Merge pull request #22 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

ListGenericAllTenants/run.ps1

@@ -4,13 +4,13 @@ param([string]$QueueItem, $TriggerMetadata)
 # Write out the queue message and metadata to the information log.
 Write-Host "PowerShell queue trigger function processed work item: $QueueItem"
 $TableURLName = ($QueueItem.tolower().split('?').Split('/') | Select-Object -First 1).toString()
-$QueueKey = (Get-CippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
+$QueueKey = (Invoke-ListCippQueue | Where-Object -Property Name -EQ $TableURLName | Select-Object -Last 1).RowKey
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Started'
 $Table = Get-CIPPTable -TableName "cache$TableURLName"
 $fullUrl = "https://graph.microsoft.com/beta/$QueueItem"
 Get-CIPPAzDataTableEntity @Table | Remove-AzDataTableEntity @table
 
-$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel { 
+$RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
     $domainName = $_.defaultDomainName
     Import-Module CippCore
     try {
@@ -22,7 +22,7 @@ $RawGraphRequest = Get-Tenants | ForEach-Object -Parallel {
             Tenant     = $domainName
             CippStatus = "Could not connect to tenant. $($_.Exception.message)"
         }
-    } 
+    }
 }
 
 Update-CippQueueEntry -RowKey $QueueKey -Status 'Processing'

Modules/CIPPCore/Public/CippQueue/Invoke-ListCippQueue.ps1

@@ -0,0 +1,23 @@
+function Invoke-ListCippQueue {
+    # Input bindings are passed in via param block.
+    param($Request = $null, $TriggerMetadata)
+
+    if ($Request) {
+        $APIName = $TriggerMetadata.FunctionName
+        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+        # Write to the Azure Functions log stream.
+        Write-Host 'PowerShell HTTP trigger function processed a request.'
+    }
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    $CippQueueData = Get-CIPPAzDataTableEntity @CippQueue | Where-Object { ($_.Timestamp.DateTime) -ge (Get-Date).ToUniversalTime().AddHours(-1) } | Sort-Object -Property Timestamp -Descending
+    if ($request) {
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::OK
+                Body       = @($CippQueueData)
+            })
+    } else {
+        return $CippQueueData
+    }
+}

Modules/CIPPCore/Public/CippQueue/New-CippQueueEntry.ps1

@@ -0,0 +1,23 @@
+function New-CippQueueEntry {
+    Param(
+        $Name,
+        $Link,
+        $Reference
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    $QueueEntry = @{
+        PartitionKey = 'CippQueue'
+        RowKey       = (New-Guid).Guid.ToString()
+        Name         = $Name
+        Link         = $Link
+        Reference    = $Reference
+        Status       = 'Queued'
+    }
+    $CippQueue.Entity = $QueueEntry
+
+    Add-CIPPAzDataTableEntity @CippQueue
+
+    $QueueEntry
+}

Modules/CIPPCore/Public/CippQueue/Remove-CippQueue.ps1

@@ -0,0 +1,18 @@
+function Remove-CippQueue {
+    # Input bindings are passed in via param block.
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    $CippQueue = Get-CippTable -TableName 'CippQueue'
+    Clear-AzDataTable @CippQueue
+
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{Results = @('History cleared') }
+        })
+}

Modules/CIPPCore/Public/CippQueue/Update-CippQueueEntry.ps1

@@ -0,0 +1,29 @@
+function Update-CippQueueEntry {
+    Param(
+        [Parameter(Mandatory = $true)]
+        $RowKey,
+        $Status,
+        $Name
+    )
+
+    $CippQueue = Get-CippTable -TableName CippQueue
+
+    if ($RowKey) {
+        $QueueEntry = Get-CIPPAzDataTableEntity @CippQueue -Filter ("RowKey eq '{0}'" -f $RowKey)
+
+        if ($QueueEntry) {
+            if ($Status) {
+                $QueueEntry.Status = $Status
+            }
+            if ($Name) {
+                $QueueEntry.Name = $Name
+            }
+            Update-AzDataTableEntity @CippQueue -Entity $QueueEntry
+            $QueueEntry
+        } else {
+            return $false
+        }
+    } else {
+        return $false
+    }
+}

