@pnp/cli-microsoft365 10.0.0-beta.48e9f7d → 10.0.0-beta.e925c1c

package/dist/Auth.js

@@ -4,7 +4,6 @@ import { CommandError } from './Command.js';
 import { FileTokenStorage } from './auth/FileTokenStorage.js';
 import { msalCachePlugin } from './auth/msalCachePlugin.js';
 import { cli } from './cli/cli.js';
-import config from './config.js';
 import request from './request.js';
 import { settingsNames } from './settingsNames.js';
 import * as accessTokenUtil from './utils/accessToken.js';
@@ -22,10 +21,10 @@ export class Connection {
         this.active = false;
         this.authType = AuthType.DeviceCode;
         this.certificateType = CertificateType.Unknown;
+        // ID of the tenant where the Microsoft Entra app is registered; common if multi-tenant
+        this.tenant = 'common';
         this.cloudType = CloudType.Public;
         this.accessTokens = {};
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
         this.cloudType = CloudType.Public;
     }
     deactivate() {
@@ -44,18 +43,18 @@ export class Connection {
         this.thumbprint = undefined;
         this.spoUrl = undefined;
         this.spoTenantId = undefined;
-        this.appId = config.cliEntraAppId;
-        this.tenant = config.tenant;
+        this.appId = cli.getClientId();
+        this.tenant = cli.getTenant();
     }
 }
 export var AuthType;
 (function (AuthType) {
-    AuthType[AuthType["DeviceCode"] = 0] = "DeviceCode";
-    AuthType[AuthType["Password"] = 1] = "Password";
-    AuthType[AuthType["Certificate"] = 2] = "Certificate";
-    AuthType[AuthType["Identity"] = 3] = "Identity";
-    AuthType[AuthType["Browser"] = 4] = "Browser";
-    AuthType[AuthType["Secret"] = 5] = "Secret";
+    AuthType["DeviceCode"] = "deviceCode";
+    AuthType["Password"] = "password";
+    AuthType["Certificate"] = "certificate";
+    AuthType["Identity"] = "identity";
+    AuthType["Browser"] = "browser";
+    AuthType["Secret"] = "secret";
 })(AuthType || (AuthType = {}));
 export var CertificateType;
 (function (CertificateType) {
@@ -702,7 +701,7 @@ export class Auth {
         const details = {
             connectionName: connection.name,
             connectedAs: connection.identityName,
-            authType: AuthType[connection.authType],
+            authType: connection.authType,
             appId: connection.appId,
             appTenant: connection.tenant,
             cloudType: CloudType[connection.cloudType]

package/dist/cli/cli.js

@@ -59,6 +59,12 @@ function getSettingWithDefaultValue(settingName, defaultValue) {
         return configuredValue;
     }
 }
+function getClientId() {
+    return cli.getSettingWithDefaultValue(settingsNames.clientId, process.env.CLIMICROSOFT365_ENTRAAPPID);
+}
+function getTenant() {
+    return cli.getSettingWithDefaultValue(settingsNames.tenantId, process.env.CLIMICROSOFT365_TENANT || 'common');
+}
 async function execute(rawArgs) {
     const start = process.hrtime.bigint();
     // for completion commands we also need information about commands' options
@@ -837,6 +843,11 @@ async function promptForConfirmation(config) {
     await cli.error('');
     return answer;
 }
+async function promptForInput(config) {
+    const answer = await prompt.forInput(config);
+    await cli.error('');
+    return answer;
+}
 async function handleMultipleResultsFound(message, values) {
     const prompt = cli.getSettingWithDefaultValue(settingsNames.prompt, true);
     if (!prompt) {
@@ -871,7 +882,9 @@ export const cli = {
     closeWithError,
     commands,
     commandToExecute,
+    getClientId,
     getConfig,
+    getTenant,
     currentCommandName,
     error,
     execute,
@@ -890,6 +903,7 @@ export const cli = {
     optionsFromArgs,
     printAvailableCommands,
     promptForConfirmation,
+    promptForInput,
     promptForSelection,
     promptForValue,
     shouldTrimOutput,

