From 9a778be0423175e88962b609b9e26d00a8af998f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <kris6673@hotmail.com> Date: Wed, 21 Aug 2024 22:21:35 +0200 Subject: [PATCH 1/3] Fix Bobby and his damn custom error messages! --- .../CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 index 35eb01b0cbf5..593035bbf4a0 100644 --- a/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 +++ b/Modules/CIPPCore/Public/Standards/Invoke-CIPPStandardNudgeMFA.ps1 @@ -45,7 +45,7 @@ function Invoke-CIPPStandardNudgeMFA { Return } # Input validation - if (($Settings.snoozeDurationInDays -lt 0 -or $Settings.snoozeDurationInDays -gt 15) -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) { + if (([Int32]$Settings.snoozeDurationInDays -lt 0 -or [Int32]$Settings.snoozeDurationInDays -gt 15) -and ($Settings.remediate -eq $true -or $Settings.alert -eq $true)) { Write-LogMessage -API 'Standards' -tenant $tenant -message 'NudgeMFA: Invalid snoozeDurationInDays parameter set' -sev Error Return } From d2f73542181da70c9d40475b6f2240aa8e656e73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <kris6673@hotmail.com> Date: Sat, 24 Aug 2024 15:45:57 +0200 Subject: [PATCH 2/3] Add ExecRemoveMailboxRule entrypoint and refactor Remove-CIPPRules to work with current and new code --- .../Invoke-ExecRemoveMailboxRule.ps1 | 41 ++++++++++++++++ .../Public/Invoke-CIPPOffboardingJob.ps1 | 2 +- .../Public/Remove-CIPPMailboxRule.ps1 | 48 +++++++++++++++++++ Modules/CIPPCore/Public/Remove-CIPPRules.ps1 | 30 ------------ 4 files changed, 90 insertions(+), 31 deletions(-) create mode 100644 Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 create mode 100644 Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 delete mode 100644 Modules/CIPPCore/Public/Remove-CIPPRules.ps1 diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 new file mode 100644 index 000000000000..0bbc95cf9af8 --- /dev/null +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 @@ -0,0 +1,41 @@ +using namespace System.Net + +Function Invoke-ExecRemoveMailboxRule { + <# + .FUNCTIONALITY + Entrypoint + .ROLE + Exchange.Mailbox.ReadWrite + #> + [CmdletBinding()] + param($Request, $TriggerMetadata) + + $APIName = 'Remove mailbox rule' + $TenantFilter = $Request.Query.TenantFilter + $RuleName = $Request.Query.ruleName + $RuleId = $Request.Query.ruleId + $Username = $Request.Query.userPrincipalName + + $User = $request.headers.'x-ms-client-principal' + Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message 'Accessed this API' -Sev 'Debug' + + # Write to the Azure Functions log stream. + Write-Host 'PowerShell HTTP trigger function processed a request.' + + # Remove the rule + # Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message "Tried to remove rule from user $Username from tenant $TenantFilter with name $RuleName" -Sev 'Info' + $Results = Remove-CIPPMailboxRule -userid $User -username $Username -TenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $User -RuleId $RuleId -RuleName $RuleName + + if ($Results -like '*Could not delete*') { + $StatusCode = [HttpStatusCode]::Forbidden + } else { + $StatusCode = [HttpStatusCode]::OK + } + + # Associate values to output bindings by calling 'Push-OutputBinding'. + Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{ + StatusCode = $StatusCode + Body = @{ Results = $Results } + }) + +} diff --git a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 index d711e4fe42b5..f404764897db 100644 --- a/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 +++ b/Modules/CIPPCore/Public/Invoke-CIPPOffboardingJob.ps1 @@ -66,7 +66,7 @@ function Invoke-CIPPOffboardingJob { { $_.'removeRules' -eq 'true' } { Write-Host "Removing rules for $username" - Remove-CIPPRules -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName + Remove-CIPPMailboxRule -userid $userid -username $Username -tenantFilter $Tenantfilter -ExecutingUser $ExecutingUser -APIName $APIName -RemoveAllRules } { $_.'removeMobile' -eq 'true' } { diff --git a/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 new file mode 100644 index 000000000000..f4e04b436119 --- /dev/null +++ b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 @@ -0,0 +1,48 @@ +function Remove-CIPPMailboxRule { + [CmdletBinding()] + param ( + $userid, + $username, + $TenantFilter, + $APIName = 'Mailbox Rules Removal', + $ExecutingUser, + $RuleId, + [string]$RuleName, + [switch]$RemoveAllRules + ) + + if ($RemoveAllRules.IsPresent -eq $true) { + # Delete all rules + try { + Write-Host "Checking rules for $username" + $rules = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $username; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' } + Write-Host "$($rules.count) rules found" + if ($null -eq $rules) { + Write-LogMessage -user $ExecutingUser -API $APIName -message "No Rules for $($username) to delete" -Sev 'Info' -tenant $TenantFilter + return "No rules for $($username) to