Merge pull request #36 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: isgq-github01

Config/schemaDefinitions.json

@@ -0,0 +1,16 @@
+[
+    {
+        "id": "cippUser",
+        "description": "CIPP User Schema",
+        "targetTypes": ["User"],
+        "properties": [
+            { "name": "jitAdminEnabled", "type": "Boolean" },
+            { "name": "jitAdminExpiration", "type": "DateTime" },
+            { "name": "mailboxType", "type": "String" },
+            { "name": "archiveEnabled", "type": "Boolean" },
+            { "name": "autoExpandingArchiveEnabled", "type": "Boolean" },
+            { "name": "perUserMfaState", "type": "String" }
+        ],
+        "status": "Available"
+    }
+]

ConversionTable.csv

@@ -18,7 +18,7 @@ function Get-CippApiClient {
     if ($AppId) {
         $Table.Filter = "RowKey eq '$AppId'"
     }
-    $Apps = Get-CIPPAzDataTableEntity @Table
+    $Apps = Get-CIPPAzDataTableEntity @Table | Where-Object { ![string]::IsNullOrEmpty($_.RowKey) }
     $Apps = foreach ($Client in $Apps) {
         $Client = $Client | Select-Object -Property @{Name = 'ClientId'; Expression = { $_.RowKey } }, AppName, Role, IPRange, Enabled
 

Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1

@@ -9,6 +9,14 @@ function New-CIPPAPIConfig {
         [string]$AppId
     )
 
+    $Permissions = Get-GraphToken -tenantid $env:TenantID -scope 'https://graph.microsoft.com/.default' -AsApp $true -SkipCache $true -ReturnRefresh $true
+    $Token = Read-JwtAccessDetails -Token $Permissions.access_token
+    $Permissions = $Token.Roles | Where-Object { $_ -match 'Application.ReadWrite.All' -or $_ -match 'Directory.ReadWrite.All' }
+    if (!$Permissions -or $Permissions.Count -lt 2) {
+        Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message 'Insufficient permissions to create API App' -Sev 'Error'
+        throw 'Insufficient permissions to create API App. This integration requires the following Application permissions in the partner tenant. Application.ReadWrite.All, Directory.ReadWrite.All'
+    }
+
     try {
         if ($AppId) {
             $APIApp = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications(appid='$($AppId)')" -NoAuthCheck $true

Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1

@@ -1,6 +1,6 @@
 function Set-CippApiAuth {
     [CmdletBinding(SupportsShouldProcess)]
-    Param(
+    param(
         [string]$RGName,
         [string]$FunctionAppName,
         [string]$TenantId,
@@ -9,7 +9,9 @@ function Set-CippApiAuth {
 
     if ($env:MSI_SECRET) {
         Disable-AzContextAutosave -Scope Process | Out-Null
-        $Context = (Connect-AzAccount -Identity).Context
+        $null = Connect-AzAccount -Identity
+        $SubscriptionId = $ENV:WEBSITE_OWNER_NAME -split '\+' | Select-Object -First 1
+        $Context = Set-AzContext -SubscriptionId $SubscriptionId
     } else {
         $Context = Get-AzContext
     }

Modules/CIPPCore/Public/Authentication/Set-CippApiAuth.ps1

@@ -115,7 +115,7 @@ function Test-CIPPAccess {
                 }
 
                 if ($APIAllowed) {
-                    $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter ?? $env:TenantID
+                    $TenantFilter = $Request.Query.tenantFilter ?? $Request.Body.tenantFilter ?? $Request.Query.tenantId ?? $Request.Body.tenantId ?? $env:TenantID
                     # Check tenant level access
                     if (($Role.BlockedTenants | Measure-Object).Count -eq 0 -and $Role.AllowedTenants -contains 'AllTenants') {
                         $TenantAllowed = $true

