Implement Set-SsoSelfPersonUserPassword

2021-02-19 09:14:32 +02:00
parent 7766772353
commit 59f562d9ed
8 changed files with 140 additions and 5 deletions
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
@@ -11,7 +11,7 @@
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'

 # Version number of this module.
-ModuleVersion = '1.2.1'
+ModuleVersion = '1.2.2'

 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
@@ -34,7 +34,7 @@ RequiredModules = @(
 )

 # Functions to export from this module
-FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource')
+FunctionsToExport = @('Connect-SsoAdminServer', 'Disconnect-SsoAdminServer', 'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser', 'Remove-SsoPersonUser', 'Get-SsoGroup', 'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy', 'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy', 'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Add-ActiveDirectoryIdentitySource', 'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource', 'Set-SsoSelfPersonUserPassword')

 # Cmdlets to export from this module
 CmdletsToExport = @()
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
@@ -608,6 +608,67 @@ function Set-SsoPersonUser {
   }
 }

+function Set-SsoSelfPersonUserPassword {
+<#
+   .NOTES
+   ===========================================================================
+   Created on:   	2/19/2021
+   Created by:   	Dimitar Milov
+    Twitter:       @dimitar_milov
+    Github:        https://github.com/dmilov
+   ===========================================================================
+   .DESCRIPTION
+   Resets connected person user password.
+
+
+   .PARAMETER NewPassword
+   Specifies new password for the connected person user.
+
+
+   .EXAMPLE
+   Set-SsoSelfPersonUserPassword -Password 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
+
+   Resets password
+#>
+[CmdletBinding(ConfirmImpact='High')]
+ param(
+   [Parameter(
+      Mandatory=$true,
+      HelpMessage='New password for the connected user.')]
+   [ValidateNotNull()]
+   [SecureString]
+   $Password,
+
+   [Parameter(
+      Mandatory=$false,
+      ValueFromPipeline=$false,
+      ValueFromPipelineByPropertyName=$false,
+      HelpMessage='Connected SsoAdminServer object')]
+   [ValidateNotNull()]
+   [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
+   $Server)
+
+   Process {
+      $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
+      if ($Server -ne $null) {
+         $serversToProcess = $Server
+      }
+
+      foreach ($connection in $serversToProcess) {
+         if (-not $connection.IsConnected) {
+            Write-Error "Server $connection is disconnected"
+            continue
+         }
+
+         try {
+            $connection.Client.ResetSelfPersonUserPassword($Password)
+         } catch {
+            Write-Error (FormatError $_.Exception)
+         }
+      }
+   }
+}
+
 function Remove-SsoPersonUser {
 <#
   .NOTES
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs
@@ -5,6 +5,7 @@
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Selectors;
+using System.Runtime.InteropServices;
 using System.Runtime.InteropServices.WindowsRuntime;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
@@ -122,6 +123,16 @@ namespace VMware.vSphere.SsoAdminClient
         };
         return securityContext;
      }
+
+      String SecureStringToString(SecureString value) {
+         IntPtr valuePtr = IntPtr.Zero;
+         try {
+            valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
+            return Marshal.PtrToStringUni(valuePtr);
+         } finally {
+            Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
+         }
+      }
      #endregion

      #region Public interface
@@ -322,6 +333,22 @@ namespace VMware.vSphere.SsoAdminClient
                  newPassword)).Wait();
      }

+      public void ResetSelfPersonUserPassword(SecureString newPassword) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation
+         authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.ResetSelfLocalPersonUserPasswordAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  SecureStringToString(newPassword))).Wait();
+      }
+
      public bool UnlockPersonUser(PersonUser user) {
         // Create Authorization Invocation Context
         var authorizedInvocationContext =
--- a/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1
@@ -415,4 +415,51 @@ Describe "PersonUser Tests" {
         $userFromServer | Should -Be $null
      }
   }
+
+   Context "Set-SsoSelfPersonUserPassword" {
+      It 'Reset self person user password' {
+         # Arrange
+         $userName = "TestResetSelfPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $newUserPassword = ConvertTo-SecureString '$tr0NG_TestPa$$w0rd2' –AsPlainText –Force
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-SsoPersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         Disconnect-SsoAdminServer -Server $connection
+
+         ## Connect with the new user
+         $testConnection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User "$userName@vsphere.local" `
+            -Password $userPassword `
+            -SkipCertificateCheck
+
+         # Act
+         $actual = Set-SsoSelfPersonUserPassword `
+            -Password $newUserPassword
+
+         # Assert
+         $actual | Should -Be $null
+
+         ## Cleanup
+         Disconnect-SsoAdminServer -Server $testConnection
+
+         ## Restore Connection
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+      }
+   }
 }