New-TssSession - convert OAuth call to internal binary command

fixes #233
thycotic-ps · Sep 1, 2021 · 06e6477 · 06e6477
1 parent 8cf4332
commit 06e6477
Show file tree

Hide file tree

Showing 5 changed files with 179 additions and 110 deletions.
diff --git a/src/Thycotic.SecretServer.psd1 b/src/Thycotic.SecretServer.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: Shawn Melton
 #
-# Generated on: 8/30/2021
+# Generated on: 8/31/2021
 #
 
 @{
@@ -69,90 +69,90 @@ FormatsToProcess = 'Thycotic.SecretServer.Format.ps1xml'
 NestedModules = @('bin\Thycotic.SecretServer.dll')
 
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission',
-               'Add-TssGroupMember', 'Add-TssSecretPermission',
-               'Add-TssSecretTemplateField', 'Close-TssSecret', 'Close-TssSession',
-               'Disable-TssEventPipeline', 'Disable-TssEventPipelinePolicy',
-               'Disable-TssSecretCheckout', 'Disable-TssSecretEmail',
-               'Disable-TssUnlimitedAdmin', 'Disable-TssUser',
-               'Enable-TssEventPipeline', 'Enable-TssEventPipelinePolicy',
-               'Enable-TssSecretCheckout', 'Enable-TssSecretEmail',
-               'Enable-TssUnlimitedAdmin', 'Enable-TssUser',
-               'Export-TssAutoExportStorageItem', 'Export-TssReport',
-               'Find-TssFolder', 'Find-TssGroup', 'Find-TssReport', 'Find-TssSecret',
-               'Find-TssUser', 'Get-TssConfiguration',
-               'Get-TssConfigurationAutoExport', 'Get-TssConfigurationBackup',
-               'Get-TssConfigurationLocalUserPassword',
-               'Get-TssConfigurationLogin', 'Get-TssConfigurationRpc',
-               'Get-TssConfigurationSaml', 'Get-TssConfigurationSearchIndex',
-               'Get-TssConfigurationSecurity', 'Get-TssConfigurationSiteConnector',
-               'Get-TssEventPipeline', 'Get-TssEventPipelinePolicy',
-               'Get-TssEventPipelinePolicyActivity', 'Get-TssEventPipelineRun',
-               'Get-TssFolder', 'Get-TssFolderAudit', 'Get-TssFolderPermission',
-               'Get-TssFolderState', 'Get-TssGroup', 'Get-TssGroupMember',
-               'Get-TssGroupRole', 'Get-TssGroupUser', 'Get-TssMetadataField',
-               'Get-TssReport', 'Get-TssReportCategory', 'Get-TssReportParameter',
-               'Get-TssReportSchedule', 'Get-TssRpcAssociatedSecret',
-               'Get-TssRpcPasswordType', 'Get-TssScript', 'Get-TssSecret',
-               'Get-TssSecretAccessRequest', 'Get-TssSecretAccessRequestOption',
-               'Get-TssSecretAccessRequestSecret', 'Get-TssSecretAttachment',
-               'Get-TssSecretAudit', 'Get-TssSecretDependency',
-               'Get-TssSecretDependencyGroup', 'Get-TssSecretDependencyRunStatus',
-               'Get-TssSecretDependencyStub', 'Get-TssSecretDependencyTemplate',
-               'Get-TssSecretField', 'Get-TssSecretHeartbeatStatus',
-               'Get-TssSecretHook', 'Get-TssSecretHookStub',
-               'Get-TssSecretPasswordStatus', 'Get-TssSecretPolicy',
-               'Get-TssSecretSetting', 'Get-TssSecretState', 'Get-TssSecretStub',
-               'Get-TssSecretSummary', 'Get-TssSecretTemplate',
-               'Get-TssSecretTemplateFolder', 'Get-TssSite', 'Get-TssUser',
-               'Get-TssUserAudit', 'Get-TssUserGroup', 'Get-TssUserOwner',
-               'Get-TssUserRole', 'Get-TssUserRoleAssigned', 'Get-TssVersion',
-               'Initialize-TssSdkClient', 'Invoke-TssReport', 'Invoke-TssRestApi',
-               'Invoke-TssSecretGeneratePassword', 'Lock-TssUser', 'New-TssFolder',
-               'New-TssFolderPermission', 'New-TssGroup', 'New-TssMetadataField',
-               'New-TssReport', 'New-TssReportSchedule', 'New-TssScript',
-               'New-TssSecret', 'New-TssSecretDependency',
-               'New-TssSecretDependencyGroup', 'New-TssSecretHook',
-               'New-TssSecretPermission', 'New-TssSecretPolicy',
-               'New-TssSecretTemplate', 'New-TssSecretTemplateField',
-               'New-TssSession', 'New-TssUser', 'Open-TssSecret',
-               'Remove-TssEventPipeline', 'Remove-TssFolder',
-               'Remove-TssFolderPermission', 'Remove-TssFolderTemplate',
-               'Remove-TssGroupMember', 'Remove-TssMetadata', 'Remove-TssReport',
-               'Remove-TssReportCategory', 'Remove-TssReportSchedule',
-               'Remove-TssSecret', 'Remove-TssSecretDependency',