Modules/CIPPCore/Public/Authentication/Test-CIPPAccess.ps1

@@ -61,140 +61,179 @@ function Compare-CIPPIntuneObject {
         $excludeProps = $defaultExcludeProperties + $ExcludeProperties
 
         # Create a list to store comparison results
-        $compareProperties = [System.Collections.Generic.List[PSObject]]::new()
-
-        # Clean up objects by removing excluded properties
-        $obj1 = $ReferenceObject | Select-Object * -ExcludeProperty @($excludeProps | ForEach-Object { $_ })
-        $obj2 = $DifferenceObject | Select-Object * -ExcludeProperty @($excludeProps | ForEach-Object { $_ })
+        $result = [System.Collections.Generic.List[PSObject]]::new()
 
-        # Skip OData properties and excluded properties
-        $skipProps = [System.Collections.Generic.List[string]]::new()
-        foreach ($propName in ($obj1.PSObject.Properties | Select-Object Name).Name) {
-            if ($propName -like '*@OData*' -or $propName -like '#microsoft.graph*' -or $excludeProps -contains $propName) {
-                $skipProps.Add($propName)
-            }
+        # Helper function to check if a property should be skipped
+        function ShouldSkipProperty {
+            param (
+                [string]$PropertyName
+            )
+            return ($PropertyName -like '*@OData*' -or
+                    $PropertyName -like '#microsoft.graph*' -or
+                    $excludeProps -contains $PropertyName)
         }
 
-        # Define core properties to compare first
-        $coreProps = @('displayName', 'Description', 'Id')
-        $postProps = @('Advertisements')
-        $skipPropertiesToCompare = @()
+        # Recursive function to compare objects deeply
+        function Compare-ObjectsRecursively {
+            param (
+                [Parameter(Mandatory = $true)]
+                $Object1,
 
-        # Compare core properties
-        foreach ($propName in $coreProps) {
-            if (-not ($obj1.PSObject.Properties | Where-Object Name -EQ $propName)) {
-                continue
-            }
-            $val1 = ($obj1.$propName | ConvertTo-Json -Depth 10)
-            $val2 = ($obj2.$propName | ConvertTo-Json -Depth 10)
-
-            $value1 = if ($null -eq $val1) { '' } else { $val1.ToString().Trim('"') }
-            $value2 = if ($null -eq $val2) { '' } else { $val2.ToString().Trim('"') }
+                [Parameter(Mandatory = $true)]
+                $Object2,
 
-            $match = ($value1 -eq $value2)
+                [Parameter(Mandatory = $false)]
+                [string]$PropertyPath = ""
+            )
 
-            if (-not $match) {
-                $compareProperties.Add([PSCustomObject]@{
-                        PropertyName = $propName
-                        Object1Value = $value1
-                        Object2Value = $value2
-                        Match        = $match
-                    })
+            # If both objects are null or empty, they're equal
+            if (($null -eq $Object1 -or $Object1 -eq '') -and ($null -eq $Object2 -or $Object2 -eq '')) {
+                return
             }
-        }
-
-        # Compare all other properties
-        $addedProps = [System.Collections.Generic.List[string]]::new()
-        foreach ($propName in ($obj1.PSObject.Properties | Select-Object Name).Name) {
-            if ($propName -in $coreProps) { continue }
-            if ($propName -in $postProps) { continue }
-            if ($propName -in $skipProps) { continue }
-
-            if ($propName -like '*@OData*' -or $propName -like '#microsoft.graph*') { continue }
 
-            $addedProps.Add($propName)
-            $val1 = ($obj1.$propName | ConvertTo-Json -Depth 10)
-            $val2 = ($obj2.$propName | ConvertTo-Json -Depth 10)
-
-            $value1 = if ($null -eq $val1) { '' } else { $val1.ToString().Trim('"') }
-            $value2 = if ($null -eq $val2) { '' } else { $val2.ToString().Trim('"') }
-
-            $match = ($value1 -eq $value2)
+            # If one object is null but the other isn't, they're different
+            if (($null -eq $Object1 -or $Object1 -eq '') -xor ($null -eq $Object2 -or $Object2 -eq '')) {
+                $result.Add([PSCustomObject]@{
+                    Property      = $PropertyPath
+                    ExpectedValue = if ($null -eq $Object1) { '' } else { $Object1 }
+                    ReceivedValue = if ($null -eq $Object2) { '' } else { $Object2 }
+                })
+                return
+            }
 
