public/Remove-VPASToken.ps1
|
<#
.Synopsis CLEAR CYBERARK LOGIN TOKEN CREATED BY: Vadim Melamed, EMAIL: vpasmodule@gmail.com .DESCRIPTION USE THIS FUNCTION TO LOGOFF CYBERARK AND INVALIDATE THE LOGIN TOKEN .LINK https://vpasmodule.com/commands/Remove-VPASToken .PARAMETER token HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc). If -token is not passed, function will use last known hashtable generated by New-VPASToken .PARAMETER WhatIf Run code simulation to see what is affected by running the command as well as any possible implications This is a code simulation flag, meaning the command will NOT actually run .PARAMETER HideWhatIfOutput Suppress any code simulation output from the console .PARAMETER InputParameters HashTable of values containing the parameters required to make the API call .EXAMPLE $WhatIfSimulation = Remove-VPASToken -WhatIf .EXAMPLE $LogoffStatus = Remove-VPASToken .EXAMPLE $InputParameters = @{ WhatIf = $true|$false HideOutput = $true|$false } $LogoffStatus = Remove-VPASToken -InputParameters $InputParameters .OUTPUTS $true if successful --- $false if failed #> function Remove-VPASToken{ [OutputType([bool],'System.Object')] [CmdletBinding(DefaultParameterSetName='Set1')] Param( [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$WhatIf, [Parameter(Mandatory=$false,ParameterSetName='Set1',ValueFromPipelineByPropertyName=$true)] [Switch]$HideWhatIfOutput, [Parameter(Mandatory=$true,ParameterSetName='InputParameters',ValueFromPipelineByPropertyName=$true,HelpMessage="Hashtable of parameters required to make API call, refer to get-help -examples for valid inputs")] [hashtable]$InputParameters, [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true)] [hashtable]$token ) Begin{ $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain,$EnableTroubleshooting = Get-VPASSession -token $token $CommandName = $MyInvocation.MyCommand.Name $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND } Process{ try{ if($PSCmdlet.ParameterSetName -eq "InputParameters"){ $KeyHash = @{ set1 = @{ AcceptableKeys = @("WhatIf","HideWhatIfOutput") MandatoryKeys = @() } } $CheckSet = Test-VPASHashtableKeysHelper -InputHash $InputParameters -KeyHash $KeyHash if(!$CheckSet){ $log = Write-VPASTextRecorder -inputval "FAILED TO FIND TARGET PARAMETER SET" -token $token -LogType MISC Write-Verbose "FAILED TO FIND TARGET PARAMETER SET" Write-VPASOutput -str "FAILED TO FIND TARGET PARAMETER SET...VIEW EXAMPLES BELOW:" -type E $examples = Write-VPASExampleHelper -CommandName $CommandName return $false } else{ foreach($key in $InputParameters.Keys){ Set-Variable -Name $key -Value $InputParameters.$key } } } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "FAILED TO REMOVE TOKEN" Write-VPASOutput -str $_ -type E return $false } try{ if($NoSSL){ Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS" if($IdentityURL){ $uri = "http://$IdentityURL/Security/Logout" } else{ $uri = "http://$PVWA/PasswordVault/API/Auth/Logoff" } } else{ Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS" if($IdentityURL){ $uri = "https://$IdentityURL/Security/Logout" } else{ $uri = "https://$PVWA/PasswordVault/API/Auth/Logoff" } } $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD if($WhatIf){ $log = Write-VPASTextRecorder -token $token -LogType WHATIF1 $WhatIfHash = @{} Write-Verbose "INITIATING COMMAND SIMULATION" $WhatIfInfo = Get-VPASCurrentEPVUserDetails -token $token if($WhatIfInfo){ if($ISPSS){ $WhatIfUsername = $WhatIfInfo.User } else{ $WhatIfUsername = $WhatIfInfo.UserName } $WhatIfHeaderType = $Header $WhatIfISPSS = $ISPSS $WhatIfIdentityURL = $IdentityURL $WhatIfToken = $tokenval $WhatIfPVWA = $PVWA $WhatIfSessionVal = $sessionval if(!$HideWhatIfOutput){ Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S Write-VPASOutput -str "THE FOLLOWING AUTHENTICATION TOKEN WOULD BE DELETED:" -type S Write-VPASOutput -str "UserName : $WhatIfUsername" -type S Write-VPASOutput -str "HeaderType : $WhatIfHeaderType" -type S Write-VPASOutput -str "ISPSS : $WhatIfISPSS" -type S Write-VPASOutput -str "IdentityURL : $WhatIfIdentityURL" -type S Write-VPASOutput -str "Token : $WhatIfToken" -type S Write-VPASOutput -str "PVWA : $WhatIfPVWA" -type S Write-VPASOutput -str "SessionVal : $WhatIfSessionVal" -type S Write-VPASOutput -str "---" -type S Write-VPASOutput -str "URI : $uri" -type S Write-VPASOutput -str "METHOD : DELETE" -type S Write-VPASOutput -str " " -type S Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S } $WhatIfHash = @{ WhatIf = @{ UserName = $WhatIfUsername HeaderType = $WhatIfHeaderType ISPSS = $WhatIfISPSS IdentityURL = $WhatIfIdentityURL Token = $WhatIfToken PVWA = $WhatIfPVWA SessionVal = $WhatIfSessionVal RestURI = $uri RestMethod = "DELETE" Disclaimer = "THIS AUTHENTICATION TOKEN WILL BE DELETED IF -WhatIf FLAG IS REMOVED" } } $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $WhatIfJSON } else{ $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC $log = Write-VPASTextRecorder -token $token -LogType WHATIF2 return $false } } else{ Write-Verbose "BEGINNING LOGOFF PROCEDURE" if($sessionval){ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType 'application/json' -WebSession $sessionval } else{ $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType 'application/json' } $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC Write-Verbose "SUCCESSFULLY LOGGED OFF CYBERARK" return $true } }catch{ $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC Write-Verbose "UNEXPECTED ERROR DURING LOGOFF PROCESS" Write-VPASOutput -str $_ -type E return $false } } End{ $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER } } |