compatibility fixes

KelvinTegelaar · Dec 16, 2024 · da70f02 · da70f02
1 parent 397858f
commit da70f02
Showing 1 changed file with 27 additions and 27 deletions.
diff --git a/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1 b/...e/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1
@@ -12,7 +12,7 @@ Function Invoke-ExecJITAdmin {
 
     $APIName = 'ExecJITAdmin'
     $User = $Request.Headers.'x-ms-client-principal'
-
+    $TenantFilter = $Request.body.TenantFilter.value ? $Request.body.TenantFilter.value : $Request.body.TenantFilter
     Write-LogMessage -user $User -API $APINAME -message 'Accessed this API' -Sev 'Debug'
 
     if ($Request.Query.Action -eq 'List') {
@@ -60,31 +60,31 @@ Function Invoke-ExecJITAdmin {
         }
     } else {
 
-        if ($Request.Body.UserId -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
-            $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.UserId)" -tenantid $Request.Body.TenantFilter).userPrincipalName
+        if ($Request.Body.existingUser.value -match '^[a-f0-9]{8}-([a-f0-9]{4}-){3}[a-f0-9]{12}$') {
+            $Username = (New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/users/$($Request.Body.existingUser.value)" -tenantid $TenantFilter).userPrincipalName
         }
-        Write-LogMessage -user $User -API $APINAME -message "Executing JIT Admin for $Username" -tenant $Request.Body.TenantFilter -Sev 'Info'
+        Write-LogMessage -user $User -API $APINAME -message "Executing JIT Admin for $Username" -tenant $TenantFilter -Sev 'Info'
 
         $Start = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.StartDate)).DateTime.ToLocalTime()
         $Expiration = ([System.DateTimeOffset]::FromUnixTimeSeconds($Request.Body.EndDate)).DateTime.ToLocalTime()
         $Results = [System.Collections.Generic.List[string]]::new()
 
         if ($Request.Body.useraction -eq 'Create') {
-            Write-LogMessage -user $User -API $APINAME -tenant $Request.Body.TenantFilter -message "Creating JIT Admin user $($Request.Body.UserPrincipalName)" -Sev 'Info'
-            Write-Information "Creating JIT Admin user $($Request.Body.UserPrincipalName)"
+            Write-LogMessage -user $User -API $APINAME -tenant $TenantFilter -message "Creating JIT Admin user $($Request.Body.Username)" -Sev 'Info'
+            Write-Information "Creating JIT Admin user $($Request.Body.username)"
             $JITAdmin = @{
                 User         = @{
                     'FirstName'         = $Request.Body.FirstName
                     'LastName'          = $Request.Body.LastName
-                    'UserPrincipalName' = $Request.Body.UserPrincipalName
+                    'UserPrincipalName' = "$($Request.Body.Username)@$($Request.Body.Domain.value)"
                 }
                 Expiration   = $Expiration
                 Action       = 'Create'
-                TenantFilter = $Request.Body.TenantFilter
+                TenantFilter = $TenantFilter
             }
             $CreateResult = Set-CIPPUserJITAdmin @JITAdmin
-            $Username = $CreateResult.userPrincipalName
-            $Results.Add("Created User: $($CreateResult.userPrincipalName)")
+            $Username = "$($Request.Body.Username)@$($Request.Body.Domain.value)"
+            $Results.Add("Created User: $($Request.Body.Username)@$($Request.Body.Domain.value)")
             if (!$Request.Body.UseTAP) {
                 $Results.Add("Password: $($CreateResult.password)")
             }
@@ -107,7 +107,7 @@ Function Invoke-ExecJITAdmin {
                 $Retries = 0
                 do {
                     try {
-                        $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $Request.Body.TenantFilter -type POST -body $TapBody
+                        $TapRequest = New-GraphPostRequest -uri "https://graph.microsoft.com/beta/users/$($Username)/authentication/temporaryAccessPassMethods" -tenantid $TenantFilter -type POST -body $TapBody
                     } catch {
                         Start-Sleep -Seconds 2
                         Write-Information 'ERROR: Failed to create TAP, retrying'
@@ -137,17 +137,17 @@ Function Invoke-ExecJITAdmin {
         }
 
