def get_signins_for_app(
parsed_args,
config,
app,
application_id=""):
"""
This action will return a dictionary of all the signins of a specified
application.
"""
# Getting the number of signins for the application
sign_ins = []
paginate(
LIST_SIGNINS_FOR_APP.format(application_id),
sign_ins,
'value',
parsed_args,
config,
app,
std_output=False)
# Build a dictionary with using in the signIn object id
# as the key.
sign_ins_details = {}
for sign_in in sign_ins:
sign_ins_details[sign_in['id']] = sign_in
# Log dataset to logfile if -l flag is given
if parsed_args.log:
file_logger.to_file("get_signins_for_app", sign_ins_details)
return sign_ins_details
def get_users_from_enforced_groups(parsed_args, config, app):
"""
This method returns a list of dictionary objects representing the users
in the MFA_ENFORCED_GROUPS.
"""
users = []
groups = config['MFA_ENFORCED_GROUPS'].copy()
while groups:
members = []
group = groups.pop()
paginate(
GROUP_LIST_TRANSITIVEMEMBERS.format(group),
members,
'value',
parsed_args,
config,
app,
test_data=TestCases().get_users_in_enforced_groups_test_data(),
std_output=False)
for member in members:
if 'user' in member["@odata.type"]:
member['mfaEnforcedGroup'] = group
users.append(member)
if 'group' in member["@odata.type"]:
groups.append(member["id"])
return users
def get_users_from_enforced_groups(parsed_args, config, app):
"""
This action will return all the users in the MFA_ENFORCED_GROUPS
"""
users = []
groups = config["MFA_ENFORCED_GROUPS"].copy()
while groups:
members = []
group = groups.pop()
paginate(
GROUP_LIST_TRANSITIVEMEMBERS.format(group),
members,
'value',
parsed_args,
config,
app,
test_data=TestCases().
get_users_in_enforced_groups_test_data(),
std_output=False)
for member in members:
if "user" in member["@odata.type"]:
member["mfaEnforcedGroup"] = group
users.append(member)
if "group" in member["@odata.type"]:
groups.append(member["id"])
users_dict = {}
for user in users:
if user["userPrincipalName"] in users_dict.keys():
users_dict[user["userPrincipalName"]]["mfaEnforcedGroups"].append(user["mfaEnforcedGroup"])
else:
users_dict[user["userPrincipalName"]] = user
users_dict[user["userPrincipalName"]]["mfaEnforcedGroups"] = [user["mfaEnforcedGroup"]]
return users_dict
def get_num_signins_for_user(parsed_args, config, app):
"""
This action will return a dictionary of the number of sign-ins
(up to 100) for a specified user.
"""
# If the UPN is not specified, throw an exception.
if not parsed_args.user:
raise Exception("You must specify the user parameter when using"
" get_num_signins_for_user action")
# Getting the number of signins for the user, up to 100.
# To save cycles, this action does not paginate results.
# This 100 limit is enfourced in graph_endpoints.py
sign_ins = []
paginate(LIST_SIGNINS_FOR_USER.format(parsed_args.user),
sign_ins,
'value',
parsed_args,
config,
app,
std_output=False,
skiptoken=False)
# Build a dictionary with using in the signIn object id
# as the key.
num_of_signins = {}
num_of_signins[parsed_args.user] = {'num_of_sign_ins': str(len(sign_ins))}
# Log dataset to logfile if -l flag is given
if parsed_args.log:
file_logger.to_file("get_num_signins_for_user", num_of_signins)
return num_of_signins
def list_groups_for_user(parsed_args, config, app):
"""
This action will return the details of all the groups a
specified user is a part of. It will return a dictionary
indexed by the groups UserPrincipalName
"""
if not parsed_args.user:
raise Exception("--user or -u flags must be used with this action!")
groups = []
payload = {"securityEnabledOnly": "true"}
paginate(USER_GETMEMBERGROUPS.format(parsed_args.user),
groups,
'value',
parsed_args,
config,
app,
payload=payload,
std_output=False)
# The above requests only retrieves IDs, we must retrieve their friendly displayName now
# TODO: Look into using the $select odata query parameter to achieve this
group_details = {}
for group_id in groups:
group_info = []
paginate(GROUP_GET.format(group_id),
group_info,
'',
parsed_args,
config,
app,
std_output=False)
group_details[group_info[0]['id']] = group_info
return group_details
def get_upn_from_id(parsed_args, config, app):
"""
This action will return a dictionary of all the id's read from a file
along with their UPNs
"""
if not parsed_args.input_file:
logging.error("INPUT FILE REQUIRED FOR THIS ACTION")
exit()
# Opening file for reading
file1 = open(parsed_args.input_file, 'r')
users = []
for line in file1:
user_data = []
paginate_result = paginate(ONE_USER_GET.format(line.strip()),
user_data,
'value',
parsed_args,
config,
app,
std_output=True)
users.extend(user_data)
print(user_data)
print(user_data)
user_details = {}
for user in users:
user_details[user["userPrincipalName"]] = user
if parsed_args.log:
file_logger.to_file("get_upn_from_id", user_details)
return user_details
def list_credential_user_registration_details(
parsed_args,
config,
app):
"""
This action will return a dictionary of all the
credentialUserRegistrationDetails objects from the tenant indexed by
userPrincipalName
"""
user_reg_data = []
paginate_result = paginate(
USER_REG_DETAILS,
user_reg_data,
'value',
parsed_args,
config,
app,
test_data=TestCases().
