Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
343 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
class TssUser { | ||
[datetime] | ||
$AdAccountExpires | ||
|
||
[string] | ||
$AdGuid | ||
|
||
[datetime] | ||
$Created | ||
|
||
[int] | ||
$DateOptionId | ||
|
||
[string] | ||
$DisplayName | ||
|
||
[int] | ||
$DomainId | ||
|
||
[boolean] | ||
$DuoTwoFactor | ||
|
||
[string] | ||
$EmailAddress | ||
|
||
[boolean] | ||
$Enabled | ||
|
||
[boolean] | ||
$Fido2TwoFactor | ||
|
||
[int] | ||
$Id | ||
|
||
[boolean] | ||
$IsApplicationAccount | ||
|
||
[boolean] | ||
$IsEmailCopiedFromAD | ||
|
||
[boolean] | ||
$IsEmailVerified | ||
|
||
[boolean] | ||
$IsLockedOut | ||
|
||
[datetime] | ||
$LastLogin | ||
|
||
[datetime] | ||
$LastSessionActivity | ||
|
||
[string] | ||
$LockOutReason | ||
|
||
[string] | ||
$LockOutReasonDescription | ||
|
||
[int] | ||
$LoginFailures | ||
|
||
[boolean] | ||
$MustVerifyEmail | ||
|
||
[boolean] | ||
$OathTwoFactor | ||
|
||
[boolean] | ||
$OathVerified | ||
|
||
[datetime] | ||
$PasswordLastChanged | ||
|
||
[boolean] | ||
$RadiusTwoFactor | ||
|
||
[string] | ||
$RadiusUserName | ||
|
||
[datetime] | ||
$ResetSessionStarted | ||
|
||
[int] | ||
$TimeOptionId | ||
|
||
[boolean] | ||
$TwoFactor | ||
|
||
[ValidateSet('Password','PublicKey','PassordOrPublicKey','PasswordAndPublicKey')] | ||
[string] | ||
$UnixAuthenticationMethod | ||
|
||
[int] | ||
$UserLcid | ||
|
||
[string] | ||
$Username | ||
|
||
[datetime] | ||
$VerifyEmailSentDate | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
TOPIC | ||
This help topic describes the TssUserModel class in the Thycotic.SecretServer module | ||
|
||
CLASS | ||
TssUserModel | ||
|
||
INHERITANCE | ||
None | ||
|
||
DESCRIPTION | ||
The TssUserModel class represents the UserModel object returned by Secret Server endpoint GET /users/{id} | ||
|
||
CONSTRUCTORS | ||
new() | ||
|
||
PROPERTIES | ||
AdAccountExpires | ||
Active Directory account expiration time | ||
|
||
AdGuid | ||
Active Directory unique identifier | ||
|
||
Created | ||
User creation time | ||
|
||
DateOptionId | ||
DateOptionId | ||
|
||
DisplayName | ||
Display name | ||
|
||
DomainId | ||
Active Directory domain ID | ||
|
||
DuoTwoFactor | ||
Whether Duo two-factor authentication is enabled | ||
|
||
EmailAddress | ||
Email address | ||
|
||
Enabled | ||
Whether the user account is enabled | ||
|
||
Fido2TwoFactor | ||
Whether FIDO2 two-factor authentication is enabled | ||
|
||
Id | ||
User ID | ||
|
||
IsApplicationAccount | ||
IsApplicationAccount | ||
|
||
IsEmailCopiedFromAD | ||
Whether the email address is derived from the Active Directory account | ||
|
||
IsEmailVerified | ||
Whether the email address has been verified | ||
|
||
IsLockedOut | ||
Whether the user is locked out | ||
|
||
LastLogin | ||
Time of last login | ||
|
||
LastSessionActivity | ||
Time of last session activity | ||
|
||
LockOutReason | ||
The reason for the lock out | ||
|
||
LockOutReasonDescription | ||
An optional description of the reason for the lock out | ||
|
||
LoginFailures | ||
Number of login failures | ||
|
||
MustVerifyEmail | ||
Whether the user must verify their email address | ||
|
||
OathTwoFactor | ||
Whether OATH two-factor authentication is enabled | ||
|
||
OathVerified | ||
Whether OATH has been verified | ||
|
||
PasswordLastChanged | ||
Time when the password was last changed | ||
|
||
RadiusTwoFactor | ||
Whether RADIUS two-factor authentication is enabled | ||
|
||
RadiusUserName | ||
RADIUS username | ||
|
||
ResetSessionStarted | ||
ResetSessionStarted | ||
|
||
TimeOptionId | ||
TimeOptionId | ||
|
||
TwoFactor | ||
Whether two-factor authentication is enabled | ||
|
||
UnixAuthenticationMethod | ||
Check password, public key, either, or both | ||
|
||
UserLcid | ||
