Merge branch 'KelvinTegelaar:master' into master

Konsept-IT · Aug 14, 2024 · 5b19cde · 5b19cde
2 parents 58eb586 + 3ac3aae
commit 5b19cde
Show file tree

Hide file tree

Showing 142 changed files with 5,901 additions and 535 deletions.
diff --git a/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipp4i6t3.yml b/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipp4i6t3.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippckdtz
+name: Build and deploy Powershell project to Azure Function App - cipp4i6t3
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippckdtz'
+          app-name: 'cipp4i6t3'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_726578DA8A7243BF9D82FE123C2F6E7F }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_9D257A31ACA24925A112AF5FFC2BEAFE }}
diff --git a/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml b/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippacnqv
+name: Build and deploy Powershell project to Azure Function App - cippkwn4s
 
 on:
   push:
@@ -23,17 +23,17 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to Azure
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
-          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_6085081ED1124B799258E9FF743FF4B9 }}
-          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_9BDB2DDBFAFA4BC19C20A58B204BFAF3 }}
-          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_02B5224812794971B05EDD557AF2B867 }}
+          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_B6BCC8886F40482FB8B43907FCDA6596 }}
+          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_0D1C65B9099F48FABDF7F7052EA6887F }}
+          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_76518AE5ECB34375A414DEEE1119C161 }}
 
       - name: 'Run Azure Functions Action'
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippacnqv'
+          app-name: 'cippkwn4s'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
 
diff --git a/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipplwwww.yml b/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipplwwww.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippz6s4d
+name: Build and deploy Powershell project to Azure Function App - cipplwwww
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippz6s4d'
+          app-name: 'cipplwwww'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D27E7CF0887F4E4591F3957CCA96F0FD }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_00A9A6DFE9244C2EA8952190FFF10F45 }}
diff --git a/.github/workflows/dev_cipppwrro.yml b/.github/workflows/dev_cipppwrro.yml
diff --git a/.github/workflows/ninjaone_cipp426ns.yml b/.github/workflows/ninjaone_cipp426ns.yml
diff --git a/Config/standards.json b/Config/standards.json
@@ -2235,7 +2235,7 @@
             "value": "none"
           },
           {
-            "label": "Restirct sharing to specific domains",
+            "label": "Restrict sharing to specific domains",
             "value": "allowList"
           },
           {

diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
@@ -138,7 +138,7 @@ function Add-CIPPAzDataTableEntity {
                     throw "Error processing entity: $ErrorMessage Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
                 }
             } else {
-                Write-Information "THE ERROR IS $($_.Exception.ErrorCode). The size of the entity is $entitySize."
+                Write-Information "THE ERROR IS $($_.Exception.message). The size of the entity is $entitySize."
                 throw $_
             }
         }

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1
@@ -19,7 +19,12 @@ function Push-BPACollectData {
         }
     }
     $Table = Get-CippTable -tablename 'cachebpav2'
-    Write-Host "Working on BPA for $($TenantName.displayName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
+    $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    }
+    Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
     $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template
     # Build up the result object that will be stored in tables
     $Result = @{

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1
@@ -12,6 +12,13 @@ function Push-CIPPStandard {
     $Standard = $Item.Standard
     $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard
     Write-Host "We'll be running $FunctionName"
+    $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -Settings $Item.Settings -API $Standard
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    } else {
+        Write-Host "Rerun is set to false. We'll be running $FunctionName"
+    }
     try {
         & $FunctionName -Tenant $Item.Tenant -Settings $Item.Settings -ErrorAction Stop
     } catch {

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1
@@ -1,15 +1,24 @@
 function Push-AuditLogTenant {
     Param($Item)
 
+    # Get Table contexts
     $AuditBundleTable = Get-CippTable -tablename 'AuditLogBundles'
     $SchedulerConfig = Get-CIPPTable -TableName 'SchedulerConfig'
-    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
     $WebhookTable = Get-CippTable -tablename 'webhookTable'
-    $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
-    $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$ContentType'"
     $ConfigTable = Get-CIPPTable -TableName 'WebhookRules'
+
+    # Query CIPPURL for linking
+    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
+
+    # Get all webhooks for the tenant
+    $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
+
+    # Get webhook rules
     $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
 
+    # Date filter for existing bundles
+    $LastHour = (Get-Date).AddHours(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
+
     $NewBundles = [System.Collections.Generic.List[object]]::new()
     foreach ($Webhook in $Webhooks) {
         # only process webhooks that are configured in the webhookrules table
@@ -28,6 +37,7 @@ function Push-AuditLogTenant {
             EndTime      = $Item.EndTime
         }
         $LogBundles = Get-CIPPAuditLogContentBundles @ContentBundleQuery
+        $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$LogType' and Timestamp ge datetime'$($LastHour)'"
 
         foreach ($Bundle in $LogBundles) {
             if ($ExistingBundles.RowKey -notcontains $Bundle.contentId) {
@@ -61,5 +71,4 @@ function Push-AuditLogTenant {
         $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
         Write-Host "Started orchestration with ID = '$InstanceId'"
     }
-
 }
diff --git a/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 b/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1
@@ -17,21 +17,22 @@ Function Invoke-ExecExtensionsConfig {
     #Connect-AzAccount -UseDeviceAuthentication
     # Write to the Azure Functions log stream.
     Write-Information 'PowerShell HTTP trigger function processed a request.'
+    $Body = [PSCustomObject]$Request.Body
     $results = try {
-        if ($Request.Body.CIPPAPI.Enabled) {
+        if ($Body.CIPPAPI.Enabled) {
             try {
-                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Request.Body.CIPPAPI.ResetPassword
+                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Body.CIPPAPI.ResetPassword
                 $AddedText = $APIConfig.Results
             } catch {
                 $AddedText = ' Could not enable CIPP-API. Check the CIPP documentation for API requirements.'
-                $Request.Body = $Request.Body | Select-Object * -ExcludeProperty CIPPAPI
+                $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI
             }
         }
 
