diff --git a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 index cdcca269be4e..3a809dffee09 100644 --- a/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 +++ b/Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1 @@ -24,19 +24,33 @@ function Set-CippApiAuth { "api://$ClientId" } + if (!$AllowedAudiences) { $AllowedAudiences = @() } + if (!$ClientIds) { $ClientIds = @() } + # Set auth settings - $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ - registration = @{ - clientId = $ClientIds[0] ?? $ClientIds - openIdIssuer = "https://sts.windows.net/$TenantID/v2.0" - } - validation = @{ - allowedAudiences = @($AllowedAudiences) - defaultAuthorizationPolicy = @{ - allowedApplications = @($ClientIds) + + if (($ClientIds | Measure-Object).Count -gt 0) { + $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ + enabled = $true + registration = @{ + clientId = $ClientIds[0] ?? $ClientIds + openIdIssuer = "https://sts.windows.net/$TenantID/v2.0" + } + validation = @{ + allowedAudiences = @($AllowedAudiences) + defaultAuthorizationPolicy = @{ + allowedApplications = @($ClientIds) + } } } + } else { + $AuthSettings.properties.identityProviders.azureActiveDirectory = @{ + enabled = $false + registration = @{} + validation = @{} + } } + $AuthSettings.properties.globalValidation = @{ unauthenticatedClientAction = 'Return401' } @@ -47,14 +61,12 @@ function Set-CippApiAuth { } } - Write-Information ($AuthSettings | ConvertTo-Json -Depth 10) - if ($PSCmdlet.ShouldProcess('Update auth settings')) { # Update auth settings - Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10) + $null = Invoke-AzRestMethod -Uri "https://management.azure.com/subscriptions/$SubscriptionId/resourceGroups/$RGName/providers/Microsoft.Web/sites/$($FunctionAppName)/config/authsettingsV2?api-version=2020-06-01" -Method PUT -Payload ($AuthSettings | ConvertTo-Json -Depth 10) } if ($PSCmdlet.ShouldProcess('Update allowed tenants')) { - Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId } + $null = Update-AzFunctionAppSetting -Name $FunctionAppName -ResourceGroupName $RGName -AppSetting @{ 'WEBSITE_AUTH_AAD_ALLOWED_TENANTS' = $TenantId } } } diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 index 4613ea2c3c68..41a0ae5a2854 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecAddTrustedIP.ps1 @@ -12,13 +12,13 @@ Function Invoke-ExecAddTrustedIP { $Table = Get-CippTable -tablename 'trustedIps' Add-CIPPAzDataTableEntity @Table -Entity @{ - PartitionKey = $request.query.tenantfilter - RowKey = $Request.query.ip - state = $request.query.State + PartitionKey = $Request.Body.tenantfilter + RowKey = $Request.Body.IP + state = $Request.Body.State } -Force Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ StatusCode = [HttpStatusCode]::OK - Body = @{ results = "Added $($Request.query.ip) to database with state $($Request.query.state) for $($Request.query.tenantfilter)" } + Body = @{ results = "Added $($Request.Body.IP) to database with state $($Request.Body.State) for $($Request.Body.tenantfilter)" } }) -} \ No newline at end of file +}