Merge branch 'KelvinTegelaar:master' into master

Tetrabyte · Aug 13, 2024 · 6d89428 · 6d89428
2 parents 4f7b187 + dc4b4ff
commit 6d89428
Show file tree

Hide file tree

Showing 136 changed files with 5,815 additions and 516 deletions.
diff --git a/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipp4i6t3.yml b/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipp4i6t3.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippckdtz
+name: Build and deploy Powershell project to Azure Function App - cipp4i6t3
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippckdtz'
+          app-name: 'cipp4i6t3'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_726578DA8A7243BF9D82FE123C2F6E7F }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_9D257A31ACA24925A112AF5FFC2BEAFE }}
diff --git a/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml b/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippacnqv
+name: Build and deploy Powershell project to Azure Function App - cippkwn4s
 
 on:
   push:
@@ -23,17 +23,17 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to Azure
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
-          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_6085081ED1124B799258E9FF743FF4B9 }}
-          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_9BDB2DDBFAFA4BC19C20A58B204BFAF3 }}
-          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_02B5224812794971B05EDD557AF2B867 }}
+          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_B6BCC8886F40482FB8B43907FCDA6596 }}
+          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_0D1C65B9099F48FABDF7F7052EA6887F }}
+          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_76518AE5ECB34375A414DEEE1119C161 }}
 
       - name: 'Run Azure Functions Action'
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippacnqv'
+          app-name: 'cippkwn4s'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
 
diff --git a/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipplwwww.yml b/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipplwwww.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippz6s4d
+name: Build and deploy Powershell project to Azure Function App - cipplwwww
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippz6s4d'
+          app-name: 'cipplwwww'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D27E7CF0887F4E4591F3957CCA96F0FD }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_00A9A6DFE9244C2EA8952190FFF10F45 }}
diff --git a/.github/workflows/dev_cipppwrro.yml b/.github/workflows/dev_cipppwrro.yml
diff --git a/.github/workflows/ninjaone_cipp426ns.yml b/.github/workflows/ninjaone_cipp426ns.yml
diff --git a/Config/standards.json b/Config/standards.json
@@ -2235,7 +2235,7 @@
             "value": "none"
           },
           {
-            "label": "Restirct sharing to specific domains",
+            "label": "Restrict sharing to specific domains",
             "value": "allowList"
           },
           {

diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
@@ -138,7 +138,7 @@ function Add-CIPPAzDataTableEntity {
                     throw "Error processing entity: $ErrorMessage Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
                 }
             } else {
-                Write-Information "THE ERROR IS $($_.Exception.ErrorCode). The size of the entity is $entitySize."
+                Write-Information "THE ERROR IS $($_.Exception.message). The size of the entity is $entitySize."
                 throw $_
             }
         }

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1
@@ -19,7 +19,12 @@ function Push-BPACollectData {
         }
     }
     $Table = Get-CippTable -tablename 'cachebpav2'
-    Write-Host "Working on BPA for $($TenantName.displayName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
+    $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    }
+    Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
     $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template
     # Build up the result object that will be stored in tables
     $Result = @{

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1
@@ -12,6 +12,13 @@ function Push-CIPPStandard {
     $Standard = $Item.Standard
     $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard
     Write-Host "We'll be running $FunctionName"
+    $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -Settings $Item.Settings -API $Standard
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    } else {
+        Write-Host "Rerun is set to false. We'll be running $FunctionName"
+    }
     try {
         & $FunctionName -Tenant $Item.Tenant -Settings $Item.Settings -ErrorAction Stop
     } catch {

diff --git a/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 b/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1
@@ -17,21 +17,22 @@ Function Invoke-ExecExtensionsConfig {
     #Connect-AzAccount -UseDeviceAuthentication
     # Write to the Azure Functions log stream.
     Write-Information 'PowerShell HTTP trigger function processed a request.'
+    $Body = [PSCustomObject]$Request.Body
     $results = try {
-        if ($Request.Body.CIPPAPI.Enabled) {
+        if ($Body.CIPPAPI.Enabled) {
             try {
-                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Request.Body.CIPPAPI.ResetPassword
+                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Body.CIPPAPI.ResetPassword
                 $AddedText = $APIConfig.Results
             } catch {
                 $AddedText = ' Could not enable CIPP-API. Check the CIPP documentation for API requirements.'
-                $Request.Body = $Request.Body | Select-Object * -ExcludeProperty CIPPAPI
+                $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI
             }
         }
 
         # Check if NinjaOne URL is set correctly and the instance has at least version 5.6
-        if ($Request.Body.NinjaOne) {
+        if ($Body.NinjaOne) {
             try {
-                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Request.Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
+                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
             } catch {
                 throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmmm.com'"
             }
@@ -41,39 +42,39 @@ Function Invoke-ExecExtensionsConfig {
         }
 
