diff --git a/src/classes/users/TssUser.class.ps1 b/src/classes/users/TssUser.class.ps1 new file mode 100644 index 00000000..1b021fa7 --- /dev/null +++ b/src/classes/users/TssUser.class.ps1 @@ -0,0 +1,101 @@ +class TssUser { + [datetime] + $AdAccountExpires + + [string] + $AdGuid + + [datetime] + $Created + + [int] + $DateOptionId + + [string] + $DisplayName + + [int] + $DomainId + + [boolean] + $DuoTwoFactor + + [string] + $EmailAddress + + [boolean] + $Enabled + + [boolean] + $Fido2TwoFactor + + [int] + $Id + + [boolean] + $IsApplicationAccount + + [boolean] + $IsEmailCopiedFromAD + + [boolean] + $IsEmailVerified + + [boolean] + $IsLockedOut + + [datetime] + $LastLogin + + [datetime] + $LastSessionActivity + + [string] + $LockOutReason + + [string] + $LockOutReasonDescription + + [int] + $LoginFailures + + [boolean] + $MustVerifyEmail + + [boolean] + $OathTwoFactor + + [boolean] + $OathVerified + + [datetime] + $PasswordLastChanged + + [boolean] + $RadiusTwoFactor + + [string] + $RadiusUserName + + [datetime] + $ResetSessionStarted + + [int] + $TimeOptionId + + [boolean] + $TwoFactor + + [ValidateSet('Password','PublicKey','PassordOrPublicKey','PasswordAndPublicKey')] + [string] + $UnixAuthenticationMethod + + [int] + $UserLcid + + [string] + $Username + + [datetime] + $VerifyEmailSentDate +} \ No newline at end of file diff --git a/src/en-us/about_tssuser.help.txt b/src/en-us/about_tssuser.help.txt new file mode 100644 index 00000000..bcfaa5cd --- /dev/null +++ b/src/en-us/about_tssuser.help.txt @@ -0,0 +1,119 @@ +TOPIC + This help topic describes the TssUserModel class in the Thycotic.SecretServer module + +CLASS + TssUserModel + +INHERITANCE + None + +DESCRIPTION + The TssUserModel class represents the UserModel object returned by Secret Server endpoint GET /users/{id} + +CONSTRUCTORS + new() + +PROPERTIES + AdAccountExpires + Active Directory account expiration time + + AdGuid + Active Directory unique identifier + + Created + User creation time + + DateOptionId + DateOptionId + + DisplayName + Display name + + DomainId + Active Directory domain ID + + DuoTwoFactor + Whether Duo two-factor authentication is enabled + + EmailAddress + Email address + + Enabled + Whether the user account is enabled + + Fido2TwoFactor + Whether FIDO2 two-factor authentication is enabled + + Id + User ID + + IsApplicationAccount + IsApplicationAccount + + IsEmailCopiedFromAD + Whether the email address is derived from the Active Directory account + + IsEmailVerified + Whether the email address has been verified + + IsLockedOut + Whether the user is locked out + + LastLogin + Time of last login + + LastSessionActivity + Time of last session activity + + LockOutReason + The reason for the lock out + + LockOutReasonDescription + An optional description of the reason for the lock out + + LoginFailures + Number of login failures + + MustVerifyEmail + Whether the user must verify their email address + + OathTwoFactor + Whether OATH two-factor authentication is enabled + + OathVerified + Whether OATH has been verified + + PasswordLastChanged + Time when the password was last changed + + RadiusTwoFactor + Whether RADIUS two-factor authentication is enabled + + RadiusUserName + RADIUS username + + ResetSessionStarted + ResetSessionStarted + + TimeOptionId + TimeOptionId + + TwoFactor + Whether two-factor authentication is enabled + + UnixAuthenticationMethod + Check password, public key, either, or both + + UserLcid + UserLcid + + Username + Username + + VerifyEmailSentDate + Time when the verification email was sent + +METHODS + +RELATED LINKS: + Get-TssUser \ No newline at end of file diff --git a/src/functions/users/Get-User.ps1 b/src/functions/users/Get-User.ps1 new file mode 100644 index 00000000..1d0578dd --- /dev/null +++ b/src/functions/users/Get-User.ps1 @@ -0,0 +1,69 @@ +function Get-User { + <# + .SYNOPSIS + Get a Secret Server User + + .DESCRIPTION + Get a Secret Server User + + .EXAMPLE + PS> $session = New-TssSession -SecretServer https://alpha -Credential $ssCred + PS> Get-TssUser -TssSession $session -Id 2 + + Get the User ID 2 + + .LINK + https://thycotic-ps.github.io/thycotic.secretserver/commands/Get-TssUser + + .NOTES + Requires TssSession object returned by New-TssSession + #> + [CmdletBinding()] + [OutputType('TssUser')] + param ( + # TssSession object created by New-TssSession for auth + [Parameter(Mandatory,ValueFromPipeline,Position = 0)] + [TssSession] + $TssSession, + + # User ID + [Parameter(Mandatory,ValueFromPipelineByPropertyName)] + [Alias("UserId")] + [int[]] + $Id, + + [switch] + $IncludeInactive + ) + begin { + $tssParams = $PSBoundParameters + $invokeParams = . $GetInvokeTssParams $TssSession + } + process { + Write-Verbose "Provided command parameters: $(. $GetInvocation $PSCmdlet.MyInvocation)" + if ($tssParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { + . $CheckVersion $TssSession '10.9.000000' $PSCmdlet.MyInvocation + foreach ($user in $Id) { + $restResponse = $null + $uri = $TssSession.ApiUrl, 'users', $user -join '/' + $invokeParams.Uri = $uri + $invokeParams.Method = 'GET' + + Write-Verbose "Performing the operation $($invokeParams.Method) $uri with $body" + try { + $restResponse = Invoke-TssRestApi @invokeParams + } catch { + Write-Warning "Issue getting user [$user]" + $err = $_ + . $ErrorHandling $err + } + + if ($restResponse) { + . $TssUserObject $restResponse + } + } + } else { + Write-Warning "No valid session found" + } + } +} \ No newline at end of file diff --git a/src/parts/TssUserObject.ps1 b/src/parts/TssUserObject.ps1 new file mode 100644 index 00000000..ec2b3fe9 --- /dev/null +++ b/src/parts/TssUserObject.ps1 @@ -0,0 +1,29 @@ +<# + .Synopsis + Creates a TssUser object +#> +param( + [pscustomobject]$Object +) + +begin { + $Properties = $Object[0].PSObject.Properties.Name +} + +process { + $outObject = @() + foreach ($p in $Object) { + $currentObject = [TssUser]::new() + foreach ($pProp in $Properties) { + if ($pProp -in $currentObject.PSObject.Properties.Name) { + if ($p.$pProp) { + $currentObject.$pProp = $p.$pProp + } + } else { + Write-Warning "Property $pProp does not exist in the TssUser class. Please create a bug report at https://github.com/thycotic-ps/thycotic.secretserver/issues/new/choose" + } + } + $outObject += $currentObject + } + return $outObject +} \ No newline at end of file diff --git a/tests/users/Get-TssUser.Tests.ps1 b/tests/users/Get-TssUser.Tests.ps1 new file mode 100644 index 00000000..5f92811f --- /dev/null +++ b/tests/users/Get-TssUser.Tests.ps1 @@ -0,0 +1,25 @@ +BeforeDiscovery { + $commandName = Split-Path ($PSCommandPath.Replace('.Tests.ps1','')) -Leaf + . ([IO.Path]::Combine([string]$PSScriptRoot, '..', 'constants.ps1')) +} +Describe "$commandName verify parameters" { + BeforeDiscovery { + [object[]]$knownParameters = 'TssSession', 'Id', 'IncludeInactive' + [object[]]$currentParams = ([Management.Automation.CommandMetaData]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function')).Parameters.Keys + [object[]]$commandDetails = [System.Management.Automation.CommandInfo]$ExecutionContext.SessionState.InvokeCommand.GetCommand($commandName,'Function') + $unknownParameters = Compare-Object -ReferenceObject $knownParameters -DifferenceObject $currentParams -PassThru + } + Context "Verify parameters" -Foreach @{currentParams = $currentParams} { + It "$commandName should contain <_> parameter" -TestCases $knownParameters { + $_ -in $currentParams | Should -Be $true + } + It "$commandName should not contain parameter: <_>" -TestCases $unknownParameters { + $_ | Should -BeNullOrEmpty + } + } + Context "Command specific details" { + It "$commandName should set OutputType to TssUser" -TestCases $commandDetails { + $_.OutputType.Name | Should -Be 'TssUser' + } + } +} \ No newline at end of file