-            if (-not $match) {
-                $compareProperties.Add([PSCustomObject]@{
-                        PropertyName = $propName
-                        Object1Value = $value1
-                        Object2Value = $value2
-                        Match        = $match
-                    })
+            # If objects are of different types, they're different
+            if ($Object1.GetType() -ne $Object2.GetType()) {
+                $result.Add([PSCustomObject]@{
+                    Property      = $PropertyPath
+                    ExpectedValue = $Object1
+                    ReceivedValue = $Object2
+                })
+                return
             }
-        }
 
-        # Check for properties in obj2 that aren't in obj1
-        foreach ($propName in ($obj2.PSObject.Properties | Select-Object Name).Name) {
-            if ($propName -in $coreProps) { continue }
-            if ($propName -in $postProps) { continue }
-            if ($propName -in $skipProps) { continue }
-            if ($propName -in $addedProps) { continue }
+            # Handle different object types
+            if ($Object1 -is [System.Collections.IDictionary]) {
+                # Compare dictionaries
+                $allKeys = @($Object1.Keys) + @($Object2.Keys) | Select-Object -Unique
 
-            if ($propName -like '*@OData*' -or $propName -like '#microsoft.graph*') { continue }
+                foreach ($key in $allKeys) {
+                    if (ShouldSkipProperty -PropertyName $key) { continue }
 
-            $val1 = ($obj1.$propName | ConvertTo-Json -Depth 10)
-            $val2 = ($obj2.$propName | ConvertTo-Json -Depth 10)
+                    $newPath = if ($PropertyPath) { "$PropertyPath.$key" } else { $key }
 
-            $value1 = if ($null -eq $val1) { '' } else { $val1.ToString().Trim('"') }
-            $value2 = if ($null -eq $val2) { '' } else { $val2.ToString().Trim('"') }
+                    if ($Object1.ContainsKey($key) -and $Object2.ContainsKey($key)) {
+                        Compare-ObjectsRecursively -Object1 $Object1[$key] -Object2 $Object2[$key] -PropertyPath $newPath
+                    }
+                    elseif ($Object1.ContainsKey($key)) {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = $Object1[$key]
+                            ReceivedValue = ''
+                        })
+                    }
+                    else {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = ''
+                            ReceivedValue = $Object2[$key]
+                        })
+                    }
+                }
+            }
+            elseif ($Object1 -is [Array] -or $Object1 -is [System.Collections.IList]) {
+                # Compare arrays
+                $maxLength = [Math]::Max($Object1.Count, $Object2.Count)
 
-            $match = ($value1 -eq $value2)
+                for ($i = 0; $i -lt $maxLength; $i++) {
+                    $newPath = "$PropertyPath.$i"
 
