PasswordState-Management icon indicating copy to clipboard operation
PasswordState-Management copied to clipboard

Published 20 hours ago verified publisher icon dnewsholme

Update for PasswordState v9

Open eizedev opened this issue 4 years ago • 7 comments

The issue serves as an overview for all changes to the API coming with PasswordState v9. As soon as i get access to the beta, i can share more details.

API related changes

Added

  • [x] Added a new method to the API(s) to trigger and Active Directory synchronization for user accounts and security groups
  • [x] You can now Copy/Link/Move passwords via the API(s)
  • [ ] Added the ability to delete password record dependencies via the API(s)
  • [x] One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
  • [x] Added methods to both APIs for retrieving all Password Strength and Password Generator Policies
  • [x] One-Time Passwords can now be retrieved via both APIs if Password Lists and records are configured to use them
  • [x] Added new methods to the API's for adding Local Security Groups, and for adding/removing members from those security groups
  • [ ] Added new methods to the API's for adding User Accounts into Passwordstate
  • [x] Added new methods to the API's returning and searching Security Groups
  • [x] Added new Password Properties GenericFieldInfo and OTP while retrieving passwords from the API (passwords method)
    • #135

Changed

  • [x] Updated Standard API so API Keys can be used consistently across all API Methods
  • [x] Made improvements to redact API Keys from various screens if user did not have access to the 'Anonymous API Permissions' feature on the Feature Access screen

Fixed

  • [x] Fix Set-PasswordStatePassword if existing password should not be changed
    • #136

Changelog

René

eizedev avatar Jan 12 '21 08:01 eizedev

Updated for Release build 9050 of PasswordState v9.

eizedev avatar Mar 02 '21 08:03 eizedev

Add-PasswordStateADSecurityGroup

Function Add-PasswordStateADSecurityGroup
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
    [Alias('Identity', 'Group', 'Name')]
    [ValidateNotNullOrEmpty()]
    [string]
    $SecurityGroupName,
    
    [Parameter(Position = 1)]
    [ValidateLength(1, 1000)]
    [string]
    $Description,
    
    [Parameter(Position = 2)]
    [Alias('Domain')]
    [ValidateNotNullOrEmpty()]
    [string]
    $ADDomainNetBIOS = $env:USERDOMAIN,
    
    [Parameter(Position = 3)]
    [switch]
    $PreventAuditing
  )

  Begin
  {
    Add-Type -AssemblyName System.Web
  }

  Process
  {
    $Auditing = @('', '?PreventAuditing=true')[[bool]($PreventAuditing.IsPresent)]
    
    $Body = [PSCustomObject]@{
      SecurityGroupName = [System.Web.HttpUtility]::UrlEncode($SecurityGroupName)
      ADDomainNetBIOS   = [System.Web.HttpUtility]::UrlEncode($ADDomainNetBIOS)
    }
    
    If (-not ([string]::IsNullOrEmpty($Description)) -and -not ([string]::IsNullOrWhiteSpace($Description)))
    {
      $Body | Add-Member -MemberType NoteProperty -Name 'Description' -Value ([System.Web.HttpUtility]::UrlEncode($Description))
    }
    
    New-PasswordStateResource -URI ('/api/securitygroup/{0}' -f $Auditing) -Body ($Body | ConvertTo-Json)
  }
}

Copy-PasswordStatePassword

Function Copy-PasswordStatePassword
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
    [ValidateNotNullOrEmpty()]
    [int32]
    $PasswordID,
    
    [Parameter(Mandatory = $true, Position = 1)]
    [Alias('DestinationPasswordListID')]
    [ValidateNotNullOrEmpty()]
    [int32]
    $PasswordListID,
    
    [Parameter(Position = 2)]
    [switch]
    $Link
  )

  Process
  {
    $Body = [PSCustomObject]@{
      PasswordID = $PasswordID
      DestinationPasswordListID = $PasswordListID
      Link = @('False', 'True')[[bool]($Link.IsPresent)]
    } | ConvertTo-Json
    
