[pull] main from KelvinTegelaar:main

.github/workflows/label_sponsor_requests.yml

@@ -1,4 +1,3 @@
----
 name: Label Issues
 on:
   issues:
@@ -14,4 +13,6 @@ jobs:
       - name: Sponsor Labels
         uses: JasonEtco/is-sponsor-label-action@v1.2.0
         with:
-          label: 'Sponsor Request'
+          label: 'Sponsor Priority'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cipp",
-  "version": "10.0.1",
+  "version": "10.0.3",
   "author": "CIPP Contributors",
   "homepage": "https://cipp.app/",
   "bugs": {

public/version.json

@@ -1,3 +1,3 @@
 {
-  "version": "10.0.2"
+  "version": "10.0.3"
 }

src/api/ApiCall.jsx

@@ -50,7 +50,7 @@ export function ApiGetCall(props) {
           title: `${
             error.config?.params?.tenantFilter ? error.config?.params?.tenantFilter : ""
           } Error`,
-        })
+        }),
       );
     }
     return returnRetry;
@@ -211,7 +211,7 @@ export function ApiPostCall({ relatedQueryKeys, onResult }) {
                   if (!query.queryKey || !query.queryKey[0]) return false;
                   const queryKeyStr = String(query.queryKey[0]);
                   const matches = wildcardPatterns.some((pattern) =>
-                    queryKeyStr.startsWith(pattern)
+                    queryKeyStr.startsWith(pattern),
                   );
 
                   // Debug logging for each query check
@@ -220,7 +220,7 @@ export function ApiPostCall({ relatedQueryKeys, onResult }) {
                       queryKey: query.queryKey,
                       queryKeyStr,
                       matchedPattern: wildcardPatterns.find((pattern) =>
-                        queryKeyStr.startsWith(pattern)
+                        queryKeyStr.startsWith(pattern),
                       ),
                     });
                   }
@@ -252,15 +252,22 @@ export function ApiGetCallWithPagination({
   waiting = true,
 }) {
   const dispatch = useDispatch();
+  const queryClient = useQueryClient();
   const MAX_RETRIES = retry;
-  const HTTP_STATUS_TO_NOT_RETRY = [401, 403, 404];
+  const HTTP_STATUS_TO_NOT_RETRY = [302, 401, 403, 404, 500];
 
   const retryFn = (failureCount, error) => {
     let returnRetry = true;
     if (failureCount >= MAX_RETRIES) {
       returnRetry = false;
     }
     if (isAxiosError(error) && HTTP_STATUS_TO_NOT_RETRY.includes(error.response?.status ?? 0)) {
+      if (
+        error.response?.status === 302 &&
+        error.response?.headers.get("location").includes("/.auth/login/aad")
+      ) {
+        queryClient.invalidateQueries({ queryKey: ["authmecipp"] });
+      }
       returnRetry = false;
     }
 
@@ -270,7 +277,7 @@ export function ApiGetCallWithPagination({
           message: getCippError(error),
           title: "Error",
           toastError: error,
-        })
+        }),
       );
     }
     return returnRetry;

src/components/CippComponents/CippAddTestReportDrawer.jsx

@@ -43,13 +43,13 @@ export const CippAddTestReportDrawer = ({ buttonText = "Create custom report" })
 
   const createReport = ApiPostCall({
     urlFromData: true,
-    relatedQueryKeys: ["ListTestReports"],
+    relatedQueryKeys: "ListTestReports",
   });
 
   // Fetch available tests for the form
   const availableTestsApi = ApiGetCall({
     url: "/api/ListAvailableTests",
-    queryKey: ["ListAvailableTests"],
+    queryKey: "ListAvailableTests",
   });
 
   const availableTests = availableTestsApi.data || { IdentityTests: [], DevicesTests: [] };

src/components/CippComponents/CippUserActions.jsx

@@ -333,7 +333,7 @@ export const useCippUserActions = () => {
             labelField: (option) =>
               option?.calculatedGroupType
                 ? `${option.displayName} (${option.calculatedGroupType})`
-                : option?.displayName ?? "",
+                : (option?.displayName ?? ""),
             valueField: "id",
             addedField: {
               groupType: "groupType",
@@ -549,6 +549,17 @@ export const useCippUserActions = () => {
         "Are you sure you want to change the source of authority for [userPrincipalName]? Setting it to On-Premises Managed will take until the next sync cycle to show the change.",
       multiPost: false,
     },
+    {
+      label: "Reprocess License Assignments",
+      type: "POST",
+      icon: <CloudDone />,
+      url: "/api/ExecReprocessUserLicenses",
+      data: { ID: "id", userPrincipalName: "userPrincipalName" },
+      confirmText:
+        "Are you sure you want to reprocess license assignments for [userPrincipalName]?",
+      multiPost: false,
+      condition: (row) => canWriteUser,
+    },
     {
       label: "Revoke all user sessions",
       type: "POST",

src/components/CippWizard/CippSAMDeploy.jsx

@@ -92,7 +92,10 @@ export const CippSAMDeploy = (props) => {
             here
           </Link>
         </li>
-        <li>(Temporary) Global Administrator permissions for the CIPP Service Account</li>
+        <li>
+          An account with at minimum: <li>Application Administrator</li>
+          <li>User Administrator</li>
+        </li>
         <li>
           Multi-factor authentication enabled for the CIPP Service Account, with no trusted
           locations or other exclusions.

