@pnp/cli-microsoft365 7.7.0-beta.72886a7 → 7.7.0-beta.7d3ef49

package/dist/utils/spo.js

@@ -1,3 +1,4 @@
+import os from 'os';
 import url from 'url';
 import { urlUtil } from "./urlUtil.js";
 import { validation } from "./validation.js";
@@ -1231,6 +1232,113 @@ export const spo = {
         };
         await request.post(requestOptions);
     },
+    /**
+    * Gets a file as list item by url
+    * @param absoluteListUrl The absolute url to the list
+    * @param url The url of the file
+    * @param logger The logger object
+    * @param verbose If in verbose mode
+    * @returns The list item object
+    */
+    async getFileAsListItemByUrl(absoluteListUrl, url, logger, verbose) {
+        if (verbose && logger) {
+            logger.logToStderr(`Getting the file properties with url ${url}`);
+        }
+        const serverRelativePath = urlUtil.getServerRelativePath(absoluteListUrl, url);
+        const requestUrl = `${absoluteListUrl}/_api/web/GetFileByServerRelativePath(DecodedUrl=@f)?$expand=ListItemAllFields&@f='${formatting.encodeQueryParameter(serverRelativePath)}'`;
+        const requestOptions = {
+            url: requestUrl,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            responseType: 'json'
+        };
+        const file = await request.get(requestOptions);
+        return file.ListItemAllFields;
+    },
+    /**
+    * Updates a list item with system update
+    * @param absoluteListUrl The absolute base URL without query parameters, pointing to the specific list where the item resides. This URL should represent the list.
+    * @param itemId The id of the list item
+    * @param properties An object of the properties that should be updated
+    * @param contentTypeName The name of the content type to update
+    * @param logger The logger object
+    * @param verbose If in verbose mode
+    * @returns The updated list item object
+    */
+    async systemUpdateListItem(absoluteListUrl, itemId, logger, verbose, properties, contentTypeName) {
+        if (!properties && !contentTypeName) {
+            // Neither properties nor contentTypeName provided, no need to proceed
+            throw 'Either properties or contentTypeName must be provided for systemUpdateListItem.';
+        }
+        const parsedUrl = new URL(absoluteListUrl);
+        const serverRelativeSiteMatch = absoluteListUrl.match(new RegExp('/sites/[^/]+'));
+        const webUrl = `${parsedUrl.protocol}//${parsedUrl.host}${serverRelativeSiteMatch ?? ''}`;
+        if (verbose && logger) {
+            logger.logToStderr(`Getting list id...`);
+        }
+        const listRequestOptions = {
+            url: `${absoluteListUrl}?$select=Id`,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            responseType: 'json'
+        };
+        const list = await request.get(listRequestOptions);
+        const listId = list.Id;
+        if (verbose && logger) {
+            logger.logToStderr(`Getting request digest for systemUpdate request`);
+        }
+        const res = await spo.getRequestDigest(webUrl);
+        const formDigestValue = res.FormDigestValue;
+        const objectIdentity = await spo.requestObjectIdentity(webUrl, logger, verbose);
+        let index = 0;
+        const requestBodyOptions = properties ? Object.keys(properties).map(key => `
+    <Method Name="ParseAndSetFieldValue" Id="${++index}" ObjectPathId="147">
+      <Parameters>
+        <Parameter Type="String">${key}</Parameter>
+        <Parameter Type="String">${properties[key].toString()}</Parameter>
+      </Parameters>
+    </Method>`) : [];
+        const additionalContentType = contentTypeName ? `
+    <Method Name="ParseAndSetFieldValue" Id="${++index}" ObjectPathId="147">
+      <Parameters>
+        <Parameter Type="String">ContentType</Parameter>
+        <Parameter Type="String">${contentTypeName}</Parameter>
+      </Parameters>
+    </Method>` : '';
+        const requestBody = `<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="16.0.0.0" ApplicationName="${config.applicationName}" xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009">
+      <Actions>
+        ${requestBodyOptions.join('')}${additionalContentType}
+        <Method Name="SystemUpdate" Id="${++index}" ObjectPathId="147" />
+      </Actions>
+      <ObjectPaths>
+        <Identity Id="147" Name="${objectIdentity}:list:${listId}:item:${itemId},1" />
+      </ObjectPaths>
+    </Request>`;
+        const requestOptions = {
+            url: `${webUrl}/_vti_bin/client.svc/ProcessQuery`,
+            headers: {
+                'Content-Type': 'text/xml',
+                'X-RequestDigest': formDigestValue
+            },
+            data: requestBody
+        };
+        const response = await request.post(requestOptions);