package/dist/config.js

@@ -1,10 +1,65 @@
-import { app } from "./utils/app.js";
-const cliEntraAppId = '31359c7f-bd7e-475c-86db-fdb8c937548e';
+import { app } from './utils/app.js';
 export default {
+    allScopes: [
+        'https://graph.windows.net/Directory.AccessAsUser.All',
+        'https://management.azure.com/user_impersonation',
+        'https://admin.services.crm.dynamics.com/user_impersonation',
+        'https://graph.microsoft.com/AppCatalog.ReadWrite.All',
+        'https://graph.microsoft.com/AuditLog.Read.All',
+        'https://graph.microsoft.com/Bookings.Read.All',
+        'https://graph.microsoft.com/Calendars.Read',
+        'https://graph.microsoft.com/ChannelMember.ReadWrite.All',
+        'https://graph.microsoft.com/ChannelMessage.Read.All',
+        'https://graph.microsoft.com/ChannelMessage.ReadWrite',
+        'https://graph.microsoft.com/ChannelMessage.Send',
+        'https://graph.microsoft.com/ChannelSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Chat.ReadWrite',
+        'https://graph.microsoft.com/Directory.AccessAsUser.All',
+        'https://graph.microsoft.com/Directory.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalConnection.ReadWrite.All',
+        'https://graph.microsoft.com/ExternalItem.ReadWrite.All',
+        'https://graph.microsoft.com/Group.ReadWrite.All',
+        'https://graph.microsoft.com/IdentityProvider.ReadWrite.All',
+        'https://graph.microsoft.com/InformationProtectionPolicy.Read',
+        'https://graph.microsoft.com/Mail.Read.Shared',
+        'https://graph.microsoft.com/Mail.ReadWrite',
+        'https://graph.microsoft.com/Mail.Send',
+        'https://graph.microsoft.com/Notes.ReadWrite.All',
+        'https://graph.microsoft.com/OnlineMeetingArtifact.Read.All',
+        'https://graph.microsoft.com/OnlineMeetings.ReadWrite',
+        'https://graph.microsoft.com/OnlineMeetingTranscript.Read.All',
+        'https://graph.microsoft.com/PeopleSettings.ReadWrite.All',
+        'https://graph.microsoft.com/Place.Read.All',
+        'https://graph.microsoft.com/Policy.Read.All',
+        'https://graph.microsoft.com/RecordsManagement.ReadWrite.All',
+        'https://graph.microsoft.com/Reports.Read.All',
+        'https://graph.microsoft.com/RoleAssignmentSchedule.ReadWrite.Directory',
+        'https://graph.microsoft.com/RoleEligibilitySchedule.Read.Directory',
+        'https://graph.microsoft.com/SecurityEvents.Read.All',
+        'https://graph.microsoft.com/ServiceHealth.Read.All',
+        'https://graph.microsoft.com/ServiceMessage.Read.All',
+        'https://graph.microsoft.com/ServiceMessageViewpoint.Write',
+        'https://graph.microsoft.com/Sites.Read.All',
+        'https://graph.microsoft.com/Tasks.ReadWrite',
+        'https://graph.microsoft.com/Team.Create',
+        'https://graph.microsoft.com/TeamMember.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsAppInstallation.ReadWriteForUser',
+        'https://graph.microsoft.com/TeamSettings.ReadWrite.All',
+        'https://graph.microsoft.com/TeamsTab.ReadWrite.All',
+        'https://graph.microsoft.com/User.Invite.All',
+        'https://manage.office.com/ActivityFeed.Read',
+        'https://manage.office.com/ServiceHealth.Read',
+        'https://analysis.windows.net/powerbi/api/Dataset.Read.All',
+        'https://api.powerapps.com//User',
+        'https://microsoft.sharepoint-df.com/AllSites.FullControl',
+        'https://microsoft.sharepoint-df.com/TermStore.ReadWrite.All',
+        'https://microsoft.sharepoint-df.com/User.ReadWrite.All'
+    ],
     applicationName: `CLI for Microsoft 365 v${app.packageJson().version}`,
     delimiter: 'm365\$',
-    cliEntraAppId: process.env.CLIMICROSOFT365_ENTRAAPPID || cliEntraAppId,
-    tenant: process.env.CLIMICROSOFT365_TENANT || 'common',
-    configstoreName: 'cli-m365-config'
+    configstoreName: 'cli-m365-config',
+    minimalScopes: [
+        'https://graph.microsoft.com/User.Read'
+    ]
 };
 //# sourceMappingURL=config.js.map