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecCPVPermissions.ps1

@@ -11,30 +11,30 @@ Function Invoke-ExecCPVPermissions {
     $APIName = $TriggerMetadata.FunctionName
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
-
     # Write to the Azure Functions log stream.
     Write-Host 'PowerShell HTTP trigger function processed a request.'
-    $TenantFilter = (get-tenants -IncludeAll -IncludeErrors | Where-Object -Property customerId -EQ $Request.query.Tenantfilter).defaultDomainName
-    Write-Host "Our Tenantfilter is $TenantFilter"
+    $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $Request.Query.TenantFilter | Select-Object -First 1
+
+    Write-Host "Our tenant is $($Tenant.displayName) - $($Tenant.defaultDomainName)"
 
     $CPVConsentParams = @{
-        Tenantfilter = $TenantFilter
+        TenantFilter = $Request.Query.TenantFilter
     }
     if ($Request.Query.ResetSP -eq 'true') {
         $CPVConsentParams.ResetSP = $true
     }
 
     $GraphRequest = try {
         Set-CIPPCPVConsent @CPVConsentParams
-        Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
-        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $TenantFilter
+        Add-CIPPApplicationPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
+        Add-CIPPDelegatedPermission -RequiredResourceAccess 'CippDefaults' -ApplicationId $ENV:ApplicationID -tenantfilter $Request.Query.TenantFilter
         $Success = $true
     } catch {
-        "Failed to update permissions for $($TenantFilter): $($_.Exception.Message)"
+        "Failed to update permissions for $($Tenant.displayName): $($_.Exception.Message)"
         $Success = $false
     }
 
-    $Tenant = Get-Tenants -IncludeAll -IncludeErrors | Where-Object -Property defaultDomainName -EQ $Tenantfilter
+    $Tenant = Get-Tenants -IncludeAll | Where-Object -Property customerId -EQ $TenantFilter
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecMailTest.ps1

@@ -0,0 +1,90 @@
+using namespace System.Net
+Function Invoke-ExecMailTest {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    try {
+        switch ($Request.Query.Action) {
+            'CheckConfig' {
+                $GraphToken = Get-GraphToken -returnRefresh $true -SkipCache $true
+                $AccessTokenDetails = Read-JwtAccessDetails -Token $GraphToken.access_token
+                $Me = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/me?$select=displayName,userPrincipalName,proxyAddresses' -NoAuthCheck $true
+                if ($AccessTokenDetails.Scope -contains 'Mail.Read') {
+                    $Message = 'Mail.Read - Delegated was found in the token scope.'
+                    $HasMailRead = $true
+                } else {
+                    $Message = 'Please add Mail.Read - Delegated to the API permissions for CIPP-SAM.'
+                    $HasMailRead = $false
+                }
+
+                if ($Me.proxyAddresses) {
+                    $Emails = $Me.proxyAddresses | Select-Object @{n = 'Address'; exp = { ($_ -split ':')[1] } }, @{n = 'IsPrimary'; exp = { $_ -cmatch 'SMTP' } }
+                } else {
+                    $Emails = @(@{ Address = $Me.userPrincipalName; IsPrimary = $true })
+                }
+
+                $Body = [PSCustomObject]@{
+                    Message       = $Message
+                    HasMailRead   = $HasMailRead
+                    MailUser      = $Me.displayName
+                    MailAddresses = @($Emails)
+                }
+            }
+            default {
+                $Messages = New-GraphGetRequest -uri "https://graph.microsoft.com/beta/me/mailFolders/Inbox/messages?`$select=receivedDateTime,subject,sender,internetMessageHeaders,webLink" -NoAuthCheck $true
+                $Results = foreach ($Message in $Messages) {
+                    if ($Message.receivedDateTime) {
+                        $AuthResult = ($Message.internetMessageHeaders | Where-Object -Property name -EQ 'Authentication-Results').value
+                        $AuthResult = $AuthResult -split ';\s*'
+                        $AuthResult = $AuthResult | ForEach-Object {
+                            if ($_ -match '^(?<Name>.+?)=\s*(?<Status>.+?)\s(?<Info>.+)$') {
+                                [PSCustomObject]@{
+                                    Name   = $Matches.Name
+                                    Status = $Matches.Status
+                                    Info   = $Matches.Info
+                                }
+                            }
+                        }
+                        [PSCustomObject]@{
+                            Received   = $Message.receivedDateTime
+                            Subject    = $Message.subject
+                            Sender     = $Message.sender.emailAddress.name
+                            From       = $Message.sender.emailAddress.address
+                            Link       = $Message.webLink
+                            Headers    = $Message.internetMessageHeaders
+                            AuthResult = $AuthResult
+                        }
+                    }
+                }
+                $Body = [PSCustomObject]@{
+                    Results  = @($Results)
+                    Metadata = [PSCustomObject]@{
+                        Count = ($Results | Measure-Object).Count
+                    }
+                }
+            }
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        $StatusCode = [HttpStatusCode]::BadRequest
+        $Body = [PSCustomObject]@{
+            Results = @($ErrorMessage)
+        }
+    }
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = $Body
+        })
+}

Modules/CIPPCore/Public/Entrypoints/Invoke-ExecOffboardUser.ps1

@@ -7,42 +7,44 @@ Function Invoke-ExecOffboardUser {
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
-    try {
-        $APIName = 'ExecOffboardUser'
-        Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
-        $Username = $request.body.user
-        $Tenantfilter = $request.body.tenantfilter
-        $Results = if ($Request.body.Scheduled.enabled) {
-            $taskObject = [PSCustomObject]@{
-                TenantFilter  = $Tenantfilter
-                Name          = "Offboarding: $Username"
-                Command       = @{
-                    value = 'Invoke-CIPPOffboardingJob'
-                }
-                Parameters    = @{
-                    Username = $Username
-                    APIName  = 'Scheduled Offboarding'
-                    options  = $request.body
-                }
-                ScheduledTime = $Request.body.scheduled.date
-                PostExecution = @{
-                    Webhook = [bool]$Request.Body.PostExecution.webhook
-                    Email   = [bool]$Request.Body.PostExecution.email
-                    PSA     = [bool]$Request.Body.PostExecution.psa
+    if ($Request.body.user.value) { $AllUsers = $Request.body.user.value } else { $AllUsers = @($Request.body.user) }
+    $Results = foreach ($username in $AllUsers) {
+        try {
+            $APIName = 'ExecOffboardUser'
+            Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+            $Tenantfilter = $request.body.tenantfilter
+            if ($Request.body.Scheduled.enabled) {
+                $taskObject = [PSCustomObject]@{
+                    TenantFilter  = $Tenantfilter
+                    Name          = "Offboarding: $Username"
+                    Command       = @{
+                        value = 'Invoke-CIPPOffboardingJob'
+                    }
+                    Parameters    = @{
+                        Username = $Username
+                        APIName  = 'Scheduled Offboarding'
+                        options  = $request.body
+                    }
+                    ScheduledTime = $Request.body.scheduled.date
+                    PostExecution = @{
+                        Webhook = [bool]$Request.Body.PostExecution.webhook
+                        Email   = [bool]$Request.Body.PostExecution.email
+                        PSA     = [bool]$Request.Body.PostExecution.psa
+                    }
                 }
+                Add-CIPPScheduledTask -Task $taskObject -hidden $false
+            } else {
+                Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal'
             }
-
-            Add-CIPPScheduledTask -Task $taskObject -hidden $false
-        } else {
-            Invoke-CIPPOffboardingJob -Username $Username -TenantFilter $Tenantfilter -Options $Request.body -APIName $APIName -ExecutingUser $request.headers.'x-ms-client-principal'
+            $StatusCode = [HttpStatusCode]::OK
+
+        } catch {
+            $StatusCode = [HttpStatusCode]::Forbidden
+            $body = $_.Exception.message
         }
-        $StatusCode = [HttpStatusCode]::OK
-        $body = [pscustomobject]@{'Results' = @($results) }
-    } catch {
-        $StatusCode = [HttpStatusCode]::Forbidden
-        $body = $_.Exception.message
     }
-    $Request.Body.PostExecution
+    $body = [pscustomobject]@{'Results' = @($results) }
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = $StatusCode
             Body       = $Body

Modules/CIPPCore/Public/Entrypoints/Invoke-ListDomainAnalyser.ps1

@@ -8,28 +8,8 @@ Function Invoke-ListDomainAnalyser {
     #>
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
-    $DomainTable = Get-CIPPTable -Table 'Domains'
-
-    # Get all the things
-
-    if ($Request.Query.tenantFilter -ne 'AllTenants') {
-        $DomainTable.Filter = "TenantId eq '{0}'" -f $Request.Query.tenantFilter
-    }
-
-    try {
-        # Extract json from table results
-        $Results = foreach ($DomainAnalyserResult in (Get-CIPPAzDataTableEntity @DomainTable).DomainAnalyser) {
-            try { 
-                if (![string]::IsNullOrEmpty($DomainAnalyserResult)) {
-                    $Object = $DomainAnalyserResult | ConvertFrom-Json -ErrorAction SilentlyContinue
-                    $Object
-                }
-            } catch {}
-        }
-    } catch {
-        $Results = @()
-    }
 
+    $Results = Get-CIPPDomainAnalyser -TenantFilter $Request.query.tenantFilter
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{