, column: IColumn): void => {
14 | };
15 | const pawDisplayNameColumn: IColumn = {
16 | key: 'pawDisplayName',
17 | name: 'Display Name',
18 | fieldName: 'DisplayName',
19 | minWidth: 100,
20 | maxWidth: 120,
21 | isRowHeader: true,
22 | isResizable: true,
23 | onColumnClick: onColumnClick,
24 | data: 'string',
25 | isPadded: true,
26 | };
27 | const pawIdColumn: IColumn = {
28 | key: 'pawId',
29 | name: 'PAW ID',
30 | fieldName: 'id',
31 | minWidth: 275,
32 | maxWidth: 350,
33 | isRowHeader: true,
34 | isResizable: true,
35 | onColumnClick: onColumnClick,
36 | data: 'string',
37 | isPadded: true,
38 | };
39 |
40 | const pawTypeColumn: IColumn = {
41 | key: 'pawType',
42 | name: 'PAW Type',
43 | fieldName: 'Type',
44 | minWidth: 100,
45 | maxWidth: 100,
46 | isRowHeader: true,
47 | isResizable: true,
48 | onColumnClick: onColumnClick,
49 | data: 'string',
50 | isPadded: true,
51 | };
52 |
53 | const commissionDateColumn: IColumn = {
54 | key: 'commissionDate',
55 | name: 'Commission Date',
56 | fieldName: 'CommissionedDate',
57 | minWidth: 210,
58 | isRowHeader: true,
59 | isResizable: true,
60 | onColumnClick: onColumnClick,
61 | data: 'string',
62 | isPadded: true,
63 | };
64 |
65 | const parentDeviceIdColumn: IColumn = {
66 | key: 'parentDeviceId',
67 | name: 'Parent Device',
68 | fieldName: 'ParentDevice',
69 | minWidth: 275,
70 | // maxWidth: 350,
71 | isRowHeader: true,
72 | isResizable: true,
73 | onColumnClick: onColumnClick,
74 | data: 'string',
75 | isPadded: true,
76 | };
77 |
78 | const columns: IColumn[] = [pawDisplayNameColumn, pawIdColumn, pawTypeColumn, commissionDateColumn, parentDeviceIdColumn];
79 |
80 | const onPawSelected = (item: IPsmDevice[]) => {
81 | dispatch({
82 | type: DECOMMISSIONING_PAW_SELECTED,
83 | payload: item
84 | })
85 | };
86 |
87 | const selection = new Selection({
88 | onSelectionChanged: () => {
89 | onPawSelected(selection.getSelection() as IPsmDevice[])
90 | },
91 | });
92 |
93 | const getKey = (item: IPsmAutopilotDevice, index?: number): string => {
94 | return item.azureActiveDirectoryDeviceId;
95 | };
96 |
97 | return ;
109 | };
--------------------------------------------------------------------------------
/User-Interface/src/components/PawActions/PawActions.tsx:
--------------------------------------------------------------------------------
1 | import { CommandBar, DefaultButton, Dialog, DialogFooter, DialogType, ICommandBarItemProps, PrimaryButton, Spinner, Stack } from '@fluentui/react';
2 | import { useBoolean } from '@fluentui/react-hooks';
3 | import React, { useCallback, useMemo } from 'react';
4 | import { RootStateOrAny, useDispatch, useSelector } from 'react-redux';
5 | import { decommissionPaws, getPaws } from '../../store/actions/pawActions';
6 |
7 | interface IPawActionsProps {
8 | onCommissionPaws: () => void;
9 | onDecommissionPaws?: () => void;
10 | }
11 | export const PawActions = (props: IPawActionsProps) => {
12 | const pawsToDecommission = useSelector((state: RootStateOrAny) => state.paw.commissionPaws.pawsToDecommission);
13 | const isPawDecommissioning = useSelector((state: RootStateOrAny) => state.paw.commissionPaws.isPawDecommissioning);
14 | const isPawCommissioning = useSelector((state: RootStateOrAny) => state.paw.commissionPaws.isPawCommissioning);
15 | const isGettingPaws = useSelector((state: RootStateOrAny) => state.paw.getPaws.isGettingPaws);
16 |
17 | const [hideDialog, { toggle: toggleHideDialog }] = useBoolean(true);
18 | const dispatch = useDispatch();
19 |
20 | const decommissionSelectedPaw = useCallback(() => {
21 | dispatch(decommissionPaws(pawsToDecommission));
22 | toggleHideDialog()
23 | }, [dispatch, pawsToDecommission, toggleHideDialog]);
24 |
25 | const onRefershPaws = useCallback(() => {
26 | dispatch(getPaws())
27 | }, [dispatch]);
28 |
29 | const _items: ICommandBarItemProps[] = [
30 | {
31 | key: 'addGroup',
32 | text: 'Commission PAW',
33 | iconProps: { iconName: 'AddGroup' },
34 | onClick: () => props.onCommissionPaws(),
35 | },
36 | {
37 | key: 'delete',
38 | text: 'Decommission Selected PAW',
39 | iconProps: { iconName: 'Delete' },
40 | disabled: !(pawsToDecommission?.length > 0),
41 | onClick: () => { toggleHideDialog() },
42 | },
43 | {
44 | key: 'refresh',
45 | text: 'Refresh',
46 | iconProps: { iconName: 'Refresh' },
47 | onClick: () => { onRefershPaws() },
48 | },
49 | ];
50 |
51 |
52 | const modalProps = React.useMemo(
53 | () => ({
54 | isBlocking: true,
55 | styles: { main: { maxWidth: 450 } },
56 | }),
57 | [],
58 | );
59 |
60 | const DecommissionPawDialog = useMemo(() => {
61 | const dialogContentProps = {
62 | type: DialogType.normal,
63 | title: 'Decommissioning PAW(s)',
64 | subText: `Do you want to decommission selected(${pawsToDecommission.length}) PAWs?`,
65 | };
66 | return (
67 |
80 | );
81 | }, [decommissionSelectedPaw, hideDialog, modalProps, pawsToDecommission.length, toggleHideDialog]);
82 |
83 | return (
84 |
85 |
94 | {DecommissionPawDialog}
95 | {isPawDecommissioning && }
96 | {isPawCommissioning && }
97 | {isGettingPaws && }
98 |
99 | );
100 | };
101 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://github.com/microsoft/Privileged-Security-Management/actions/workflows/codeql-analysis.yml) [](https://github.com/microsoft/Privileged-Security-Management/actions/workflows/UnitTest-Server.js.yml) [](https://github.com/microsoft/Privileged-Security-Management/actions/workflows/UnitTest-UI.js.yml) [](https://bestpractices.coreinfrastructure.org/projects/5021) [](https://github.com/microsoft/Privileged-Security-Management/blob/main/LICENSE)
2 |
3 | # Introduction
4 | Privileged Access Workstation ([PAW](https://aka.ms/paw)) and Securing Privileged Access ([SPA](https://aka.ms/spa)) may be the gold standard of administrative security, but the complexity of architecture and associated price point deter most administrators from implementing this in their environments. To lower the barrier of implementation, this application automates processes to reduce human error and simplify the required security expertise to deploy and manage PAWs and [SPA](https://aka.ms/spa) architectures, specifically from deployment to lifecycle management (on-board/decommission) in addition to SILO management.
5 |
6 | This application is designed to operate with a managed identity but supports multiple authentication methods to access the Microsoft Graph API. The Graph API is used to manage the various aspects of the tenant, from the Conditional Access to the Device Configurations in Endpoint Manager.
7 |
8 | # Deployment Guide
9 | The App can be deployed in a variety of ways to support your diverse hosting environment.
10 | Check out our deployment guides here:
11 | - [Azure](https://github.com/microsoft/Privileged-Security-Management/wiki/Deploy-to-Azure)
12 | - [Container](https://github.com/microsoft/Privileged-Security-Management/wiki/Deploy-to-Container)
13 | - [Linux](https://github.com/microsoft/Privileged-Security-Management/wiki/Deploy-to-Linux)
14 | - [Windows](https://github.com/microsoft/Privileged-Security-Management/wiki/Deploy-to-Windows)
15 | - [Deploy/Run from Source Code](https://github.com/microsoft/Privileged-Security-Management/wiki/Build-and-Run-from-Source)
16 |
17 | # Documentation
18 | The application's docs can be found in the GitHub wiki!
