Implement Set-SsoSelfPersonUserPassword

2021-02-19 09:14:32 +02:00
parent 7766772353
commit 59f562d9ed
8 changed files with 140 additions and 5 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Selectors;
+using System.Runtime.InteropServices;
 using System.Runtime.InteropServices.WindowsRuntime;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
@@ -122,6 +123,16 @@ namespace VMware.vSphere.SsoAdminClient
         };
         return securityContext;
      }
+
+      String SecureStringToString(SecureString value) {
+         IntPtr valuePtr = IntPtr.Zero;
+         try {
+            valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
+            return Marshal.PtrToStringUni(valuePtr);
+         } finally {
+            Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
+         }
+      }
      #endregion

      #region Public interface
@@ -322,6 +333,22 @@ namespace VMware.vSphere.SsoAdminClient
                  newPassword)).Wait();
      }

+      public void ResetSelfPersonUserPassword(SecureString newPassword) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation
+         authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  SecureStringToString(newPassword))).Wait();
+      }
+
      public bool UnlockPersonUser(PersonUser user) {
         // Create Authorization Invocation Context
         var authorizedInvocationContext =
--- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
@@ -415,4 +415,51 @@ Describe "PersonUser Tests" {
         $userFromServer | Should -Be $null
      }
   }
+
+   Context "Set-SsoSelfPersonUserPassword" {
+      It 'Reset self person user password' {
+         # Arrange
+         $userName = "TestResetSelfPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $newUserPassword = ConvertTo-SecureString '$tr0NG_TestPa$$w0rd2' –AsPlainText –Force
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-SsoPersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         Disconnect-SsoAdminServer -Server $connection
+
+         ## Connect with the new user
+         $testConnection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User "$userName@vsphere.local" `
+            -Password $userPassword `
+            -SkipCertificateCheck
+
+         # Act
+         $actual = Set-SsoSelfPersonUserPassword `
+            -Password $newUserPassword
+
+         # Assert
+         $actual | Should -Be $null
+
+         ## Cleanup
+         Disconnect-SsoAdminServer -Server $testConnection
+
+         ## Restore Connection
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+      }
+   }
 }