [HttpStatusCode]::OK
-                Body       = $Results
-            })
-        return
-    }
-
-    if ($PSCmdlet.ShouldProcess("Remove MFA methods for $UserPrincipalName")) {
-        $Results = New-GraphBulkRequest -Requests $Requests -tenantid $TenantFilter -asapp $true -erroraction stop
-        if ($Results.status -eq 204) {
-            Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Successfully removed MFA methods for user $UserPrincipalName" -sev 'Info'
-            $Results = [pscustomobject]@{'Results' = "Successfully completed request. User $($Request.Query.ID) must supply MFA at next logon" }
-        } else {
-            $FailedAuthMethods = (($Results | Where-Object { $_.status -ne 204 }).id -split '-')[0] -join ', '
-            Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to remove MFA methods for $FailedAuthMethods" -sev 'Error'
-            $Results = "Failed to reset MFA methods for $FailedAuthMethods"
+        $Results = "No MFA methods found for user $($UserPrincipalName)"
+    } else {
+        if ($PSCmdlet.ShouldProcess("Remove MFA methods for $UserPrincipalName")) {
+            $Results = New-GraphBulkRequest -Requests $Requests -tenantid $TenantFilter -asapp $true -erroraction stop
+            if ($Results.status -eq 204) {
+                Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Successfully removed MFA methods for user $UserPrincipalName" -sev 'Info'
+                $Results = [pscustomobject]@{'Results' = "Successfully completed request. User $($Request.Query.ID) must supply MFA at next logon" }
+            } else {
+                $FailedAuthMethods = (($Results | Where-Object { $_.status -ne 204 }).id -split '-')[0] -join ', '
+                Write-LogMessage -API 'Remove-CIPPUserMFA' -tenant $TenantFilter -message "Failed to remove MFA methods for $FailedAuthMethods" -sev 'Error'
+                $Results = "Failed to reset MFA methods for $FailedAuthMethods"
+            }
         }
     }