19 | https://github.com/microsoft/Privileged-Security-Management/wiki
20 |
21 | # Roadmap
22 | This is also found on the wiki!
23 | https://github.com/microsoft/Privileged-Security-Management/wiki/Version-Roadmap
24 |
25 | ## Contributing
26 | This project welcomes contributions and suggestions. Most contributions require you to agree to a
27 | Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
28 | the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
29 |
30 | When you submit a pull request, a CLA bot will automatically determine whether you need to provide
31 | a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
32 | provided by the bot. You will only need to do this once across all repos using our CLA.
33 |
34 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
35 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
36 | contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
37 |
38 | ## Trademarks
39 | This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft
40 | trademarks or logos is subject to and must follow
41 | [Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general).
42 | Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
43 | Any use of third-party trademarks or logos are subject to those third-party's policies.
44 |
--------------------------------------------------------------------------------
/User-Interface/src/store/slice/pawAssignment.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import { createSlice, createAsyncThunk } from '@reduxjs/toolkit'
5 | import type { PayloadAction } from "@reduxjs/toolkit";
6 | import type { User } from "@microsoft/microsoft-graph-types-beta";
7 |
8 | // Define the structure of the initial state and its metadata
9 | export interface PawAssignmentState {
10 | isGettingAssignmentList: boolean,
11 | isAssigning: boolean,
12 | isRemovingAssignment: boolean,
13 | assignedUserList: User[],
14 | addUpnList: User[],
15 | removeUpnList: string[],
16 | message: string | undefined,
17 | error: any | undefined
18 | }
19 |
20 | // Define the initial state of the assignment store
21 | const initialState: PawAssignmentState = {
22 | isGettingAssignmentList: false,
23 | isAssigning: false,
24 | isRemovingAssignment: false,
25 | assignedUserList: [],
26 | addUpnList: [],
27 | removeUpnList: [],
28 | message: undefined,
29 | error: undefined
30 | };
31 |
32 | // Define the thunk for the PAW Assignment List action
33 | export const getPawAssignmentListThunk = createAsyncThunk(
34 | 'pawAssignment/getAssignmentList',
35 | async (pawId, thunkAPI): Promise => {
36 | // Catch errors during execution
37 | try {
38 | // Do something here
39 | const response = await fetch(`${document.location.origin}/API/Lifecycle/PAW/${pawId}/Assign`);
40 |
41 | // Parse the response body into JSON (the API always returns an array, an empty one if no PAWs are commissioned)
42 | const result: User[] = await response.json();
43 |
44 | // Return the results
45 | return result
46 | } catch (error) { // if an error was thrown
47 | // Reject the thunk and return the execution of the
48 | thunkAPI.rejectWithValue(error);
49 | }
50 | }
51 | );
52 |
53 | // Create the slice and export it to the caller
54 | export const pawAssignmentSlice = createSlice({
55 | // Name the slice internally in redux
56 | name: "pawAssignment",
57 |
58 | // Define the initial state of the slice
59 | initialState,
60 |
61 | // Define the reducers for the slice
62 | reducers: {},
63 | extraReducers: (builder) => {
64 | // Operate on the reducer builder parameter
65 | builder
66 | // Create a thunk reducer to set the state when a request starts
67 | .addCase(getPawAssignmentListThunk.pending, (state) => {
68 | // Set the state to indicate that a request is in progress
69 | state.isGettingAssignmentList = true;
70 |
71 | // Set the status message for the state
72 | state.message = "Getting User Assignments...";
73 | })
74 | // Create a thunk reducer to set the state when a request finishes successfully
75 | .addCase(getPawAssignmentListThunk.fulfilled, (state, action: PayloadAction) => {
76 | /// Set the state to indicate that a request is not in progress
77 | state.isGettingAssignmentList = false;
78 |
79 | // Clear the status message
80 | state.message = undefined;
81 |
82 | // Populate the PAW's assigned user list state with the results of the action
83 | state.assignedUserList = action.payload;
84 |
85 | // Because the operation was successful, clear the error state
86 | state.error = undefined;
87 | })
88 | // Create a thunk reducer to set the state when a request fails
89 | .addCase(getPawAssignmentListThunk.rejected, (state, action: PayloadAction) => {
90 | // Set the state to indicate that a request is not in progress
91 | state.isGettingAssignmentList = false;
92 |
93 | // Set the state to contain the results of the error
94 | state.error = action.payload;
95 |
96 | // Clear the current status message
97 | state.message = undefined;
98 | })
99 | }
100 | });
101 |
102 | // Export the actions of the slice
103 | // export const { } = pawAssignmentSlice.actions;
104 |
105 | // Export the reducers by default
106 | export default pawAssignmentSlice.reducer;
--------------------------------------------------------------------------------
/User-Interface/src/store/actions/pawActions/assignmentPawActions.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import {
5 | GETTING_PAW_ASSIGNMENT_REQUEST,
6 | GETTING_PAW_ASSIGNMENT_SUCCESS,
7 | GETTING_PAW_ASSIGNMENT_FAILURE,
8 | ASSIGN_PAW_REQUEST,
9 | ASSIGN_PAW_SUCCESS,
10 | ASSIGN_PAW_FAILURE,
11 | UNASSIGN_PAW_REQUEST,
12 | UNASSIGN_PAW_SUCCESS,
13 | UNASSIGN_PAW_FAILURE
14 | } from "./types";
15 | import { PawService } from "../../../services";
16 | import type { IPsmDevice } from "../../../models"
17 | import type { User } from "@microsoft/microsoft-graph-types-beta";
18 |
19 | // Define the redux store action for the start of the request
20 | function getAssignedUserRequest() {
21 | return {
22 | type: GETTING_PAW_ASSIGNMENT_REQUEST,
23 | };
24 | };
25 |
26 | // Define the redux store action for the successful completion of the request
27 | function getAssignedUserSuccess(userList: User[]) {
28 | return {
29 | type: GETTING_PAW_ASSIGNMENT_SUCCESS,
30 | payload: userList
31 | };
32 | };
33 |
34 | // Define the redux store action for the unsuccessful completion of the request
35 | function getAssignedUserFailure(error: Error) {
36 | // Return the redux action object
37 | return {
38 | type: GETTING_PAW_ASSIGNMENT_FAILURE,
39 | payload: error
40 | };
41 | };
42 |
43 | // Execute the retrieval command async while updating the UI's state in redux when the command resolves
44 | export function getPawAssignedUserList(pawDevice: IPsmDevice) {
45 | // Return a thunk object on execution
46 | return async function(dispatch): Promise {
47 | // Set the UI state to be in the retrieval mode
48 | dispatch(getAssignedUserRequest());
49 | // Execute the get assignment command
50 | PawService.getPawAssignment(pawDevice)
51 | // After successful execution, update the UI's state with the new data
52 | .then(userList => dispatch(getAssignedUserSuccess(userList)))
53 | // After unsuccessful execution, update the UI's state with the error details
54 | .catch(error => dispatch(getAssignedUserFailure(error)))
55 | };
56 | };
57 |
58 | // Define the redux store action for the start of the request
59 | function setAssignedUserRequest() {
60 | return {
61 | type: ASSIGN_PAW_REQUEST,
62 | };
63 | };
64 |
65 | // Define the redux store action for the successful completion of the request
66 | function setAssignedUserSuccess(userList: User[]) {
67 | return {
68 | type: ASSIGN_PAW_SUCCESS,
69 | payload: userList
70 | };
71 | };
72 |
73 | // Define the redux store action for the unsuccessful completion of the request
74 | function setAssignedUserFailure(error: Error) {
75 | // Return the redux action object
76 | return {
77 | type: ASSIGN_PAW_FAILURE,
78 | payload: error
79 | };
80 | };
81 |
