@pnp/cli-microsoft365 4.2.0-beta.eca91f0 → 4.3.0-beta.4655645
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.devcontainer/Dockerfile +2 -2
- package/.eslintrc.js +1 -0
- package/README.md +1 -1
- package/dist/Utils.js +3 -0
- package/dist/appInsights.js +5 -2
- package/dist/cli/Cli.js +26 -4
- package/dist/m365/aad/commands/app/app-add.js +58 -5
- package/dist/m365/aad/commands/app/app-get.js +97 -0
- package/dist/m365/aad/commands/o365group/{GroupUser.js → GroupExtended.js} +1 -1
- package/dist/m365/aad/commands/o365group/o365group-add.js +56 -50
- package/dist/m365/aad/commands/o365group/o365group-user-set.js +3 -3
- package/dist/m365/aad/commands/oauth2grant/oauth2grant-add.js +5 -8
- package/dist/m365/aad/commands/oauth2grant/oauth2grant-set.js +3 -3
- package/dist/m365/aad/commands/sp/sp-add.js +107 -0
- package/dist/m365/aad/commands/user/user-get.js +33 -6
- package/dist/m365/aad/commands/user/user-password-validate.js +42 -0
- package/dist/m365/aad/commands.js +3 -0
- package/dist/m365/app/commands/permission/permission-list.js +266 -0
- package/dist/m365/app/commands.js +7 -0
- package/dist/m365/base/AppCommand.js +76 -0
- package/dist/m365/{aad/commands/o365group/Group.js → base/M365RcJson.js} +1 -1
- package/dist/m365/cli/commands/cli-doctor.js +2 -0
- package/dist/m365/file/commands/file-add.js +32 -13
- package/dist/m365/file/commands/file-list.js +181 -0
- package/dist/m365/file/commands.js +2 -1
- package/dist/m365/pa/commands/app/app-list.js +28 -1
- package/dist/m365/planner/commands/task/task-add.js +288 -0
- package/dist/m365/planner/commands.js +1 -0
- package/dist/m365/search/commands/externalconnection/externalconnection-add.js +99 -0
- package/dist/m365/search/commands.js +7 -0
- package/dist/m365/spfx/commands/project/project-upgrade/rules/FN006005_CFG_PS_metadata.js +63 -0
- package/dist/m365/spfx/commands/project/project-upgrade/rules/FN006006_CFG_PS_features.js +60 -0
- package/dist/m365/spfx/commands/project/project-upgrade/upgrade-1.13.1.js +53 -0
- package/dist/m365/spfx/commands/project/project-upgrade/upgrade-1.14.0-beta.4.js +57 -0
- package/dist/m365/spfx/commands/project/project-upgrade.js +17 -13
- package/dist/m365/spfx/commands/spfx-doctor.js +176 -62
- package/dist/m365/spo/commands/contenttype/contenttype-list.js +52 -0
- package/dist/m365/spo/commands/list/list-get.js +6 -2
- package/dist/m365/spo/commands/listitem/listitem-attachment-list.js +90 -0
- package/dist/m365/spo/commands/page/Page.js +3 -1
- package/dist/m365/spo/commands/page/page-add.js +7 -10
- package/dist/m365/spo/commands/page/page-set.js +7 -10
- package/dist/m365/spo/commands/site/site-ensure.js +1 -1
- package/dist/m365/spo/commands/site/site-remove.js +98 -30
- package/dist/m365/spo/commands/web/web-installedlanguage-list.js +48 -0
- package/dist/m365/spo/commands.js +4 -1
- package/dist/m365/teams/commands/message/message-get.js +1 -1
- package/dist/m365/teams/commands/report/report-directroutingcalls.js +1 -1
- package/dist/m365/teams/commands/report/report-pstncalls.js +1 -1
- package/dist/request.js +9 -4
- package/docs/docs/cmd/_global.md +2 -2
- package/docs/docs/cmd/aad/app/app-add.md +11 -0
- package/docs/docs/cmd/aad/app/app-get.md +48 -0
- package/docs/docs/cmd/aad/o365group/o365group-add.md +1 -0
- package/docs/docs/cmd/aad/oauth2grant/oauth2grant-set.md +3 -2
- package/docs/docs/cmd/aad/sp/sp-add.md +53 -0
- package/docs/docs/cmd/aad/user/user-get.md +13 -4
- package/docs/docs/cmd/aad/user/user-password-validate.md +29 -0
- package/docs/docs/cmd/app/permission/permission-list.md +36 -0
- package/docs/docs/cmd/file/file-add.md +11 -0
- package/docs/docs/cmd/file/file-list.md +46 -0
- package/docs/docs/cmd/pa/app/app-list.md +17 -1
- package/docs/docs/cmd/planner/task/task-add.md +78 -0
- package/docs/docs/cmd/search/externalconnection/externalconnection-add.md +43 -0
- package/docs/docs/cmd/spfx/project/project-externalize.md +1 -1
- package/docs/docs/cmd/spfx/project/project-rename.md +1 -1
- package/docs/docs/cmd/spfx/project/project-upgrade.md +1 -1
- package/docs/docs/cmd/spfx/spfx-doctor.md +1 -1
- package/docs/docs/cmd/spo/contenttype/contenttype-list.md +33 -0
- package/docs/docs/cmd/spo/list/list-get.md +9 -0
- package/docs/docs/cmd/spo/listitem/listitem-attachment-list.md +39 -0
- package/docs/docs/cmd/spo/page/page-add.md +2 -2
- package/docs/docs/cmd/spo/page/page-set.md +3 -3
- package/docs/docs/cmd/spo/site/site-remove.md +3 -1
- package/docs/docs/cmd/spo/web/web-installedlanguage-list.md +24 -0
- package/docs/docs/cmd/teams/message/message-get.md +0 -3
- package/docs/docs/cmd/teams/report/report-directroutingcalls.md +0 -3
- package/docs/docs/cmd/teams/report/report-pstncalls.md +4 -3
- package/npm-shrinkwrap.json +1050 -1568
- package/package.json +30 -24
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const request_1 = require("../../../../request");
|
|
4
|
+
const Utils_1 = require("../../../../Utils");
|
|
5
|
+
const GraphCommand_1 = require("../../../base/GraphCommand");
|
|
6
|
+
const commands_1 = require("../../commands");
|
|
7
|
+
class AadSpAddCommand extends GraphCommand_1.default {
|
|
8
|
+
get name() {
|
|
9
|
+
return commands_1.default.SP_ADD;
|
|
10
|
+
}
|
|
11
|
+
get description() {
|
|
12
|
+
return 'Adds a service principal to a registered Azure AD app';
|
|
13
|
+
}
|
|
14
|
+
getTelemetryProperties(args) {
|
|
15
|
+
const telemetryProps = super.getTelemetryProperties(args);
|
|
16
|
+
telemetryProps.appId = (!(!args.options.appId)).toString();
|
|
17
|
+
telemetryProps.appName = (!(!args.options.appName)).toString();
|
|
18
|
+
telemetryProps.objectId = (!(!args.options.objectId)).toString();
|
|
19
|
+
return telemetryProps;
|
|
20
|
+
}
|
|
21
|
+
getAppId(args) {
|
|
22
|
+
if (args.options.appId) {
|
|
23
|
+
return Promise.resolve(args.options.appId);
|
|
24
|
+
}
|
|
25
|
+
let spMatchQuery = '';
|
|
26
|
+
if (args.options.appName) {
|
|
27
|
+
spMatchQuery = `displayName eq '${encodeURIComponent(args.options.appName)}'`;
|
|
28
|
+
}
|
|
29
|
+
else if (args.options.objectId) {
|
|
30
|
+
spMatchQuery = `id eq '${encodeURIComponent(args.options.objectId)}'`;
|
|
31
|
+
}
|
|
32
|
+
const appIdRequestOptions = {
|
|
33
|
+
url: `${this.resource}/v1.0/applications?$filter=${spMatchQuery}`,
|
|
34
|
+
headers: {
|
|
35
|
+
accept: 'application/json;odata.metadata=none'
|
|
36
|
+
},
|
|
37
|
+
responseType: 'json'
|
|
38
|
+
};
|
|
39
|
+
return request_1.default
|
|
40
|
+
.get(appIdRequestOptions)
|
|
41
|
+
.then(response => {
|
|
42
|
+
const spItem = response.value[0];
|
|
43
|
+
if (!spItem) {
|
|
44
|
+
return Promise.reject(`The specified Azure AD app doesn't exist`);
|
|
45
|
+
}
|
|
46
|
+
if (response.value.length > 1) {
|
|
47
|
+
return Promise.reject(`Multiple Azure AD apps with name ${args.options.appName} found: ${response.value.map(x => x.appId)}`);
|
|
48
|
+
}
|
|
49
|
+
return Promise.resolve(spItem.appId);
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
commandAction(logger, args, cb) {
|
|
53
|
+
this
|
|
54
|
+
.getAppId(args)
|
|
55
|
+
.then((appId) => {
|
|
56
|
+
const requestOptions = {
|
|
57
|
+
url: `${this.resource}/v1.0/servicePrincipals`,
|
|
58
|
+
headers: {
|
|
59
|
+
accept: 'application/json;odata.metadata=none',
|
|
60
|
+
'content-type': 'application/json;odata=nometadata'
|
|
61
|
+
},
|
|
62
|
+
data: {
|
|
63
|
+
appId: appId
|
|
64
|
+
},
|
|
65
|
+
responseType: 'json'
|
|
66
|
+
};
|
|
67
|
+
return request_1.default.post(requestOptions);
|
|
68
|
+
})
|
|
69
|
+
.then((res) => {
|
|
70
|
+
logger.log(res);
|
|
71
|
+
cb();
|
|
72
|
+
}, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
|
|
73
|
+
}
|
|
74
|
+
options() {
|
|
75
|
+
const options = [
|
|
76
|
+
{
|
|
77
|
+
option: '--appId [appId]'
|
|
78
|
+
},
|
|
79
|
+
{
|
|
80