+        if (response.indexOf("ErrorMessage") > -1) {
+            throw `Error occurred in systemUpdate operation - ${response}`;
+        }
+        const id = Number(itemId);
+        const requestOptionsItems = {
+            url: `${absoluteListUrl}/items(${id})`,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            responseType: 'json'
+        };
+        const itemsResponse = await request.get(requestOptionsItems);
+        return (itemsResponse);
+    },
     /**
      * Removes the retention label from the items in the given list.
      * @param webUrl The url of the web
@@ -1334,6 +1442,86 @@ export const spo = {
         };
         const site = await request.get(requestOptions);
         return site.id;
+    },
+    /**
+     * Retrieves the ObjectIdentity from a SharePoint site
+     * @param webUrl web url
+     * @param logger The logger object
+     * @param verbose If in verbose mode
+     * @return The ObjectIdentity as string
+     */
+    async requestObjectIdentity(webUrl, logger, verbose) {
+        const res = await spo.getRequestDigest(webUrl);
+        const formDigestValue = res.FormDigestValue;
+        const requestOptions = {
+            url: `${webUrl}/_vti_bin/client.svc/ProcessQuery`,
+            headers: {
+                'X-RequestDigest': formDigestValue
+            },
+            data: `<Request AddExpandoFieldTypeSuffix="true" SchemaVersion="15.0.0.0" LibraryVersion="16.0.0.0" ApplicationName="${config.applicationName}" xmlns="http://schemas.microsoft.com/sharepoint/clientquery/2009"><Actions><Query Id="1" ObjectPathId="5"><Query SelectAllProperties="false"><Properties><Property Name="ServerRelativeUrl" ScalarProperty="true" /></Properties></Query></Query></Actions><ObjectPaths><Property Id="5" ParentId="3" Name="Web" /><StaticProperty Id="3" TypeId="{3747adcd-a3c3-41b9-bfab-4a64dd2f1e0a}" Name="Current" /></ObjectPaths></Request>`
+        };
+        const response = await request.post(requestOptions);
+        if (verbose) {
+            logger.logToStderr('Attempt to get _ObjectIdentity_ key values');
+        }
+        const json = JSON.parse(response);
+        const contents = json.find(x => { return x.ErrorInfo; });
+        if (contents && contents.ErrorInfo) {
+            throw contents.ErrorInfo.ErrorMessage || 'ClientSvc unknown error';
+        }
+        const identityObject = json.find(x => { return x._ObjectIdentity_; });
+        if (identityObject) {
+            return identityObject._ObjectIdentity_;
+        }
+        throw 'Cannot proceed. _ObjectIdentity_ not found'; // this is not supposed to happen
+    },
+    /**
+    * Updates a list item without system update
+    * @param absoluteListUrl The absolute base URL without query parameters, pointing to the specific list where the item resides. This URL should represent the list.
+    * @param itemId The id of the list item
+    * @param properties An object of the properties that should be updated
+    * @param contentTypeName The name of the content type to update
+    * @returns The updated listitem object
+    */
+    async updateListItem(absoluteListUrl, itemId, properties, contentTypeName) {
+        const requestBodyOptions = [
+            ...(properties
+                ? Object.keys(properties).map((key) => ({
+                    FieldName: key,
+                    FieldValue: properties[key].toString()
+                }))
+                : [])
+        ];
+        const requestBody = {
+            formValues: requestBodyOptions
+        };
+        contentTypeName && requestBody.formValues.push({
+            FieldName: 'ContentType',
+            FieldValue: contentTypeName
+        });
+        const requestOptions = {
+            url: `${absoluteListUrl}/items(${itemId})/ValidateUpdateListItem()`,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            data: requestBody,
+            responseType: 'json'
+        };
+        const response = await request.post(requestOptions);
+        // Response is from /ValidateUpdateListItem POST call, perform get on updated item to get all field values
+        const fieldValues = response.value;
+        if (fieldValues.some(f => f.HasException)) {
+            throw `Updating the items has failed with the following errors: ${os.EOL}${fieldValues.filter(f => f.HasException).map(f => { return `- ${f.FieldName} - ${f.ErrorMessage}`; }).join(os.EOL)}`;
+        }
+        const requestOptionsItems = {
+            url: `${absoluteListUrl}/items(${itemId})`,
+            headers: {
+                'accept': 'application/json;odata=nometadata'
+            },
+            responseType: 'json'
+        };
+        const itemsResponse = await request.get(requestOptionsItems);
+        return (itemsResponse);
     }
 };
 //# sourceMappingURL=spo.js.map