82 | // Execute the add assignment command async while updating the UI's state in redux when the command resolves
83 | export function setPawAssignedUserList(pawDevice: IPsmDevice, upnList: string[]) {
84 | // Return a thunk object on execution
85 | return async function(dispatch): Promise {
86 | // Set the UI state to be in the addition mode
87 | dispatch(setAssignedUserRequest());
88 | // Execute the add assignment command
89 | PawService.setPawAssignment(pawDevice, upnList)
90 | // After successful execution, update the UI's state with the new data
91 | .then(userList => dispatch(setAssignedUserSuccess(userList)))
92 | // After unsuccessful execution, update the UI's state with the error details
93 | .catch(error => dispatch(setAssignedUserFailure(error)))
94 | };
95 | };
96 |
97 | // Define the redux store action for the start of the request
98 | function removeAssignedUserRequest() {
99 | return {
100 | type: UNASSIGN_PAW_REQUEST,
101 | };
102 | };
103 |
104 | // Define the redux store action for the successful completion of the request
105 | function removeAssignedUserSuccess(userList: User[]) {
106 | return {
107 | type: UNASSIGN_PAW_SUCCESS,
108 | payload: userList
109 | };
110 | };
111 |
112 | // Define the redux store action for the unsuccessful completion of the request
113 | function removeAssignedUserFailure(error: Error) {
114 | // Return the redux action object
115 | return {
116 | type: UNASSIGN_PAW_FAILURE,
117 | payload: error
118 | };
119 | };
120 |
121 | // Execute the un-assignment command async while updating the UI's state in redux when the command resolves
122 | export function removePawAssignedUserList(pawDevice: IPsmDevice, upnList: string[]) {
123 | // Return a thunk object on execution
124 | return async function(dispatch): Promise {
125 | // Set the UI state to be in the removal mode
126 | dispatch(removeAssignedUserRequest());
127 | // Execute the remove assignment command
128 | PawService.removePawAssignment(pawDevice, upnList)
129 | // After successful execution, update the UI's state with the new data
130 | .then(userList => dispatch(removeAssignedUserSuccess(userList)))
131 | // After unsuccessful execution, update the UI's state with the error details
132 | .catch(error => dispatch(removeAssignedUserFailure(error)))
133 | };
134 | };
--------------------------------------------------------------------------------
/.github/workflows/Build-Binaries.yml:
--------------------------------------------------------------------------------
1 | # This is a basic workflow to help you get started with Actions
2 |
3 | name: Build Binaries
4 |
5 | # Controls when the workflow will run
6 | on:
7 | # Allows you to run this workflow manually from the Actions tab
8 | workflow_dispatch:
9 |
10 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel
11 | jobs:
12 | Generate-Bins:
13 | # The type of runner that the job will run on
14 | runs-on: ubuntu-latest
15 |
16 | # Steps represent a sequence of tasks that will be executed as part of the job
17 | steps:
18 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
19 | - uses: actions/checkout@v2
20 |
21 | # Set up NodeJS on the build host
22 | - name: Setup Node.js environment
23 | uses: actions/setup-node@v2
24 | with:
25 | node-version: 16.x
26 |
27 | # Install the PKG package to allow for building binaries
28 | - name: Install PKG
29 | run: npm install -g pkg
30 |
31 | # Install the UI's dependencies
32 | - name: Install the UI project
33 | run: npm install
34 | working-directory: User-Interface
35 |
36 | # Install the servers dependencies
37 | - name: Install the Server project
38 | run: npm install
39 | working-directory: Server
40 |
41 | # Compile the Typescript files to JS
42 | - name: Build Server
43 | run: npm run-script build
44 | working-directory: Server
45 |
46 | # Build the UI static files and place them into the server's compiled folder.
47 | - name: Build the UI
48 | run: npm run-script build
49 | working-directory: User-Interface
50 |
51 | # Build the native binaries to be included as artifacts for publish
52 | - name: Build native binaries
53 | run: npx pkg .
54 | working-directory: Server
55 |
56 | # Upload the Windows EXE Arctifact to make them available to other processes
57 | - name: Upload Raw Windows EXE Artifact
58 | uses: actions/upload-artifact@v2
59 | with:
60 | name: WindowsRawExe
61 | path: Server/dist/privileged-security-management-server-win.exe
62 |
63 | # Upload the Windows EXE Arctifact to make them available to other processes
64 | - name: Upload Raw Linux bin Artifact
65 | uses: actions/upload-artifact@v2
66 | with:
67 | name: LinuxRawBin
68 | path: Server/dist/privileged-security-management-server-linux
69 | # Build-And-Publish-Snap:
70 | # # Ensure that the binaries are generated before executing this part of the build process.
71 | # needs: Generate-Bins
72 |
73 | # # Run the snap build command on the latest Ubuntu OS available
74 | # runs-on: ubuntu-latest
75 |
76 | # # Steps represent a sequence of tasks that will be executed as part of the job
77 | # steps:
78 | # # Download the project's current source code
79 | # - name: Download project
80 | # uses: actions/checkout@v2
81 |
82 | # # Grab the bin file that was just generated by the BIN Build step
83 | # - name: Download Linux Bin
84 | # uses: actions/download-artifact@v3
85 | # with:
86 | # name: LinuxRawBin
87 | # path: Server/dist/
88 |
89 | # # Package the snap packaged based on the snapcraft.yaml file in the root of the source code repo
90 | # - name: Build Snap Package
91 | # uses: snapcore/action-build@v1
92 |
93 | # # Upload the built snap package to the store in edge mode
94 | # - uses: snapcore/action-publish@v1
95 | # with:
96 | # store_login: ${{ secrets.SNAP_STORE_EDGE_LOGIN }}
97 | # snap: ${{ steps.build.outputs.snap }}
98 | # release: edge
99 |
100 | # Authenticode-Sign:
101 | # # This job can't procede if the EXE isn't present to sign
102 | # needs: Generate-Bins
103 |
104 | # # The type of runner that the job will run on
105 | # runs-on: windows-latest
106 |
107 | # # Steps represent a sequence of tasks that will be executed as part of the job
108 | # steps:
109 | # - name: Download the Windows Raw un-packaged exe Artifact
110 | # uses: actions/download-artifact@v2
111 | # with:
112 | # # Artifact name
113 | # name: WindowsRawExe
114 | # # Destination path
115 | # path: Downloads
116 |
117 | # # Runs a single command using the runners shell
118 | # - name: Set up .Net CLI
119 | # uses: actions/setup-dotnet@v1
120 | # with:
121 | # dotnet-version: "6.0.x"
122 |
123 | # # Install the Azure Sign Tool for authenticode signing
124 | # - name: Install Azure Sign Tool
125 | # run: dotnet tool install --global AzureSignTool
126 |
127 | Package-WindowsInstallers:
128 | # This job can't procede if the EXE hasn't been generated or signed
129 | needs: [Generate-Bins]
130 |
131 | # The type of runner that the job will run on
132 | runs-on: windows-latest
133 |
134 | # Steps represent a sequence of tasks that will be executed as part of the job
135 | steps:
136 | - name: Download project
137 | uses: actions/checkout@v2
138 |
139 | - name: Download EXE
140 | uses: actions/download-artifact@v3
141 | with:
142 | name: WindowsRawExe
143 | path: Server/dist/
144 |
145 | - name: Build MSI Installer
146 | uses: Caphyon/advinst-github-action@v1.0
147 | with:
148 | advinst-version: '19.6'
149 | advinst-license: ${{ secrets.ADVANCEDINSTALLER_KEY }}
150 | advinst-enable-automation: 'false'
151 | aip-path: 'Privileged Security Management.aip'
152 | aip-build-name: 'MSI'
153 |
154 | # Upload the Windows MSI Arctifact to make them available to other processes
155 | - name: Upload MSI Artifact
156 | uses: actions/upload-artifact@v2
157 | with:
158 | name: WindowsInstallerMSI
159 | path: Server/dist/PSM-Win-x64.msi
160 |
161 | - name: Build EXE Installer
162 | uses: Caphyon/advinst-github-action@v1.0
163 | with:
164 | advinst-version: '19.6'
165 | advinst-license: ${{ secrets.ADVANCEDINSTALLER_KEY }}