|
+
option: '--appName [appName]'
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
option: '--objectId [objectId]'
|
|
84
|
+
}
|
|
85
|
+
];
|
|
86
|
+
const parentOptions = super.options();
|
|
87
|
+
return options.concat(parentOptions);
|
|
88
|
+
}
|
|
89
|
+
validate(args) {
|
|
90
|
+
let optionsSpecified = 0;
|
|
91
|
+
optionsSpecified += args.options.appId ? 1 : 0;
|
|
92
|
+
optionsSpecified += args.options.appName ? 1 : 0;
|
|
93
|
+
optionsSpecified += args.options.objectId ? 1 : 0;
|
|
94
|
+
if (optionsSpecified !== 1) {
|
|
95
|
+
return 'Specify either appId, appName, or objectId';
|
|
96
|
+
}
|
|
97
|
+
if (args.options.appId && !Utils_1.default.isValidGuid(args.options.appId)) {
|
|
98
|
+
return `${args.options.appId} is not a valid appId GUID`;
|
|
99
|
+
}
|
|
100
|
+
if (args.options.objectId && !Utils_1.default.isValidGuid(args.options.objectId)) {
|
|
101
|
+
return `${args.options.objectId} is not a valid objectId GUID`;
|
|
102
|
+
}
|
|
103
|
+
return true;
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
module.exports = new AadSpAddCommand();
|
|
107
|
+
//# sourceMappingURL=sp-add.js.map
|
|
@@ -20,10 +20,20 @@ class AadUserGetCommand extends GraphCommand_1.default {
|
|
|
20
20
|
}
|
|
21
21
|
commandAction(logger, args, cb) {
|
|
22
22
|
const properties = args.options.properties ?
|
|
23
|
-
|
|
23
|
+
`&$select=${args.options.properties.split(',').map(p => encodeURIComponent(p.trim())).join(',')}` :
|
|
24
24
|
'';
|
|
25
|
+
let requestUrl = `${this.resource}/v1.0/users`;
|
|
26
|
+
if (args.options.id) {
|
|
27
|
+
requestUrl += `?$filter=id eq '${encodeURIComponent(args.options.id)}'${properties}`;
|
|
28
|
+
}
|
|
29
|
+
else if (args.options.userName) {
|
|
30
|
+
requestUrl += `?$filter=userPrincipalName eq '${encodeURIComponent(args.options.userName)}'${properties}`;
|
|
31
|
+
}
|
|
32
|
+
else if (args.options.email) {
|
|
33
|
+
requestUrl += `?$filter=mail eq '${encodeURIComponent(args.options.email)}'${properties}`;
|
|
34
|
+
}
|
|
25
35
|
const requestOptions = {
|
|
26
|
-
url:
|
|
36
|
+
url: requestUrl,
|
|
27
37
|
headers: {
|
|
28
38
|
accept: 'application/json;odata.metadata=none'
|
|
29
39
|
},
|
|
@@ -31,6 +41,18 @@ class AadUserGetCommand extends GraphCommand_1.default {
|
|
|
31
41
|
};
|
|
32
42
|
request_1.default
|
|
33
43
|
.get(requestOptions)
|
|
44
|
+
.then((res) => {
|
|
45
|
+
if (res.value.length === 1) {
|
|
46
|
+
return Promise.resolve(res.value[0]);
|
|
47
|
+
}
|
|
48
|
+
const identifier = args.options.id ? `id ${args.options.id}`
|
|
49
|
+
: args.options.userName ? `user name ${args.options.userName}`
|
|
50
|
+
: `email ${args.options.email}`;
|
|
51
|
+
if (res.value.length === 0) {
|
|
52
|
+
return Promise.reject(`The specified user with ${identifier} does not exist`);
|
|
53
|
+
}
|
|
54
|
+
return Promise.reject(`Multiple users with ${identifier} found. Please disambiguate (user names): ${res.value.map(a => a.userPrincipalName).join(', ')} or (ids): ${res.value.map(a => a.id).join(', ')}`);
|
|
55
|
+
})
|
|
34
56
|
.then((res) => {
|
|
35
57
|
logger.log(res);
|
|
36
58
|
cb();
|
|
@@ -44,6 +66,9 @@ class AadUserGetCommand extends GraphCommand_1.default {
|
|
|
44
66
|
{
|
|
45
67
|
option: '-n, --userName [userName]'
|
|
46
68
|
},
|
|
69
|
+
{
|
|
70
|
+
option: '--email [email]'
|
|
71
|
+
},
|
|
47
72
|
{
|
|
48
73
|
option: '-p, --properties [properties]'
|
|
49
74
|
}
|
|
@@ -52,11 +77,13 @@ class AadUserGetCommand extends GraphCommand_1.default {
|
|
|
52
77
|
return options.concat(parentOptions);
|
|
53
78
|
}
|
|
54
79
|
validate(args) {
|
|
55
|
-
if (!args.options.id && !args.options.userName) {
|
|
56
|
-
return 'Specify
|
|
80
|
+
if (!args.options.id && !args.options.userName && !args.options.email) {
|
|
81
|
+
return 'Specify id, userName or email, one is required';
|
|
57
82
|
}
|
|
58
|
-
if (args.options.id && args.options.
