Merge pull request KelvinTegelaar#1669 from kris6673/fix-json-conversion-error

JohnDuprey · web-flow · commit 338699092f68 · 2025-10-08T23:48:55.000-04:00
Fix: error handling in Get-GraphToken
diff --git a/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1 b/Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1
@@ -95,10 +95,14 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
             }
         }
         $Tenant.LastGraphError = if ( $_.ErrorDetails.Message) {
-            $msg = $_.ErrorDetails.Message | ConvertFrom-Json
-            "$($msg.error):$($msg.error_description)"
+            if (Test-Json $_.ErrorDetails.Message -ErrorAction SilentlyContinue) {
+                $msg = $_.ErrorDetails.Message | ConvertFrom-Json
+                "$($msg.error):$($msg.error_description)"
+            } else {
+                "$($_.ErrorDetails.Message)"
+            }
         } else {
-            $_.Exception.message
+            $_.Exception.Message
         }
         $Tenant.GraphErrorCount++
 
diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardAddDMARCToMOERA.ps1
@@ -42,12 +42,12 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
         HostName = '_dmarc'
         TtlValue = 3600
         Type     = 'TXT'
-        Value    = $Settings.RecordValue.Value ?? "v=DMARC1; p=reject;"
+        Value    = $Settings.RecordValue.Value ?? 'v=DMARC1; p=reject;'
     }
 
     # Get all fallback domains (onmicrosoft.com domains) and check if the DMARC record is set correctly
     try {
-        $Domains = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri 'https://admin.microsoft.com/admin/api/Domains/List' | Where-Object -Property Name -like "*.onmicrosoft.com"
+        $Domains = New-GraphGetRequest -scope 'https://admin.microsoft.com/.default' -TenantID $Tenant -Uri 'https://admin.microsoft.com/admin/api/Domains/List' | Where-Object -Property Name -Like '*.onmicrosoft.com'
 
         $CurrentInfo = $Domains | ForEach-Object {
             # Get current DNS records that matches _dmarc hostname and TXT type
@@ -56,9 +56,9 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
             if ($CurrentRecords.count -eq 0) {
                 #record not found, return a model with Match set to false
                 [PSCustomObject]@{
-                    DomainName      = $_.Name
-                    Match           = $false
-                    CurrentRecord   = $null
+                    DomainName    = $_.Name
+                    Match         = $false
+                    CurrentRecord = $null
                 }
             } else {
                 foreach ($CurrentRecord in $CurrentRecords) {
@@ -73,15 +73,15 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
                     # Compare the current record with the expected record model
                     if (!(Compare-Object -ReferenceObject $RecordModel -DifferenceObject $CurrentRecordModel -Property HostName, TtlValue, Type, Value)) {
                         [PSCustomObject]@{
-                            DomainName      = $_.Name
-                            Match           = $true
-                            CurrentRecord   = $CurrentRecord
+                            DomainName    = $_.Name
+                            Match         = $true
+                            CurrentRecord = $CurrentRecord
                         }
                     } else {
                         [PSCustomObject]@{
-                            DomainName      = $_.Name
-                            Match           = $false
-                            CurrentRecord   = $CurrentRecord
+                            DomainName    = $_.Name
+                            Match         = $false
+                            CurrentRecord = $CurrentRecord
                         }
                     }
                 }
@@ -92,32 +92,29 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
     } catch {
         if ($_.Exception.Message -like '*403*') {
             $Message = "AddDMARCToMOERA: Insufficient permissions. Please ensure the tenant GDAP relationship includes the 'Domain Name Administrator' role: $(Get-NormalizedError -message $_.Exception.message)"
-        }
-        else {
+        } else {
             $Message = "Failed to get dns records for MOERA domains: $(Get-NormalizedError -message $_.Exception.message)"
         }
         Write-LogMessage -API 'Standards' -tenant $tenant -message $Message -sev Error
-        throw $Message
+        return $Message
     }
 
