version update

Author: KelvinTegelaar

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/CIPP/Setup/Invoke-ExecUpdateRefreshToken.ps1

@@ -20,10 +20,10 @@ Function Invoke-ExecUpdateRefreshToken {
         if ($env:AzureWebJobsStorage -eq 'UseDevelopmentStorage=true') {
             $DevSecretsTable = Get-CIPPTable -tablename 'DevSecrets'
             $Secret = Get-CIPPAzDataTableEntity @DevSecretsTable -Filter "PartitionKey eq 'Secret' and RowKey eq 'Secret'"
-            if ($env:ApplicationId -eq $Request.body.tenantId) {
+            if ($env:TenantID -eq $Request.body.tenantId) {
                 $Secret.RefreshToken = $Request.body.RefreshToken
             } else {
-                Write-Host "$($env:Applicationid) does not match $($Request.body.tenantId)"
+                Write-Host "$($env:TenantID) does not match $($Request.body.tenantId)"
                 $name = $Request.body.tenantId -replace '-', '_'
                 $secret | Add-Member -MemberType NoteProperty -Name $name -Value $Request.body.refreshtoken -Force
             }
@@ -38,13 +38,17 @@ Function Invoke-ExecUpdateRefreshToken {
         }
         $InstanceId = Start-UpdatePermissionsOrchestrator #start the CPV refresh immediately while wizard still runs.
 
-
+        if ($request.body.tenantId -eq $env:TenantID) {
+            $TenantName = 'your partner tenant'
+        } else {
+            $TenantName = $request.body.tenantId
+        }
         $Results = @{
-            'message'  = "Successfully updated your stored authentication for $($request.body.tenantId)."
-            'tenantId' = $Request.body.tenantId
+            'message'  = "Successfully updated the credentials for $($TenantName). You may continue to the next step, or add additional tenants if required."
+            'severity' = 'success'
         }
     } catch {
-        $Results = [pscustomobject]@{'Results' = "Failed. $($_.InvocationInfo.ScriptLineNumber):  $($_.Exception.message)"; severity = 'failed' }
+        $Results = [pscustomobject]@{'Results' = "Failed. $($_.InvocationInfo.ScriptLineNumber): $($_.Exception.message)"; severity = 'failed' }
     }
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.

Modules/CIPPCore/Public/Get-CIPPAuthentication.ps1

@@ -20,14 +20,16 @@ function Get-CIPPAuthentication {
             }
             Write-Host "Got secrets from dev storage. ApplicationID: $env:ApplicationID"
             #Get list of tenants that have 'directTenant' set to true
-            $tenants = Get-Tenants | Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'
+            $tenants = Get-Tenants -IncludeErrors | Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'
             if ($tenants) {
                 Write-Host "Found $($tenants.Count) tenants with directTenant set to true"
                 $tenants | ForEach-Object {
-                    $name = $_.customerId -replace '-', '_'
-                    if ($secret.$name) {
+                    $secretname = $_.customerId -replace '-', '_'
+                    if ($secret.$secretname) {
                         $name = $_.customerId
-                        Set-Item -Path env:$name -Value $secret.$name -Force
+                        Write-Host "Setting $name to $($secret.$secretname)"
+
+                        Set-Item -Path env:$name -Value $secret.$secretname -Force
                     }
                 }
             }
@@ -50,7 +52,7 @@ function Get-CIPPAuthentication {
 
             $keyvaultname = ($env:WEBSITE_DEPLOYMENT_ID -split '-')[0]
             #Get list of tenants that have 'directTenant' set to true
-            $tenants = Get-Tenants | Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'
+            $tenants = Get-Tenants -IncludeErrors | Where-Object -Property delegatedPrivilegeStatus -EQ 'directTenant'
             if ($tenants) {
                 $tenants | ForEach-Object {
                     $name = $_.tenantId -replace '-', '_'

Modules/CIPPCore/Public/GraphHelper/Get-AuthorisedRequest.ps1

@@ -16,7 +16,7 @@ function Get-AuthorisedRequest {
     if ($Uri -like 'https://graph.microsoft.com/beta/contracts*' -or $Uri -like '*/customers/*' -or $Uri -eq 'https://graph.microsoft.com/v1.0/me/sendMail' -or $Uri -like '*/tenantRelationships/*' -or $Uri -like '*/security/partner/*') {
         return $true
     }
-    $Tenant = Get-Tenants -TenantFilter $TenantID | Where-Object { $_.Excluded -eq $false }
+    $Tenant = Get-Tenants -IncludeErrors -TenantFilter $TenantID | Where-Object { $_.Excluded -eq $false }
 
     if ($Tenant) {
         return $true

Modules/CIPPCore/Public/GraphHelper/Get-GraphToken.ps1

@@ -6,11 +6,11 @@ function Get-GraphToken($tenantid, $scope, $AsApp, $AppID, $AppSecret, $refreshT
     if (!$scope) { $scope = 'https://graph.microsoft.com/.default' }
     if (!$env:SetFromProfile) { $CIPPAuth = Get-CIPPAuthentication; Write-Host 'Could not get Refreshtoken from environment variable. Reloading token.' }
     #If the $env:<$tenantid> is set, use that instead of the refreshtoken for all tenants.
-    $ClientRefreshToken = Get-Item env:$tenantid -ErrorAction SilentlyContinue
-    if ($ClientRefreshToken) {
-        $refreshToken = $ClientRefreshToken
-    } else {
-        $refreshToken = $env:RefreshToken
+    $refreshToken = $env:Refreshtoken
+    $ClientType = Get-Tenants -IncludeErrors -TenantFilter $tenantid
+    if ($clientType.delegatedPrivilegeStatus -eq 'directTenant') {
+        $ClientRefreshToken = Get-Item -Path "env:\$($clientType.customerId)" -ErrorAction SilentlyContinue
+        $refreshToken = $ClientRefreshToken.Value
     }
 
     $AuthBody = @{

profile.ps1

@@ -62,7 +62,7 @@ if (!$LastStartup -or $CurrentVersion -ne $LastStartup.Version) {
             Version      = $CurrentVersion
         }
     }
-    Update-AzDataTableEntity @Table -Entity $LastStartup -Force
+    Update-AzDataTableEntity @Table -Entity $LastStartup -Force -ErrorAction SilentlyContinue
     try {
         Clear-CippDurables
     } catch {