|
|
59
|
-
|
|
83
|
+
if ((args.options.id && args.options.email) ||
|
|
84
|
+
(args.options.id && args.options.userName) ||
|
|
85
|
+
(args.options.userName && args.options.email)) {
|
|
86
|
+
return 'Use either id, userName or email, but not all';
|
|
60
87
|
}
|
|
61
88
|
if (args.options.id &&
|
|
62
89
|
!Utils_1.default.isValidGuid(args.options.id)) {
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const request_1 = require("../../../../request");
|
|
4
|
+
const GraphCommand_1 = require("../../../base/GraphCommand");
|
|
5
|
+
const commands_1 = require("../../commands");
|
|
6
|
+
class AadUserPasswordValidateCommand extends GraphCommand_1.default {
|
|
7
|
+
get name() {
|
|
8
|
+
return commands_1.default.USER_PASSWORD_VALIDATE;
|
|
9
|
+
}
|
|
10
|
+
get description() {
|
|
11
|
+
return "Check a user's password against the organization's password validation policy";
|
|
12
|
+
}
|
|
13
|
+
commandAction(logger, args, cb) {
|
|
14
|
+
const requestOptions = {
|
|
15
|
+
url: `${this.resource}/beta/users/validatePassword`,
|
|
16
|
+
headers: {
|
|
17
|
+
accept: 'application/json;odata.metadata=none'
|
|
18
|
+
},
|
|
19
|
+
data: {
|
|
20
|
+
password: args.options.password
|
|
21
|
+
},
|
|
22
|
+
responseType: 'json'
|
|
23
|
+
};
|
|
24
|
+
request_1.default
|
|
25
|
+
.post(requestOptions)
|
|
26
|
+
.then((res) => {
|
|
27
|
+
logger.log(res);
|
|
28
|
+
cb();
|
|
29
|
+
}, (err) => this.handleRejectedODataJsonPromise(err, logger, cb));
|
|
30
|
+
}
|
|
31
|
+
options() {
|
|
32
|
+
const options = [
|
|
33
|
+
{
|
|
34
|
+
option: '-p, --password <password>'
|
|
35
|
+
}
|
|
36
|
+
];
|
|
37
|
+
const parentOptions = super.options();
|
|
38
|
+
return options.concat(parentOptions);
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
module.exports = new AadUserPasswordValidateCommand();
|
|
42
|
+
//# sourceMappingURL=user-password-validate.js.map
|
|
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const prefix = 'aad';
|
|
4
4
|
exports.default = {
|
|
5
5
|
APP_ADD: `${prefix} app add`,
|
|
6
|
+
APP_GET: `${prefix} app get`,
|
|
6
7
|
APP_SET: `${prefix} app set`,
|
|
7
8
|
APP_ROLE_ADD: `${prefix} app role add`,
|
|
8
9
|
APP_ROLE_LIST: `${prefix} app role list`,
|
|
@@ -46,9 +47,11 @@ exports.default = {
|
|
|
46
47
|
SITECLASSIFICATION_ENABLE: `${prefix} siteclassification enable`,
|
|
47
48
|
SITECLASSIFICATION_GET: `${prefix} siteclassification get`,
|
|
48
49
|
SITECLASSIFICATION_SET: `${prefix} siteclassification set`,
|
|
50
|
+
SP_ADD: `${prefix} sp add`,
|
|
49
51
|
SP_GET: `${prefix} sp get`,
|
|
50
52
|
USER_GET: `${prefix} user get`,
|
|
51
53
|
USER_LIST: `${prefix} user list`,
|
|
54
|
+
USER_PASSWORD_VALIDATE: `${prefix} user password validate`,
|
|
52
55
|
USER_SET: `${prefix} user set`
|
|
53
56
|
};
|
|
54
57
|
//# sourceMappingURL=commands.js.map
|
|
@@ -0,0 +1,266 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
3
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
4
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
5
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
6
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
7
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
8
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
9
|
+
});
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
const cli_1 = require("../../../../cli");
|
|
13
|
+
const request_1 = require("../../../../request");
|
|
14
|
+
const appGetCommand = require("../../../aad/commands/app/app-get");
|
|
15
|
+
const AppCommand_1 = require("../../../base/AppCommand");
|
|
16
|
+
const commands_1 = require("../../commands");
|
|
17
|
+
var GetServicePrincipal;
|
|
18
|
+
(function (GetServicePrincipal) {
|
|
19
|
+
GetServicePrincipal[GetServicePrincipal["withPermissions"] = 0] = "withPermissions";
|
|
20
|
+
GetServicePrincipal[GetServicePrincipal["withPermissionDefinitions"] = 1] = "withPermissionDefinitions";