package/dist/m365/base/SpoCommand.js

@@ -94,7 +94,7 @@ export default class SpoCommand extends Command {
         catch (error) {
             throw new CommandError(error);
         }
-        if (auth.connection.active && AuthType[auth.connection.authType] === AuthType[AuthType.Secret]) {
+        if (auth.connection.active && auth.connection.authType === AuthType.Secret) {
             throw new CommandError(`SharePoint does not support authentication using client ID and secret. Please use a different login type to use SharePoint commands.`);
         }
         await super.action(logger, args);

package/dist/m365/cli/commands/cli-consent.js

@@ -4,7 +4,7 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConsentCommand_instances, _CliConsentCommand_initTelemetry, _CliConsentCommand_initOptions, _CliConsentCommand_initValidators;
-import config from '../../../config.js';
+import { cli } from '../../../cli/cli.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
 import commands from '../commands.js';
 class CliConsentCommand extends AnonymousCommand {
@@ -26,7 +26,7 @@ class CliConsentCommand extends AnonymousCommand {
         if (args.options.service === 'VivaEngage') {
             scope = 'https://api.yammer.com/user_impersonation';
         }
-        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${config.tenant}/oauth2/v2.0/authorize?client_id=${config.cliEntraAppId}&response_type=code&scope=${encodeURIComponent(scope)}`);
+        await logger.log(`To consent permissions for executing ${args.options.service} commands, navigate in your web browser to https://login.microsoftonline.com/${cli.getTenant()}/oauth2/v2.0/authorize?client_id=${cli.getClientId()}&response_type=code&scope=${encodeURIComponent(scope)}`);
     }
     async action(logger, args) {
         await this.initAction(args, logger);

package/dist/m365/cli/commands/cli-doctor.js

@@ -1,5 +1,5 @@
 import os from 'os';
-import auth, { AuthType } from '../../../Auth.js';
+import auth from '../../../Auth.js';
 import { cli } from '../../../cli/cli.js';
 import Command from '../../../Command.js';
 import { app } from '../../../utils/app.js';
@@ -33,7 +33,7 @@ class CliDoctorCommand extends Command {
             nodeVersion: process.version,
             cliAadAppId: auth.connection.appId,
             cliAadAppTenant: validation.isValidGuid(auth.connection.tenant) ? 'single' : auth.connection.tenant,
-            authMode: AuthType[auth.connection.authType],
+            authMode: auth.connection.authType,
             cliEnvironment: process.env.CLIMICROSOFT365_ENV ? process.env.CLIMICROSOFT365_ENV : '',
             cliConfig: cli.getConfig().all,
             roles: roles,

