Merge pull request #883 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Authentication/New-CIPPAPIConfig.ps1

@@ -75,7 +75,16 @@ function New-CIPPAPIConfig {
 
                 Write-Information 'Creating password'
                 $Step = 'Creating Application Password'
-                $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -AsApp $true -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}" -maxRetries 3
+                $AppManagementPolicy = New-GraphGetRequest -uri "https://graph.microsoft.com/v1.0/policies/defaultAppManagementPolicy" -AsApp $true -NoAuthCheck $true
+                $PasswordExpirationPolicy =  $AppManagementPolicy.applicationRestrictions.passwordcredentials |
+                    Where-Object { $_.restrictionType -eq 'passwordLifetime' }
+                if (-not ($PasswordExpirationPolicy.state -eq 'disabled' -or $null -eq $PasswordExpirationPolicy.state)) {
+                    $TimeToExpiration = [System.Xml.XmlConvert]::ToTimeSpan($PasswordExpirationPolicy.maxLifetime)
+                    $ExpirationDate = (Get-Date).AddDays($TimeToExpiration.Days).ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ss.fffZ')
+                    $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -AsApp $true -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`",`"endDateTime`":`"$ExpirationDate`"}}" -maxRetries 3
+                } else {
+                    $APIPassword = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)/addPassword" -AsApp $true -NoAuthCheck $true -type POST -body "{`"passwordCredential`":{`"displayName`":`"Generated by API Setup`"}}" -maxRetries 3
+                }
                 Write-Information 'Adding App URL'
                 $Step = 'Adding Application Identifier URI'
                 $APIIdUrl = New-GraphPOSTRequest -uri "https://graph.microsoft.com/v1.0/applications/$($APIApp.id)" -AsApp $true -NoAuthCheck $true -type PATCH -body "{`"identifierUris`":[`"api://$($APIApp.appId)`"]}" -maxRetries 3

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Settings/Invoke-ExecTimeSettings.ps1

@@ -57,6 +57,21 @@ function Invoke-ExecTimeSettings {
         Write-Information "Updating function app time settings: Timezone=$Timezone, BusinessHoursStart=$BusinessHoursStart, BusinessHoursEnd=$BusinessHoursEnd"
 
         # Build app settings hashtable
+        # Linux Consumption (Dynamic SKU) does not support WEBSITE_TIME_ZONE
+        $IsLinuxConsumption = $IsLinux -and $env:WEBSITE_SKU -ne 'FlexConsumption'
+
+        if ($IsLinuxConsumption) {
+            Write-Information 'Skipping WEBSITE_TIME_ZONE — not supported on Linux Consumption plans'
+            $Results = @{
+                Results = 'Timezone setting is not supported on Linux Consumption function apps. No changes were made.'
+                SKU     = $env:WEBSITE_SKU
+            }
+            return ([HttpResponseContext]@{
+                    StatusCode = [httpstatusCode]::OK
+                    Body       = $Results
+                })
+        }
+
         $AppSettings = @{
             'WEBSITE_TIME_ZONE' = $Timezone
         }

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecSAMSetup.ps1

@@ -11,6 +11,10 @@ function Invoke-ExecSAMSetup {
     [CmdletBinding()]
     param($Request, $TriggerMetadata)
 
+    return ([HttpResponseContext]@{
+            StatusCode = [HttpStatusCode]::OK
+            Body       = @{ message = 'This endpoint is no longer used. Please use the CreateSAMApp endpoint instead.' }
+        })
 
     if ($Request.Query.error) {
         Add-Type -AssemblyName System.Web

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Invoke-ListDBCache.ps1

@@ -36,6 +36,15 @@ function Invoke-ListDBCache {
             })
     }
 
+    if ($Type -eq '_availableTypes') {
+        $Types = Get-CIPPDbItem -CountsOnly -TenantFilter $Tenant | Select-Object -ExpandProperty RowKey
+        $Types = $Types | ForEach-Object { $_ -replace '-Count$', '' } | Sort-Object
+        return ([HttpResponseContext]@{
+                StatusCode = [HttpStatusCode]::OK
+                Body       = @{ Results = @($Types) }
+            })
+    }
+
     if ($Tenant) {
         $Results = New-CIPPDbRequest -TenantFilter $Tenant -Type $Type
     }