|
|
21
|
+
})(GetServicePrincipal || (GetServicePrincipal = {}));
|
|
22
|
+
class AppPermissionListCommand extends AppCommand_1.default {
|
|
23
|
+
get name() {
|
|
24
|
+
return commands_1.default.PERMISSION_LIST;
|
|
25
|
+
}
|
|
26
|
+
get description() {
|
|
27
|
+
return 'Lists API permissions for the current AAD app';
|
|
28
|
+
}
|
|
29
|
+
commandAction(logger, args, cb) {
|
|
30
|
+
this
|
|
31
|
+
.getServicePrincipal({ appId: this.appId }, logger, GetServicePrincipal.withPermissions)
|
|
32
|
+
.then(servicePrincipal => {
|
|
33
|
+
if (servicePrincipal) {
|
|
34
|
+
// service principal found, get permissions from the service principal
|
|
35
|
+
return this.getServicePrincipalPermissions(servicePrincipal, logger);
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
// service principal not found, get permissions from app registration
|
|
39
|
+
return this.getAppRegPermissions(this.appId, logger);
|
|
40
|
+
}
|
|
41
|
+
})
|
|
42
|
+
.then(permissions => {
|
|
43
|
+
logger.log(permissions);
|
|
44
|
+
cb();
|
|
45
|
+
}, err => this.handleRejectedODataJsonPromise(err, logger, cb));
|
|
46
|
+
}
|
|
47
|
+
getServicePrincipal(servicePrincipalInfo, logger, mode) {
|
|
48
|
+
var _a;
|
|
49
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
50
|
+
if (this.verbose) {
|
|
51
|
+
logger.logToStderr(`Retrieving service principal ${(_a = servicePrincipalInfo.appId) !== null && _a !== void 0 ? _a : servicePrincipalInfo.id}`);
|
|
52
|
+
}
|
|
53
|
+
const lookupUrl = servicePrincipalInfo.appId ? `?$filter=appId eq '${servicePrincipalInfo.appId}'&` : `/${servicePrincipalInfo.id}?`;
|
|
54
|
+
const requestOptions = {
|
|
55
|
+
url: `${this.resource}/v1.0/servicePrincipals${lookupUrl}$select=appId,id,displayName`,
|
|
56
|
+
headers: {
|
|
57
|
+
accept: 'application/json;odata.metadata=none'
|
|
58
|
+
},
|
|
59
|
+
responseType: 'json'
|
|
60
|
+
};
|
|
61
|
+
const response = yield request_1.default.get(requestOptions);
|
|
62
|
+
if ((servicePrincipalInfo.id && !response) ||
|
|
63
|
+
(servicePrincipalInfo.appId && response.value.length === 0)) {
|
|
64
|
+
return undefined;
|
|
65
|
+
}
|
|
66
|
+
const servicePrincipal = servicePrincipalInfo.appId ?
|
|
67
|
+
response.value[0] :
|
|
68
|
+
response;
|
|
69
|
+
if (this.verbose) {
|
|
70
|
+
logger.logToStderr(`Retrieving permissions for service principal ${servicePrincipal.id}...`);
|
|
71
|
+
}
|
|
72
|
+
const permissionsPromises = [];
|
|
73
|
+
switch (mode) {
|
|
74
|
+
case GetServicePrincipal.withPermissions:
|
|
75
|
+
const appRoleAssignmentsRequestOptions = {
|
|
76
|
+
url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoleAssignments`,
|
|
77
|
+
headers: {
|
|
78
|
+
accept: 'application/json;odata.metadata=none'
|
|
79
|
+
},
|
|
80
|
+
responseType: 'json'
|
|
81
|
+
};
|
|
82
|
+
const oauth2PermissionGrantsRequestOptions = {
|
|
83
|
+
url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionGrants`,
|
|
84
|
+
headers: {
|
|
85
|
+
accept: 'application/json;odata.metadata=none'
|
|
86
|
+
},
|
|
87
|
+
responseType: 'json'
|
|
88
|
+
};
|
|
89
|
+
permissionsPromises.push(...[
|
|
90
|
+
request_1.default.get(appRoleAssignmentsRequestOptions),
|
|
91
|
+
request_1.default.get(oauth2PermissionGrantsRequestOptions)
|
|
92
|
+
]);
|
|
93
|
+
break;
|
|
94
|
+
case GetServicePrincipal.withPermissionDefinitions:
|
|
95
|
+
const oauth2PermissionScopesRequestOptions = {
|
|
96
|
+
url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/oauth2PermissionScopes`,
|
|
97
|
+
headers: {
|
|
98
|
+
accept: 'application/json;odata.metadata=none'
|
|
99
|
+
},
|
|
100
|
+
responseType: 'json'
|
|
101
|
+
};
|
|
102
|
+
const appRolesRequestOptions = {
|
|
103
|
+
url: `${this.resource}/v1.0/servicePrincipals/${servicePrincipal.id}/appRoles`,
|
|
104
|
+
headers: {
|
|
105
|
+