-    If ($Settings.remediate -eq $true) {
+    if ($Settings.remediate -eq $true) {
         if ($StateIsCorrect -eq $true) {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'DMARC record is already set for all MOERA (onmicrosoft.com) domains.' -sev Info
-        }
-        else {
+        } else {
             # Loop through each domain and set the DMARC record, existing misconfigured records and duplicates will be deleted
             foreach ($Domain in ($CurrentInfo | Sort-Object -Property DomainName -Unique)) {
                 try {
-                    foreach ($Record in ($CurrentInfo | Where-Object -Property DomainName -eq $Domain.DomainName)) {
+                    foreach ($Record in ($CurrentInfo | Where-Object -Property DomainName -EQ $Domain.DomainName)) {
                         if ($Record.CurrentRecord) {
-                            New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body ($Record.CurrentRecord | ConvertTo-Json -Compress) -AddedHeaders @{'x-http-method-override' = 'Delete'}
+                            New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body ($Record.CurrentRecord | ConvertTo-Json -Compress) -AddedHeaders @{'x-http-method-override' = 'Delete' }
                             Write-LogMessage -API 'Standards' -tenant $tenant -message "Deleted incorrect DMARC record for domain $($Domain.DomainName)" -sev Info
                         }
-                        New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -type "PUT" -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body (@{RecordModel = $RecordModel} | ConvertTo-Json -Compress)
+                        New-GraphPOSTRequest -tenantid $tenant -scope 'https://admin.microsoft.com/.default' -type 'PUT' -Uri "https://admin.microsoft.com/admin/api/Domains/Record?domainName=$($Domain.DomainName)" -Body (@{RecordModel = $RecordModel } | ConvertTo-Json -Compress)
                         Write-LogMessage -API 'Standards' -tenant $tenant -message "Set DMARC record for domain $($Domain.DomainName)" -sev Info
                     }
-                }
-                catch {
+                } catch {
                     Write-LogMessage -API 'Standards' -tenant $tenant -message "Failed to set DMARC record for domain $($Domain.DomainName): $(Get-NormalizedError -message $_.Exception.message)" -sev Error
                 }
             }
@@ -129,10 +126,10 @@ function Invoke-CIPPStandardAddDMARCToMOERA {
             Write-LogMessage -API 'Standards' -tenant $tenant -message 'DMARC record is already set for all MOERA (onmicrosoft.com) domains.' -sev Info
         } else {
             $UniqueDomains = ($CurrentInfo | Sort-Object -Property DomainName -Unique)
-            $NotSetDomains = @($UniqueDomains | ForEach-Object {if ($_.Match -eq $false -or ($CurrentInfo | Where-Object -Property DomainName -eq $_.DomainName).Count -eq 1) { $_.DomainName } })
+            $NotSetDomains = @($UniqueDomains | ForEach-Object { if ($_.Match -eq $false -or ($CurrentInfo | Where-Object -Property DomainName -EQ $_.DomainName).Count -eq 1) { $_.DomainName } })
             $Message = "DMARC record is not set for $($NotSetDomains.count) of $($UniqueDomains.count) MOERA (onmicrosoft.com) domains."
 
-            Write-StandardsAlert -message $Message -object @{MissingDMARC = ($NotSetDomains -join ', ')} -tenant $tenant -standardName 'AddDMARCToMOERA' -standardId $Settings.standardId
+            Write-StandardsAlert -message $Message -object @{MissingDMARC = ($NotSetDomains -join ', ') } -tenant $tenant -standardName 'AddDMARCToMOERA' -standardId $Settings.standardId
             Write-LogMessage -API 'Standards' -tenant $tenant -message "$Message. Missing for: $($NotSetDomains -join ', ')" -sev Info
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -95,10 +95,14 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`	`$Tenant.LastGraphError = if ( $_.ErrorDetails.Message) {`
`98`		`- $msg = $_.ErrorDetails.Message \| ConvertFrom-Json`
`99`		`- "$($msg.error):$($msg.error_description)"`
	`98`	`+ if (Test-Json $_.ErrorDetails.Message -ErrorAction SilentlyContinue) {`
	`99`	`+ $msg = $_.ErrorDetails.Message \| ConvertFrom-Json`
	`100`	`+ "$($msg.error):$($msg.error_description)"`
	`101`	`+ } else {`
	`102`	`+ "$($_.ErrorDetails.Message)"`
	`103`	`+ }`
`100`	`104`	`} else {`
`101`		`- $_.Exception.message`
	`105`	`+ $_.Exception.Message`
`102`	`106`	`}`
`103`	`107`	`$Tenant.GraphErrorCount++`
`104`	`108`