         $Table = Get-CIPPTable -TableName Extensionsconfig
-        foreach ($APIKey in ([pscustomobject]$Request.Body).psobject.properties.name) {
+        foreach ($APIKey in $Body.PSObject.Properties.Name) {
             Write-Information "Working on $apikey"
-            if ($Request.Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Request.Body.$APIKey.APIKey -eq '') {
+            if ($Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Body.$APIKey.APIKey -eq '') {
                 Write-Information 'Not sending to keyvault. Key previously set or left blank.'
             } else {
                 Write-Information 'writing API Key to keyvault, and clearing.'
                 Write-Information "$ENV:WEBSITE_DEPLOYMENT_ID"
-                if ($Request.Body.$APIKey.APIKey) {
+                if ($Body.$APIKey.APIKey) {
                     if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
                         $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
                         $Secret = [PSCustomObject]@{
                             'PartitionKey' = $APIKey
                             'RowKey'       = $APIKey
-                            'APIKey'       = $Request.Body.$APIKey.APIKey
+                            'APIKey'       = $Body.$APIKey.APIKey
                         }
                         Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
                     } else {
-                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Request.Body.$APIKey.APIKey)
+                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Body.$APIKey.APIKey)
                     }
                 }
-                if ($Request.Body.$APIKey.PSObject.Properties -notcontains 'APIKey') {
-                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
+                if ($Body.$APIKey.PSObject.Properties.Name -notcontains 'APIKey') {
+                    $Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
                 } else {
-                    $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
+                    $Body.$APIKey.APIKey = 'SentToKeyVault'
                 }
             }
-            $Request.Body.$APIKey = $Request.Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
+            $Body.$APIKey = $Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
         }
-        $body = $Request.Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
+        $Body = $Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
         $Config = @{
             'PartitionKey' = 'CippExtensions'
             'RowKey'       = 'Config'
-            'config'       = [string]$body
+            'config'       = [string]$Body
         }
 
         Add-CIPPAzDataTableEntity @Table -Entity $Config -Force | Out-Null

diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -136,7 +136,7 @@ Function Invoke-ExecJITAdmin {
             }
         }
 
-        $Parameters = @{
+        $Parameters = [pscustomobject]@{
             TenantFilter = $Request.Body.TenantFilter
             User         = @{
                 'UserPrincipalName' = $Username

diff --git a/...ntrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 b/...ntrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1
@@ -0,0 +1,29 @@
+function Invoke-ExecPerUserMFAAllUsers {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+
+    .ROLE
+    Identity.User.ReadWrite
+    #>
+    Param(
+        $Request,
+        $TriggerMetadata
+    )
+    $TenantFilter = $request.query.TenantFilter
+    $Users = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter
+    $Request = @{
+        userId        = $Users.id
+        TenantFilter  = $tenantfilter
+        State         = $Request.query.State
+        executingUser = $Request.Headers.'x-ms-client-principal'
+    }
+    $Result = Set-CIPPPerUserMFA @Request
+    $Body = @{
+        Results = @($Result)
+    }
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
+}
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecSendPush.ps1
@@ -52,7 +52,7 @@ Function Invoke-ExecSendPush {
         $SPBody = [pscustomobject]@{
             appId = $MFAAppID
         }
-        $SPID = (New-GraphPostRequest -uri 'https://graph.microsoft.com/v1.0/servicePrincipals' -tenantid $TenantFilter -type POST -body $SPBody -verbose).id
+        $SPID = (New-GraphPostRequest -uri 'https://graph.microsoft.com/v1.0/servicePrincipals' -tenantid $TenantFilter -type POST -body $SPBody ).id
     }
 
 
@@ -64,7 +64,7 @@ Function Invoke-ExecSendPush {
         }
     } | ConvertTo-Json -Depth 5
 
-    $TempPass = (New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/servicePrincipals/$SPID/addPassword" -tenantid $TenantFilter -type POST -body $PassReqBody -verbose).secretText
+    $TempPass = (New-GraphPostRequest -uri "https://graph.microsoft.com/v1.0/servicePrincipals/$SPID/addPassword" -tenantid $TenantFilter -type POST -body $PassReqBody -AsApp $true).secretText
 
     # Give it a chance to apply
     #Start-Sleep 5

diff --git a/...s/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1 b/...s/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Standards/Invoke-ExecStandardsRun.ps1
@@ -13,7 +13,7 @@ Function Invoke-ExecStandardsRun {
     Write-LogMessage -user $request.headers.'x-ms-client-principal' -API $APINAME -message 'Accessed this API' -Sev 'Debug'
     $tenantfilter = if ($Request.Query.TenantFilter) { $Request.Query.TenantFilter } else { 'allTenants' }
     try {
-        $null = Invoke-CIPPStandardsRun -Tenantfilter $tenantfilter
+        $null = Invoke-CIPPStandardsRun -Tenantfilter $tenantfilter -Force
         $Results = "Successfully Started Standards Run for Tenant $tenantfilter"
     } catch {
         $Results = "Failed to start standards run for $tenantfilter. Error: $($_.Exception.Message)"

diff --git a/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1 b/Modules/CIPPCore/Public/Entrypoints/Invoke-PublicPhishingCheck.ps1