package/dist/m365/cli/commands/cli-reconsent.js

@@ -1,5 +1,4 @@
 import { cli } from '../../../cli/cli.js';
-import config from '../../../config.js';
 import { settingsNames } from '../../../settingsNames.js';
 import { browserUtil } from '../../../utils/browserUtil.js';
 import AnonymousCommand from '../../base/AnonymousCommand.js';
@@ -12,9 +11,9 @@ class CliReconsentCommand extends AnonymousCommand {
         return 'Returns URL to open in the browser to re-consent CLI for Microsoft 365 Microsoft Entra permissions';
     }
     async commandAction(logger) {
-        const url = `https://login.microsoftonline.com/${config.tenant}/oauth2/authorize?client_id=${config.cliEntraAppId}&response_type=code&prompt=admin_consent`;
+        const url = `https://login.microsoftonline.com/${cli.getTenant()}/oauth2/authorize?client_id=${cli.getClientId()}&response_type=code&prompt=admin_consent`;
         if (cli.getSettingWithDefaultValue(settingsNames.autoOpenLinksInBrowser, false) === false) {
-            await logger.log(`To re-consent the PnP Microsoft 365 Management Shell Microsoft Entra application navigate in your web browser to ${url}`);
+            await logger.log(`To re-consent your Microsoft Entra application, navigate in your web browser to ${url}.`);
             return;
         }
         await logger.log(`Opening the following page in your browser: ${url}`);

package/dist/m365/cli/commands/config/config-set.js

@@ -4,8 +4,10 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _CliConfigSetCommand_instances, _a, _CliConfigSetCommand_initTelemetry, _CliConfigSetCommand_initOptions, _CliConfigSetCommand_initValidators;
+import { AuthType } from "../../../../Auth.js";
 import { cli } from "../../../../cli/cli.js";
 import { settingsNames } from "../../../../settingsNames.js";
+import { validation } from "../../../../utils/validation.js";
 import AnonymousCommand from "../../../base/AnonymousCommand.js";
 import commands from "../../commands.js";
 class CliConfigSetCommand extends AnonymousCommand {
@@ -82,15 +84,22 @@ _a = CliConfigSetCommand, _CliConfigSetCommand_instances = new WeakSet(), _CliCo
             cli.helpModes.indexOf(args.options.value) === -1) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpModes.join(', ')}`;
         }
-        const allowedAuthTypes = ['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret'];
         if (args.options.key === settingsNames.authType &&
-            allowedAuthTypes.indexOf(args.options.value) === -1) {
-            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${allowedAuthTypes.join(', ')}`;
+            !Object.values(AuthType).map(String).includes(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${Object.values(AuthType).join(', ')}`;
         }
         if (args.options.key === settingsNames.helpTarget &&
             !cli.helpTargets.includes(args.options.value)) {
             return `${args.options.value} is not a valid value for the option ${args.options.key}. Allowed values: ${cli.helpTargets.join(', ')}`;
         }
+        if (args.options.key === settingsNames.clientId &&
+            !validation.isValidGuid(args.options.value)) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID.`;
+        }
+        if (args.options.key === settingsNames.tenantId &&
+            !(args.options.value === 'common' || validation.isValidGuid(args.options.value))) {
+            return `${args.options.value} is not a valid value for the option ${args.options.key}. The value has to be a valid GUID or 'common'.`;
+        }
         return true;
     });
 };