         $Parameters = @{
-            TenantFilter = $Request.Body.TenantFilter
+            TenantFilter = $TenantFilter
             User         = @{
                 'UserPrincipalName' = $Username
             }
-            Roles        = $Request.Body.AdminRoles
+            Roles        = $Request.Body.AdminRoles.value
             Action       = 'AddRoles'
             Expiration   = $Expiration
         }
         if ($Start -gt (Get-Date)) {
             $TaskBody = @{
-                TenantFilter  = $Request.Body.TenantFilter
+                TenantFilter  = $TenantFilter
                 Name          = "JIT Admin (enable): $Username"
                 Command       = @{
                     value = 'Set-CIPPUserJITAdmin'
@@ -156,14 +156,14 @@ Function Invoke-ExecJITAdmin {
                 Parameters    = [pscustomobject]$Parameters
                 ScheduledTime = $Request.Body.StartDate
                 PostExecution = @{
-                    Webhook = [bool]$Request.Body.PostExecution.Webhook
-                    Email   = [bool]$Request.Body.PostExecution.Email
-                    PSA     = [bool]$Request.Body.PostExecution.PSA
+                    Webhook = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'webhook')
+                    Email   = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'email')
+                    PSA     = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'PSA')
                 }
             }
             Add-CIPPScheduledTask -Task $TaskBody -hidden $false
             if ($Request.Body.useraction -ne 'Create') {
-                Set-CIPPUserJITAdminProperties -TenantFilter $Request.Body.TenantFilter -UserId $Request.Body.UserId -Expiration $Expiration
+                Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $Request.Body.existingUser.value -Expiration $Expiration
             }
             $Results.Add("Scheduling JIT Admin enable task for $Username")
         } else {
@@ -172,29 +172,29 @@ Function Invoke-ExecJITAdmin {
         }
 
         $DisableTaskBody = [pscustomobject]@{
-            TenantFilter  = $Request.Body.TenantFilter
-            Name          = "JIT Admin ($($Request.Body.ExpireAction)): $Username"
+            TenantFilter  = $TenantFilter
+            Name          = "JIT Admin ($($Request.Body.ExpireAction.value)): $Username"
             Command       = @{
                 value = 'Set-CIPPUserJITAdmin'
                 label = 'Set-CIPPUserJITAdmin'
             }
             Parameters    = [pscustomobject]@{
-                TenantFilter = $Request.Body.TenantFilter
+                TenantFilter = $TenantFilter
                 User         = @{
                     'UserPrincipalName' = $Username
                 }
-                Roles        = $Request.Body.AdminRoles
-                Action       = $Request.Body.ExpireAction
+                Roles        = $Request.Body.AdminRoles.value
+                Action       = $Request.Body.ExpireAction.value
             }
             PostExecution = @{
-                Webhook = [bool]$Request.Body.PostExecution.Webhook
-                Email   = [bool]$Request.Body.PostExecution.Email
-                PSA     = [bool]$Request.Body.PostExecution.PSA
+                Webhook = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'webhook')
+                Email   = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'email')
+                PSA     = [bool]($Request.Body.PostExecution | Where-Object -Property value -EQ 'PSA')
             }
             ScheduledTime = $Request.Body.EndDate
         }
         $null = Add-CIPPScheduledTask -Task $DisableTaskBody -hidden $false
-        $Results.Add("Scheduling JIT Admin $($Request.Body.ExpireAction) task for $Username")
+        $Results.Add("Scheduling JIT Admin $($Request.Body.ExpireAction.value) task for $Username")
         $Body = @{
             Results = @($Results)
         }