Add support for QR code and fix headers param

Author: kris6673

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1

@@ -5,28 +5,23 @@ function Invoke-SetAuthMethod {
     .ROLE
         Tenant.Administration.ReadWrite
     #>
-    Param(
-        $Request,
-        $TriggerMetadata
-    )
+    Param($Request, $TriggerMetadata)
 
-    $APIName = "Set Authentication Policy"
-    $state = if ($Request.Body.state -eq 'enabled') { $true } else { $false }
-    $Tenantfilter = $Request.Body.TenantFilter
+    $APIName = $Request.Params.CIPPEndpoint
+    $State = if ($Request.Body.state -eq 'enabled') { $true } else { $false }
+    $TenantFilter = $Request.Body.tenantFilter
 
     try {
-        Set-CIPPAuthenticationPolicy -Tenant $Tenantfilter -APIName $APIName -AuthenticationMethodId $($Request.Body.Id) -Enabled $state
+        $Result = Set-CIPPAuthenticationPolicy -Tenant $TenantFilter -APIName $APIName -AuthenticationMethodId $($Request.Body.Id) -Enabled $State -Headers $Request.Headers
         $StatusCode = [HttpStatusCode]::OK
-        $SuccessMessage = "Authentication Policy for $($Request.Body.Id) has been set to $state"
     } catch {
-        $ErrorMsg = Get-NormalizedError -message $($_.Exception.Message)
-        $SuccessMessage = "Function Error: $($_.InvocationInfo.ScriptLineNumber) - $ErrorMsg"
-        $StatusCode = [HttpStatusCode]::BadRequest
+        $Result = $_
+        $StatusCode = [HttpStatusCode]::Forbidden
     }
 
     # Associate values to output bindings by calling 'Push-OutputBinding'.
     Push-OutputBinding -Name Response -Value ([HttpResponseContext]@{
             StatusCode = $StatusCode
-            Body       = [pscustomobject]@{'Results' = "$SuccessMessage" }
+            Body       = [pscustomobject]@{'Results' = "$Result" }
         })
-}
+}

Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1

@@ -2,14 +2,16 @@ function Set-CIPPAuthenticationPolicy {
     [CmdletBinding(SupportsShouldProcess = $true)]
     param(
         [Parameter(Mandatory = $true)]$Tenant,
-        [Parameter(Mandatory = $true)][ValidateSet('FIDO2', 'MicrosoftAuthenticator', 'SMS', 'TemporaryAccessPass', 'HardwareOATH', 'softwareOath', 'Voice', 'Email', 'x509Certificate')]$AuthenticationMethodId,
+        [Parameter(Mandatory = $true)][ValidateSet('FIDO2', 'MicrosoftAuthenticator', 'SMS', 'TemporaryAccessPass', 'HardwareOATH', 'softwareOath', 'Voice', 'Email', 'x509Certificate', 'QRCodePin')]$AuthenticationMethodId,
         [Parameter(Mandatory = $true)][bool]$Enabled, # true = enabled or false = disabled
         $MicrosoftAuthenticatorSoftwareOathEnabled,
         $TAPMinimumLifetime = 60, #Minutes
         $TAPMaximumLifetime = 480, #minutes
         $TAPDefaultLifeTime = 60, #minutes
         $TAPDefaultLength = 8, #TAP password generated length in chars
         $TAPisUsableOnce = $true,
+        [Parameter()][ValidateRange(1, 395)]$QRCodeLifetimeInDays = 365,
+        [Parameter()][ValidateRange(8, 20)]$QRCodePinLength = 8,
         $APIName = 'Set Authentication Policy',
         $Headers
     )
@@ -103,6 +105,14 @@ function Set-CIPPAuthenticationPolicy {
         'x509Certificate' {
             # Nothing special to do here
         }
+
+        # QR code
+        'QRCodePin' {
+            if ($State -eq 'enabled') {
+                $CurrentInfo.pinLength = $QRCodePinLength
+                $CurrentInfo.standardQRCodeLifetimeInDays = $QRCodeLifetimeInDays
+            }
+        }
         Default {
             Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive." -sev Error
             return "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive."
@@ -112,14 +122,14 @@ function Set-CIPPAuthenticationPolicy {
     try {
         if ($PSCmdlet.ShouldProcess($AuthenticationMethodId, "Set state to $State $OptionalLogMessage")) {
             # Convert body to JSON and send request
-            $null = New-GraphPostRequest -tenantid $Tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -Type patch -Body ($CurrentInfo | ConvertTo-Json -Compress -Depth 10) -ContentType 'application/json'
+            $null = New-GraphPostRequest -tenantid $Tenant -Uri "https://graph.microsoft.com/beta/policies/authenticationmethodspolicy/authenticationMethodConfigurations/$AuthenticationMethodId" -Type PATCH -Body (ConvertTo-Json -InputObject $CurrentInfo -Compress -Depth 10) -ContentType 'application/json'
             Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Set $AuthenticationMethodId state to $State $OptionalLogMessage" -sev Info
         }
         return "Set $AuthenticationMethodId state to $State $OptionalLogMessage"
 
     } catch {
         $ErrorMessage = Get-CippException -Exception $_
         Write-LogMessage -headers $Headers -API $APIName -tenant $Tenant -message "Failed to $State $AuthenticationMethodId Support: $ErrorMessage" -sev Error -LogData $ErrorMessage
-        return "Failed to $State $AuthenticationMethodId Support. Error: $($ErrorMessage.NormalizedError)"
+        throw "Failed to $State $AuthenticationMethodId Support. Error: $($ErrorMessage.NormalizedError)"
     }
 }