accept: 'application/json;odata.metadata=none'
|
|
106
|
+
},
|
|
107
|
+
responseType: 'json'
|
|
108
|
+
};
|
|
109
|
+
permissionsPromises.push(...[
|
|
110
|
+
request_1.default.get(oauth2PermissionScopesRequestOptions),
|
|
111
|
+
request_1.default.get(appRolesRequestOptions)
|
|
112
|
+
]);
|
|
113
|
+
break;
|
|
114
|
+
}
|
|
115
|
+
const permissions = yield Promise.all(permissionsPromises);
|
|
116
|
+
switch (mode) {
|
|
117
|
+
case GetServicePrincipal.withPermissions:
|
|
118
|
+
servicePrincipal.appRoleAssignments = permissions[0].value;
|
|
119
|
+
servicePrincipal.oauth2PermissionGrants = permissions[1].value;
|
|
120
|
+
break;
|
|
121
|
+
case GetServicePrincipal.withPermissionDefinitions:
|
|
122
|
+
servicePrincipal.oauth2PermissionScopes = permissions[0].value;
|
|
123
|
+
servicePrincipal.appRoles = permissions[1].value;
|
|
124
|
+
break;
|
|
125
|
+
}
|
|
126
|
+
return servicePrincipal;
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
getServicePrincipalPermissions(servicePrincipal, logger) {
|
|
130
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
131
|
+
if (this.verbose) {
|
|
132
|
+
logger.logToStderr(`Resolving permissions for the service principal...`);
|
|
133
|
+
}
|
|
134
|
+
const apiPermissions = [];
|
|
135
|
+
// hash table for resolving resource IDs to names
|
|
136
|
+
const resourceLookup = {};
|
|
137
|
+
// list of service principals for which to load permissions
|
|
138
|
+
const servicePrincipalsToResolve = [];
|
|
139
|
+
const appRoleAssignments = servicePrincipal.appRoleAssignments;
|
|
140
|
+
apiPermissions.push(...appRoleAssignments.map(appRoleAssignment => {
|
|
141
|
+
// store resource name for resolving OAuth2 grants
|
|
142
|
+
resourceLookup[appRoleAssignment.resourceId] = appRoleAssignment.resourceDisplayName;
|
|
143
|
+
// add to the list of service principals to load to get the app role
|
|
144
|
+
// display name
|
|
145
|
+
if (!servicePrincipalsToResolve.find(r => r.id === appRoleAssignment.resourceId)) {
|
|
146
|
+
servicePrincipalsToResolve.push({ id: appRoleAssignment.resourceId });
|
|
147
|
+
}
|
|
148
|
+
return {
|
|
149
|
+
resource: appRoleAssignment.resourceDisplayName,
|
|
150
|
+
// we store the app role ID temporarily and will later resolve to display name
|
|
151
|
+
permission: appRoleAssignment.appRoleId,
|
|
152
|
+
type: 'Application'
|
|
153
|
+
};
|
|
154
|
+
}));
|
|
155
|
+
const oauth2Grants = servicePrincipal.oauth2PermissionGrants;
|
|
156
|
+
oauth2Grants.forEach(oauth2Grant => {
|
|
157
|
+
var _a;
|
|
158
|
+
// see if we can resolve the resource name from the resources
|
|
159
|
+
// retrieved from app role assignments
|
|
160
|
+
const resource = (_a = resourceLookup[oauth2Grant.resourceId]) !== null && _a !== void 0 ? _a : oauth2Grant.resourceId;
|
|
161
|
+
if (resource === oauth2Grant.resourceId &&
|
|
162
|
+
!servicePrincipalsToResolve.find(r => r.id === oauth2Grant.resourceId)) {
|
|
163
|
+
// resource name not found in the resources
|
|
164
|
+
// add it to the list of resources to resolve
|
|
165
|
+
servicePrincipalsToResolve.push({ id: oauth2Grant.resourceId });
|
|
166
|
+
}
|
|
167
|
+
const scopes = oauth2Grant.scope.split(' ');
|
|
168
|
+
scopes.forEach(scope => {
|
|
169
|
+
apiPermissions.push({
|
|
170
|
+
resource,
|
|
171
|
+
permission: scope,
|
|
172
|
+
type: 'Delegated'
|
|
173
|
+
});
|
|
174
|
+
});
|
|
175
|
+
});
|
|
176
|
+
if (servicePrincipalsToResolve.length > 0) {
|
|
177
|
+
const servicePrincipals = yield Promise
|
|
178
|
+
.all(servicePrincipalsToResolve
|
|
179
|
+
.map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
|
|
180
|
+
servicePrincipals.forEach(servicePrincipal => {
|
|
181
|
+
apiPermissions.forEach(apiPermission => {
|
|
182
|
+
var _a, _b;
|
|
183
|
+
if (apiPermission.resource === servicePrincipal.id) {
|
|
184
|
+
apiPermission.resource = servicePrincipal.displayName;