166 | advinst-enable-automation: 'false'
167 | aip-path: 'Privileged Security Management.aip'
168 | aip-build-name: 'EXE'
169 |
170 | # Upload the Windows EXE Arctifact to make them available to other processes
171 | - name: Upload EXE Artifact
172 | uses: actions/upload-artifact@v2
173 | with:
174 | name: WindowsInstallerEXE
175 | path: Server/dist/PSM-Win-x64.exe
176 |
--------------------------------------------------------------------------------
/User-Interface/src/services/pawService.ts:
--------------------------------------------------------------------------------
1 | import type { User } from "@microsoft/microsoft-graph-types-beta";
2 | import type { IPsmAutopilotDevice, IPsmDevice } from "../models";
3 | // import { PsmDeviceList } from '../models/mocks';
4 |
5 | export interface IPawService {
6 | getPaws: () => Promise,
7 | commissionPaw: (paw: IPsmAutopilotDevice) => Promise,
8 | decommissionPaw: (paws: IPsmDevice[]) => Promise, // return list of decommissioned Paws
9 | }
10 | export class PawService {
11 | // Get the current host name and port (if there is a port)
12 | public static API_BASE_URL = document.location.origin;
13 |
14 | // Get a list of PAW devices from the Server's Lifecycle API
15 | public static async getPaws(): Promise {
16 | // Build the URL to run the API request against
17 | const getPawsUrl = `${this.API_BASE_URL}/API/Lifecycle/PAW`;
18 |
19 | // Run the Get request against the specified endpoint
20 | const response = await fetch(getPawsUrl);
21 |
22 | // Parse the response body into JSON (the API always returns an array, an empty one if no PAWs are commissioned)
23 | const result: Array = await response.json();
24 |
25 | // rename the object's keys to match what is used throughout the rest of the app
26 | return result.map((device: IPsmDevice) => {
27 | // For each object in the array, replace it's contents with the below object structure
28 | return {
29 | DisplayName: device.DisplayName,
30 | id: device.id,
31 | Type: device.Type,
32 | CommissionedDate: new Date(device.CommissionedDate).toUTCString(),
33 | ParentDevice: device.ParentDevice,
34 | GroupAssignment: device.GroupAssignment,
35 | UserAssignment: device.UserAssignment,
36 | ParentGroup: device.ParentGroup
37 | };
38 | });
39 | /*
40 | Uncomment the below code to work with the mock, and also uncomment paws mock import
41 | */
42 | // return PsmDeviceList.map((device: IPsmDevice) => {
43 | // return {
44 | // DisplayName: device.DisplayName,
45 | // id: device.id,
46 | // Type: device.Type,
47 | // CommissionedDate: new Date(device.CommissionedDate).toUTCString(),
48 | // ParentDevice: device.ParentDevice,
49 | // GroupAssignment: device.GroupAssignment,
50 | // ParentGroup: device.ParentGroup,
51 | // UserAssignment: device.UserAssignment
52 | // };
53 | // });
54 | };
55 |
56 | // Commission the specified autopilot device by using the lifecycle API
57 | public static commissionPaw = async (deviceList: IPsmAutopilotDevice[], pawTypeToCommission: string) => {
58 | // Loop through each device in the list of autopilot devices
59 | for (const device of deviceList) {
60 | // Build the URL for the specified unique autopilot device
61 | const commissionPawUrl = `${this.API_BASE_URL}/API/Lifecycle/PAW/${device.azureAdDeviceId}/Commission`;
62 |
63 | // Build the post body
64 | const postBody = {
65 | type: pawTypeToCommission,
66 | };
67 |
68 | // make the web request with the required options and the previously built post body
69 | await fetch(commissionPawUrl, {
70 | method: 'POST',
71 | mode: 'same-origin',
72 | headers: {
73 | 'Content-Type': 'application/json'
74 | },
75 | body: JSON.stringify(postBody)
76 | });
77 | };
78 | };
79 |
80 | // Decommission the specified PAW device by using the lifecycle API
81 | public static decommissionPaw = async (deviceList: IPsmDevice[]) => {
82 | // Loop through all of the specified PAWs and decommission them
83 | for (const device of deviceList) {
84 | // Build the web request url dynamically
85 | const commissionPawUrl = `${this.API_BASE_URL}/API/Lifecycle/PAW/${device.id}/Commission`;
86 |
87 | // Make the request to decommission the PAW with the specified options
88 | await fetch(commissionPawUrl, {
89 | method: 'DELETE',
90 | mode: 'same-origin'
91 | });
92 | };
93 | };
94 |
95 | // Get the User Assignments for the specified PAW device
96 | public static async getPawAssignment(psmDevice: IPsmDevice): Promise {
97 | // Build the request url
98 | const getAssignmentURL = `${this.API_BASE_URL}/API/Lifecycle/PAW/${psmDevice.id}/Assign`;
99 |
100 | // Run the Get request against the specified endpoint
101 | const response = await fetch(getAssignmentURL);
102 |
103 | // Parse the response body into JSON (the API always returns an array, an empty one if no users are assigned)
104 | const result: User[] = await response.json();
105 |
106 | // Returned the processed results
107 | return result;
108 | };
109 |
110 | public static async setPawAssignment(psmDevice: IPsmDevice, upnList: string[]): Promise {
111 | // Build the request url
112 | const postAssignmentURL = `${this.API_BASE_URL}/API/Lifecycle/PAW/${psmDevice.id}/Assign`;
113 |
114 | // Build the post body to be used in the web request
115 | const postBody = {
116 | userList: upnList
117 | };
118 |
119 | // Run the Get request against the specified endpoint
120 | const response = await fetch(postAssignmentURL, {
121 | method: "POST",
122 | mode: "same-origin",
123 | headers: {
124 | 'Content-Type': 'application/json'
125 | },
126 | body: JSON.stringify(postBody)
127 | });
128 |
129 | // Parse the response body into JSON (the API always returns an array, an empty one if no users are assigned)
130 | const result: User[] = await response.json();
131 |
132 | // Returned the processed results
133 | return result;
134 | };
135 |
136 | public static async removePawAssignment(psmDevice: IPsmDevice, upnList: string[]): Promise {
137 | // Build the request url
138 | const deleteAssignmentURL = `${this.API_BASE_URL}/API/Lifecycle/PAW/${psmDevice.id}/Assign`;
139 |
140 | // Build the delete body to be used in the web request
141 | const deleteBody = {
142 | userList: upnList
143 | };
144 |
145 | // Run the Get request against the specified endpoint
146 | const response = await fetch(deleteAssignmentURL, {
147 | method: "DELETE",
148 | mode: "same-origin",
149 | headers: {
150 | 'Content-Type': 'application/json'
151 | },
152 | body: JSON.stringify(deleteBody)
153 | });
154 |
155 | // Parse the response body into JSON (the API always returns an array, an empty one if no users are assigned)
156 | const result: User[] = await response.json();
157 |
158 | // Returned the processed results
159 | return result;
160 | };
161 | };
--------------------------------------------------------------------------------
/Server/src/Startup/Authentication.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import { ChainedTokenCredential, ClientSecretCredential, ManagedIdentityCredential } from "@azure/identity";
5 | import type { KeyVaultSecret } from "@azure/keyvault-secrets";
6 | import { SecretClient } from "@azure/keyvault-secrets";
7 | import { validateGUID, validateKeyVaultName, validateKeyVaultSecretName, InternalAppError, writeDebugInfo } from "../Utility";
8 |
9 | // Create the MS Azure Access Credential handler class.
10 | export class MSAzureAccessCredential {
11 | // Define the class properties
12 | credential: Promise;
13 | private clientSecretCred: ClientSecretCredential | undefined;
14 | private managedIdentCred: ManagedIdentityCredential;
15 | private clientID: string
16 | private clientSecret: string | Promise
17 | private tenantID: string
18 | private managedIdentGUID: string
19 | private keyVaultName: string
20 | private kvSecretName: string
21 | private kvCloudSelection: string
22 |
23 | // Initialize the Access Credential class when instantiated
24 | constructor() {
25 | // Set keyvault to operate off teh Azure Public Cloud by default.