delete" + } else { + ForEach ($rule in $rules) { + New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $rule.Identity } + } + Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted Rules for $($username)" -Sev 'Info' -tenant $TenantFilter + return "Deleted Rules for $($username)" + } + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rules for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + return "Could not delete rules for $($username). Error: $($ErrorMessage.NormalizedError)" + } + } else { + # Only delete 1 rule + try { + $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $RuleId } + Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted mailbox rule for $($username)" -Sev 'Info' -tenant $TenantFilter + return "Deleted mailbox rule $RuleName for $username" + } catch { + $ErrorMessage = Get-CippException -Exception $_ + Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rule for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage + return "Could not delete rule for $($username). Error: $($ErrorMessage.NormalizedError)" + } + } +} + diff --git a/Modules/CIPPCore/Public/Remove-CIPPRules.ps1 b/Modules/CIPPCore/Public/Remove-CIPPRules.ps1 deleted file mode 100644 index 874a425ccd0f..000000000000 --- a/Modules/CIPPCore/Public/Remove-CIPPRules.ps1 +++ /dev/null @@ -1,30 +0,0 @@ -function Remove-CIPPRules { - [CmdletBinding()] - param ( - $userid, - $username, - $TenantFilter, - $APIName = 'Rules Removal', - $ExecutingUser - ) - - try { - Write-Host "Checking rules for $username" - $rules = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Get-InboxRule' -cmdParams @{Mailbox = $username; IncludeHidden = $true } | Where-Object { $_.Name -ne 'Junk E-Mail Rule' } - Write-Host "$($rules.count) rules found" - if ($null -eq $rules) { - Write-LogMessage -user $ExecutingUser -API $APIName -message "No Rules for $($username) to delete" -Sev 'Info' -tenant $TenantFilter - return "No rules for $($username) to delete" - } else { - ForEach ($rule in $rules) { - New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $rule.Identity } - } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted Rules for $($username)" -Sev 'Info' -tenant $TenantFilter - return "Deleted Rules for $($username)" - } - } catch { - $ErrorMessage = Get-CippException -Exception $_ - Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rules for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage - return "Could not delete rules for $($username). Error: $($ErrorMessage.NormalizedError)" - } -} From 97997fc42d14fdd8152aa5f95ecfa9d7908cece8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kristian=20Kj=C3=A6rg=C3=A5rd?= <kris6673@hotmail.com> Date: Sat, 24 Aug 2024 16:15:22 +0200 Subject: [PATCH 3/3] chore: Remove commented out code and improve logging in Remove-CIPPMailboxRule --- .../Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 | 1 - Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 index 0bbc95cf9af8..a747ac432e33 100644 --- a/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 +++ b/Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Email-Exchange/Invoke-ExecRemoveMailboxRule.ps1 @@ -23,7 +23,6 @@ Function Invoke-ExecRemoveMailboxRule { Write-Host 'PowerShell HTTP trigger function processed a request.' # Remove the rule - # Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message "Tried to remove rule from user $Username from tenant $TenantFilter with name $RuleName" -Sev 'Info' $Results = Remove-CIPPMailboxRule -userid $User -username $Username -TenantFilter $TenantFilter -APIName $APINAME -ExecutingUser $User -RuleId $RuleId -RuleName $RuleName if ($Results -like '*Could not delete*') { diff --git a/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 index f4e04b436119..95695c388ac3 100644 --- a/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 +++ b/Modules/CIPPCore/Public/Remove-CIPPMailboxRule.ps1 @@ -7,7 +7,7 @@ function Remove-CIPPMailboxRule { $APIName = 'Mailbox Rules Removal', $ExecutingUser, $RuleId, - [string]$RuleName, + $RuleName, [switch]$RemoveAllRules ) @@ -36,8 +36,8 @@ function Remove-CIPPMailboxRule { # Only delete 1 rule try { $null = New-ExoRequest -tenantid $TenantFilter -cmdlet 'Remove-InboxRule' -Anchor $username -cmdParams @{Identity = $RuleId } - Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted mailbox rule for $($username)" -Sev 'Info' -tenant $TenantFilter - return "Deleted mailbox rule $RuleName for $username" + Write-LogMessage -user $ExecutingUser -API $APIName -message "Deleted mailbox rule $($RuleName) for $($username)" -Sev 'Info' -tenant $TenantFilter + return "Deleted mailbox rule $($RuleName) for $($username)" } catch { $ErrorMessage = Get-CippException -Exception $_ Write-LogMessage -user $ExecutingUser -API $APIName -message "Could not delete rule for $($username): $($ErrorMessage.NormalizedError)" -Sev 'Error' -tenant $TenantFilter -LogData $ErrorMessage