kris6673 · kris6673 · Aug 14, 2024 · Jul 26, 2024 · Aug 2, 2024 · Aug 2, 2024
diff --git a/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipp4i6t3.yml b/.github/workflows/dev_cippz6s4d.yml → .github/workflows/dev_cipp4i6t3.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippz6s4d
+name: Build and deploy Powershell project to Azure Function App - cipp4i6t3
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippz6s4d'
+          app-name: 'cipp4i6t3'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_D27E7CF0887F4E4591F3957CCA96F0FD }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_9D257A31ACA24925A112AF5FFC2BEAFE }}
diff --git a/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml b/.github/workflows/dev_cippacnqv.yml → .github/workflows/dev_cippkwn4s.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippacnqv
+name: Build and deploy Powershell project to Azure Function App - cippkwn4s
 
 on:
   push:
@@ -23,17 +23,17 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Login to Azure
-        uses: azure/login@v1
+        uses: azure/login@v2
         with:
-          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_6085081ED1124B799258E9FF743FF4B9 }}
-          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_9BDB2DDBFAFA4BC19C20A58B204BFAF3 }}
-          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_02B5224812794971B05EDD557AF2B867 }}
+          client-id: ${{ secrets.AZUREAPPSERVICE_CLIENTID_B6BCC8886F40482FB8B43907FCDA6596 }}
+          tenant-id: ${{ secrets.AZUREAPPSERVICE_TENANTID_0D1C65B9099F48FABDF7F7052EA6887F }}
+          subscription-id: ${{ secrets.AZUREAPPSERVICE_SUBSCRIPTIONID_76518AE5ECB34375A414DEEE1119C161 }}
 
       - name: 'Run Azure Functions Action'
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippacnqv'
+          app-name: 'cippkwn4s'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
 
diff --git a/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipplwwww.yml b/.github/workflows/dev_cippckdtz.yml → .github/workflows/dev_cipplwwww.yml
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/azure/functions-action
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Powershell project to Azure Function App - cippckdtz
+name: Build and deploy Powershell project to Azure Function App - cipplwwww
 
 on:
   push:
@@ -24,7 +24,7 @@ jobs:
         uses: Azure/functions-action@v1
         id: fa
         with:
-          app-name: 'cippckdtz'
+          app-name: 'cipplwwww'
           slot-name: 'Production'
           package: ${{ env.AZURE_FUNCTIONAPP_PACKAGE_PATH }}
-          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_726578DA8A7243BF9D82FE123C2F6E7F }}
+          publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE_00A9A6DFE9244C2EA8952190FFF10F45 }}
diff --git a/.github/workflows/dev_cippopy3o.yml b/.github/workflows/dev_cippopy3o.yml
diff --git a/.github/workflows/dev_cipppwrro.yml b/.github/workflows/dev_cipppwrro.yml
diff --git a/.github/workflows/ninjaone_cipp426ns.yml b/.github/workflows/ninjaone_cipp426ns.yml
diff --git a/Config/standards.json b/Config/standards.json
@@ -2235,7 +2235,7 @@
             "value": "none"
           },
           {
-            "label": "Restirct sharing to specific domains",
+            "label": "Restrict sharing to specific domains",
             "value": "allowList"
           },
           {

diff --git a/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1 b/Modules/CIPPCore/Public/Add-CIPPAzDataTableEntity.ps1
@@ -138,7 +138,7 @@ function Add-CIPPAzDataTableEntity {
                     throw "Error processing entity: $ErrorMessage Linenumber: $($_.InvocationInfo.ScriptLineNumber)"
                 }
             } else {
-                Write-Information "THE ERROR IS $($_.Exception.ErrorCode). The size of the entity is $entitySize."
+                Write-Information "THE ERROR IS $($_.Exception.message). The size of the entity is $entitySize."
                 throw $_
             }
         }

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/BPA/Push-BPACollectData.ps1
@@ -19,7 +19,12 @@ function Push-BPACollectData {
         }
     }
     $Table = Get-CippTable -tablename 'cachebpav2'
-    Write-Host "Working on BPA for $($TenantName.displayName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
+    $Rerun = Test-CIPPRerun -Type 'BPA' -Tenant $TenantName.defaultDomainName -API $Item.Template
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    }
+    Write-Host "Working on BPA for $($TenantName.defaultDomainName) with GUID $($TenantName.customerId) - Report ID $($Item.Template)"
     $Template = $Templates | Where-Object -Property Name -EQ -Value $Item.Template
     # Build up the result object that will be stored in tables
     $Result = @{

