public/Get-VPASIdentityUserDetails.ps1

<#
.Synopsis
   RETRIEVE USER DETAILS IN IDENTITY
   CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO RETRIEVE USER DETAILS IN IDENTITY
.LINK
   https://vpasmodule.com/commands/Get-VPASIdentityUserDetails
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER username
   Username that will be used to query for the target user in Identity if no UserID is passed
.PARAMETER UserID
   Unique UserID that maps to the target User in Identity
   Supply the UserID to skip any querying for the target User
.PARAMETER InputParameters
   HashTable of values containing the parameters required to make the API call
.EXAMPLE
   $GetUserDetails = Get-VPASIdentityUserDetails -Username {USERNAME VALUE}
.EXAMPLE
   $GetUserDetails = Get-VPASIdentityUserDetails -UserID {USERID VALUE}
.EXAMPLE
   $InputParameters = @{
        Username = "vadim.melamed@vman.com"
   }
   $GetUserDetails = Get-VPASIdentityUserDetails -InputParameters $InputParameters
.EXAMPLE
   $InputParameters = @{
        UserID = "jkadhfkj84793-1234-abcd-9bc1-skldjfkls8974983"
   }
   $GetUserDetails = Get-VPASIdentityUserDetails -InputParameters $InputParameters
.OUTPUTS
   If successful:
   {
        "Uuid": "jkadhfkj84793-1234-abcd-9bc1-skldjfkls8974983",
        "State": "None",
        "LastModifiedDate": "\/Date(1723776119360)\/",
        "DisplayName": "Vadim Melamed",
        "Version": "1",
        "Mail": "vadim.melamed@vman.com",
        "Name": "vadim@vman.com",
        "ReportsTo": "Unassigned",
        "CreateDate": "\/Date(1672168595868)\/",
        "HomeNumber": "1234567890",
        "LockedByAdmin": false,
        "MobileNumber": "1234567890",
        "Alias": "vman.com",
        "OfficeNumber": "1234567890",
        "InEverybodyRole": true,
        "LastPasswordChangeDate": "\/Date(1690902157647)\/",
        "OauthClient": false,
        "PasswordNeverExpire": true
   }
   ---
   $false if failed
#>

function Get-VPASIdentityUserDetails{
    [OutputType('System.Object',[bool])]
    [CmdletBinding(DefaultParameterSetName='Set1')]
    Param(

        [Parameter(Mandatory=$true,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true,HelpMessage="Username of the target user (for example: vman@cyberark.cloud.1234)")]
        [String]$Username,

        [Parameter(Mandatory=$true,ParameterSetName='Set2',ValueFromPipelineByPropertyName=$true,HelpMessage="Unique UserID of the target user (for example: 12345_abcdefg_67890_hijklmn)")]
        [String]$UserID,

        [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")]
        [hashtable]$InputParameters,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($PSCmdlet.ParameterSetName -eq "InputParameters"){
                $KeyHash = @{
                    set1 = @{
                        AcceptableKeys = @("Username")
                        MandatoryKeys = @("Username")
                    }
                    set2 = @{
                        AcceptableKeys = @("UserID")
                        MandatoryKeys = @("UserID")
                    }
                }
                $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash

                if(!$CheckSet){
                    $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC
                    Write-Verbose "FAILED TO FIND TARGET PARAMETER SET"
                    Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E
                    $examples = Write-VPASExampleHelper -CommandName $CommandName
                    return $false
                }
                else{
                    foreach($key in $InputParameters.Keys){
                        Set-Variable -Name $key -Value $InputParameters.$key
                    }
                }
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RETRIEVE USER DETAILS"
            Write-VPASOutput -str $_ -type E
            return $false
        }

        try{

            if(!$IdentityURL){
                $log = Write-VPASTextRecorder -inputval "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-VPASOutput -str "LOGIN TOKEN WAS NOT GENERATED THROUGH IDENTITY, TERMINATING API CALL" -type E
                return $false
            }

            if([String]::IsNullOrEmpty($UserID)){
                Write-Verbose "NO USER ID PASSED"
                Write-Verbose "INVOKING HELPER FUNCTION TO RETRIEVE USER ID"

                $UserID = Get-VPASUserIDIdentityHelper -token $token -User $Username

                if($UserID -eq -1){
                    $log = Write-VPASTextRecorder -inputval "MULTIPLE USER ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-VPASOutput -str "MULTIPLE USER ENTRIES WERE RETURNED, ADD MORE TO NAME TO NARROW RESULTS" -type E
                    Write-VPASOutput -str "RETURNING FALSE" -type E
                    return $false
                }
                elseif($UserID -eq -2){
                    $log = Write-VPASTextRecorder -inputval "NO USER ENTRIES WERE RETURNED" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-VPASOutput -str "NO USER ENTRIES WERE RETURNED" -type E
                    Write-VPASOutput -str "RETURNING FALSE" -type E
                    return $false
                }
                else{
                    Write-Verbose "FOUND UNIQUE USER ID"
                }
            }
            else{
                Write-Verbose "USER ID PASSED, SKIPPING HELPER FUNCTION"
            }


            Write-Verbose "CONSTRUCTING PARAMS"
            $params = @{
                ID = $UserID
            }
            $log = Write-VPASTextRecorder -inputval $params -token $token -LogType PARAMS
            $params = $params | ConvertTo-Json
            Write-Verbose "ADDING USER ID: $UserID TO PARAMS"

            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                $uri = "http://$IdentityURL/CDirectoryService/GetUser"
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                $uri = "https://$IdentityURL/CDirectoryService/GetUser"
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            if($sessionval){
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json" -WebSession $sessionval
            }
            else{
                $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -Body $params -ContentType "application/json"
            }

            if($response.success){
                $outputlog = $response.Result
                $log = Write-VPASTextRecorder -inputval $outputlog -token $token -LogType RETURN
                return $response.Result
            }
            else{
                $err = $response.Message
                $log = Write-VPASTextRecorder -inputval "$err" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-VPASOutput -str $err -type E
                return $false
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "FAILED TO RETRIEVE USERS FROM IDENTITY"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}