Merge pull request #62 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1

@@ -24,19 +24,33 @@ function Set-CippApiAuth {
         "api://$ClientId"
     }
 
+    if (!$AllowedAudiences) { $AllowedAudiences = @() }
+    if (!$ClientIds) { $ClientIds = @() }
+
     # Set auth settings
-    $AuthSettings.properties.identityProviders.azureActiveDirectory = @{
-        registration = @{
-            clientId     = $ClientIds[0] ?? $ClientIds
-            openIdIssuer = "https://sts.windows.net/$TenantID/v2.0"
-        }
-        validation   = @{
-            allowedAudiences           = @($AllowedAudiences)
-            defaultAuthorizationPolicy = @{
-                allowedApplications = @($ClientIds)
+
+    if (($ClientIds | Measure-Object).Count -gt 0) {
+        $AuthSettings.properties.identityProviders.azureActiveDirectory = @{
+            enabled      = $true
+            registration = @{
+                clientId     = $ClientIds[0] ?? $ClientIds
+                openIdIssuer = "https://sts.windows.net/$TenantID/v2.0"
+            }
+            validation   = @{
+                allowedAudiences           = @($AllowedAudiences)
+                defaultAuthorizationPolicy = @{
+                    allowedApplications = @($ClientIds)
+                }
             }
         }
+    } else {
+        $AuthSettings.properties.identityProviders.azureActiveDirectory = @{
+            enabled      = $false
+            registration = @{}
+            validation   = @{}
+        }
     }
+
     $AuthSettings.properties.globalValidation = @{
         unauthenticatedClientAction = 'Return401'
     }
@@ -47,14 +61,12 @@ function Set-CippApiAuth {
         }
     }
 
-    Write-Information ($AuthSettings | ConvertTo-Json -Depth 10)
-
     if ($PSCmdlet.ShouldProcess('Update auth settings')) {
         # Update auth settings
-        Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10)
+        $null = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10)
     }
 
     if ($PSCmdlet.ShouldProcess('Update allowed tenants')) {
-        Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId }
+        $null = Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId }
     }
 }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1

@@ -12,13 +12,13 @@ Function Invoke-ExecAddTrustedIP {
 
     $Table = Get-CippTable -tablename 'trustedIps'
     Add-CIPPAzDataTableEntity @Table -Entity @{
-        PartitionKey = $request.query.tenantfilter
-        RowKey       = $Request.query.ip
-        state        = $request.query.State
+        PartitionKey = $Request.Body.tenantfilter
+        RowKey       = $Request.Body.IP
+        state        = $Request.Body.State
     } -Force
 
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = [HttpStatusCode]::OK
-            Body       = @{ results = "Added $($Request.query.ip) to database with state $($Request.query.state) for $($Request.query.tenantfilter)" }
+            Body       = @{ results = "Added $($Request.Body.IP) to database with state $($Request.Body.State) for $($Request.Body.tenantfilter)" }
         })
-}
+}