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Push-CIPPStandard.ps1
@@ -12,6 +12,13 @@ function Push-CIPPStandard {
     $Standard = $Item.Standard
     $FunctionName = 'Invoke-CIPPStandard{0}' -f $Standard
     Write-Host "We'll be running $FunctionName"
+    $Rerun = Test-CIPPRerun -Type Standard -Tenant $Tenant -Settings $Item.Settings -API $Standard
+    if ($Rerun) {
+        Write-Host 'Detected rerun. Exiting cleanly'
+        exit 0
+    } else {
+        Write-Host "Rerun is set to false. We'll be running $FunctionName"
+    }
     try {
         & $FunctionName -Tenant $Item.Tenant -Settings $Item.Settings -ErrorAction Stop
     } catch {

diff --git a/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1 b/Modules/CIPPCore/Public/Entrypoints/Activity Triggers/Webhooks/Push-AuditLogTenant.ps1
@@ -1,15 +1,24 @@
 function Push-AuditLogTenant {
     Param($Item)
 
+    # Get Table contexts
     $AuditBundleTable = Get-CippTable -tablename 'AuditLogBundles'
-    $SchedulerConfig = Get-CIPPTable -TableName 'SchedulerConfig'
-    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
+    $SchedulerConfig = Get-CippTable -TableName 'SchedulerConfig'
     $WebhookTable = Get-CippTable -tablename 'webhookTable'
+    $ConfigTable = Get-CippTable -TableName 'WebhookRules'
+
+    # Query CIPPURL for linking
+    $CIPPURL = Get-CIPPAzDataTableEntity @SchedulerConfig -Filter "PartitionKey eq 'webhookcreation'" | Select-Object -First 1 -ExpandProperty CIPPURL
+
+    # Get all webhooks for the tenant
     $Webhooks = Get-CIPPAzDataTableEntity @WebhookTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and Version eq '3'" | Where-Object { $_.Resource -match '^Audit' }
-    $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$ContentType'"
-    $ConfigTable = Get-CIPPTable -TableName 'WebhookRules'
+
+    # Get webhook rules
     $ConfigEntries = Get-CIPPAzDataTableEntity @ConfigTable
 
+    # Date filter for existing bundles
+    $LastHour = (Get-Date).AddHours(-1).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss')
+
     $NewBundles = [System.Collections.Generic.List[object]]::new()
     foreach ($Webhook in $Webhooks) {
         # only process webhooks that are configured in the webhookrules table
@@ -28,6 +37,7 @@ function Push-AuditLogTenant {
             EndTime      = $Item.EndTime
         }
         $LogBundles = Get-CIPPAuditLogContentBundles @ContentBundleQuery
+        $ExistingBundles = Get-CIPPAzDataTableEntity @AuditBundleTable -Filter "PartitionKey eq '$($Item.TenantFilter)' and ContentType eq '$LogType' and Timestamp ge datetime'$($LastHour)'"
 
         foreach ($Bundle in $LogBundles) {
             if ($ExistingBundles.RowKey -notcontains $Bundle.contentId) {
@@ -61,5 +71,4 @@ function Push-AuditLogTenant {
         $InstanceId = Start-NewOrchestration -FunctionName 'CIPPOrchestrator' -InputObject ($InputObject | ConvertTo-Json -Depth 5 -Compress)
         Write-Host "Started orchestration with ID = '$InstanceId'"
     }
-
 }
diff --git a/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecServicePrincipals.ps1 b/...les/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Core/Invoke-ExecServicePrincipals.ps1
@@ -0,0 +1,58 @@
+function Invoke-ExecServicePrincipals {
+    <#
+    .FUNCTIONALITY
+        Entrypoint
+    .ROLE
+        CIPP.Core.ReadWrite
+    #>
+    [CmdletBinding()]
+    param($Request, $TriggerMetadata)
+
+    $TenantFilter = $env:TenantId
+
+    $Success = $true
+
+    $Action = $Request.Query.Action ?? 'Default'
+    try {
+        switch ($Request.Query.Action) {
+            'Create' {
+                $Body = @{
+                    'appId' = $Request.Query.AppId
+                } | ConvertTo-Json -Compress
+                $Results = New-GraphPostRequest -Uri 'https://graph.microsoft.com/beta/servicePrincipals' -tenantid $TenantFilter -type POST -body $Body
+            }
+            default {
+                if ($Request.Query.AppId) {
+                    $Action = 'Get'
+                    $Results = New-GraphGetRequest -Uri "https://graph.microsoft.com/beta/servicePrincipals(appId='$($Request.Query.AppId)')" -tenantid $TenantFilter -NoAuthCheck $true
+                } else {
+                    $Action = 'List'
+                    $Results = New-GraphGetRequest -Uri 'https://graph.microsoft.com/beta/servicePrincipals?$top=999&$orderby=displayName&$count=true' -ComplexFilter -tenantid $TenantFilter -NoAuthCheck $true
+                }
+            }
+        }
+    } catch {
+        $Results = $_.Exception.Message
+        $Success = $false
+    }
+
+    $Metadata = @{
+        'Action'  = $Action
+        'Success' = $Success
+    }
+
+    if ($Request.Query.AppId) {
+        $Metadata.AppId = $Request.Query.AppId
+    }
+
+    $Body = @{
+        'Results'  = $Results
+        'Metadata' = $Metadata
+    }
+
+    $Json = $Body | ConvertTo-Json -Depth 10 -Compress
+    Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = $Json
+        })
+}
diff --git a/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1 b/...IPPCore/Public/Entrypoints/HTTP Functions/CIPP/Extensions/Invoke-ExecExtensionsConfig.ps1
@@ -17,21 +17,22 @@ Function Invoke-ExecExtensionsConfig {
     #Connect-AzAccount -UseDeviceAuthentication
     # Write to the Azure Functions log stream.
     Write-Information 'PowerShell HTTP trigger function processed a request.'
+    $Body = [PSCustomObject]$Request.Body
     $results = try {
-        if ($Request.Body.CIPPAPI.Enabled) {
+        if ($Body.CIPPAPI.Enabled) {
             try {
-                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Request.Body.CIPPAPI.ResetPassword
+                $APIConfig = New-CIPPAPIConfig -ExecutingUser $Request.Headers.'x-ms-client-principal' -resetpassword $Body.CIPPAPI.ResetPassword
                 $AddedText = $APIConfig.Results
             } catch {
                 $AddedText = ' Could not enable CIPP-API. Check the CIPP documentation for API requirements.'
-                $Request.Body = $Request.Body | Select-Object * -ExcludeProperty CIPPAPI
+                $Body = $Body | Select-Object * -ExcludeProperty CIPPAPI
             }
         }
 