-               'Remove-TssSecretHook', 'Remove-TssSecretPermission',
-               'Remove-TssUserPii', 'Reset-TssUserPassword', 'Restore-TssSecret',
-               'Revoke-TssSecret', 'Search-TssAutoExportStorage',
-               'Search-TssConfigurationAudit', 'Search-TssConfigurationBackupLog',
-               'Search-TssDirectoryServiceDomain',
-               'Search-TssDistributedEngineSite', 'Search-TssEventPipeline',
-               'Search-TssEventPipelinePolicy', 'Search-TssFolder',
-               'Search-TssFolderPermission', 'Search-TssGroup', 'Search-TssMetadata',
-               'Search-TssMetadataHistory', 'Search-TssMetadataSection',
-               'Search-TssReport', 'Search-TssReportSchedule', 'Search-TssRole',
-               'Search-TssRpcPasswordType', 'Search-TssScript', 'Search-TssSecret',
-               'Search-TssSecretAccessRequest', 'Search-TssSecretDependency',
-               'Search-TssSecretHook', 'Search-TssSecretPermission',
-               'Search-TssSecretPolicy', 'Search-TssSecretTemplate',
-               'Search-TssSystemLog', 'Search-TssUser', 'Search-TssWorkflowTemplate',
-               'Set-TssConfigurationAutoExport', 'Set-TssConfigurationGeneral',
-               'Set-TssFolder', 'Set-TssSecret', 'Set-TssSecretExpiration',
-               'Set-TssSecretField', 'Set-TssSecretPolicy',
-               'Set-TssSecretRpcAssociated', 'Set-TssSecretRpcPrivileged',
-               'Set-TssSecretSecurity', 'Set-TssSecretTemplate',
-               'Show-TssCurrentUser', 'Start-TssConfigurationBackup',
-               'Start-TssConfigurationSearchIndex', 'Start-TssDiscovery',
-               'Start-TssSecretChangePassword', 'Start-TssSecretDependency',
-               'Start-TssSecretHeartbeat', 'Stop-TssSecretChangePassword',
-               'Test-TssFolderAction', 'Test-TssSdkClient', 'Test-TssSecretAction',
-               'Test-TssSecretState', 'Test-TssSession', 'Test-TssVersion',
-               'Unlock-TssUser', 'Update-TssFolder', 'Update-TssFolderPermission',
-               'Update-TssGroupMember', 'Update-TssMetadataField',
-               'Update-TssMetadataSection', 'Update-TssSecret',
-               'Update-TssSecretAccessRequest', 'Update-TssSecretHook',
-               'Update-TssSecretPermission', 'Update-TssSecretRdpLauncherSetting',
-               'Update-TssSecretTemplateField', 'Update-TssUser',
+FunctionsToExport = 'Add-TssEventPipeline', 'Add-TssFolderPermission', 
+               'Add-TssGroupMember', 'Add-TssSecretPermission', 
+               'Add-TssSecretTemplateField', 'Close-TssSecret', 'Close-TssSession', 
+               'Disable-TssEventPipeline', 'Disable-TssEventPipelinePolicy', 
+               'Disable-TssSecretCheckout', 'Disable-TssSecretEmail', 
+               'Disable-TssUnlimitedAdmin', 'Disable-TssUser', 
+               'Enable-TssEventPipeline', 'Enable-TssEventPipelinePolicy', 
+               'Enable-TssSecretCheckout', 'Enable-TssSecretEmail', 
+               'Enable-TssUnlimitedAdmin', 'Enable-TssUser', 
+               'Export-TssAutoExportStorageItem', 'Export-TssReport', 
+               'Find-TssFolder', 'Find-TssGroup', 'Find-TssReport', 'Find-TssSecret', 
+               'Find-TssUser', 'Get-TssConfiguration', 
+               'Get-TssConfigurationAutoExport', 'Get-TssConfigurationBackup', 
+               'Get-TssConfigurationLocalUserPassword', 
+               'Get-TssConfigurationLogin', 'Get-TssConfigurationRpc', 
+               'Get-TssConfigurationSaml', 'Get-TssConfigurationSearchIndex', 
+               'Get-TssConfigurationSecurity', 'Get-TssConfigurationSiteConnector', 
+               'Get-TssEventPipeline', 'Get-TssEventPipelinePolicy', 
+               'Get-TssEventPipelinePolicyActivity', 'Get-TssEventPipelineRun', 
+               'Get-TssFolder', 'Get-TssFolderAudit', 'Get-TssFolderPermission', 
+               'Get-TssFolderState', 'Get-TssGroup', 'Get-TssGroupMember', 
+               'Get-TssGroupRole', 'Get-TssGroupUser', 'Get-TssMetadataField', 
+               'Get-TssReport', 'Get-TssReportCategory', 'Get-TssReportParameter', 
+               'Get-TssReportSchedule', 'Get-TssRpcAssociatedSecret', 
+               'Get-TssRpcPasswordType', 'Get-TssScript', 'Get-TssSecret', 
+               'Get-TssSecretAccessRequest', 'Get-TssSecretAccessRequestOption', 
+               'Get-TssSecretAccessRequestSecret', 'Get-TssSecretAttachment', 