|
|
185
|
+
}
|
|
186
|
+
if (apiPermission.resource === servicePrincipal.displayName &&
|
|
187
|
+
apiPermission.type === 'Application') {
|
|
188
|
+
apiPermission.permission = (_b = (_a = servicePrincipal.appRoles
|
|
189
|
+
.find(appRole => appRole.id === apiPermission.permission)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : apiPermission.permission;
|
|
190
|
+
}
|
|
191
|
+
});
|
|
192
|
+
});
|
|
193
|
+
}
|
|
194
|
+
return apiPermissions;
|
|
195
|
+
});
|
|
196
|
+
}
|
|
197
|
+
getAppRegistration(appId, logger) {
|
|
198
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
199
|
+
if (this.verbose) {
|
|
200
|
+
logger.logToStderr(`Retrieving Azure AD application registration ${appId}`);
|
|
201
|
+
}
|
|
202
|
+
const options = {
|
|
203
|
+
appId: appId,
|
|
204
|
+
output: 'json',
|
|
205
|
+
debug: this.debug,
|
|
206
|
+
verbose: this.verbose
|
|
207
|
+
};
|
|
208
|
+
const output = yield cli_1.Cli.executeCommandWithOutput(appGetCommand, { options: Object.assign(Object.assign({}, options), { _: [] }) });
|
|
209
|
+
if (this.debug) {
|
|
210
|
+
logger.logToStderr(output.stderr);
|
|
211
|
+
}
|
|
212
|
+
return JSON.parse(output.stdout);
|
|
213
|
+
});
|
|
214
|
+
}
|
|
215
|
+
getAppRegPermissions(appId, logger) {
|
|
216
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
217
|
+
const application = yield this.getAppRegistration(appId, logger);
|
|
218
|
+
if (application.requiredResourceAccess.length === 0) {
|
|
219
|
+
return [];
|
|
220
|
+
}
|
|
221
|
+
const servicePrincipalsToResolve = application.requiredResourceAccess
|
|
222
|
+
.map(resourceAccess => {
|
|
223
|
+
return {
|
|
224
|
+
appId: resourceAccess.resourceAppId
|
|
225
|
+
};
|
|
226
|
+
});
|
|
227
|
+
const servicePrincipals = yield Promise
|
|
228
|
+
.all(servicePrincipalsToResolve.map(servicePrincipalInfo => this.getServicePrincipal(servicePrincipalInfo, logger, GetServicePrincipal.withPermissionDefinitions)));
|
|
229
|
+
const apiPermissions = [];
|
|
230
|
+
application.requiredResourceAccess.forEach(requiredResourceAccess => {
|
|
231
|
+
var _a;
|
|
232
|
+
const servicePrincipal = servicePrincipals
|
|
233
|
+
.find(servicePrincipal => (servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.appId) === requiredResourceAccess.resourceAppId);
|
|
234
|
+
const resourceName = (_a = servicePrincipal === null || servicePrincipal === void 0 ? void 0 : servicePrincipal.displayName) !== null && _a !== void 0 ? _a : requiredResourceAccess.resourceAppId;
|
|
235
|
+
requiredResourceAccess.resourceAccess.forEach(permission => {
|
|
236
|
+
apiPermissions.push({
|
|
237
|
+
resource: resourceName,
|
|
238
|
+
permission: this.getPermissionName(permission.id, permission.type, servicePrincipal),
|
|
239
|
+
type: permission.type === 'Role' ? 'Application' : 'Delegated'
|
|
240
|
+
});
|
|
241
|
+
});
|
|
242
|
+
});
|
|
243
|
+
return apiPermissions;
|
|
244
|
+
});
|
|
245
|
+
}
|
|
246
|
+
getPermissionName(permissionId, permissionType, servicePrincipal) {
|
|
247
|
+
var _a, _b, _c, _d;
|
|
248
|
+
if (!servicePrincipal) {
|
|
249
|
+
return permissionId;
|
|
250
|
+
}
|
|
251
|
+
switch (permissionType) {
|
|
252
|
+
case 'Role':
|
|
253
|
+
return (_b = (_a = servicePrincipal.appRoles
|
|
254
|
+
.find(appRole => appRole.id === permissionId)) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : permissionId;
|
|
255
|
+
case 'Scope':
|
|
256
|
+
return (_d = (_c = servicePrincipal.oauth2PermissionScopes
|
|
257
|
+
.find(permissionScope => permissionScope.id === permissionId)) === null || _c === void 0 ? void 0 : _c.value) !== null && _d !== void 0 ? _d : permissionId;
|
|
258
|
+
}
|
|
259
|
+
/* c8 ignore next 4 */
|
|
260
|
+
// permissionType is either 'Scope' or 'Role' but we need a safe default
|
|
261
|
+
// to avoid building errors. This code will never be reached.