package/dist/utils/validation.js

@@ -325,6 +325,10 @@ export const validation = {
     isValidMailNickname(mailNickname) {
         const mailNicknameRegEx = new RegExp(/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]*$/i);
         return mailNicknameRegEx.test(mailNickname);
+    },
+    isValidISODuration(duration) {
+        const durationRegEx = new RegExp(/^P(?!$)((\d+Y)|(\d+\.\d+Y$))?((\d+M)|(\d+\.\d+M$))?((\d+W)|(\d+\.\d+W$))?((\d+D)|(\d+\.\d+D$))?(T(?=\d)((\d+H)|(\d+\.\d+H$))?((\d+M)|(\d+\.\d+M$))?(\d+(\.\d+)?S)?)??$/);
+        return durationRegEx.test(duration);
     }
 };
 //# sourceMappingURL=validation.js.map

package/docs/docs/cmd/entra/app/app-add.mdx

@@ -78,6 +78,9 @@ m365 entra appregistration add [options]
 
 `--save`
 : Use to store the information about the created app in a local file.
+
+`--allowPublicClientFlows`
+: Enable the allow public client flows feature on the app registration.
 ```
 
 <Global />
@@ -192,6 +195,12 @@ Create new Entra app registration with a certificate
 m365 entra app add --name 'My Entra app' --certificateDisplayName "Some certificate name" --certificateFile "c:\temp\some-certificate.cer"
 ```
 
+Create a new Entra app registration with the allow public client flows feature enabled.
+
+```sh
+m365 entra app add --name 'My Entra app' --allowPublicClientFlows
+```
+
 ## Response
 
 ### Standard response

package/docs/docs/cmd/entra/app/app-set.mdx

@@ -49,6 +49,9 @@ m365 entra appregistration set [options]
 
 `--certificateDisplayName [certificateDisplayName]`
 : Display name for the certificate. If not given, the displayName will be set to the certificate subject. When specified, also specify either `certificateFile` or `certificateBase64Encoded`.
+
+`--allowPublicClientFlows [allowPublicClientFlows]`
+: Set to `true` or `false` to toggle the allow public client flows feature on the app registration.
 ```
 
 <Global />
@@ -99,6 +102,12 @@ Add a certificate to the app
 m365 entra app set --appId e75be2e1-0204-4f95-857d-51a37cf40be8 --certificateDisplayName "Some certificate name" --certificateFile "c:\temp\some-certificate.cer"
 ```
 
+Enable the allow public client flows feature on the app registration
+
+```sh
+m365 entra app set --appId e75be2e1-0204-4f95-857d-51a37cf40be8 --allowPublicClientFlows true
+```
+
 ## Response
 
 The command won't return a response on success.

