Merge pull request #143 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Authentication/Get-CippApiClient.ps1

@@ -18,7 +18,7 @@ function Get-CippApiClient {
     if ($AppId) {
         $Table.Filter = "RowKey eq '$AppId'"
     }
-    $Apps = Get-CIPPAzDataTableEntity @Table
+    $Apps = Get-CIPPAzDataTableEntity @Table | Where-Object { ![string]::IsNullOrEmpty($_.RowKey) }
     $Apps = foreach ($Client in $Apps) {
         $Client = $Client | Select-Object -Property @{Name = 'ClientId'; Expression = { $_.RowKey } }, AppName, Role, IPRange, Enabled
 

Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1

@@ -9,6 +9,14 @@ function New-CIPPAPIConfig {
         [string]$AppId
     )
 
+    $Permissions = Get-GraphToken -tenantid $env:TenantID -scope 'https://graph.microsoft.com/.default' -AsApp $true -SkipCache $true -ReturnRefresh $true
+    $Token = Read-JwtAccessDetails -Token $Permissions.access_token
+    $Permissions = $Token.Roles | Where-Object { $_ -match 'Application.ReadWrite.All' -or $_ -match 'Directory.ReadWrite.All' }
+    if (!$Permissions -or $Permissions.Count -lt 2) {
+        Write-LogMessage -headers $Headers -API $APINAME -tenant 'None '-message 'Insufficient permissions to create API App' -Sev 'Error'
+        throw 'Insufficient permissions to create API App. This integration requires the following Application permissions in the partner tenant. Application.ReadWrite.All, Directory.ReadWrite.All'
+    }
+
     try {
         if ($AppId) {
             $APIApp = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/applications(appid='$($AppId)')" -NoAuthCheck $true

Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-SchedulerCIPPNotifications.ps1

@@ -53,7 +53,7 @@ function Push-SchedulerCIPPNotifications {
                 }
             }
             if ($CurrentStandardsLogs) {
-                foreach ($tenant in ($CurrentLog.Tenant | Sort-Object -Unique)) {
+                foreach ($tenant in ($CurrentStandardsLogs.Tenant | Sort-Object -Unique)) {
                     $Data = ($CurrentStandardsLogs | Where-Object -Property tenant -EQ $tenant)
                     $Subject = "$($Tenant): Standards are out of sync for $tenant"
                     $HTMLContent = New-CIPPAlertTemplate -Data $Data -Format 'html' -InputObject 'standards'

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecApiClient.ps1

@@ -13,7 +13,7 @@ function Invoke-ExecApiClient {
 
     switch ($Action) {
         'List' {
-            $Apps = Get-CIPPAzDataTableEntity @Table
+            $Apps = Get-CIPPAzDataTableEntity @Table | Where-Object { ![string]::IsNullOrEmpty($_.RowKey) }
             if (!$Apps) {
                 $Apps = @()
             } else {
@@ -31,6 +31,7 @@ function Invoke-ExecApiClient {
         'AddUpdate' {
             if ($Request.Body.ClientId -or $Request.Body.AppName) {
                 $ClientId = $Request.Body.ClientId.value ?? $Request.Body.ClientId
+                $AddUpdateSuccess = $false
                 try {
                     $ApiConfig = @{
                         Headers = $Request.Headers
@@ -46,8 +47,9 @@ function Invoke-ExecApiClient {
 
                     $ClientId = $APIConfig.ApplicationID
                     $AddedText = $APIConfig.Results
+                    $AddUpdateSuccess = $true
                 } catch {
-                    $AddedText = 'Could not modify App Registrations. Check the CIPP documentation for API requirements.'
+                    $AddedText = "Could not modify App Registrations. Check the CIPP documentation for API requirements. Error: $($_.Exception.Message)"
                     $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI
                 }
             }
@@ -64,32 +66,38 @@ function Invoke-ExecApiClient {
                 $IpRange = @()
             }
 