package/dist/m365/commands/login.js

@@ -3,13 +3,12 @@ import { z } from 'zod';
 import auth, { AuthType, CloudType } from '../../Auth.js';
 import Command, { CommandError, globalOptionsZod } from '../../Command.js';
 import { cli } from '../../cli/cli.js';
-import config from '../../config.js';
 import { settingsNames } from '../../settingsNames.js';
 import { zod } from '../../utils/zod.js';
 import commands from './commands.js';
 const options = globalOptionsZod
     .extend({
-    authType: zod.alias('t', z.enum(['certificate', 'deviceCode', 'password', 'identity', 'browser', 'secret']).optional()),
+    authType: zod.alias('t', z.nativeEnum(AuthType).optional()),
     cloud: z.nativeEnum(CloudType).optional().default(CloudType.Public),
     userName: zod.alias('u', z.string().optional()),
     password: zod.alias('p', z.string().optional()),
@@ -37,6 +36,9 @@ class LoginCommand extends Command {
     }
     getRefinedSchema(schema) {
         return schema
+            .refine(options => typeof options.appId !== 'undefined' || cli.getConfig().get(settingsNames.clientId), {
+            message: `appId is required. TIP: use the "m365 setup" command to configure the default appId`
+        })
             .refine(options => options.authType !== 'password' || options.userName, {
             message: 'Username is required when using password authentication',
             path: ['userName']
@@ -49,11 +51,17 @@ class LoginCommand extends Command {
             message: 'Specify either certificateFile or certificateBase64Encoded, but not both.',
             path: ['certificateBase64Encoded']
         })
-            .refine(options => options.authType !== 'certificate' || options.certificateFile || options.certificateBase64Encoded, {
+            .refine(options => options.authType !== 'certificate' ||
+            options.certificateFile ||
+            options.certificateBase64Encoded ||
+            cli.getConfig().get(settingsNames.clientCertificateFile) ||
+            cli.getConfig().get(settingsNames.clientCertificateBase64Encoded), {
             message: 'Specify either certificateFile or certificateBase64Encoded',
             path: ['certificateFile']
         })
-            .refine(options => options.authType !== 'secret' || options.secret, {
+            .refine(options => options.authType !== 'secret' ||
+            options.secret ||
+            cli.getConfig().get(settingsNames.clientSecret), {
             message: 'Secret is required when using secret authentication',
             path: ['secret']
         });
@@ -64,13 +72,24 @@ class LoginCommand extends Command {
             await logger.logToStderr(`Logging out from Microsoft 365...`);
         }
         const deactivate = () => auth.connection.deactivate();
+        const getCertificate = (options) => {
+            // command args take precedence over settings
+            if (options.certificateFile) {
+                return fs.readFileSync(options.certificateFile).toString('base64');
+            }
+            if (options.certificateBase64Encoded) {
+                return options.certificateBase64Encoded;
+            }
+            return cli.getConfig().get(settingsNames.clientCertificateFile) ||
+                cli.getConfig().get(settingsNames.clientCertificateBase64Encoded);
+        };
         const login = async () => {
             if (this.verbose) {
                 await logger.logToStderr(`Signing in to Microsoft 365...`);
             }
             const authType = args.options.authType || cli.getSettingWithDefaultValue(settingsNames.authType, 'deviceCode');
-            auth.connection.appId = args.options.appId || config.cliEntraAppId;
-            auth.connection.tenant = args.options.tenant || config.tenant;
+            auth.connection.appId = args.options.appId || cli.getClientId();
+            auth.connection.tenant = args.options.tenant || cli.getTenant();
             auth.connection.name = args.options.connectionName;
             switch (authType) {
                 case 'password':
@@ -80,9 +99,9 @@ class LoginCommand extends Command {
                     break;
                 case 'certificate':
                     auth.connection.authType = AuthType.Certificate;
-                    auth.connection.certificate = args.options.certificateBase64Encoded ? args.options.certificateBase64Encoded : fs.readFileSync(args.options.certificateFile, 'base64');
+                    auth.connection.certificate = getCertificate(args.options);
                     auth.connection.thumbprint = args.options.thumbprint;
-                    auth.connection.password = args.options.password;
+                    auth.connection.password = args.options.password || cli.getConfig().get(settingsNames.clientCertificatePassword);
                     break;
                 case 'identity':
                     auth.connection.authType = AuthType.Identity;
@@ -93,7 +112,7 @@ class LoginCommand extends Command {
                     break;
                 case 'secret':
                     auth.connection.authType = AuthType.Secret;
-                    auth.connection.secret = args.options.secret;
+                    auth.connection.secret = args.options.secret || cli.getConfig().get(settingsNames.clientSecret);
                     break;
             }
             auth.connection.cloudType = args.options.cloud;