functions/Get-PasswordStatePassword.ps1
Function Get-PasswordStatePassword { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingPlainTextForPassword', '', Justification = 'No Password is used only ID.')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingUserNameAndPassWordParams', '', Justification = 'PasswordID is not a password')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidGlobalVars', '', Justification = 'Needed for backward compatability')] [CmdletBinding(DefaultParameterSetName = 'General')] Param ( [Parameter(ParameterSetName = 'General', ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0, Mandatory = $false)][string]$Search, [Parameter(ParameterSetName = 'PasswordID', ValueFromPipelineByPropertyName, Position = 0, Mandatory = $true)][ValidateNotNullOrEmpty()][int32]$PasswordID, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 0)][ValidateLength(1, 255)][string]$Title, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 1)][ValidateLength(1, 255)][string]$UserName, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 2)][ValidateLength(1, 200)][string]$HostName, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 4)][string]$AccountType, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 5)][ValidateLength(1, 255)][string]$Description, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 6)][string]$Notes, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 7)][ValidateLength(1, 255)][string]$URL, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 8)][string]$SiteID, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 9)][string]$SiteLocation, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 10)][string]$GenericField1, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 11)][string]$GenericField2, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 12)][string]$GenericField3, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 13)][string]$GenericField4, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 14)][string]$GenericField5, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 15)][string]$GenericField6, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 16)][string]$GenericField7, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 17)][string]$GenericField8, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 18)][string]$GenericField9, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 19)][string]$GenericField10, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 20)][string]$AccountTypeID, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 21)][switch]$PasswordResetEnabled, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 22)] [ValidateScript( { # The dates for the ExpiryDate needs to be culture aware, so we cannot validate a specific date format. function isDate([string]$StrDate) { [boolean]($StrDate -as [DateTime]) } if (!(isDate $_)) { throw "Given ExpiryDate '$_' is not a valid Date format. Also, please specify the ExpiryDate in the date format that you have chosen in 'System Settings - miscellaneous - Default Locale' (Default: 'YYYY-MM-DD')." } else { $true } })] [string]$ExpiryDate, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 23, HelpMessage = 'Format: ExpiryDate>=2012-07-14,ExpiryDate<=2020-12-31')] [ValidateScript( { # The dates here for the ExpiryDate(s) do NOT need to be culture aware, so we can validate a specific date format with a regular expression. # So we only need to validate if the format of the entire ExpiryDateRange string is correct. if ($_ -notmatch '(ExpiryDate(<|>|=|<=|>=)((19|20)[0-9]{2}[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01]))),(ExpiryDate(<|>|=|<=|>=)((19|20)[0-9]{2}[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])))|(?<!,)ExpiryDate(<|>|=|<=|>=)((19|20)[0-9]{2}[-](0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01]))') { throw "Given ExpiryDateRange '$_' is not a valid ExpiryDateRange format. Please use the following format (single comma between ExpiryDates): 'ExpiryDate>=2012-07-14,ExpiryDate<=2020-12-31' (Also, please specify the ExpiryDates in the ISO 8601 international date format 'YYYY-MM-DD')." } else { $true } })] [string]$ExpiryDateRange, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 24)][ValidateSet('AND', 'OR')][string]$AndOr, [Parameter(ParameterSetName = 'General', ValueFromPipelineByPropertyName, Position = 1)][Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 25)][Nullable[System.Int32]]$PasswordListID, [parameter(ValueFromPipelineByPropertyName, Position = 26)][string]$Reason, [parameter(ValueFromPipelineByPropertyName, Position = 27)][switch]$PreventAuditing, [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 28)][ValidateLength(1, 50)][Alias('Domain')][string]$ADDomainNetBIOS ) Begin { # Import PasswordState Environment for validation of PasswordsInPlainText setting $PWSProfile = Get-PasswordStateEnvironment # Add a reason to the audit log if specified If ($Reason) { $headerreason = @{"Reason" = "$Reason" } $parms = @{ExtraParams = @{"Headers" = $headerreason } } } else { $parms = @{ } } } Process { # If PasswordListID wasn't set, set variable to $null If (!($PSBoundParameters.ContainsKey('PasswordListID'))) { $PasswordListID = $null } Switch ($PSCmdlet.ParameterSetName) { # General search 'General' { if ([string]::IsNullOrEmpty($Search)) { # Return all Passwords for the given PasswordList if ($PasswordListID) { $uri = "/api/passwords/$($PasswordListID)?QueryAll" } # Return all Passwords that the user/APIKey has access to else { $uri = "/api/passwords/?QueryAll" } } Else { $uri = "/api/searchpasswords/$($PasswordListID)?Search=$([System.Web.HttpUtility]::UrlEncode($Search))" } } # Search on a specific password ID 'PasswordID' { If ($PSBoundParameters.ContainsKey('PasswordID')) { # if only PasswordID is specified, so searching for a specific ID, PreventAuditing is not possible $PreventAuditing = $false } $uri = "/api/passwords/$($PasswordID)" } # Search with a variety of filters 'Specific' { $BuildURL = '?' If ($Title) { $BuildURL += "Title=$([System.Web.HttpUtility]::UrlEncode($Title))&" } If ($UserName) { $BuildURL += "UserName=$([System.Web.HttpUtility]::UrlEncode($UserName))&" } If ($HostName) { $BuildURL += "HostName=$([System.Web.HttpUtility]::UrlEncode($HostName))&" } If ($ADDomainNetBIOS) { $BuildURL += "ADDomainNetBIOS=$([System.Web.HttpUtility]::UrlEncode($ADDomainNetBIOS))&" } If ($Domain) { $BuildURL += "Domain=$([System.Web.HttpUtility]::UrlEncode($Domain))&" } If ($AccountType) { $BuildURL += "AccountType=$([System.Web.HttpUtility]::UrlEncode($AccountType))&" } If ($Description) { $BuildURL += "Description=$([System.Web.HttpUtility]::UrlEncode($Description))&" } If ($Notes) { $BuildURL += "Notes=$([System.Web.HttpUtility]::UrlEncode($Notes))&" } If ($URL) { $BuildURL += "URL=$([System.Web.HttpUtility]::UrlEncode($URL))&" } If ($SiteID) { $BuildURL += "SiteID=$([System.Web.HttpUtility]::UrlEncode($SiteID))&" } If ($SiteLocation) { $BuildURL += "SiteLocation=$([System.Web.HttpUtility]::UrlEncode($SiteLocation))&" } If ($GenericField1) { $BuildURL += "GenericField1=$([System.Web.HttpUtility]::UrlEncode($GenericField1))&" } If ($GenericField2) { $BuildURL += "GenericField2=$([System.Web.HttpUtility]::UrlEncode($GenericField2))&" } If ($GenericField3) { $BuildURL += "GenericField3=$([System.Web.HttpUtility]::UrlEncode($GenericField3))&" } If ($GenericField4) { $BuildURL += "GenericField4=$([System.Web.HttpUtility]::UrlEncode($GenericField4))&" } If ($GenericField5) { $BuildURL += "GenericField5=$([System.Web.HttpUtility]::UrlEncode($GenericField5))&" } If ($GenericField6) { $BuildURL += "GenericField6=$([System.Web.HttpUtility]::UrlEncode($GenericField6))&" } If ($GenericField7) { $BuildURL += "GenericField7=$([System.Web.HttpUtility]::UrlEncode($GenericField7))&" } If ($GenericField8) { $BuildURL += "GenericField8=$([System.Web.HttpUtility]::UrlEncode($GenericField8))&" } If ($GenericField9) { $BuildURL += "GenericField9=$([System.Web.HttpUtility]::UrlEncode($GenericField9))&" } If ($GenericField10) { $BuildURL += "GenericField10=$([System.Web.HttpUtility]::UrlEncode($GenericField10))&" } If ($AccountTypeID) { $BuildURL += "AccountTypeID=$([System.Web.HttpUtility]::UrlEncode($AccountTypeID))&" } If ($PasswordResetEnabled.IsPresent) { $BuildURL += "PasswordResetEnabled=$([System.Web.HttpUtility]::UrlEncode('true'))&" } If ($ExpiryDateRange) { $BuildURL += "ExpiryDateRange=$([System.Web.HttpUtility]::UrlEncode($ExpiryDateRange))&" } If ($ExpiryDate) { $BuildURL += "ExpiryDate=$([System.Web.HttpUtility]::UrlEncode($ExpiryDate))&" } If ($AndOr) { $BuildURL += "AndOr=$([System.Web.HttpUtility]::UrlEncode($AndOr))&" } $BuildURL = $BuildURL -Replace ".$" if ($PasswordListID) { $uri = "/api/searchpasswords/$($PasswordListID)$($BuildURL)" } else { $uri = "/api/searchpasswords/$($BuildURL)" } } } Switch ($PreventAuditing) { $True { $uri += "&PreventAuditing=true" } Default { } } Try { $output = Get-PasswordStateResource -uri $uri @parms -ErrorAction Stop } Catch { Throw $_.Exception } if ($output) { # if more than one password object was found, we need to cast each password object to [PasswordResult] method foreach ($PWSEntry in $output) { try { [PasswordResult]$PWSEntry = $PWSEntry } catch { throw $_.Exception } if (!$PWSProfile.PasswordsInPlainText) { $PWSEntry.Password = [EncryptedPassword]$PWSEntry.Password } $PWSEntry } } } end { } } Set-Alias -Name Find-PasswordStatePassword -Value Get-PasswordStatePassword -Force |