-            $ExistingClient = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'"
-            if ($ExistingClient) {
-                $Client = $ExistingClient
-                $Client.Role = [string]$Request.Body.Role.value
-                $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)"
-                $Client.Enabled = $Request.Body.Enabled ?? $false
-                Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info'
-                $Results = 'API client updated'
-            } else {
-                $Client = @{
-                    'PartitionKey' = 'ApiClients'
-                    'RowKey'       = "$($ClientId)"
-                    'AppName'      = "$($APIConfig.AppName ?? $Request.Body.ClientId.addedFields.displayName)"
-                    'Role'         = [string]$Request.Body.Role.value
-                    'IPRange'      = "$(@($IpRange) | ConvertTo-Json -Compress)"
-                    'Enabled'      = $Request.Body.Enabled ?? $false
+            if (!$AddUpdateSuccess -and !$ClientId) {
+                $Body = @{
+                    Results = $AddedText
                 }
-                $Results = @{
-                    resultText = "API Client created with the name '$($Client.AppName)'. Use the Copy to Clipboard button to retrieve the secret."
-                    copyField  = $APIConfig.ApplicationSecret
-                    state      = 'success'
+            } else {
+                $ExistingClient = Get-CIPPAzDataTableEntity @Table -Filter "RowKey eq '$($ClientId)'"
+                if ($ExistingClient) {
+                    $Client = $ExistingClient
+                    $Client.Role = [string]$Request.Body.Role.value
+                    $Client.IPRange = "$(@($IpRange) | ConvertTo-Json -Compress)"
+                    $Client.Enabled = $Request.Body.Enabled ?? $false
+                    Write-LogMessage -headers $Request.Headers -API 'ExecApiClient' -message "Updated API client $($Request.Body.ClientId)" -Sev 'Info'
+                    $Results = 'API client updated'
+                } else {
+                    $Client = @{
+                        'PartitionKey' = 'ApiClients'
+                        'RowKey'       = "$($ClientId)"
+                        'AppName'      = "$($APIConfig.AppName ?? $Request.Body.ClientId.addedFields.displayName)"
+                        'Role'         = [string]$Request.Body.Role.value
+                        'IPRange'      = "$(@($IpRange) | ConvertTo-Json -Compress)"
+                        'Enabled'      = $Request.Body.Enabled ?? $false
+                    }
+                    $Results = @{
+                        resultText = "API Client created with the name '$($Client.AppName)'. Use the Copy to Clipboard button to retrieve the secret."
+                        copyField  = $APIConfig.ApplicationSecret
+                        state      = 'success'
+                    }
                 }
-            }
 
-            Add-CIPPAzDataTableEntity @Table -Entity $Client -Force | Out-Null
-            $Body = @($Results)
+                Add-CIPPAzDataTableEntity @Table -Entity $Client -Force | Out-Null
+                $Body = @($Results)
+            }
         }
         'GetAzureConfiguration' {
             $RGName = $ENV:WEBSITE_RESOURCE_GROUP
@@ -110,7 +118,7 @@ function Invoke-ExecApiClient {
             $TenantId = $ENV:TenantId
             $RGName = $ENV:WEBSITE_RESOURCE_GROUP
             $FunctionAppName = $ENV:WEBSITE_SITE_NAME
-            $AllClients = Get-CIPPAzDataTableEntity @Table -Filter 'Enabled eq true'
+            $AllClients = Get-CIPPAzDataTableEntity @Table -Filter 'Enabled eq true' | Where-Object { ![string]::IsNullOrEmpty($_.RowKey) }
             $ClientIds = $AllClients.RowKey
             try {
                 Set-CippApiAuth -RGName $RGName -FunctionAppName $FunctionAppName -TenantId $TenantId -ClientIds $ClientIds

Modules/CIPPCore/Public/New-CIPPAlertTemplate.ps1

@@ -25,15 +25,21 @@ function New-CIPPAlertTemplate {
         $DataHTML = ($Data | Select-Object * -ExcludeProperty Etag, PartitionKey, TimeStamp | ConvertTo-Html | Out-String).Replace('<table>', ' <table class="table-modern">')
         $IntroText = "<p>You've configured CIPP to send you alerts based on the logbook. The following alerts match your configured rules</p>$dataHTML"
         $ButtonUrl = "$CIPPURL/cipp/logs"
-        $ButtonText = 'C heck logbook information'
+        $ButtonText = 'Check logbook information'
     }
     if ($InputObject -eq 'standards') {
         $DataHTML = foreach ($object in $data) {
-            "<p>For the standard $($object.standardName) in template {{Template Name }} we've detected:</p> <li>$($object.message)</li>"
+            "<p>For the standard $($object.standardName) in template {{Template Name }} we've detected the following:</p> <li>$($object.message)</li>"
             if ($object.object) {
                 $object.object = $object.object | ConvertFrom-Json
                 $object.object = $object.object | Select-Object * -ExcludeProperty Etag, PartitionKey, TimeStamp
-                ($object.object.compare | ConvertTo-Html -Fragment | Out-String).Replace('<table>', ' <table class="table-modern">')
+                if ($object.object.compare) {
+                    '<p>The following differences have been detected:</p>'
+                   ($object.object.compare | ConvertTo-Html -Fragment | Out-String).Replace('<table>', ' <table class="table-modern">')
+                } else {
+                    '<p>This is a table representation of the current settings:</p>'
+                    ($object.object | ConvertTo-Html -Fragment -As List | Out-String).Replace('<table>', ' <table class="table-modern">')
+                }
             }
 
         }