         # Check if NinjaOne URL is set correctly and the instance has at least version 5.6
-        if ($Request.Body.NinjaOne) {
+        if ($Body.NinjaOne) {
             try {
-                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Request.Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
+                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
             } catch {
                 throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmmm.com'"
             }
@@ -41,39 +42,39 @@ Function Invoke-ExecExtensionsConfig {
         }
 
         $Table = Get-CIPPTable -TableName Extensionsconfig
-        foreach ($APIKey in ([pscustomobject]$Request.Body).psobject.properties.name) {
+        foreach ($APIKey in $Body.PSObject.Properties.Name) {
             Write-Information "Working on $apikey"
-            if ($Request.Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Request.Body.$APIKey.APIKey -eq '') {
+            if ($Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Body.$APIKey.APIKey -eq '') {
                 Write-Information 'Not sending to keyvault. Key previously set or left blank.'
             } else {
                 Write-Information 'writing API Key to keyvault, and clearing.'
                 Write-Information "$ENV:WEBSITE_DEPLOYMENT_ID"
-                if ($Request.Body.$APIKey.APIKey) {
+                if ($Body.$APIKey.APIKey) {
                     if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
                         $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
                         $Secret = [PSCustomObject]@{
                             'PartitionKey' = $APIKey
                             'RowKey'       = $APIKey
-                            'APIKey'       = $Request.Body.$APIKey.APIKey
+                            'APIKey'       = $Body.$APIKey.APIKey
                         }
                         Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
                     } else {
-                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Request.Body.$APIKey.APIKey)
+                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Body.$APIKey.APIKey)
                     }
                 }
-                if ($Request.Body.$APIKey.PSObject.Properties -notcontains 'APIKey') {
-                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
+                if ($Body.$APIKey.PSObject.Properties.Name -notcontains 'APIKey') {
+                    $Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
                 } else {
-                    $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
+                    $Body.$APIKey.APIKey = 'SentToKeyVault'
                 }
             }
-            $Request.Body.$APIKey = $Request.Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
+            $Body.$APIKey = $Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
         }
-        $body = $Request.Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
+        $Body = $Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
         $Config = @{
             'PartitionKey' = 'CippExtensions'
             'RowKey'       = 'Config'
-            'config'       = [string]$body
+            'config'       = [string]$Body
         }
 
         Add-CIPPAzDataTableEntity @Table -Entity $Config -Force | Out-Null

diff --git a/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecOffloadFunctions.ps1 b/.../CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecOffloadFunctions.ps1
@@ -0,0 +1,56 @@
+
+Function Invoke-ExecOffloadFunctions {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.SuperAdmin.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $roles = ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($request.headers.'x-ms-client-principal')) | ConvertFrom-Json).userRoles
+    if ('superadmin' -notin $roles) {
+        Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::Forbidden
+                Body       = @{ error = 'You do not have permission to perform this action.' }
+            })
+        return
+    } else {
+        $Table = Get-CippTable -tablename 'Config'
+
+        if ($Request.Query.Action -eq 'ListCurrent') {
+            $CurrentState = Get-CIPPAzDataTableEntity @Table -Filter "PartitionKey eq 'OffloadFunctions' and RowKey eq 'OffloadFunctions'"
+            $CurrentState = if (!$CurrentState) {
+                [PSCustomObject]@{
+                    OffloadFunctions = $false
+                }
+            } else {
+                [PSCustomObject]@{
+                    OffloadFunctions = $CurrentState.state
+                }
+            }
+            Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                    StatusCode = [HttpStatusCode]::OK
+                    Body       = $CurrentState
+                })
+        } else {
+            Add-CIPPAzDataTableEntity @Table -Entity @{
+                PartitionKey = 'OffloadFunctions'
+                RowKey       = 'OffloadFunctions'
+                state        = $request.Body.OffloadFunctions
+            } -Force
+
+            if ($Request.Body.OffloadFunctions) {
+                $Results = 'Enabled Offload Functions'
+            } else {
+                $Results = 'Disabled Offload Functions'
+            }
+            Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+                    StatusCode = [HttpStatusCode]::OK
+                    Body       = @{ results = $Results }
+                })
+        }
+
+    }
+}
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -136,7 +136,7 @@ Function Invoke-ExecJITAdmin {
             }
         }
 
-        $Parameters = @{
+        $Parameters = [pscustomobject]@{
             TenantFilter = $Request.Body.TenantFilter
             User         = @{
                 'UserPrincipalName' = $Username

diff --git a/...ntrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1 b/...ntrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecPerUserMFAAllUsers.ps1
@@ -0,0 +1,29 @@
+function Invoke-ExecPerUserMFAAllUsers {
+    <#
+    .FUNCTIONALITY
+    Entrypoint
+
+    .ROLE
+    Identity.User.ReadWrite
+    #>
+    Param(
+        $Request,
+        $TriggerMetadata
+    )
+    $TenantFilter = $request.query.TenantFilter
+    $Users = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/users' -tenantid $TenantFilter
+    $Request = @{
+        userId        = $Users.id
+        TenantFilter  = $tenantfilter
+        State         = $Request.query.State
+        executingUser = $Request.Headers.'x-ms-client-principal'
+    }
+    $Result = Set-CIPPPerUserMFA @Request
+    $Body = @{
+        Results = @($Result)
+    }
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Body
+        })
+}