-            if (-not $match) {
-                $compareProperties.Add([PSCustomObject]@{
-                        PropertyName = $propName
-                        Object1Value = $value1
-                        Object2Value = $value2
-                        Match        = $match
+                    if ($i -lt $Object1.Count -and $i -lt $Object2.Count) {
+                        Compare-ObjectsRecursively -Object1 $Object1[$i] -Object2 $Object2[$i] -PropertyPath $newPath
+                    }
+                    elseif ($i -lt $Object1.Count) {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = $Object1[$i]
+                            ReceivedValue = ''
+                        })
+                    }
+                    else {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = ''
+                            ReceivedValue = $Object2[$i]
+                        })
+                    }
+                }
+            }
+            elseif ($Object1 -is [PSCustomObject] -or $Object1.PSObject.Properties.Count -gt 0) {
+                # Compare PSCustomObjects or objects with properties
+                $allPropertyNames = @(
+                    $Object1.PSObject.Properties | Select-Object -ExpandProperty Name
+                    $Object2.PSObject.Properties | Select-Object -ExpandProperty Name
+                ) | Select-Object -Unique
+
+                foreach ($propName in $allPropertyNames) {
+                    if (ShouldSkipProperty -PropertyName $propName) { continue }
+
+                    $newPath = if ($PropertyPath) { "$PropertyPath.$propName" } else { $propName }
+                    $prop1Exists = $Object1.PSObject.Properties.Name -contains $propName
+                    $prop2Exists = $Object2.PSObject.Properties.Name -contains $propName
+
+                    if ($prop1Exists -and $prop2Exists) {
+                        Compare-ObjectsRecursively -Object1 $Object1.$propName -Object2 $Object2.$propName -PropertyPath $newPath
+                    }
+                    elseif ($prop1Exists) {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = $Object1.$propName
+                            ReceivedValue = ''
+                        })
+                    }
+                    else {
+                        $result.Add([PSCustomObject]@{
+                            Property      = $newPath
+                            ExpectedValue = ''
+                            ReceivedValue = $Object2.$propName
+                        })
+                    }
+                }
+            }
+            else {
+                # Compare primitive values
+                $val1 = $Object1.ToString()
+                $val2 = $Object2.ToString()
+
+                if ($val1 -ne $val2) {
+                    $result.Add([PSCustomObject]@{
+                        Property      = $PropertyPath
+                        ExpectedValue = $val1
+                        ReceivedValue = $val2
                     })
+                }
             }
         }
 
-        # Compare post properties (like Advertisements)
-        foreach ($propName in $postProps) {
-            if (-not ($obj1.PSObject.Properties | Where-Object Name -EQ $propName)) {
-                continue
-            }
-            $val1 = ($obj1.$propName | ConvertTo-Json -Depth 10)
-            $val2 = ($obj2.$propName | ConvertTo-Json -Depth 10)
-
-            $value1 = if ($null -eq $val1) { '' } else { $val1.ToString().Trim('"') }
-            $value2 = if ($null -eq $val2) { '' } else { $val2.ToString().Trim('"') }
-
-            $match = ($value1 -eq $value2)
+        # Convert objects to PowerShell objects if they're not already
+        $obj1 = if ($ReferenceObject -is [string]) {
+            $ReferenceObject | ConvertFrom-Json -AsHashtable -Depth 100
+        } else {
+            $ReferenceObject
+        }
 
-            if (-not $match) {
-                $compareProperties.Add([PSCustomObject]@{
-                        PropertyName = $propName
-                        Object1Value = $value1
-                        Object2Value = $value2
-                        Match        = $match
-                    })
-            }
+        $obj2 = if ($DifferenceObject -is [string]) {
+            $DifferenceObject | ConvertFrom-Json -AsHashtable -Depth 100
+        } else {
+            $DifferenceObject
         }
 
+        # Start the recursive comparison
+        Compare-ObjectsRecursively -Object1 $obj1 -Object2 $obj2
+
         # If no differences found, return null
-        if ($compareProperties.Count -eq 0) {
+        if ($result.Count -eq 0) {
             return $null
         }
-
-        # Convert to a more user-friendly format
-        $result = [System.Collections.Generic.List[PSObject]]::new()
-        foreach ($diff in $compareProperties) {
-            $result.Add([PSCustomObject]@{
-                    Property      = $diff.PropertyName
-                    ExpectedValue = $diff.Object1Value
-                    ReceivedValue = $diff.Object2Value
-                })
-        }
     } else {
         $intuneCollection = Get-Content .\intuneCollection.json | ConvertFrom-Json -ErrorAction SilentlyContinue