functions/Core/Connect-TANSS.ps1
function Connect-TANSS { <# .Synopsis Connect-TANSS .DESCRIPTION Connect to TANSS Service .PARAMETER Server Name of the service to connect to .PARAMETER Credential The credentials to login .PARAMETER LoginToken If the user needs an -application specific- login token for MFA, this field must be set as well .PARAMETER Protocol Specifies if the connection is done with http or https .PARAMETER DoNotRegisterConnection Do not register the connection as default connection .PARAMETER NoCacheInit Do not query current existing tickets and various types to fill cache data for lookup types .PARAMETER PassThru Outputs the token to the console, even when the register switch is set .PARAMETER Confirm If this switch is enabled, you will be prompted for confirmation before executing any operations that change state. .EXAMPLE PS C:\> Connect-TANSS -Server "tanss.company.com" -Credential (Get-Credential "username") Connects to "tanss.company.com" via HTTPS protocol and the specified credentials. Connection will be set as default connection for any further action. .NOTES Author: Andreas Bellstedt .LINK https://github.com/AndiBellstedt/PSTANSS #> [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingConvertToSecureStringWithPlainText", "")] [CmdletBinding( DefaultParameterSetName = 'Credential', SupportsShouldProcess = $false, PositionalBinding = $true, ConfirmImpact = 'Medium' )] [OutputType([TANSS.Connection])] Param( [Parameter( Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true )] [Alias("ComputerName", "Hostname", "Host", "ServerName")] [String] $Server, [Parameter( Mandatory = $true, ParameterSetName = 'Credential' )] [System.Management.Automation.PSCredential] $Credential, [Parameter(ParameterSetName = 'Credential')] [string] $LoginToken, [ValidateSet("HTTP", "HTTPS")] [ValidateNotNullOrEmpty()] [String] $Protocol = "HTTPS", [Alias('NoRegistration')] [Switch] $DoNotRegisterConnection, [switch] $NoCacheInit, [switch] $PassThru ) begin { $ApiPath = Format-ApiPath -Path "api/v1/user/login" } process { if ($protocol -eq 'HTTP') { Write-PSFMessage -Level Important -Message "Unsecure $($protocol) connection with possible security risk detected. Please consider switch to HTTPS!" -Tag "Connection" $prefix = 'http://' } else { Write-PSFMessage -Level System -Message "Using secure $($protocol) connection." -Tag "Connection" $prefix = 'https://' } if ($Server -match '//') { if ($Server -match '\/\/(?<Server>(\w+|\.)+)') { $Server = $Matches["Server"] } Remove-Variable -Name Matches -Force -Verbose:$false -Debug:$false -Confirm:$false } if ($PsCmdlet.ParameterSetName -eq 'Credential') { if (($credential.UserName.Split('\')).count -gt 1) { $userName = $credential.UserName.Split('\')[1] } else { $userName = $credential.UserName } Write-PSFMessage -Level Verbose -Message "Authenticate user '$($userName)' to service '$($Prefix)$($server)'" -Tag "Connection", "Authentication" $param = @{ "Uri" = "$($prefix)$($server)/$($ApiPath)" "Headers" = @{ "user" = $userName "password" = $credential.GetNetworkCredential().Password "logintoken" = "$($LoginToken)" } "Verbose" = $false "Debug" = $false "ErrorAction" = "Stop" "ErrorVariable" = "invokeError" } try { $response = Invoke-RestMethod @param } catch { Stop-PSFFunction -Message "Error invoking rest call on service '$($Prefix)$($server)'. $($invokeError)" -Tag "Connection", "Authentication" -EnableException $true -Cmdlet $pscmdlet } if ($response.meta.text -like "Unsuccesful login attempt") { $msgText = "$($response.meta.text) to service '$($Prefix)$($server)'. Maybe wrong password" if (-not $LoginToken) { $msgText = "$($msgText) or LoginToken (OTP) is needed" } else { $msgText = "$($msgText) or LoginToken (OTP) wrong/expired" } Stop-PSFFunction -Message $msgText -Tag "Connection", "Authentication" -EnableException $true -Cmdlet $pscmdlet } if (-not $response.content.apiKey) { Stop-PSFFunction -Message "Something went wrong on authenticating user $($userName). No apiKey found in response. Unable login to service '$($Prefix)$($server)'" -Tag "Connection", "Authentication" -EnableException $true -Cmdlet $pscmdlet } } Write-PSFMessage -Level System -Message "Creating TANSS.Connection" -Tag "Connection" $token = [TANSS.Connection]@{ Server = "$($Prefix)$($Server)" UserName = $userName EmployeeId = $response.content.employeeId EmployeeType = $response.content.employeeType AccessToken = ($response.content.apiKey | ConvertTo-SecureString -AsPlainText -Force) RefreshToken = ($response.content.refresh | ConvertTo-SecureString -AsPlainText -Force) Message = $response.meta.text TimeStampCreated = Get-Date TimeStampExpires = [datetime]::new(1970, 1, 1, 0, 0, 0, 0, [DateTimeKind]::Utc).AddSeconds($response.content.expire).ToLocalTime() TimeStampModified = Get-Date } if (-not $NoCacheInit) { Invoke-CacheRefresh -Token $token } if (-not $DoNotRegisterConnection) { # Make the connection the default connection for further commands Register-TANSSAccessToken -Token $token Write-PSFMessage -Level Significant -Message "Connected to service '($($token.Server))' as '$($token.UserName)' as default connection" -Tag "Connection" if ($PassThru) { Write-PSFMessage -Level System -Message "Outputting TANSS.Connection object" -Tag "Connection" $token } } else { Write-PSFMessage -Level Significant -Message "Connected to service '($($token.Server))' as '$($token.UserName)', outputting TANSS.Connection" -Tag "Connection" $token } } end { } } |