|
|
262
|
+
return permissionId;
|
|
263
|
+
}
|
|
264
|
+
}
|
|
265
|
+
module.exports = new AppPermissionListCommand();
|
|
266
|
+
//# sourceMappingURL=permission-list.js.map
|
|
@@ -0,0 +1,76 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const fs = require("fs");
|
|
4
|
+
const cli_1 = require("../../cli");
|
|
5
|
+
const Command_1 = require("../../Command");
|
|
6
|
+
const Utils_1 = require("../../Utils");
|
|
7
|
+
class AppCommand extends Command_1.default {
|
|
8
|
+
get resource() {
|
|
9
|
+
return 'https://graph.microsoft.com';
|
|
10
|
+
}
|
|
11
|
+
action(logger, args, cb) {
|
|
12
|
+
const m365rcJsonPath = '.m365rc.json';
|
|
13
|
+
if (!fs.existsSync(m365rcJsonPath)) {
|
|
14
|
+
return cb(new Command_1.CommandError(`Could not find file: ${m365rcJsonPath}`));
|
|
15
|
+
}
|
|
16
|
+
try {
|
|
17
|
+
const m365rcJsonContents = fs.readFileSync(m365rcJsonPath, 'utf8');
|
|
18
|
+
if (!m365rcJsonContents) {
|
|
19
|
+
return cb(new Command_1.CommandError(`File ${m365rcJsonPath} is empty`));
|
|
20
|
+
}
|
|
21
|
+
this.m365rcJson = JSON.parse(m365rcJsonContents);
|
|
22
|
+
}
|
|
23
|
+
catch (e) {
|
|
24
|
+
return cb(new Command_1.CommandError(`Could not parse file: ${m365rcJsonPath}`));
|
|
25
|
+
}
|
|
26
|
+
if (!this.m365rcJson.apps ||
|
|
27
|
+
this.m365rcJson.apps.length === 0) {
|
|
28
|
+
return cb(new Command_1.CommandError(`No Azure AD apps found in ${m365rcJsonPath}`));
|
|
29
|
+
}
|
|
30
|
+
if (args.options.appId) {
|
|
31
|
+
if (!this.m365rcJson.apps.some(app => app.appId === args.options.appId)) {
|
|
32
|
+
return cb(new Command_1.CommandError(`App ${args.options.appId} not found in ${m365rcJsonPath}`));
|
|
33
|
+
}
|
|
34
|
+
this.appId = args.options.appId;
|
|
35
|
+
return super.action(logger, args, cb);
|
|
36
|
+
}
|
|
37
|
+
if (this.m365rcJson.apps.length === 1) {
|
|
38
|
+
this.appId = this.m365rcJson.apps[0].appId;
|
|
39
|
+
return super.action(logger, args, cb);
|
|
40
|
+
}
|
|
41
|
+
if (this.m365rcJson.apps.length > 1) {
|
|
42
|
+
cli_1.Cli.prompt({
|
|
43
|
+
message: `Multiple Azure AD apps found in ${m365rcJsonPath}. Which app would you like to use?`,
|
|
44
|
+
type: 'list',
|
|
45
|
+
choices: this.m365rcJson.apps.map((app, i) => {
|
|
46
|
+
return {
|
|
47
|
+
name: `${app.name} (${app.appId})`,
|
|
48
|
+
value: i
|
|
49
|
+
};
|
|
50
|
+
}),
|
|
51
|
+
default: 0,
|
|
52
|
+
name: 'appIdIndex'
|
|
53
|
+
}, (result) => {
|
|
54
|
+
this.appId = this.m365rcJson.apps[result.appIdIndex].appId;
|
|
55
|
+
super.action(logger, args, cb);
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
options() {
|
|
60
|
+
const options = [
|
|
61
|
+
{
|
|
62
|
+
option: '--appId [appId]'
|
|
63
|
+
}
|
|
64
|
+
];
|
|
65
|
+
const parentOptions = super.options();
|
|
66
|
+
return options.concat(parentOptions);
|
|
67
|
+
}
|
|
68
|
+
validate(args) {
|
|
69
|
+
if (args.options.appId && !Utils_1.default.isValidGuid(args.options.appId)) {
|
|
70
|
+
return `${args.options.appId} is not a valid GUID`;
|
|
71
|
+
}
|
|
72
|
+
return true;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
exports.default = AppCommand;
|
|
76
|
+
//# sourceMappingURL=AppCommand.js.map
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const os = require("os");
|
|
4
4
|
const Auth_1 = require("../../../Auth");
|
|
5
|
+
const cli_1 = require("../../../cli");
|
|
5
6
|
const Command_1 = require("../../../Command");
|
|
6
7
|
const Utils_1 = require("../../../Utils");
|
|
7
8
|
const commands_1 = require("../commands");
|
|
@@ -33,6 +34,7 @@ class CliDoctorCommand extends Command_1.default {
|
|
|
33
34
|
cliAadAppTenant: Utils_1.default.isValidGuid(Auth_1.default.service.tenant) ? 'single' : Auth_1.default.service.tenant,
|
|
34
35
|
authMode: Auth_1.AuthType[Auth_1.default.service.authType],
|
|
35
36
|
cliEnvironment: process.env.CLIMICROSOFT365_ENV ? process.env.CLIMICROSOFT365_ENV : '',
|
|
37
|
+
cliConfig: cli_1.Cli.getInstance().config.all,
|
|
36
38
|
roles: roles,
|
|
37
39
|
scopes: scopes
|
|
38
40
|
};
|