26 | this.kvCloudSelection = ".vault.azure.net"
27 |
28 | // Import environmental variables
29 | this.managedIdentGUID = process.env.PSM_Managed_ID_GUID || ""
30 | this.keyVaultName = process.env.PSM_KeyVault_Name || ""
31 | this.kvSecretName = process.env.PSM_KeyVault_Secret || ""
32 | this.clientID = process.env.PSM_Client_GUID || ""
33 | this.clientSecret = process.env.PSM_Client_Secret || ""
34 | this.tenantID = process.env.PSM_Tenant_ID || ""
35 |
36 | // Validate environmental variable input to ensure that the input is as expected and not an injection attempt.
37 | if (this.managedIdentGUID !== "" && !validateGUID(this.managedIdentGUID)) { throw new InternalAppError("The user assigned managed identity GUID is not a valid GUID!", "Invalid Input"); };
38 | if (this.keyVaultName !== "" && !validateKeyVaultName(this.keyVaultName)) { throw new InternalAppError("The key vault name must be a string and following naming constraints!", "Invalid Input", "Authentication - Constructor - Input Validation"); };
39 | if (this.kvSecretName !== "" && !validateKeyVaultSecretName(this.kvSecretName)) { throw new InternalAppError("The key vault secret name must be a string and following naming constraints!", "Invalid Input", "Authentication - Constructor - Input Validation"); };
40 | if (this.clientID !== "" && !validateGUID(this.clientID)) { throw new InternalAppError("The Client ID was specified but it isn't a string in the GUID format!", "Invalid Input", "Authentication - Constructor - Input Validation"); };
41 | if (this.clientSecret !== "" && typeof this.clientSecret !== "string") { throw new InternalAppError("The client secret was specified but isn't a string!", "Invalid Input", "Authentication - Constructor - Input Validation"); };
42 | if (this.tenantID !== "" && !validateGUID(this.tenantID)) { throw new InternalAppError("The Tenant ID was specified but it isn't a string in the GUID format!", "Invalid Input", "Authentication - Constructor - Input Validation"); };
43 |
44 | // Validate if a GUID is provided for a user assigned managed identity
45 | if (this.managedIdentGUID !== "") {
46 | // Write debug info
47 | writeDebugInfo("Initializing UA MI Credential");
48 |
49 | // Initialize the managed identity credential object for user assigned managed identity.
50 | this.managedIdentCred = new ManagedIdentityCredential(this.managedIdentGUID);
51 | } else {
52 | // Write debug info
53 | writeDebugInfo("Initializing SA MI Credential");
54 |
55 | // Initialize the managed identity credential object for system assigned managed identity.
56 | this.managedIdentCred = new ManagedIdentityCredential();
57 | };
58 |
59 | // Write debug info
60 | writeDebugInfo("Managed Identity Credential Initialization Complete");
61 |
62 | // Check if the keyvault name was specified
63 | if (this.keyVaultName !== "" || this.kvSecretName !== "") {
64 | // Validate that all of the properties are in the correct configuration.
65 | if (this.keyVaultName === "" || this.kvSecretName === "" || this.tenantID === "" || this.clientID === "" || this.clientSecret !== "") { throw new InternalAppError("The required configurations aren't present, please double check your MI KV based auth config.", "Invalid Config", "Authentication - MI KV App Reg - Config Validation"); };
66 |
67 | // Build the URL of the key vault
68 | const kvURL = "https://" + this.keyVaultName + this.kvCloudSelection;
69 |
70 | // Instantiate the key vault client
71 | const kvSecretClient = new SecretClient(kvURL, this.managedIdentCred);
72 |
73 | // Start the KV secret retrieval process
74 | this.clientSecret = kvSecretClient.getSecret(this.kvSecretName);
75 |
76 | // Build the chained token credential
77 | this.credential = this.getKvChainedCred();
78 | } else if (this.clientID !== "" || this.clientSecret !== "" || this.tenantID !== "") { // If no KV, then check for App Reg Auth
79 | // Validate that all of the properties are in the correct configuration.
80 | if (this.tenantID === "" || this.clientID === "" || this.clientSecret === "") { throw new InternalAppError("The required configurations aren't present, please double check your app reg based auth config.", "Invalid Config", "Authentication - App Reg/Local Vars - Config Validation"); };
81 |
82 | // Build a client secret credential
83 | this.clientSecretCred = new ClientSecretCredential(this.tenantID, this.clientID, this.clientSecret);
84 |
85 | // Build the chained token credential
86 | this.credential = Promise.resolve(new ChainedTokenCredential(this.clientSecretCred));
87 | } else { // Just Managed identity auth here
88 | // Build the chained token credential
89 | this.credential = Promise.resolve(new ChainedTokenCredential(this.managedIdentCred));
90 | };
91 | };
92 |
93 | // Define an asynchronous function that chains together a credential built from data in the key vault and managed identity.
94 | private async getKvChainedCred() {
95 | // Validate the client secret is defined correctly.
96 | if (typeof this.clientSecret === "string") { throw new InternalAppError("The client secret should not be manually set for key vault based auth!", "Invalid Input", "Authentication - getKvChainedCred - Input Validation"); };
97 | if (typeof this.clientSecret.then !== "function" || typeof this.clientSecret.catch !== "function") { throw new InternalAppError("The client secret should be Promise, the specified object is not a promise!", "Invalid Input", "Authentication - getKvChainedCred - Input Validation"); };
98 |
99 | // Isolate the value from the Key Vault secret
100 | const kvSecretValue = (await this.clientSecret).value
101 |
102 | // Validate that it contains data, if not, throw an error
103 | if (kvSecretValue === undefined) { throw new InternalAppError("KV secret value is undefined", "Invalid Input", "Authentication - getKvChainedCred - Secret value validation") };
104 |
105 | // Create the client secret object and place it into the instantiated class' properties
106 | this.clientSecretCred = new ClientSecretCredential(this.tenantID, this.clientID, kvSecretValue);
107 |
108 | // Return a chained credential
109 | return new ChainedTokenCredential(this.clientSecretCred);
110 | };
111 | };
--------------------------------------------------------------------------------
/Server/disableeslintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "env": {
3 | "es2021": true,
4 | "node": true
5 | },
6 | "extends": [
7 | "eslint:recommended",
8 | "plugin:@typescript-eslint/recommended"
9 | ],
10 | "parser": "@typescript-eslint/parser",
11 | "parserOptions": {
12 | "ecmaVersion": "latest",
13 | "sourceType": "module"
14 | },
15 | "plugins": [
16 | "@typescript-eslint"
17 | ],
18 | "rules": {
19 | "accessor-pairs": "error",
20 | "array-bracket-newline": "error",
21 | "array-bracket-spacing": "error",
22 | "array-callback-return": "error",
23 | "array-element-newline": "error",
24 | "arrow-body-style": "error",
25 | "arrow-parens": "error",
26 | "arrow-spacing": "error",
27 | "block-scoped-var": "error",
28 | "block-spacing": "error",
29 | "brace-style": "error",
30 | "camelcase": "error",