Modules/CIPPCore/Public/Set-CIPPDBCacheAdminConsentRequestPolicy.ps1

@@ -20,6 +20,7 @@ function Set-CIPPDBCacheAdminConsentRequestPolicy {
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching admin consent request policy' -sev Debug
         $ConsentPolicy = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/adminConsentRequestPolicy' -tenantid $TenantFilter
         Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AdminConsentRequestPolicy' -Data @($ConsentPolicy)
+        Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AdminConsentRequestPolicy' -Data @($ConsentPolicy) -Count
         $ConsentPolicy = $null
 
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached admin consent request policy successfully' -sev Debug

Modules/CIPPCore/Public/Set-CIPPDBCacheAuthenticationFlowsPolicy.ps1

@@ -23,10 +23,11 @@ function Set-CIPPDBCacheAuthenticationFlowsPolicy {
 
         if ($AuthFlowPolicy) {
             Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthenticationFlowsPolicy' -Data @($AuthFlowPolicy)
+            Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthenticationFlowsPolicy' -Data @($AuthFlowPolicy) -Count
             Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached authentication flows policy successfully' -sev Debug
         }
 
     } catch {
-        Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter   -message "Failed to cache authentication flows policy: $($_.Exception.Message)"  -sev Warning   -LogData (Get-CippException -Exception $_)
+        Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message "Failed to cache authentication flows policy: $($_.Exception.Message)" -sev Warning -LogData (Get-CippException -Exception $_)
     }
 }

Modules/CIPPCore/Public/Set-CIPPDBCacheAuthenticationMethodsPolicy.ps1

@@ -20,6 +20,7 @@ function Set-CIPPDBCacheAuthenticationMethodsPolicy {
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching authentication methods policy' -sev Debug
         $AuthMethodsPolicy = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy' -tenantid $TenantFilter
         Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthenticationMethodsPolicy' -Data @($AuthMethodsPolicy)
+        Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthenticationMethodsPolicy' -Data @($AuthMethodsPolicy) -Count
         $AuthMethodsPolicy = $null
 
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached authentication methods policy successfully' -sev Debug

Modules/CIPPCore/Public/Set-CIPPDBCacheAuthorizationPolicy.ps1

@@ -20,6 +20,7 @@ function Set-CIPPDBCacheAuthorizationPolicy {
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching authorization policy' -sev Debug
         $AuthPolicy = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/authorizationPolicy' -tenantid $TenantFilter
         Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthorizationPolicy' -Data @($AuthPolicy)
+        Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'AuthorizationPolicy' -Data @($AuthPolicy) -Count
         $AuthPolicy = $null
 
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached authorization policy successfully' -sev Debug

Modules/CIPPCore/Public/Set-CIPPDBCacheB2BManagementPolicy.ps1

@@ -24,6 +24,7 @@ function Set-CIPPDBCacheB2BManagementPolicy {
 
         if ($B2BManagementPolicy) {
             Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'B2BManagementPolicy' -Data @($B2BManagementPolicy)
+            Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'B2BManagementPolicy' -Data @($B2BManagementPolicy) -Count
             Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached B2B management policy successfully' -sev Debug
         } else {
             Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'No B2B management policy found' -sev Debug

Modules/CIPPCore/Public/Set-CIPPDBCacheCrossTenantAccessPolicy.ps1

@@ -20,6 +20,7 @@ function Set-CIPPDBCacheCrossTenantAccessPolicy {
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Caching cross-tenant access policy' -sev Debug
         $CrossTenantPolicy = New-GraphGetRequest -uri 'https://graph.microsoft.com/beta/policies/crossTenantAccessPolicy/default' -tenantid $TenantFilter
         Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'CrossTenantAccessPolicy' -Data @($CrossTenantPolicy)
+        Add-CIPPDbItem -TenantFilter $TenantFilter -Type 'CrossTenantAccessPolicy' -Data @($CrossTenantPolicy) -Count
         $CrossTenantPolicy = $null
         Write-LogMessage -API 'CIPPDBCache' -tenant $TenantFilter -message 'Cached cross-tenant access policy successfully' -sev Debug