+               'Get-TssSecretAudit', 'Get-TssSecretDependency', 
+               'Get-TssSecretDependencyGroup', 'Get-TssSecretDependencyRunStatus', 
+               'Get-TssSecretDependencyScript', 'Get-TssSecretDependencyStub', 
+               'Get-TssSecretDependencyTemplate', 'Get-TssSecretField', 
+               'Get-TssSecretHeartbeatStatus', 'Get-TssSecretHook', 
+               'Get-TssSecretHookStub', 'Get-TssSecretPasswordStatus', 
+               'Get-TssSecretPolicy', 'Get-TssSecretSetting', 'Get-TssSecretState', 
+               'Get-TssSecretStub', 'Get-TssSecretSummary', 'Get-TssSecretTemplate', 
+               'Get-TssSecretTemplateFolder', 'Get-TssSite', 'Get-TssUser', 
+               'Get-TssUserAudit', 'Get-TssUserGroup', 'Get-TssUserOwner', 
+               'Get-TssUserRole', 'Get-TssUserRoleAssigned', 'Get-TssVersion', 
+               'Initialize-TssSdkClient', 'Invoke-TssReport', 'Invoke-TssRestApi', 
+               'Invoke-TssSecretGeneratePassword', 'Lock-TssUser', 'New-TssFolder', 
+               'New-TssFolderPermission', 'New-TssGroup', 'New-TssMetadataField', 
+               'New-TssReport', 'New-TssReportSchedule', 'New-TssScript', 
+               'New-TssSecret', 'New-TssSecretDependency', 
+               'New-TssSecretDependencyGroup', 'New-TssSecretHook', 
+               'New-TssSecretPermission', 'New-TssSecretPolicy', 
+               'New-TssSecretTemplate', 'New-TssSecretTemplateField', 
+               'New-TssSession', 'New-TssUser', 'Open-TssSecret', 
+               'Remove-TssEventPipeline', 'Remove-TssFolder', 
+               'Remove-TssFolderPermission', 'Remove-TssFolderTemplate', 
+               'Remove-TssGroupMember', 'Remove-TssMetadata', 'Remove-TssReport', 
+               'Remove-TssReportCategory', 'Remove-TssReportSchedule', 
+               'Remove-TssSecret', 'Remove-TssSecretDependency', 
+               'Remove-TssSecretHook', 'Remove-TssSecretPermission', 
+               'Remove-TssUserPii', 'Reset-TssUserPassword', 'Restore-TssSecret', 
+               'Revoke-TssSecret', 'Search-TssAutoExportStorage', 
+               'Search-TssConfigurationAudit', 'Search-TssConfigurationBackupLog', 
+               'Search-TssDirectoryServiceDomain', 
+               'Search-TssDistributedEngineSite', 'Search-TssEventPipeline', 
+               'Search-TssEventPipelinePolicy', 'Search-TssFolder', 
+               'Search-TssFolderPermission', 'Search-TssGroup', 'Search-TssMetadata', 
+               'Search-TssMetadataHistory', 'Search-TssMetadataSection', 
+               'Search-TssReport', 'Search-TssReportSchedule', 'Search-TssRole', 
+               'Search-TssRpcPasswordType', 'Search-TssScript', 'Search-TssSecret', 
+               'Search-TssSecretAccessRequest', 'Search-TssSecretDependency', 
+               'Search-TssSecretHook', 'Search-TssSecretPermission', 
+               'Search-TssSecretPolicy', 'Search-TssSecretTemplate', 
+               'Search-TssSystemLog', 'Search-TssUser', 'Search-TssWorkflowTemplate', 
+               'Set-TssConfigurationAutoExport', 'Set-TssConfigurationGeneral', 
+               'Set-TssFolder', 'Set-TssSecret', 'Set-TssSecretExpiration', 
+               'Set-TssSecretField', 'Set-TssSecretPolicy', 
+               'Set-TssSecretRpcAssociated', 'Set-TssSecretRpcPrivileged', 
+               'Set-TssSecretSecurity', 'Set-TssSecretTemplate', 
+               'Show-TssCurrentUser', 'Start-TssConfigurationBackup', 
+               'Start-TssConfigurationSearchIndex', 'Start-TssDiscovery', 
+               'Start-TssSecretChangePassword', 'Start-TssSecretDependency', 
+               'Start-TssSecretHeartbeat', 'Stop-TssSecretChangePassword', 
+               'Test-TssFolderAction', 'Test-TssSdkClient', 'Test-TssSecretAction', 
+               'Test-TssSecretState', 'Test-TssSession', 'Test-TssVersion', 
+               'Unlock-TssUser', 'Update-TssFolder', 'Update-TssFolderPermission', 
+               'Update-TssGroupMember', 'Update-TssMetadataField', 
+               'Update-TssMetadataSection', 'Update-TssSecret', 
+               'Update-TssSecretAccessRequest', 'Update-TssSecretHook', 
+               'Update-TssSecretPermission', 'Update-TssSecretRdpLauncherSetting', 
+               'Update-TssSecretTemplateField', 'Update-TssUser', 
                'Update-TssUserPassword', 'Write-TssSecretAccessRequestViewComment'
 
