public/Get-VPASIdentityUserSecurityQuestions.ps1
|
<#
.Synopsis RETRIEVE USER SECURITY QUESTIONS IN IDENTITY CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO RETRIEVE A USERS SECURITY QUESTIONS IN IDENTITY .LINK https://vpasmodule.com/commands/Get-VPASIdentityUserSecurityQuestions .PARAMETER IncludeAdminQuestions Include admin set security questions in the results .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER username Username that will be used to query for the target user in Identity if no UserID is passed .PARAMETER UserID Unique UserID that maps to the target User in Identity Supply the UserID to skip any querying for the target User .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $GetUserSecurityQuestions = Get-VPASIdentityUserSecurityQuestions -Username {USERNAME VALUE} .EXAMPLE $GetUserSecurityQuestions = Get-VPASIdentityUserSecurityQuestions -UserID {USERID VALUE} -IncludeAdminQuestions .EXAMPLE $InputParameters = @{ Username = "vadim.melamed@vman.com" IncludeAdminQuestions = $true|$false } $GetUserSecurityQuestions = Get-VPASIdentityUserSecurityQuestions -InputParameters $InputParameters .EXAMPLE $InputParameters = @{ UserID = "jkadhfkj84793-1234-abcd-9bc1-skldjfkls8974983" IncludeAdminQuestions = $true|$false } $GetUserSecurityQuestions = Get-VPASIdentityUserSecurityQuestions -InputParameters $InputParameters .OUTPUTS If successful: { "AnswerMinLength": 3, "MaxQuestions": 20, "MinAdminQuestions": 0, "MinUserQuestions": 1, "Questions": [ { "Uuid": "u_adhaskj23498-abcd-9876-1234-asdkjh394857", "QuestionText": "What is my favorite color?" }, { "Uuid": "u_asjkdhak24789-abcd-9876-1234-78943ksjhfd", "QuestionText": "What is my favorite color" } ] } --- $false if failed #> function Get-VPASIdentityUserSecurityQuestions{ [OutputType('System.Object',[bool])] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Username of the target user (for example: vman@cyberark.cloud.1234)")] [String]$Username, [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique UserID of the target user (for example: 12345_abcdefg_67890_hijklmn)")] [String]$UserID, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Parameter(Mandatory=$false,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true)] [Switch]$IncludeAdminQuestions, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("Username","IncludeAdminQuestions") MandatoryKeys = @("Username") } set2 = @{ AcceptableKeys = @("UserID","IncludeAdminQuestions") MandatoryKeys = @("UserID") } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE USER SECURITY QUESTIONS" Write-VPASOutput -str $_ -type E return $false } try{ if(!$IdentityURL){ $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E return $false } if([String]::IsNullOrEmpty($UserID)){ Write-Verbose "NO USER ID PASSED" Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE USER ID" $UserID = Get-VPASUserIDIdentityHelper -token $token -User $Username if($UserID -eq -1){ $log = Write-VPASTextRecorder -inputval "MULTIPLE USER ENTRIES WERE RETURNED, ADD MORE TO SEARCH QUERY TO NARROW RESULTS" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "MULTIPLE USER ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } elseif($UserID -eq -2){ $log = Write-VPASTextRecorder -inputval "COULD NOT FIND TARGET ENTRY" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str "NO USER ENTRIES WERE RETURNED" -type E Write-VPASOutput -str "RETURNING FALSE" -type E return $false } else{ Write-Verbose "FOUND UNIQUE USER ID" } } else{ Write-Verbose "USER ID PASSED, SKIPPING HELPER FUNCTION" } Write-Verbose "CONSTRUCTING PARAMS" if($IncludeAdminQuestions){ $params = @{ ID = $UserID addAdminQuestions = $true } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json Write-Verbose "ADDING USER ID: $UserID TO PARAMS" Write-Verbose "ADDING ADMIN QUESTIONS FLAG TO PARAMS" } else{ $params = @{ ID = $UserID } $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS $params = $params | ConvertTo-Json Write-Verbose "ADDING USER ID: $UserID TO PARAMS" } if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" $uri = "http://$IdentityURL/UserMgmt/GetSecurityQuestions" } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" $uri = "https://$IdentityURL/UserMgmt/GetSecurityQuestions" } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" } if($response.success){ $outputlog = $response.Result $outputQuestions = @() foreach($rec in $outputlog.Questions){ $minihash = @{ Uuid = $rec.Uuid QuestionText = $rec.QuestionText } $outputQuestions += $minihash } $outputhash = @{ AnswerMinLength = $outputlog.AnswerMinLength MaxQuestions = $outputlog.MaxQuestions MinAdminQuestions = $outputlog.MinAdminQuestions MinUserQuestions = $outputlog.MinUserQuestions } $outputcomplete = @{ Value = $outputhash Questions = $outputQuestions } | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $outputcomplete -token $token -LogType RETURNARRAY return $response.Result } else{ $err = $response.Message $log = Write-VPASTextRecorder -inputval "$err" -token $token -LogType MISC $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-VPASOutput -str $err -type E return $false } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO RETRIEVE USERS FROM IDENTITY" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |