@pnp/cli-microsoft365 10.8.0-beta.708bf27 → 10.8.0-beta.a51d886

package/dist/Auth.js

@@ -562,19 +562,93 @@ export class Auth {
         if (debug) {
             await logger.logToStderr('Trying to retrieve access token using federated identity...');
         }
-        if (!process.env.ACTIONS_ID_TOKEN_REQUEST_URL || !process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN) {
-            throw new CommandError('Federated identity is currently only supported in GitHub Actions.');
+        if (process.env.ACTIONS_ID_TOKEN_REQUEST_URL && process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN) {
+            if (debug) {
+                await logger.logToStderr('ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN env variables found. The context is GitHub Actions...');
+            }
+            const federationToken = await this.getFederationTokenFromGithub(logger, debug);
+            return this.getAccessTokenWithFederatedToken(resource, federationToken, logger, debug);
+        }
+        else if (process.env.SYSTEM_OIDCREQUESTURI) {
+            if (debug) {
+                await logger.logToStderr('SYSTEM_OIDCREQUESTURI env variable found. The context is Azure DevOps...');
+            }
+            if (!process.env.SYSTEM_ACCESSTOKEN) {
+                throw new CommandError(`The SYSTEM_ACCESSTOKEN environment variable is not available. Please check the Azure DevOps pipeline task configuration. It should contain 'SYSTEM_ACCESSTOKEN: $(System.AccessToken)' in the env section.`);
+            }
+            const serviceConnectionId = process.env.AZURESUBSCRIPTION_SERVICE_CONNECTION_ID;
+            const serviceConnectionAppId = process.env.AZURESUBSCRIPTION_CLIENT_ID;
+            const serviceConnectionTenantId = process.env.AZURESUBSCRIPTION_TENANT_ID;
+            const useServiceConnection = serviceConnectionId && serviceConnectionAppId && serviceConnectionTenantId;
+            if (!useServiceConnection) {
+                if (debug) {
+                    await logger.logToStderr('Not using a service connection. Run this command in an AzurePowerShell task to be able to use a service connection.');
+                }
+                if (!this.connection.appId || this.connection.tenant === 'common') {
+                    throw new CommandError('The appId and tenant parameters are required when not using a service connection.');
+                }
+            }
+            else {
+                if (debug) {
+                    if (this.connection.appId || this.connection.tenant !== 'common') {
+                        await logger.logToStderr('When using a service connection, the appId and tenant values are updated to the values of the service connection.');
+                    }
+                    await logger.logToStderr(`Using service connection '${serviceConnectionId}' with app Id '${serviceConnectionAppId}' and tenant Id '${serviceConnectionTenantId}'...`);
+                }
+                this.connection.appId = serviceConnectionAppId;
+                this.connection.tenant = serviceConnectionTenantId;
+            }
+            const federationToken = await this.getFederationTokenFromAzureDevOps(logger, debug, serviceConnectionId);
+            return this.getAccessTokenWithFederatedToken(resource, federationToken, logger, debug);
+        }
+        else {
+            throw new CommandError('Federated identity is currently only supported in GitHub Actions and Azure DevOps.');
+        }
+    }
+    async getFederationTokenFromGithub(logger, debug) {
+        if (debug) {
+            await logger.logToStderr('Retrieving GitHub federation token...');
+        }
+        const requestOptions = {
+            url: `${process.env.ACTIONS_ID_TOKEN_REQUEST_URL}&audience=${encodeURIComponent('api://AzureADTokenExchange')}`,
+            headers: {
+                Authorization: `Bearer ${process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN}`,
+                Accept: 'application/json',
+                'x-anonymous': true
+            },
+            responseType: 'json'
+        };
+        const accessTokenResponse = await request.get(requestOptions);
+        return accessTokenResponse.value;
+    }
+    async getFederationTokenFromAzureDevOps(logger, debug, serviceConnectionId) {
+        if (debug) {
+            await logger.logToStderr('Retrieving Azure DevOps federation token...');
         }
+        const urlSuffix = serviceConnectionId ? `&serviceConnectionId=${serviceConnectionId}` : '';
+        const requestOptions = {
+            url: `${process.env.SYSTEM_OIDCREQUESTURI}?api-version=7.1${urlSuffix}`,
+            headers: {
+                Authorization: `Bearer ${process.env.SYSTEM_ACCESSTOKEN}`,
+                Accept: 'application/json',
+                'Content-Type': 'application/json',
+                'x-anonymous': true
+            },
+            responseType: 'json'
+        };
+        const accessTokenResponse = await request.post(requestOptions);
+        return accessTokenResponse.oidcToken;
+    }
+    async getAccessTokenWithFederatedToken(resource, federatedToken, logger, debug) {
         if (debug) {
-            await logger.logToStderr('ACTIONS_ID_TOKEN_REQUEST_URL and ACTIONS_ID_TOKEN_REQUEST_TOKEN env variables found. The context is GitHub Actions...');
+            await logger.logToStderr('Retrieving Entra ID Access Token with federated token...');
         }
-        const federationToken = await this.getFederationTokenFromGithub(logger, debug);
         const queryParams = [
             'grant_type=client_credentials',
             `scope=${encodeURIComponent(`${resource}/.default`)}`,
             `client_id=${this.connection.appId}`,
             `client_assertion_type=${encodeURIComponent('urn:ietf:params:oauth:client-assertion-type:jwt-bearer')}`,
-            `client_assertion=${federationToken}`
+            `client_assertion=${federatedToken}`
         ];
         const requestOptions = {
             url: `https://login.microsoftonline.com/${this.connection.tenant}/oauth2/v2.0/token`,
@@ -587,27 +661,13 @@ export class Auth {
             responseType: 'json'
         };
         const accessTokenResponse = await request.post(requestOptions);
+        const expiresIn = parseInt(accessTokenResponse.expires_in) * 1000;
+        const now = new Date();
         return {
             accessToken: accessTokenResponse.access_token,
-            expiresOn: new Date(parseInt(accessTokenResponse.expires_on) * 1000)
+            expiresOn: new Date(now.getTime() + expiresIn)
         };
     }
-    async getFederationTokenFromGithub(logger, debug) {
-        if (debug) {
-            await logger.logToStderr('Retrieving GitHub federation token...');
-        }
-        const requestOptions = {
-            url: `${process.env.ACTIONS_ID_TOKEN_REQUEST_URL}&audience=${encodeURIComponent('api://AzureADTokenExchange')}`,
-            headers: {
-                Authorization: `Bearer ${process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN}`,
-                accept: 'application/json',
-                'x-anonymous': true
-            },
-            responseType: 'json'
-        };
-        const accessTokenResponse = await request.get(requestOptions);
-        return accessTokenResponse.value;
-    }
     async ensureAccessTokenWithSecret(resource, logger, debug, fetchNew) {
         this.clientApplication = await this.getConfidentialClient(logger, debug, undefined, undefined, this.connection.secret);
         return this.clientApplication.acquireTokenByClientCredential({

