Update-UserPassword - closes #155

thycotic-ps · Apr 15, 2021 · cd6dc87 · cd6dc87
1 parent e0bad3a
commit cd6dc87
Show file tree

Hide file tree

Showing 5 changed files with 273 additions and 0 deletions.
diff --git a/docs/_data/navigation.yml b/docs/_data/navigation.yml
@@ -182,6 +182,8 @@ commands:
         url: /commands/Search-TssUser
       - title: "Show-TssCurrentUser"
         url: /commands/Show-TssCurrentUser
+      - title: "Update-TssUserPassword"
+        url: /commands/Update-TssUserPassword
 
   - title: "General"
     children:

diff --git a/docs/collections/_commands/Update-TssUserPassword.md b/docs/collections/_commands/Update-TssUserPassword.md
@@ -0,0 +1,129 @@
+---
+category: general
+external help file: Thycotic.SecretServer-help.xml
+Module Name: Thycotic.SecretServer
+online version: https://thycotic-ps.github.io/thycotic.secretserver/commands/Update-TssUserPassword
+schema: 2.0.0
+title: Update-TssUserPassword
+---
+
+# Update-TssUserPassword
+
+## SYNOPSIS
+Update current User's password
+
+## SYNTAX
+
+```
+Update-TssUserPassword [-TssSession] <TssSession> [-Current] <SecureString> [-New] <SecureString> [-WhatIf]
+ [-Confirm] [<CommonParameters>]
+```
+
+## DESCRIPTION
+Update current User's password.
+Successful update of password will expire the current session.
+
+## EXAMPLES
+
+### EXAMPLE 1
+```
+$session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+Update-TssUserPassword -TssSession $session -Current $ssCred.Password -New (ConvertTo-SecureString 'P@ssword$h1p@lw@y$')
+```
+
+Updates the user's password for the current session
+
+## PARAMETERS
+
+### -TssSession
+TssSession object created by New-TssSession for auth
+
+```yaml
+Type: TssSession
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: True (ByValue)
+Accept wildcard characters: False
+```
+
+### -Current
+Current password
+
+```yaml
+Type: SecureString
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 2
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -New
+New password to update
+
+```yaml
+Type: SecureString
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 3
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -WhatIf
+Shows what would happen if the cmdlet runs.
+The cmdlet is not run.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: wi
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Confirm
+Prompts you for confirmation before running the cmdlet.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases: cf
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+## OUTPUTS
+
+## NOTES
+Requires TssSession object returned by New-TssSession
+
+## RELATED LINKS
+
+[https://thycotic-ps.github.io/thycotic.secretserver/commands/Update-TssUserPassword](https://thycotic-ps.github.io/thycotic.secretserver/commands/Update-TssUserPassword)
+
+[https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/users/Update-UserPassword.ps1](https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/users/Update-UserPassword.ps1)
+
diff --git a/docs/collections/_pages/commands.md b/docs/collections/_pages/commands.md
@@ -159,6 +159,7 @@ A Thycotic.SecretServer command may not appear in the below list because it is n
 [New-TssUser] | [POST /users]
 [Search-TssUser] | [GET /users]
 [Show-TssCurrentUser] | [GET /users/current]
+[Update-TssUserPassword] | [POST /users/change-password]
 
 [New-TssSession]:/thycotic.secretserver/commands/New-TssSession
 [Get-TssFolder]:/thycotic.secretserver/commands/Get-TssFolder
@@ -225,7 +226,9 @@ A Thycotic.SecretServer command may not appear in the below list because it is n
 [Search-TssDistributedEngineSite]:/thycotic.secretserver/commands/Search-TssDistributedEngineSite
 [New-TssUser]:/thycotic.secretserver/commands/New-TssUser
 [Get-TssSecretRpcAssociated]:/thycotic.secretserver/commands/Get-TssSecretRpcAssociated
+[Update-TssUserPassword]:/thycotic.secretserver/commands/Update-TssUserPassword
 
+[POST /users/change-password]:https://updates.thycotic.net/secretserver/restapiguide/10.9.33/TokenAuth/#operation--users-change-password-post
 [POST /users]:https://updates.thycotic.net/secretserver/restapiguide/10.9.33/TokenAuth/#operation--users-post
 [GET /distributed-engine/sites]:http://argos/SecretServer/documents/restapi/TokenAuth/#operation--distributed-engine-sites-get
 [PUT /secrets/{id}/expiration]:http://argos/SecretServer/documents/restapi/TokenAuth/#operation--secrets--id--expiration-put

diff --git a/src/functions/users/Update-UserPassword.ps1 b/src/functions/users/Update-UserPassword.ps1
@@ -0,0 +1,80 @@
+function Update-UserPassword {
+    <#
+    .SYNOPSIS
+    Update current User's password
+
+    .DESCRIPTION
+    Update current User's password. Successful update of password will expire the current session.
+
+    .EXAMPLE
+    $session = New-TssSession -SecretServer https://alpha -Credential $ssCred
+    Update-TssUserPassword -TssSession $session -Current $ssCred.Password -New (ConvertTo-SecureString 'P@ssword$h1p@lw@y$')
+
+    Updates the user's password for the current session
+
+    .LINK
+    https://thycotic-ps.github.io/thycotic.secretserver/commands/Update-TssUserPassword
+
+    .LINK
+    https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/users/Update-UserPassword.ps1
+
+    .NOTES
+    Requires TssSession object returned by New-TssSession
+    #>
+    [cmdletbinding(SupportsShouldProcess)]
+    param(
+        # TssSession object created by New-TssSession for auth
+        [Parameter(Mandatory,ValueFromPipeline,Position = 0)]
+        [TssSession]
+        $TssSession,
+
+        # Current password
+        [Parameter(Mandatory,Position = 1)]
+        [securestring]
+        $Current,
+
+        [Parameter(Mandatory,Position = 2)]
+        # New password to update
+        [securestring]
+        $New
+    )
+    begin {
+        $tssParams = $PSBoundParameters
+        $invokeParams = . $GetInvokeTssParams $TssSession
+    }
+    process {
+        Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)"
+        if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) {
+            . $CheckVersion $TssSession '10.9.0000' $PSCmdlet.MyInvocation
+            $restResponse = $null
+            $uri = $TssSession.ApiUrl, 'users', 'change-password' -join '/'
+            $invokeParams.Uri = $uri
+            $invokeParams.Method = 'POST'
+
+            $changePwdBody = @{
+                currentPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Current))
+                newPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($New))
+            }
+            $invokeParams.Body = $changePwdBody | ConvertTo-Json
+
+            if ($PSCmdlet.ShouldProcess("Updating Password", "$($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n")) {
+                Write-Verbose "Performing the operation $($invokeParams.Method) $uri with:`n$($invokeParams.Body)`n"
+                try {
+                    $restResponse = . $InvokeApi @invokeParams
+                } catch {
+                    Write-Warning "Issue updating password for current user"
+                    $err = $_
+                    . $ErrorHandling $err
+                }
+            }
+            if ($restResponse) {
+                Write-Verbose "Password updated successfully"
+                $TssSession.SessionExpire() >$null
+            } else {
+                Write-Warning "Password was not updated successfully, see previous errors"
+            }
+        } else {
+            Write-Warning "No valid session found"
+        }
+    }
+}
diff --git a/tests/users/Update-UserPassword.Tests.ps1 b/tests/users/Update-UserPassword.Tests.ps1
@@ -0,0 +1,59 @@
+BeforeDiscovery {
+    $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf
+    . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1'))
+}
+Describe "$commandName verify parameters" {
+    BeforeDiscovery {
+        [object[]]$knownParameters = 'TssSession', 'Current', 'New'
+        [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys
+        [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')
+        $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru
+    }
+    Context "Verify parameters" -Foreach @{currentParams = $currentParams } {
+        It "$commandName should contain <_> parameter" -TestCases $knownParameters {
+            $_ -in $currentParams | Should -Be $true
+        }
+        It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters {
+            $_ | Should -BeNullOrEmpty
+        }
+    }
+}
+Describe "$commandName functions" {
+    Context "Checking" {
+        BeforeAll {
+            $session = [pscustomobject]@{
+                ApiVersion   = 'api/v1'
+                Take         = 2147483647
+                SecretServer = 'http://alpha/'
+                ApiUrl       = 'http://alpha/api/v1'
+                AccessToken  = 'AgJf5YLChrisPine312UcBrM1s1KB2BGZ5Ufc4qLZ'
+                RefreshToken = '9oacYeah0YqgBNg0L7VinDiesel6-Z9ITE51Humus'
+                TokenType    = 'bearer'
+                ExpiresIn    = 1199
+            }
+            Mock -Verifiable -CommandName Invoke-RestMethod -ParameterFilter { $Uri -match '/version' } -MockWith {
+                return @{
+                   model = [pscustomobject]@{
+                       Version = '10.9.000033'
+                   }
+                }
+            }
+
+            Mock -Verifiable -CommandName Invoke-RestMethod -ParameterFilter { $Uri -match '/users/change-password' } -MockWith {
+                return [pscustomobject]@{
+                    id = 42
+                    userName = 'testuser'
+                    displayName = 'You would like to know'
+                }
+            }
+            $object = Update-UserPassword -TssSession $session -Current (ConvertTo-SecureString 'pass' -AsPlainText -Force) -New (ConvertTo-SecureString 'pass1' -AsPlainText -Force)
+            Assert-VerifiableMock
+        }
+        It "Should be empty" {
+            $object | Should -BeNullOrEmpty
+        }
+        It "Should have called Invoke-RestMethod 2 times" {
+            Assert-MockCalled -CommandName Invoke-RestMethod -Times 2 -Scope Describe
+        }
+    }
+}