src/data/alerts.json

@@ -331,5 +331,39 @@
     "label": "Alert on quarantine release requests",
     "recommendedRunInterval": "30m",
     "description": "Monitors for user requests to release quarantined messages and provides a CIPP-native alternative to the external email forwarding method. This helps MSPs maintain secure configurations while getting timely notifications about quarantine activity. Links to the tenant's quarantine page are provided in alerts."
+  },
+  {
+    "name": "SecureScore",
+    "label": "Alert on a low Secure Score",
+    "recommendedRunInterval": "1d",
+    "requiresInput": true,
+    "multipleInput": true,
+    "inputs": [
+      {
+        "inputType": "autoComplete",
+        "inputLabel": "Threshold type absolute number or percent",
+        "inputName": "ThresholdType",
+        "creatable": false,
+        "multiple": false,
+        "options": [
+          {
+            "label": "Percent",
+            "value": "percent"
+          },
+          {
+            "label": "Absolute",
+            "value": "absolute"
+          }
+        ],
+        "required": true
+      },
+      {
+        "inputType": "number",
+        "inputLabel": "Threshold Value (below this will trigger the alert)",
+        "inputName": "InputValue",
+        "required": true
+      }
+    ],
+    "description": "Monitors Secure Score and alerts when it falls below the specified threshold (absolute or percent value). Helps identify security gaps and areas for improvement."
   }
 ]

src/layouts/config.js

@@ -719,7 +719,12 @@ export const nativeMenuItems = [
           {
             title: "Mailbox Permissions",
             path: "/email/reports/mailbox-permissions",
-            permissions: ["Exchange.Mailbox.Read"],
+            permissions: ["Exchange.Mailbox.*"],
+          },
+          {
+            title: "Calendar Permissions",
+            path: "/email/reports/calendar-permissions",
+            permissions: ["Exchange.Mailbox.*"],
           },
           {
             title: "Anti-Phishing Filters",

src/pages/cipp/logs/index.js

@@ -37,7 +37,7 @@ const pageTitle = "Logbook Results";
 const actions = [
   {
     label: "View Log Entry",
-    link: "/cipp/logs/logentry?logentry=[RowKey]",
+    link: "/cipp/logs/logentry?logentry=[RowKey]&dateFilter=[DateFilter]",
     icon: <EyeIcon />,
     color: "primary",
   },
@@ -100,14 +100,14 @@ const Page = () => {
     setStartDate(
       data.startDate
         ? new Date(data.startDate * 1000).toISOString().split("T")[0].replace(/-/g, "")
-        : null
+        : null,
     );
 
     // Format end date if available
     setEndDate(
       data.endDate
         ? new Date(data.endDate * 1000).toISOString().split("T")[0].replace(/-/g, "")
-        : null
+        : null,
     );
 
     // Set username filter if available
@@ -117,7 +117,7 @@ const Page = () => {
     setSeverity(
       data.severity && data.severity.length > 0
         ? data.severity.map((item) => item.value).join(",")
-        : null
+        : null,
     );
 
     // Close the accordion after applying filters
@@ -157,13 +157,13 @@ const Page = () => {
                       <>
                         {startDate
                           ? new Date(
-                              startDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00"
+                              startDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00",
                             ).toLocaleDateString()
                           : new Date().toLocaleDateString()}
                         {startDate && endDate ? " - " : ""}
                         {endDate
                           ? new Date(
-                              endDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00"
+                              endDate.replace(/(\d{4})(\d{2})(\d{2})/, "$1-$2-$3") + "T00:00:00",
                             ).toLocaleDateString()
                           : ""}
                       </>

src/pages/cipp/logs/logentry.js

@@ -11,12 +11,13 @@ import { getCippTranslation } from "../../../utils/get-cipp-translation";
 
 const Page = () => {
   const router = useRouter();
-  const { logentry } = router.query;
+  const { logentry, dateFilter } = router.query;
 
   const logRequest = ApiGetCall({
     url: `/api/Listlogs`,
     data: {
       logentryid: logentry,
+      dateFilter: dateFilter,
     },
     queryKey: `GetLogEntry-${logentry}`,
     waiting: !!logentry,
@@ -44,12 +45,12 @@ const Page = () => {
                 logData.Severity === "CRITICAL"
                   ? "error"
                   : logData.Severity === "Error"
-                  ? "error"
-                  : logData.Severity === "Warn"
-                  ? "warning"
-                  : logData.Severity === "Info"
-                  ? "info"
-                  : "default"
+                    ? "error"
+                    : logData.Severity === "Warn"
+                      ? "warning"
+                      : logData.Severity === "Info"
+                        ? "info"
+                        : "default"
               }
               variant="filled"
             />