    New-PasswordStateResource -URI '/api/passwords/copy' -Body $Body
  }
}

Get-PasswordStateOneTimePassword

Function Get-PasswordStateOneTimePassword
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
    [ValidateNotNullOrEmpty()]
    [int32]
    $PasswordID
  )

  Process
  {
    $URI = '/api/onetimepassword/{0}' -f $PasswordID
    
    Get-PasswordStateResource -URI $URI
  }
}

Get-PasswordStateADSecurityGroup

Function Get-PasswordStateADSecurityGroup
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
    [ValidateNotNullOrEmpty()]
    [string]
    $Search
  )

  Begin
  {
    Add-Type -AssemblyName System.Web
  }

  Process
  {
    $URI = '/api/getsecuritygroup/'
    
    If (-not ([string]::IsNullOrEmpty($Search)) -and -not ([string]::IsNullOrWhiteSpace($Search)) -and -not ($Search -eq '*'))
    {
      $URI += '?search={0}' -f ([System.Web.HttpUtility]::UrlEncode($Search))
    }
    
    Get-PasswordStateResource -URI $URI
  }
}

Get-PasswordStatePasswordPolicy

Function Get-PasswordStatePasswordPolicy
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(Mandatory = $true, Position = 0)]
    [ValidateSet('Generator', 'Strength')]
    [string]
    $Type,
    
    [Parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Position = 1)]
    [ValidateNotNullOrEmpty()]
    [string]
    $Search
  )
  
  Begin
  {
    Add-Type -AssemblyName System.Web
  }
  
  Process
  {
    $URI = '/api/password{0}/' -f $Type.ToLower()
    
    If (-not ([string]::IsNullOrEmpty($Search)) -and -not ([string]::IsNullOrWhiteSpace($Search)) -and -not ($Search -eq '*'))
    {
      $URI += '?search={0}' -f ([System.Web.HttpUtility]::UrlEncode($Search))
    }
    
    Get-PasswordStateResource -URI $URI
  }
}

Move-PasswordStatePassword

Function Move-PasswordStatePassword
{
  [CmdletBinding(SupportsShouldProcess = $true)]
  Param
  (
    [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
    [ValidateNotNullOrEmpty()]
    [int32]
    $PasswordID,
    
    [Parameter(Mandatory = $true, Position = 1)]
    [Alias('DestinationPasswordListID')]
    [ValidateNotNullOrEmpty()]
    [int32]
    $PasswordListID
  )

  Process
  {
    $Body = [PSCustomObject]@{
      PasswordID = $PasswordID
      DestinationPasswordListID = $PasswordListID
    } | ConvertTo-Json
    
    Set-PasswordStateResource -URI '/api/passwords/move' -Body $Body
  }
}

Sync-PasswordStateADSecurityGroups

Function Sync-PasswordStateADSecurityGroups
{
  Process
  {
    $URI = '/api/securitygroup/getadsync'
    
    Get-PasswordStateResource -URI $URI
  }
}

colombeen avatar Mar 17 '22 07:03 colombeen

@colombeen if you open a PR we can look at getting the new functions tested and merged.

dnewsholme avatar Mar 17 '22 08:03 dnewsholme

@colombeen if you open a PR we can look at getting the new functions tested and merged.

I know, just don't have alot of time so wanted to quickly dump it here before I forget

colombeen avatar Mar 17 '22 08:03 colombeen

The Copy & Link feature does throw a strange error when you provide a personal pwd list :

Passwordstate did not respond within the allotted time of 60 seconds

But the command only took 1 second to throw the error...

When I use it directly with Invoke-RestMethod I do get this :

Invoke-Restmethod : {"error":"Copying and/or linking a password to a private list is forbidden."}

colombeen avatar Mar 17 '22 09:03 colombeen

A few other new API calls do the same thing as well when there is an error.

I've added all that I have that's not included in your module

colombeen avatar Mar 17 '22 12:03 colombeen

Fixed some of the missing features with https://github.com/dnewsholme/PasswordState-Management/pull/146

colombeen avatar Mar 17 '22 22:03 colombeen