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

diff --git a/src/Thycotic.SecretServer/cmdlets/private/InvokeTssApiCmdlet.cs b/src/Thycotic.SecretServer/cmdlets/private/InvokeTssApiCmdlet.cs
@@ -10,7 +10,7 @@ namespace Thycotic.SecretServer.Cmdlets
     /// <para type="synopsis">Invokes the Secret Server Rest API.</para>
     /// <para type="description">Invokes the Secret Server Rest API.</para>
     /// </summary>
-    [Cmdlet(VerbsLifecycle.Invoke, "TssApi", HelpUri = "https://thycotic-ps.github.io/thycotic.secretserver/common/Invoke-TssApi")]
+    [Cmdlet(VerbsLifecycle.Invoke, "TssApi")]
     public class InvokeTssApiCmdlet : PSCmdlet
     {
         ///<summary>
@@ -39,12 +39,6 @@ public class InvokeTssApiCmdlet : PSCmdlet
         [Parameter(Position = 3)]
         public object Body { get; set; }
 
-        ///<summary>
-        ///<para type="description">Provide OTP for authentication.</para>
-        ///</summary>
-        [Parameter(Position = 3)]
-        public int OtpCode { get; set; }
-
         ///<summary>
         ///<para type="description">Specifies the file path to write the content.</para>
         ///</summary>
@@ -99,7 +93,7 @@ protected override void ProcessRecord()
             apiClient.BaseUrl = requestUri;
             apiClient.Timeout = Timeout;
 