UserLcid | ||
|
||
Username | ||
Username | ||
|
||
VerifyEmailSentDate | ||
Time when the verification email was sent | ||
|
||
METHODS | ||
|
||
RELATED LINKS: | ||
Get-TssUser |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
function Get-User { | ||
<# | ||
.SYNOPSIS | ||
Get a Secret Server User | ||
.DESCRIPTION | ||
Get a Secret Server User | ||
.EXAMPLE | ||
PS> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred | ||
PS> Get-TssUser -TssSession $session -Id 2 | ||
Get the User ID 2 | ||
.LINK | ||
https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssUser | ||
.NOTES | ||
Requires TssSession object returned by New-TssSession | ||
#> | ||
[CmdletBinding()] | ||
[OutputType('TssUser')] | ||
param ( | ||
# TssSession object created by New-TssSession for auth | ||
[Parameter(Mandatory,ValueFromPipeline,Position = 0)] | ||
[TssSession] | ||
$TssSession, | ||
|
||
# User ID | ||
[Parameter(Mandatory,ValueFromPipelineByPropertyName)] | ||
[Alias("UserId")] | ||
[int[]] | ||
$Id, | ||
|
||
[switch] | ||
$IncludeInactive | ||
) | ||
begin { | ||
$tssParams = $PSBoundParameters | ||
$invokeParams = . $GetInvokeTssParams $TssSession | ||
} | ||
process { | ||
Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" | ||
if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { | ||
. $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation | ||
foreach ($user in $Id) { | ||
$restResponse = $null | ||
$uri = $TssSession.ApiUrl, 'users', $user -join '/' | ||
$invokeParams.Uri = $uri | ||
$invokeParams.Method = 'GET' | ||
|
||
Write-Verbose "Performing the operation $($invokeParams.Method) $uri with $body" | ||
try { | ||
$restResponse = Invoke-TssRestApi @invokeParams | ||
} catch { | ||
Write-Warning "Issue getting user [$user]" | ||
$err = $_ | ||
. $ErrorHandling $err | ||
} | ||
|
||
if ($restResponse) { | ||
. $TssUserObject $restResponse | ||
} | ||
} | ||
} else { | ||
Write-Warning "No valid session found" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<# | ||
.Synopsis | ||
Creates a TssUser object | ||
#> | ||
param( | ||
[pscustomobject]$Object | ||
) | ||
|
||
begin { | ||
$Properties = $Object[0].PSObject.Properties.Name | ||
} | ||
|
||
process { | ||
$outObject = @() | ||
foreach ($p in $Object) { | ||
$currentObject = [TssUser]::new() | ||
foreach ($pProp in $Properties) { | ||
if ($pProp -in $currentObject.PSObject.Properties.Name) { | ||
if ($p.$pProp) { | ||
$currentObject.$pProp = $p.$pProp | ||
} | ||
} else { | ||
Write-Warning "Property $pProp does not exist in the TssUser class. Please create a bug report at https://github.com/thycotic-ps/thycotic.secretserver/issues/new/choose" | ||
} | ||
} | ||
$outObject += $currentObject | ||
} | ||
return $outObject | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
BeforeDiscovery { | ||
$commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf | ||
. ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) | ||
} | ||
Describe "$commandName verify parameters" { | ||
BeforeDiscovery { | ||
[object[]]$knownParameters = 'TssSession', 'Id', 'IncludeInactive' | ||
[object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys | ||
[object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') | ||
$unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru | ||
} | ||
Context "Verify parameters" -Foreach @{currentParams = $currentParams} { | ||
It "$commandName should contain <_> parameter" -TestCases $knownParameters { | ||
$_ -in $currentParams | Should -Be $true | ||
} | ||
It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { | ||
$_ | Should -BeNullOrEmpty | ||
} | ||
} | ||
Context "Command specific details" { | ||
It "$commandName should set OutputType to TssUser" -TestCases $commandDetails { | ||
$_.OutputType.Name | Should -Be 'TssUser' | ||
} | ||
} | ||
} |