package/dist/m365/commands/login.js

@@ -37,7 +37,7 @@ class LoginCommand extends Command {
     }
     getRefinedSchema(schema) {
         return schema
-            .refine(options => typeof options.appId !== 'undefined' || cli.getClientId() || options.authType === 'identity', {
+            .refine(options => typeof options.appId !== 'undefined' || cli.getClientId() || options.authType === 'identity' || options.authType === 'federatedIdentity', {
             message: `appId is required. TIP: use the "m365 setup" command to configure the default appId.`,
             path: ['appId']
         })

package/dist/m365/commands/setup.js

@@ -18,7 +18,6 @@ import { validation } from '../../utils/validation.js';
 import AnonymousCommand from '../base/AnonymousCommand.js';
 import commands from './commands.js';
 import { interactivePreset, powerShellPreset, scriptingPreset } from './setupPresets.js';
-import { optionsUtils } from '../../utils/optionsUtils.js';
 export var CliUsageMode;
 (function (CliUsageMode) {
     CliUsageMode["Interactively"] = "interactively";
@@ -228,7 +227,7 @@ class SetupCommand extends AnonymousCommand {
         });
         const appInfo = await entraApp.createAppRegistration({
             options,
-            unknownOptions: optionsUtils.getUnknownOptions(options, this.options),
+            unknownOptions: {},
             apis,
             logger,
             verbose: this.verbose,