31 | "capitalized-comments": "error",
32 | "class-methods-use-this": "error",
33 | "comma-dangle": "error",
34 | "comma-spacing": "error",
35 | "comma-style": "error",
36 | "complexity": "error",
37 | "computed-property-spacing": "error",
38 | "consistent-return": "error",
39 | "consistent-this": "error",
40 | "curly": "error",
41 | "default-case": "error",
42 | "default-case-last": "error",
43 | "default-param-last": "error",
44 | "dot-location": "error",
45 | "dot-notation": "error",
46 | "eol-last": "error",
47 | "eqeqeq": "error",
48 | "func-call-spacing": "error",
49 | "func-name-matching": "error",
50 | "func-names": "error",
51 | "func-style": "error",
52 | "function-call-argument-newline": "error",
53 | "function-paren-newline": "error",
54 | "generator-star-spacing": "error",
55 | "grouped-accessor-pairs": "error",
56 | "guard-for-in": "error",
57 | "id-denylist": "error",
58 | "id-length": "error",
59 | "id-match": "error",
60 | "implicit-arrow-linebreak": "error",
61 | "indent": "error",
62 | "init-declarations": "error",
63 | "jsx-quotes": "error",
64 | "key-spacing": "error",
65 | "keyword-spacing": "error",
66 | "line-comment-position": "error",
67 | "lines-around-comment": "error",
68 | "lines-between-class-members": "error",
69 | "max-classes-per-file": "error",
70 | "max-depth": "error",
71 | "max-lines": "error",
72 | "max-lines-per-function": "error",
73 | "max-nested-callbacks": "error",
74 | "max-params": "error",
75 | "max-statements": "error",
76 | "max-statements-per-line": "error",
77 | "multiline-comment-style": "error",
78 | "multiline-ternary": "error",
79 | "new-cap": "error",
80 | "new-parens": "error",
81 | "newline-per-chained-call": "error",
82 | "no-alert": "error",
83 | "no-array-constructor": "error",
84 | "no-await-in-loop": "error",
85 | "no-bitwise": "error",
86 | "no-caller": "error",
87 | "no-confusing-arrow": "error",
88 | "no-console": "error",
89 | "no-constructor-return": "error",
90 | "no-continue": "error",
91 | "no-div-regex": "error",
92 | "no-duplicate-imports": "error",
93 | "no-else-return": "error",
94 | "no-empty-function": "error",
95 | "no-eq-null": "error",
96 | "no-eval": "error",
97 | "no-extend-native": "error",
98 | "no-extra-bind": "error",
99 | "no-extra-label": "error",
100 | "no-extra-parens": "error",
101 | "no-extra-semi": "off",
102 | "@typescript-eslint/no-extra-semi": ["error"],
103 | "no-floating-decimal": "error",
104 | "no-implicit-coercion": "error",
105 | "no-implicit-globals": "error",
106 | "no-implied-eval": "error",
107 | "no-inline-comments": "error",
108 | "no-invalid-this": "error",
109 | "no-iterator": "error",
110 | "no-label-var": "error",
111 | "no-labels": "error",
112 | "no-lone-blocks": "error",
113 | "no-lonely-if": "error",
114 | "no-loop-func": "error",
115 | "no-magic-numbers": "error",
116 | "no-mixed-operators": "error",
117 | "no-multi-assign": "error",
118 | "no-multi-spaces": "error",
119 | "no-multi-str": "error",
120 | "no-multiple-empty-lines": "error",
121 | "no-negated-condition": "error",
122 | "no-nested-ternary": "error",
123 | "no-new": "error",
124 | "no-new-func": "error",
125 | "no-new-object": "error",
126 | "no-new-wrappers": "error",
127 | "no-octal-escape": "error",
128 | "no-param-reassign": "error",
129 | "no-plusplus": "error",
130 | "no-promise-executor-return": "error",
131 | "no-proto": "error",
132 | "no-restricted-exports": "error",
133 | "no-restricted-globals": "error",
134 | "no-restricted-imports": "error",
135 | "no-restricted-properties": "error",
136 | "no-restricted-syntax": "error",
137 | "no-return-assign": "error",
138 | "no-return-await": "error",
139 | "no-script-url": "error",
140 | "no-self-compare": "error",
141 | "no-sequences": "error",
142 | "no-shadow": "error",
143 | "no-tabs": "error",
144 | "no-template-curly-in-string": "error",
145 | "no-ternary": "error",
146 | "no-throw-literal": "error",
147 | "no-trailing-spaces": "error",
148 | "no-undef-init": "error",
149 | "no-undefined": "error",
150 | "no-underscore-dangle": "error",
151 | "no-unmodified-loop-condition": "error",
152 | "no-unneeded-ternary": "error",
153 | "no-unreachable-loop": "error",
154 | "no-unused-expressions": "error",
155 | "no-use-before-define": "error",
156 | "no-useless-call": "error",
157 | "no-useless-computed-key": "error",
158 | "no-useless-concat": "error",
159 | "no-useless-constructor": "error",
160 | "no-useless-rename": "error",
161 | "no-useless-return": "error",
162 | "no-var": "error",
163 | "no-void": "error",
164 | "no-warning-comments": "error",
165 | "no-whitespace-before-property": "error",
166 | "nonblock-statement-body-position": "error",
167 | "object-curly-newline": "error",
168 | "object-curly-spacing": ["error", "always"],
169 | "object-property-newline": "error",
170 | "object-shorthand": "error",
171 | "one-var": "error",
172 | "one-var-declaration-per-line": "error",
173 | "operator-assignment": "error",
174 | "operator-linebreak": "error",
175 | "padded-blocks": "error",
176 | "padding-line-between-statements": "error",
177 | "prefer-arrow-callback": "error",
178 | "prefer-const": "error",
179 | "prefer-destructuring": "error",
180 | "prefer-exponentiation-operator": "error",
181 | "prefer-named-capture-group": "error",
182 | "prefer-numeric-literals": "error",
183 | "prefer-object-spread": "error",
184 | "prefer-promise-reject-errors": "error",
185 | "prefer-regex-literals": "error",
186 | "prefer-rest-params": "error",
187 | "prefer-spread": "error",
188 | "prefer-template": "error",
189 | "quote-props": "error",
190 | "quotes": "error",
191 | "radix": "error",
192 | "require-atomic-updates": "error",
193 | "require-await": "error",
194 | "require-unicode-regexp": "error",
195 | "rest-spread-spacing": "error",
196 | "semi": "error",
197 | "semi-spacing": "error",
198 | "semi-style": "error",
199 | "sort-imports": "error",
200 | "sort-keys": "error",
201 | "sort-vars": "error",
202 | "space-before-blocks": "error",
203 | "space-before-function-paren": ["error", "never"],
204 | "space-in-parens": "error",
205 | "space-infix-ops": "error",
206 | "space-unary-ops": "error",
207 | "spaced-comment": "error",
208 | "strict": "error",
209 | "switch-colon-spacing": "error",
210 | "symbol-description": "error",
211 | "template-curly-spacing": "error",
212 | "template-tag-spacing": "error",
213 | "unicode-bom": "error",
214 | "vars-on-top": "error",
215 | "wrap-iife": "error",
216 | "wrap-regex": "error",
217 | "yield-star-spacing": "error",
218 | "yoda": "error"
219 | }
220 | }
221 |
--------------------------------------------------------------------------------
/Server/src/Utility/RequestGenerator.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import type * as MicrosoftGraphBeta from "@microsoft/microsoft-graph-types-beta";
5 | import { InternalAppError, validateEmailArray, validateGUID, validateGUIDArray, validateStringArray } from "./";
6 |
7 | // Generate a settings object for the user rights assignment of a PAW.
8 | // Allows multiple users for potential shared PAW concept in the future.