         # Check if NinjaOne URL is set correctly and the instance has at least version 5.6
-        if ($Request.Body.NinjaOne) {
+        if ($Body.NinjaOne) {
             try {
-                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Request.Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
+                [version]$Version = (Invoke-WebRequest -Method GET -Uri "https://$(($Body.NinjaOne.Instance -replace '/ws','') -replace 'https://','')/app-version.txt" -ea stop).content
             } catch {
                 throw "Failed to connect to NinjaOne check your Instance is set correctly eg 'app.ninjarmmm.com'"
             }
@@ -41,39 +42,39 @@ Function Invoke-ExecExtensionsConfig {
         }
 
         $Table = Get-CIPPTable -TableName Extensionsconfig
-        foreach ($APIKey in ([pscustomobject]$Request.Body).psobject.properties.name) {
+        foreach ($APIKey in $Body.PSObject.Properties.Name) {
             Write-Information "Working on $apikey"
-            if ($Request.Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Request.Body.$APIKey.APIKey -eq '') {
+            if ($Body.$APIKey.APIKey -eq 'SentToKeyVault' -or $Body.$APIKey.APIKey -eq '') {
                 Write-Information 'Not sending to keyvault. Key previously set or left blank.'
             } else {
                 Write-Information 'writing API Key to keyvault, and clearing.'
                 Write-Information "$ENV:WEBSITE_DEPLOYMENT_ID"
-                if ($Request.Body.$APIKey.APIKey) {
+                if ($Body.$APIKey.APIKey) {
                     if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
                         $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
                         $Secret = [PSCustomObject]@{
                             'PartitionKey' = $APIKey
                             'RowKey'       = $APIKey
-                            'APIKey'       = $Request.Body.$APIKey.APIKey
+                            'APIKey'       = $Body.$APIKey.APIKey
                         }
                         Add-CIPPAzDataTableEntity @DevSecretsTable -Entity $Secret -Force
                     } else {
-                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Request.Body.$APIKey.APIKey)
+                        $null = Set-AzKeyVaultSecret -VaultName $ENV:WEBSITE_DEPLOYMENT_ID -Name $APIKey -SecretValue (ConvertTo-SecureString -AsPlainText -Force -String $Body.$APIKey.APIKey)
                     }
                 }
-                if ($Request.Body.$APIKey.PSObject.Properties -notcontains 'APIKey') {
-                    $Request.Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
+                if ($Body.$APIKey.PSObject.Properties.Name -notcontains 'APIKey') {
+                    $Body.$APIKey | Add-Member -MemberType NoteProperty -Name APIKey -Value 'SentToKeyVault'
                 } else {
-                    $Request.Body.$APIKey.APIKey = 'SentToKeyVault'
+                    $Body.$APIKey.APIKey = 'SentToKeyVault'
                 }
             }
-            $Request.Body.$APIKey = $Request.Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
+            $Body.$APIKey = $Body.$APIKey | Select-Object * -ExcludeProperty ResetPassword
         }
-        $body = $Request.Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
+        $Body = $Body | Select-Object * -ExcludeProperty APIKey, Enabled | ConvertTo-Json -Depth 10 -Compress
         $Config = @{
             'PartitionKey' = 'CippExtensions'
             'RowKey'       = 'Config'
-            'config'       = [string]$body
+            'config'       = [string]$Body
         }
 
         Add-CIPPAzDataTableEntity @Table -Entity $Config -Force | Out-Null