package/dist/m365/spe/commands/container/container-permission-list.js

@@ -0,0 +1,52 @@
+import { cli } from '../../../../cli/cli.js';
+import { z } from 'zod';
+import { zod } from '../../../../utils/zod.js';
+import { globalOptionsZod } from '../../../../Command.js';
+import commands from '../../commands.js';
+import GraphCommand from '../../../base/GraphCommand.js';
+import { odata } from '../../../../utils/odata.js';
+import { formatting } from '../../../../utils/formatting.js';
+const options = globalOptionsZod
+    .extend({
+    containerId: zod.alias('i', z.string())
+})
+    .strict();
+class SpeContainerPermissionListCommand extends GraphCommand {
+    get name() {
+        return commands.CONTAINER_PERMISSION_LIST;
+    }
+    get description() {
+        return 'Lists permissions of a SharePoint Embedded Container';
+    }
+    defaultProperties() {
+        return ['id', 'userPrincipalName', 'roles'];
+    }
+    get schema() {
+        return options;
+    }
+    async commandAction(logger, args) {
+        try {
+            if (this.verbose) {
+                await logger.logToStderr(`Retrieving permissions of a SharePoint Embedded Container with id '${args.options.containerId}'...`);
+            }
+            const containerPermission = await odata.getAllItems(`${this.resource}/v1.0/storage/fileStorage/containers/${formatting.encodeQueryParameter(args.options.containerId)}/permissions`);
+            if (!cli.shouldTrimOutput(args.options.output)) {
+                await logger.log(containerPermission);
+            }
+            else {
+                await logger.log(containerPermission.map(i => {
+                    return {
+                        id: i.id,
+                        roles: i.roles.join(','),
+                        userPrincipalName: i.grantedToV2.user.userPrincipalName
+                    };
+                }));
+            }
+        }
+        catch (err) {
+            this.handleRejectedODataJsonPromise(err);
+        }
+    }
+}
+export default new SpeContainerPermissionListCommand();
+//# sourceMappingURL=container-permission-list.js.map

package/dist/m365/spe/commands.js

@@ -3,6 +3,7 @@ export default {
     CONTAINER_ACTIVATE: `${prefix} container activate`,
     CONTAINER_GET: `${prefix} container get`,
     CONTAINER_LIST: `${prefix} container list`,
+    CONTAINER_PERMISSION_LIST: `${prefix} container permission list`,
     CONTAINERTYPE_ADD: `${prefix} containertype add`,
     CONTAINERTYPE_GET: `${prefix} containertype get`,
     CONTAINERTYPE_LIST: `${prefix} containertype list`

package/dist/m365/spo/commands/page/page-section-add.js

@@ -59,19 +59,25 @@ class SpoPageSectionAddCommand extends SpoCommand {
                 };
                 await request.post(requestOptions);
             }
-            // get columns
-            const columns = canvasContent
-                .filter(c => typeof c.controlType === 'undefined');
             // get unique zoneIndex values given each section can have 1 or more
             // columns each assigned to the zoneIndex of the corresponding section
-            const zoneIndices = columns
+            const zoneIndices = canvasContent
+                // Exclude the vertical section
+                .filter(c => c.position)
                 .map(c => c.position.zoneIndex)
                 .filter((value, index, array) => {
                 return array.indexOf(value) === index;
             })
-                .sort();
-            // zoneIndex for the new section to add
-            const zoneIndex = this.getSectionIndex(zoneIndices, args.options.order);
+                .sort((a, b) => a - b);
+            // Add a new zoneIndex  at the end of the array
+            zoneIndices.push(zoneIndices.length > 0 ? zoneIndices[zoneIndices.length - 1] + 1 : 1);
+            // get section number. if not specified, get the last section
+            let section = args.options.order || zoneIndices.length;
+            if (section > zoneIndices.length) {
+                section = zoneIndices.length;
+            }
+            // zoneIndex that represents the section where the web part should be added
+            const zoneIndex = zoneIndices[section - 1];
             let zoneId;
             let backgroundControlToAdd = undefined;
             if (args.options.zoneEmphasis && ['image', 'gradient'].includes(args.options.zoneEmphasis.toLowerCase())) {
@@ -83,11 +89,17 @@ class SpoPageSectionAddCommand extends SpoCommand {
                     canvasContent.push(backgroundControlToAdd);
                 }
             }
+            // Increment the zoneIndex of all columns that are greater than or equal to the new zoneIndex
+            canvasContent.forEach((c) => {
+                if (c.position && c.position.zoneIndex >= zoneIndex) {
+                    c.position.zoneIndex += 1;
+                }
+            });
             // get the list of columns to insert based on the selected template
             const columnsToAdd = this.getColumns(zoneIndex, args, zoneId);
             // insert the column in the right place in the array so that
             // it stays sorted ascending by zoneIndex
-            let pos = canvasContent.findIndex(c => typeof c.controlType === 'undefined' && c.position && c.position.zoneIndex > zoneIndex);
+            let pos = canvasContent.findIndex(c => c.position && c.position.zoneIndex >= zoneIndex);
             if (pos === -1) {
                 pos = canvasContent.length - 1;
             }
@@ -109,21 +121,6 @@ class SpoPageSectionAddCommand extends SpoCommand {
             this.handleRejectedODataJsonPromise(err);
         }
     }
-    getSectionIndex(zoneIndices, order) {
-        // zoneIndex of the first column on the page
-        const minIndex = zoneIndices.length === 0 ? 0 : zoneIndices[0];
-        // zoneIndex of the last column on the page
-        const maxIndex = zoneIndices.length === 0 ? 0 : zoneIndices[zoneIndices.length - 1];
-        if (!order || order > zoneIndices.length) {
-            // no order specified, add section to the end
-            return maxIndex === 0 ? 1 : maxIndex * 2;
-        }
-        // add to the beginning
-        if (order === 1) {
-            return minIndex / 2;
-        }
-        return zoneIndices[order - 2] + ((zoneIndices[order - 1] - zoneIndices[order - 2]) / 2);
-    }
     getColumns(zoneIndex, args, zoneId) {
         const columns = [];
         let sectionIndex = 1;

package/docs/docs/cmd/spe/container/container-permission-list.mdx

@@ -0,0 +1,90 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# spe container permission list
+
+Lists permissions of a SharePoint Embedded Container
+
+## Usage
+
+```sh
+m365 spe container permission list [options]
+```
+
+## Options
+
+```md definition-list
+`-i, --containerId <id>`
+: The ID of the SharePoint Embedded Container.
+```
+
+<Global />
+
+## Examples
+
+Lists Container permissions.
+
+```sh
+m365 spe container permission list --containerId "b!ISJs1WRro0y0EWgkUYcktDa0mE8zSlFEqFzqRn70Zwp1CEtDEBZgQICPkRbil_5Z"
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  [
+    {
+      "id": "X2k6MCMuZnxtZW1iZXJzaGlwfGRlYnJhYkBuYWNoYW4zNjUub25taWNyb3NvZnQuY29t",
+      "roles": [
+        "owner"
+      ],
+      "grantedToV2": {
+        "user": {
+          "displayName": "John Doe",
+          "email": "john.doe@contoso.onmicrosoft.com",
+          "userPrincipalName": "john.doe@contoso.onmicrosoft.com"
+        }
+      }
+    }
+  ]
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  id                                                                    userPrincipalName                 roles
+  --------------------------------------------------------------------  --------------------------------  ------
+  X2k6MCMuZnxtZW1iZXJzaGlwfGRlYnJhYkBuYWNoYW4zNjUub25taWNyb3NvZnQuY29t  john.doe@contoso.onmicrosoft.com  owner
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,roles,userPrincipalName
+  X2k6MCMuZnxtZW1iZXJzaGlwfGRlYnJhYkBuYWNoYW4zNjUub25taWNyb3NvZnQuY29t,owner,john.doe@contoso.onmicrosoft.com
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # spe container permission list --containerId "b!ISJs1WRro0y0EWgkUYcktDa0mE8zSlFEqFzqRn70Zwp1CEtDEBZgQICPkRbil_5Z"
+
+  Date: 3/3/2025
+
+  ## X2k6MCMuZnxtZW1iZXJzaGlwfGRlYnJhYkBuYWNoYW4zNjUub25taWNyb3NvZnQuY29t
+
+  Property | Value
+  ---------|-------
+  id | X2k6MCMuZnxtZW1iZXJzaGlwfGRlYnJhYkBuYWNoYW4zNjUub25taWNyb3NvZnQuY29t
+  roles | owner
+  userPrincipalName | john.doe@contoso.onmicrosoft.com
+  ```
+
+  </TabItem>
+</Tabs>

package/docs/docs/cmd/spo/field/field-get.mdx

@@ -32,7 +32,6 @@ m365 spo field get [options]
 
 `-t, --title [title]`
 : The display name (case-sensitive) of the field to retrieve. Specify either `id`, `title` or `internalName`.
-```
 
 `--internalName [internalName]`
 : The internal name (case-sensitive) of the field to retrieve. Specify either `id`, `title` or `internalName`.