-            if (string.IsNullOrEmpty(Proxy))
+            if (MyInvocation.BoundParameters.ContainsKey("Proxy"))
             {
                 apiClient.Proxy = new WebProxy(Proxy);
                 if (ProxyUseDefaultCredentials.IsPresent)
@@ -116,13 +110,9 @@ protected override void ProcessRecord()
             apiRequest.AddHeader("Content-Type", ContentType);
             apiRequest.AddHeader("Authorization", "Bearer " + AccessToken);
 
-            if (MyInvocation.BoundParameters.ContainsKey("OtpCode"))
-            {
-                apiRequest.AddParameter("otp", OtpCode.ToString(), ParameterType.HttpHeader);
-            }
             if (MyInvocation.BoundParameters.ContainsKey("Body"))
             {
-                apiRequest.AddParameter("application/json", Body, ParameterType.RequestBody);
+                apiRequest.AddParameter(ContentType, Body, ParameterType.RequestBody);
             }
 
             IRestResponse apiResponse = apiClient.Execute(apiRequest);

diff --git a/src/Thycotic.SecretServer/cmdlets/private/NewTssApiToken.cs b/src/Thycotic.SecretServer/cmdlets/private/NewTssApiToken.cs
@@ -0,0 +1,82 @@
+using System;
+using System.Collections.Generic;
+using System.Management.Automation;
+using System.Security;
+using System.Runtime.InteropServices;
+using System.Net;
+using RestSharp;
+
+namespace Thycotic.SecretServer
+{
+    /// <summary>
+    /// <para type="synopsis">Invokes the Secret Server OAuth2 endpoint</para>
+    /// <para type="description">Invokes the Secret Server OAuth2 endpoint</para>
+    /// </summary>
+    [Cmdlet(VerbsCommon.New, "TssApiToken")]
+    public class NameCmdlet : PSCmdlet
+    {
+        [Parameter(Mandatory = true, Position = 0)]
+        public string Uri { get; set; }
+
+        [Parameter(Mandatory = true, Position = 1)]
+        public string Username { get; set; }
+
+        [Parameter(Mandatory = true, Position = 2)]
+        public SecureString Password { get; set; }
+
+        [Parameter(Position = 3)]
+        public int OtpCode { get; set; }
+
+        [Parameter(Position = 4)]
+        public SwitchParameter UseDefaultCredential { get; set; }
+
+        [Parameter(Position = 5)]
+        public string Proxy { get; set; }
+
+        [Parameter(Position = 6)]
+        public PSCredential ProxyCredential { get; set; }
+
+        [Parameter(Position = 7)]
+        public SwitchParameter ProxyUseDefaultCredentials { get; set; }
+
+        [Parameter(Position = 8)]
+        public int Timeout { get; set; } = 0;
+
+        protected override void ProcessRecord()
+        {
+            Uri requestUri = new Uri(Uri);
+            var apiClient = new RestClient();
+            apiClient.BaseUrl = requestUri;
+            apiClient.Timeout = Timeout;
+
+            if (string.IsNullOrEmpty(Proxy))
+            {
+                apiClient.Proxy = new WebProxy(Proxy);
+                if (ProxyUseDefaultCredentials.IsPresent)
+                {
+                    apiClient.Proxy.Credentials = System.Net.CredentialCache.DefaultCredentials;
+                }
+                if (MyInvocation.BoundParameters.ContainsKey("ProxyCredential"))
+                {
+                    apiClient.Proxy.Credentials = new NetworkCredential(ProxyCredential.UserName, ProxyCredential.Password);
+                }
+            }
+
+            var apiRequest = new RestRequest(Method.POST);
+            apiRequest.AddHeader("Content-Type", "application/x-www-form-urlencoded");
+
+            if (MyInvocation.BoundParameters.ContainsKey("OtpCode"))
+            {
+                apiRequest.AddParameter("otp", OtpCode.ToString(), ParameterType.HttpHeader);
+            }
+
+            var dPassword = Marshal.PtrToStringAuto(Marshal.SecureStringToBSTR(Password));
+            apiRequest.AddParameter("username", Username);
+            apiRequest.AddParameter("password", dPassword);
+            apiRequest.AddParameter("grant_type", "password");
+
+            IRestResponse apiResponse = apiClient.Execute(apiRequest);
+            WriteObject(apiResponse);
+        }
+    }
+}