package/docs/docs/cmd/entra/pim/pim-role-assignment-add.mdx

@@ -0,0 +1,230 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# entra pim role assignment add
+
+Request activation of an Entra role assignment for a user or group.
+
+## Usage
+
+```sh
+m365 entra pim role assignment add [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --roleDefinitionName [roleDefinitionName]`	
+: Name of the role definition that should be assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`-i, --roleDefinitionId [roleDefinitionId]`	
+: Id of the role definition that is being assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`--userId [userId]`	
+: Id of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--userName [userName]`	
+: UPN of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupId [groupId]`
+: Id of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupName [groupName]`
+: Display name of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--administrativeUnitId [administrativeUnitId]`
+: Id of the administrative unit representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`--applicationId [applicationId]`
+: Object Id of the application representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`-j, --justification [justification]`
+: An optional justification message.
+
+`-s, --startDateTime [startDateTime]`
+: When the assignment should start. If left out, the assignment will start from the current time.
+
+`-e, --endDateTime [endDateTime]`
+: When the assignment should end. Specify either `duration`, `endDateTime` or `noExpiration`.
+
+`-d, --duration [duration]`
+: How long the assignment should last. Write in ISO 8601 format for durations: PT3H for 3 hours. Specify either `duration`, `endDateTime` or `noExpiration`.
+
+`--noExpiration [noExpiration]`
+: If specified, the role assignment will never expire. Specify either `duration`, `endDateTime` or `noExpiration`.
+
+`--ticketNumber [ticketNumber]`
+: Optional ticket number value to communicate with the request.
+
+`--ticketSystem [ticketSystem]`
+: Optional ticket system to communicate with the request.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+When activating a role for other users, you must be **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Request activation of the SharePoint Administrator Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionName 'SharePoint Administrator'
+```
+
+Request activation of an Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'
+```
+
+Request activation of an Entra role assignment for the current user with a justification and max duration of 4 hours.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --justification 'Need Global Admin to release application xyz to production' --duration 'PT4H'
+```
+
+Request activation of an Entra role assignment for a specified user with tenant scope.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --userId '3488d6b8-6b2e-41c3-9583-1991205323c2'
+```
+
+Request activation of the User Administrator Entra role assignment for a specified group with administrative unit scope.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionName 'User Administrator' --groupId '3488d6b8-6b2e-41c3-9583-1991205323c2' --administrativeUnitId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+Request activation of the Application Administrator Entra role assignment for a specified group with scope to a specific application.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionName 'Application Administrator' --groupName 'Applications admins' --applicationId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+Request activation of an Entra role assignment for a specific period of two days.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionName 'Global Administrator' --userName 'admin-john@contoso.com' --startDateTime '2024-01-10T09:00:00Z' --endDateTime '2024-01-11T17:00:00Z'
+```
+
+Request activation of an Entra role assignment with no expiration.
+
+```sh
+m365 entra pim role assignment add --roleDefinitionName 'Global Administrator' --userName 'admin-john@contoso.com' --noExpiration
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "3f7d1bd6-a9a5-45bc-b831-00cfa3e3c649",
+    "status": "Provisioned",
+    "createdDateTime": "2024-02-12T13:54:21.3110096Z",
+    "completedDateTime": "2024-02-12T13:54:21.9847061Z",
+    "approvalId": null,
+    "customData": null,
+    "action": "adminAssign",
+    "principalId": "61b0c52f-a902-4769-9a09-c6628335b00a",
+    "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
+    "directoryScopeId": "/",
+    "appScopeId": null,
+    "isValidationOnly": false,
+    "targetScheduleId": "3f7d1bd6-a9a5-45bc-b831-00cfa3e3c649",
+    "justification": "Need SharePoint Administrator role",
+    "createdBy": {
+      "application": null,
+      "device": null,
+      "user": {
+        "displayName": null,
+        "id": "893f9116-e024-4bc6-8e98-54c245129485"
+      }
+    },
+    "scheduleInfo": {
+      "startDateTime": "2024-02-12T13:54:21.9847061Z",
+      "recurrence": null,
+      "expiration": {
+        "type": "noExpiration",
+        "endDateTime": null,
+        "duration": null
+      }
+    },
+    "ticketInfo": {
+      "ticketNumber": null,
+      "ticketSystem": null
+    }
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  action           : adminAssign
+  appScopeId       : null
+  approvalId       : null
+  completedDateTime: 2024-02-12T14:02:09.8938321Z
+  createdBy        : {"application":null,"device":null,"user":{"displayName":null,"id":"893f9116-e024-4bc6-8e98-54c245129485"}}
+  createdDateTime  : 2024-02-12T14:02:09.4658344Z
+  customData       : null
+  directoryScopeId : /
+  id               : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  isValidationOnly : false
+  justification    : Need SharePoint Administrator role
+  principalId      : 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId : f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  scheduleInfo     : {"startDateTime":"2024-02-12T14:02:09.8938321Z","recurrence":null,"expiration":{"type":"noExpiration","endDateTime":null,"duration":null}}
+  status           : Provisioned
+  targetScheduleId : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  ticketInfo       : {"ticketNumber":null,"ticketSystem":null}
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,status,createdDateTime,completedDateTime,approvalId,customData,action,principalId,roleDefinitionId,directoryScopeId,appScopeId,isValidationOnly,targetScheduleId,justification
+  7d727f44-c2dd-459e-8665-99ce003d12a9,Provisioned,2024-02-12T14:08:54.881749Z,2024-02-12T14:08:55.2507639Z,,,adminAssign,61b0c52f-a902-4769-9a09-c6628335b00a,f28a1f50-f6e7-4571-818b-6a12f2af6b6c,/,,,7d727f44-c2dd-459e-8665-99ce003d12a9,Need SharePoint Administrator role
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # entra pim roleassignment add --roleDefinitionId "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" --userId "61b0c52f-a902-4769-9a09-c6628335b00a" --justification "Need SharePoint Administrator role"
+
+  Date: 2/13/2024
+
+  ## 7622802f-648b-4dd9-820f-dccaf8bbbab5
+
+  Property | Value
+  ---------|-------
+  id | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  status | Provisioned
+  createdDateTime | 2024-02-13T18:34:13.5365923Z
+  completedDateTime | 2024-02-13T18:34:14.269623Z
+  action | adminAssign
+  principalId | 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId | f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  directoryScopeId | /
+  isValidationOnly | false
+  targetScheduleId | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  justification | Need SharePoint Administrator role
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Role assignment request: https://learn.microsoft.com/graph/api/rbacapplication-post-roleassignmentschedulerequests