Merge pull request #1184 from kris6673/per-user-mfa-entrypoint

Add Per User MFA endpoint and improve null comparisons
KelvinTegelaar · Dec 1, 2024 · 6822e4b · 6822e4b
2 parents b3ef641 + 9784888
commit 6822e4b
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 2 deletions.
diff --git a/...Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1 b/...Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ListPerUserMFA.ps1
@@ -0,0 +1,50 @@
+using namespace System.Net
+
+function Invoke-ListPerUserMFA {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        Identity.User.Read
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $APIName = $TriggerMetadata.FunctionName
+    $User = $request.headers.'x-ms-client-principal'
+    Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
+
+    # Write to the Azure Functions log stream.
+    Write-Host 'PowerShell HTTP trigger function processed a request.'
+
+    # Parse query parameters
+    $Tenant = $Request.query.tenantFilter
+    try {
+        $AllUsers = [System.Convert]::ToBoolean($Request.query.allUsers)
+    } catch {
+        $AllUsers = $false
+    }
+    $UserId = $Request.query.userId
+
+    # Get the MFA state for the user/all users
+    try {
+        if ($AllUsers -eq $true) {
+            $Results = Get-CIPPPerUserMFA -TenantFilter $Tenant -AllUsers $true
+        } else {
+            $Results = Get-CIPPPerUserMFA -TenantFilter $Tenant -userId $UserId
+        }
+        $StatusCode = [HttpStatusCode]::OK
+    } catch {
+        $ErrorMessage = Get-NormalizedError -Message $_.Exception.Message
+        $Results = "Failed to get MFA State for $UserId : $ErrorMessage"
+        $StatusCode = [HttpStatusCode]::Forbidden
+    }
+
+    # Associate values to output bindings by calling 'Push-OutputBinding'.
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = $StatusCode
+            Body       = @($Results)
+        })
+
+
+}
diff --git a/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1 b/Modules/CIPPCore/Public/Get-CIPPMFAState.ps1
@@ -92,9 +92,9 @@ function Get-CIPPMFAState {
             }
         }
 
-        $PerUser = if ($PerUserMFAState -eq $null) { $null } else { ($PerUserMFAState | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName).PerUserMFAState }
+        $PerUser = if ($null -eq $PerUserMFAState) { $null } else { ($PerUserMFAState | Where-Object -Property UserPrincipalName -EQ $_.UserPrincipalName).PerUserMFAState }
 
-        $MFARegUser = if (($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.userPrincipalName).isMFARegistered -eq $null) { $false } else { ($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.userPrincipalName) }
+        $MFARegUser = if ($null -eq ($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.userPrincipalName).isMFARegistered) { $false } else { ($MFARegistration | Where-Object -Property UserPrincipalName -EQ $_.userPrincipalName) }
 
         [PSCustomObject]@{
             Tenant          = $TenantFilter