get_test_user_reg_info_graph_data(),
std_output=False)
# Retry if request failed
retries = config["MAX_RETRIES"]
current_retry = 1
while retries and paginate_result == "FAILED":
user_reg_data = []
paginate_result = paginate(
USER_REG_DETAILS,
user_reg_data,
'value',
parsed_args,
config,
app,
test_data=TestCases().
get_test_user_reg_info_graph_data(),
std_output=False,
retry_count=current_retry)
retries -= 1
current_retry += 1
user_reg_details = {}
for user in user_reg_data:
user_reg_details[user["userPrincipalName"]] = user
if parsed_args.log:
file_logger.to_file("list_credential_user_registration_details", user_reg_details)
return user_reg_details
def list_all_service_principals(parsed_args, config, app):
"""
This action will return a dictionary of service principals
indexed by the ID of the record.
"""
sp_entries = []
paginate(LIST_SERVICE_PRINCIPALS,
sp_entries,
'value',
parsed_args,
config,
app,
test_data=TestCases().get_service_principal_test_data(),
std_output=False)
sps = {}
for entry in sp_entries:
sps[entry["appId"]] = entry
return sps
def get_mfa_enforced_groups_displayname(parsed_args, config, app):
"""
This method returns a dictionary mapping of the IDs of the
MFA_ENFORCED_GROUPS defined in the config and their respective
displayNames
"""
mfa_enforced_groups_with_display_name = {}
for group in config["MFA_ENFORCED_GROUPS"].copy():
group_info = []
paginate(GROUP_GET.format(group),
group_info,
'displayName',
parsed_args,
config,
app,
test_data=TestCases().get_group_test_data(),
std_output=False)
mfa_enforced_groups_with_display_name[group] = "".join(group_info)
return mfa_enforced_groups_with_display_name
def _get_app_role_assignments(sp_id, parsed_args, config, app):
assignments = []
users_and_groups = {"groups": [], "numUsers": None}
paginate(APP_ROLE_ASSIGNED_TO.format(sp_id),
assignments,
'value',
parsed_args,
config,
app,
std_output=False)
users = []
for assignment in assignments:
if assignment['principalType'] == 'Group':
users_and_groups['groups'].append(
assignment['principalDisplayName'])
elif assignment['principalType'] == 'User':
users.append(assignment['principalDisplayName'])
users_and_groups['numUsers'] = len(users)
return users_and_groups
def list_all_applications(parsed_args, config, app):
"""
This action will return a dictionary of applications
indexed by the ID of the record.
"""
application_entries = []
paginate(
LIST_APPLICATIONS,
application_entries,
'value',
parsed_args,
config,
app,
test_data=TestCases().get_application_test_data(),
std_output=False)
applications = {}
for entry in application_entries:
applications[entry["appId"]] = entry
return applications
def list_all_users(parsed_args, config, app):
"""
This action returns a dictionary of all the users indexed by
userPrincipalName
"""
user_data = []
paginate(USER_GET_ENDPOINT,
user_data,
'value',
parsed_args,
config,
app,
test_data=TestCases().get_test_user_graph_data(),
std_output=False,
transformer=expand_onPremisesExtensionAttributes)
# Return a dictionary of all the users in the tenant, indexed by
# userPrincipalName
users = {}
for user in user_data:
users[user["userPrincipalName"]] = user
return users
def list_directory_audits(parsed_args, config, app):
"""
This action will return a dictionary of audit logs for the past day,
indexed by the ID of the record.
"""
audit_entries = []
date = datetime.datetime.today()
yesterday = date - datetime.timedelta(days=1)
paginate(
DIRECTORYAUDIT_LIST.format(
yesterday.year,
yesterday.month,
yesterday.day),
audit_entries,
'value',
parsed_args,
config,
app,
std_output=False)
audit_logs = {}
for entry in audit_entries:
audit_logs[entry["id"]] = entry
return audit_logs