VpasModule

14.3.0

public/Reset-VPASEPVUserPassword.ps1

<#
.Synopsis
   RESET EPV USER PASSWORD
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO RESET THE PASSWORD OF AN EPV USER
.LINK
   https://vpasmodule.com/commands/Reset-VPASEPVUserPassword
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER EPVUsername
   Query for the target EPVUser via Username
.PARAMETER EPVUserID
   Query for the target EPVUser via UserID
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.PARAMETER NewPassword
   New temporary password that will be applied to the target EPVUser
.EXAMPLE
   $ResetEPVUserPasswordStatus = Reset-VPASEPVUserPassword -EPVUsername {USERNAME VALUE} -NewPassword {NEWPASSWORD VALUE}
.EXAMPLE
   $ResetEPVUserPasswordStatus = Reset-VPASEPVUserPassword -EPVUserID {USERID VALUE} -NewPassword {NEWPASSWORD VALUE}
.EXAMPLE
   $InputParameters = @{
        EPVUsername = "targetEPVUsername"
        NewPassword = "SuperSecretPassword"
   }
   $ResetEPVUserPasswordStatus = Reset-VPASEPVUserPassword -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        EPVUserID = "55"
        NewPassword = "SuperSecretPassword"
   }
   $ResetEPVUserPasswordStatus = Reset-VPASEPVUserPassword -InputParameters $InputParameters
.OUTPUTS
   $true if successful
   ---
   $false if failed
#>
function Reset-VPASEPVUserPassword{
    [OutputType([bool])]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUsername (for example: vman)")]
        [String]$EPVUsername,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter target EPVUserID (for example: 55)")]
        [String]$EPVUserID,

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter new temporary password for target EPVUser")]
        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Enter new temporary password for target EPVUser")]
        [String]$NewPassword,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("EPVUsername","NewPassword")
                        MandatoryKeys = @("EPVUsername","NewPassword")
                    }
                    set2 = @{
                        AcceptableKeys = @("EPVUserID","NewPassword")
                        MandatoryKeys = @("EPVUserID","NewPassword")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RESET EPV USER"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{
            if($EPVUsername){
                $LookupBy = "Username"
                $LookupVal = $EPVUsername
            }
            if($EPVUserID){
                $LookupBy = "UserID"
                $LookupVal = $EPVUserID
            }

            if($LookupBy -eq "Username"){

                Write-Verbose "CONSTRUCTING SEARCH STRING TO QUERY CYBERARK"
                $searchQuery = "$LookupVal"
                Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE USERID"

                $UserID = Get-VPASEPVUserIDHelper -token $token -username $LookupVal
            }
            elseif($LookupBy -eq "UserID"){
                Write-Verbose "SUPPLIED USERID, SKIPPING HELPER FUNCTION"
                $UserID = $LookupVal
            }

            $UserIDint = [int]$UserID
            write-verbose "CONVERTED USERID FROM TYPE STRING TO TYPE INT"

            $params = @{
                id = $UserIDint
                newPassword = $NewPassword
            } | ConvertTo-Json

            $OutputParams = @{
                id = $UserIDint
                newPassword = "{NewCredentials}"
            }
            $log = Write-VPASTextRecorder -inputval $OutputParams -token $token -LogType PARAMS
            Write-Verbose "SUCCESSFULLY SETUP PARAMETERS FOR API CALL"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$PVWA/PasswordVault/api/Users/$UserID/ResetPassword"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$PVWA/PasswordVault/api/Users/$UserID/ResetPassword"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            Write-Verbose "MAKING API CALL TO CYBERARK"

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"
            }
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
            Write-Verbose "SUCCESSFULLY RESET PASSWORD OF $LookupBy = $LookupVal"
            return $true

        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNABLE TO RESET PASSWORD OF EPVUSER VIA $LookupBy : $LookupVal"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}