9 | export function endpointPAWUserRightsSettings(userList: string[]) {
10 | // Validate input is a populated array of strings
11 | if (!(userList instanceof Array)) { throw new InternalAppError("The specified UserList is not an array!") };
12 | if (!validateStringArray(userList)) { throw new InternalAppError("The user list is not an array of strings!") };
13 |
14 | // Define object structures
15 | interface SettingsValueCollection {
16 | "@odata.type": string,
17 | settingInstance: {
18 | "@odata.type": string;
19 | settingDefinitionId: string;
20 | simpleSettingCollectionValue?: SettingsValueObject[]
21 | };
22 | };
23 |
24 | interface SettingsValueObject {
25 | "@odata.type": string;
26 | value: string;
27 | };
28 |
29 | // Build the initial settings object structure
30 | let settingsObject: SettingsValueCollection[] = [
31 | {
32 | "@odata.type": "#microsoft.graph.deviceManagementConfigurationSetting",
33 | "settingInstance": {
34 | "@odata.type": "#microsoft.graph.deviceManagementConfigurationSimpleSettingCollectionInstance",
35 | "settingDefinitionId": "device_vendor_msft_policy_config_userrights_allowlocallogon",
36 | "simpleSettingCollectionValue": []
37 | }
38 | }
39 | ];
40 |
41 | // Loop through all of the usernames provided in the parameter
42 | for (let index = 0; index < userList.length; index++) {
43 | // Extract the username from the array
44 | const userName = userList[index];
45 |
46 | // Build the settings value with the username to be added to the settings object
47 | const computedValue: SettingsValueObject = {
48 | "@odata.type": "#microsoft.graph.deviceManagementConfigurationStringSettingValue",
49 | "value": userName
50 | };
51 |
52 | // Add the value object to the settings object value collection
53 | settingsObject[0].settingInstance.simpleSettingCollectionValue?.push(computedValue);
54 | };
55 |
56 | // Return the computed object to the caller
57 | return settingsObject;
58 | };
59 |
60 | // Generate an assignment object for Microsoft Endpoint Manager (MEM)
61 | export function endpointGroupAssignmentTarget(includeGUID?: string[], excludeGUID?: string[]) {
62 | // Validate inputs
63 | if (!(includeGUID instanceof Array) || !validateGUIDArray(includeGUID)) { throw new InternalAppError("The specified array of included group GUIDs is not valid!") };
64 | if (!(excludeGUID instanceof Array) || !validateGUIDArray(excludeGUID)) { throw new InternalAppError("The specified array of excluded group GUIDs is not valid!") };
65 |
66 | // Define the assignment structure object type interface
67 | interface AssignmentStructure {
68 | assignments: {
69 | target: {
70 | "@odata.type": string;
71 | groupId: string;
72 | };
73 | }[];
74 | }
75 |
76 | // Create an empty assignment(s) object
77 | const assignmentObject: AssignmentStructure = {
78 | "assignments": []
79 | }
80 |
81 | // If groups are included, add them to the assignment object
82 | if (typeof includeGUID !== "undefined") {
83 | // Loop over each of the included GUIDs
84 | for (let index = 0; index < includeGUID.length; index++) {
85 | // Extract one of the GUIDs
86 | const groupGUID = includeGUID[index];
87 |
88 | // Build the target object with the specified GUID
89 | const target = {
90 | "target": {
91 | "@odata.type": "#microsoft.graph.groupAssignmentTarget",
92 | "groupId": groupGUID
93 | }
94 | }
95 |
96 | // Add the target object to the assignment structure
97 | assignmentObject.assignments.push(target);
98 | }
99 | }
100 |
101 | // If group exclusions are specified, add them to the assignment object
102 | if (typeof excludeGUID !== "undefined") {
103 | // Loop over each of the excluded GUIDs
104 | for (let index = 0; index < excludeGUID.length; index++) {
105 | // Extract one of the GUIDs
106 | const groupGUID = excludeGUID[index];
107 |
108 | // Build the target object with the specified GUID
109 | const target = {
110 | "target": {
111 | "@odata.type": "#microsoft.graph.exclusionGroupAssignmentTarget",
112 | "groupId": groupGUID
113 | }
114 | }
115 |
116 | // Add the target object to the assignment structure
117 | assignmentObject.assignments.push(target);
118 | }
119 | }
120 |
121 | // Return the built assignment object
122 | return assignmentObject;
123 | };
124 |
125 | // Generate the object for conditional access policy to assign a specific user to a device
126 | export function conditionalAccessPAWUserAssignment(deviceID: string, deviceGroupGUID: string, userGroupListGUID: string[], breakGlassGroupGUID: string): MicrosoftGraphBeta.ConditionalAccessPolicy {
127 | // Validate input
128 | if (!validateGUID(deviceID) || typeof deviceID !== "string") { throw new InternalAppError("The Device ID specified is not a valid GUID!") };
129 | if (!validateGUID(deviceGroupGUID) || typeof deviceGroupGUID !== "string") { throw new InternalAppError("The device group is not a valid GUID!") };
130 | if (!validateGUIDArray(userGroupListGUID)) { throw new InternalAppError("The user group list array is not an array of GUID(s)!") };
131 | if (!validateGUID(breakGlassGroupGUID) || typeof breakGlassGroupGUID !== "string") { throw new InternalAppError("The Break Glass Group GUID specified is not a valid GUID!") };
132 |
133 | // Create the base object to return later
134 | let policyUserAssignment: MicrosoftGraphBeta.ConditionalAccessPolicy = {
135 | "conditions": {
136 | "users": {
137 | "includeGroups": [deviceGroupGUID],
138 | "excludeGroups": [breakGlassGroupGUID]
139 | },
140 | "applications": {
141 | "includeApplications": ["All"]
142 | },
143 | "clientAppTypes": ["all"],
144 | "devices": {
145 | "deviceFilter": {
146 | "mode": "exclude",
147 | "rule": "device.deviceId -in [\"" + deviceID + "\"]"
148 | }
149 | }
150 | },
151 | "grantControls": {
152 | "operator": "AND",
153 | "builtInControls": ["block"]
154 | }
155 | }
156 |
157 | // Silence error checker in TS. This check should not be necessary.
158 | if (typeof policyUserAssignment.conditions?.users?.includeGroups === "undefined") { throw new InternalAppError("If you get this error, I don't know how this happened. File a bug report with Node.JS. (CA PAW assignment)") };
159 |
160 | // Add the user group list GUID to the included groups in the policy assignment object
161 | policyUserAssignment.conditions.users.includeGroups.push.apply(policyUserAssignment.conditions.users.includeGroups, userGroupListGUID);
162 |
163 | // Return the computed results
164 | return policyUserAssignment;
165 | };
166 |
167 | // Generate the OMA Setting for MS Hyper-V, and local admin rights assignments. Assigned users are allowed to be Hyper-V admins but not local even if they are global admins.
168 | export function localGroupMembershipUserRights(upnList?: string[]) {
169 | // Validate Input
170 | if (typeof upnList !== "undefined" && !validateEmailArray(upnList)) { throw new InternalAppError("upnList is not a valid list of user principal names!", "Invalid Input", "RequestGenerator - localGroupMembershipUserRights - Input Validation") };
171 |
172 | // Build the initial XML configuration
173 | const settingStart = "";
174 | let settingMiddle = "";
175 | const settingEnd = "";
176 |
177 | // If the UPN List is specified, add the users to the list
178 | if (typeof upnList !== "undefined") {
179 | // Loop through all of the users in the user list
180 | for (const user of upnList) {
181 | // Add a user line to grant that user hyper-v admin rights
182 | settingMiddle += "";
183 | };
184 | };
185 | // If the UPN List is un-specified, don't add any users to the list.
186 | // This will force no users in that group, effectively eliminating control of hyper-v.
187 |
188 | // Build the settings object to return
189 | const settingsBody = {
190 | "@odata.type": "#microsoft.graph.omaSettingString",
191 | "displayName": "Admin Groups Config",
192 | "description": "Configures the Administrators and Hyper-V Admins groups",
193 | "omaUri": "./Device/Vendor/MSFT/Policy/Config/LocalUsersAndGroups/Configure",
194 | "value": settingStart + settingMiddle + settingEnd
195 | };
196 |
197 | // Return the compiled local groups permissions assignment XML string
198 | return settingsBody;
199 | };
200 |
201 | // TODO: Generate device configuration profiles for the MEM device config CRUD operations
202 | // Generate a Windows 10 device restriction post body for MEM
203 | export function win10DevRestriction() { }
--------------------------------------------------------------------------------
/Server/tsconfig.json:
--------------------------------------------------------------------------------
1 | {
2 | "compilerOptions": {
3 | /* Visit https://aka.ms/tsconfig.json to read more about this file */
4 |
5 | /* Projects */
6 | // "incremental": true, /* Enable incremental compilation */
7 | // "composite": true, /* Enable constraints that allow a TypeScript project to be used with project references. */
8 | // "tsBuildInfoFile": "./", /* Specify the folder for .tsbuildinfo incremental compilation files. */
9 | // "disableSourceOfProjectReferenceRedirect": true, /* Disable preferring source files instead of declaration files when referencing composite projects */
10 | // "disableSolutionSearching": true, /* Opt a project out of multi-project reference checking when editing. */
11 | // "disableReferencedProjectLoad": true, /* Reduce the number of projects loaded automatically by TypeScript. */
12 |
13 | /* Language and Environment */
14 | "target": "ES2019", /* Set the JavaScript language version for emitted JavaScript and include compatible library declarations. */
15 | // "lib": [], /* Specify a set of bundled library declaration files that describe the target runtime environment. */
16 | // "jsx": "react", /* Specify what JSX code is generated. */
17 | // "experimentalDecorators": true, /* Enable experimental support for TC39 stage 2 draft decorators. */
18 | // "emitDecoratorMetadata": true, /* Emit design-type metadata for decorated declarations in source files. */
19 | // "jsxFactory": "", /* Specify the JSX factory function used when targeting React JSX emit, e.g. 'React.createElement' or 'h' */
20 | // "jsxFragmentFactory": "", /* Specify the JSX Fragment reference used for fragments when targeting React JSX emit e.g. 'React.Fragment' or 'Fragment'. */
21 | // "jsxImportSource": "", /* Specify module specifier used to import the JSX factory functions when using `jsx: react-jsx*`.` */
22 | // "reactNamespace": "", /* Specify the object invoked for `createElement`. This only applies when targeting `react` JSX emit. */
23 | // "noLib": true, /* Disable including any library files, including the default lib.d.ts. */
24 | // "useDefineForClassFields": true, /* Emit ECMAScript-standard-compliant class fields. */
25 |
26 | /* Modules */
27 | "module": "commonjs", /* Specify what module code is generated. */
28 | // "rootDir": "./", /* Specify the root folder within your source files. */
29 | // "moduleResolution": "node", /* Specify how TypeScript looks up a file from a given module specifier. */
30 | // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */
31 | // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */
32 | // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */
33 | // "typeRoots": [], /* Specify multiple folders that act like `./node_modules/@types`. */
34 | // "types": [], /* Specify type package names to be included without being referenced in a source file. */
35 | // "allowUmdGlobalAccess": true, /* Allow accessing UMD globals from modules. */
36 | "resolveJsonModule": true, /* Enable importing .json files */
37 | // "noResolve": true, /* Disallow `import`s, `require`s or ``s from expanding the number of files TypeScript should add to a project. */
38 |
39 | /* JavaScript Support */
40 | // "allowJs": true, /* Allow JavaScript files to be a part of your program. Use the `checkJS` option to get errors from these files. */
41 | // "checkJs": true, /* Enable error reporting in type-checked JavaScript files. */
42 | // "maxNodeModuleJsDepth": 1, /* Specify the maximum folder depth used for checking JavaScript files from `node_modules`. Only applicable with `allowJs`. */
43 |
44 | /* Emit */
45 | // "declaration": true, /* Generate .d.ts files from TypeScript and JavaScript files in your project. */
46 | // "declarationMap": true, /* Create sourcemaps for d.ts files. */
47 | // "emitDeclarationOnly": true, /* Only output d.ts files and not JavaScript files. */
48 | "sourceMap": true, /* Create source map files for emitted JavaScript files. */
49 | // "outFile": "./", /* Specify a file that bundles all outputs into one JavaScript file. If `declaration` is true, also designates a file that bundles all .d.ts output. */
50 | "outDir": "./bin", /* Specify an output folder for all emitted files. */
51 | "removeComments": true, /* Disable emitting comments. */
52 | // "noEmit": true, /* Disable emitting files from a compilation. */
53 | // "importHelpers": true, /* Allow importing helper functions from tslib once per project, instead of including them per-file. */
54 | // "importsNotUsedAsValues": "remove", /* Specify emit/checking behavior for imports that are only used for types */
55 | // "downlevelIteration": true, /* Emit more compliant, but verbose and less performant JavaScript for iteration. */
56 | // "sourceRoot": "", /* Specify the root path for debuggers to find the reference source code. */
57 | // "mapRoot": "", /* Specify the location where debugger should locate map files instead of generated locations. */
58 | // "inlineSourceMap": true, /* Include sourcemap files inside the emitted JavaScript. */
59 | // "inlineSources": true, /* Include source code in the sourcemaps inside the emitted JavaScript. */
60 | // "emitBOM": true, /* Emit a UTF-8 Byte Order Mark (BOM) in the beginning of output files. */
61 | // "newLine": "crlf", /* Set the newline character for emitting files. */
62 | // "stripInternal": true, /* Disable emitting declarations that have `@internal` in their JSDoc comments. */
63 | // "noEmitHelpers": true, /* Disable generating custom helper functions like `__extends` in compiled output. */
64 | // "noEmitOnError": true, /* Disable emitting files if any type checking errors are reported. */
65 | // "preserveConstEnums": true, /* Disable erasing `const enum` declarations in generated code. */
66 | // "declarationDir": "./", /* Specify the output directory for generated declaration files. */
67 |
68 | /* Interop Constraints */
69 | // "isolatedModules": true, /* Ensure that each file can be safely transpiled without relying on other imports. */
70 | // "allowSyntheticDefaultImports": true, /* Allow 'import x from y' when a module doesn't have a default export. */
71 | "esModuleInterop": true, /* Emit additional JavaScript to ease support for importing CommonJS modules. This enables `allowSyntheticDefaultImports` for type compatibility. */
72 | // "preserveSymlinks": true, /* Disable resolving symlinks to their realpath. This correlates to the same flag in node. */
73 | "forceConsistentCasingInFileNames": true, /* Ensure that casing is correct in imports. */
74 |
75 | /* Type Checking */
76 | "strict": true, /* Enable all strict type-checking options. */
77 | "noImplicitAny": true, /* Enable error reporting for expressions and declarations with an implied `any` type.. */
78 | "strictNullChecks": true, /* When type checking, take into account `null` and `undefined`. */
79 | "strictFunctionTypes": true, /* When assigning functions, check to ensure parameters and the return values are subtype-compatible. */
80 | "strictBindCallApply": true, /* Check that the arguments for `bind`, `call`, and `apply` methods match the original function. */
81 | "strictPropertyInitialization": true, /* Check for class properties that are declared but not set in the constructor. */
82 | "noImplicitThis": true, /* Enable error reporting when `this` is given the type `any`. */
83 | // "useUnknownInCatchVariables": true, /* Type catch clause variables as 'unknown' instead of 'any'. */
84 | "alwaysStrict": true, /* Ensure 'use strict' is always emitted. */
85 | // "noUnusedLocals": true, /* Enable error reporting when a local variables aren't read. */
86 | // "noUnusedParameters": true, /* Raise an error when a function parameter isn't read */
87 | // "exactOptionalPropertyTypes": true, /* Interpret optional property types as written, rather than adding 'undefined'. */
88 | // "noImplicitReturns": true, /* Enable error reporting for codepaths that do not explicitly return in a function. */
89 | // "noFallthroughCasesInSwitch": true, /* Enable error reporting for fallthrough cases in switch statements. */
90 | // "noUncheckedIndexedAccess": true, /* Include 'undefined' in index signature results */
91 | // "noImplicitOverride": true, /* Ensure overriding members in derived classes are marked with an override modifier. */
92 | // "noPropertyAccessFromIndexSignature": true, /* Enforces using indexed accessors for keys declared using an indexed type */
93 | // "allowUnusedLabels": true, /* Disable error reporting for unused labels. */
94 | // "allowUnreachableCode": true, /* Disable error reporting for unreachable code. */
95 |
96 | /* Completeness */
97 | // "skipDefaultLibCheck": true, /* Skip type checking .d.ts files that are included with TypeScript. */
98 | "skipLibCheck": true /* Skip type checking all .d.ts files. */
99 | }
100 | }
101 |
--------------------------------------------------------------------------------
/Server/test/UtilityTest.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import "mocha";
5 | import { expect } from "chai";
6 | import { validateGUID, validateEmail } from "../src/Utility/Validators";
7 |
8 | describe("GUID Validator", () => {
9 | describe("Validation of a Real GUID", () => {
10 | it("Validates the null GUID as a GUID", () => {
11 | // Attempt to validate a nil GUID
12 | const nullGUID = validateGUID("00000000-0000-0000-0000-000000000000");
13 |
14 | // A nil GUID is a real GUID, the GUID validator should return true.
15 | expect(nullGUID).to.equal(true);
16 | });
17 |
18 | it("Validates a GUID as a GUID", () => {
19 | // Attempt to validate a non nil GUID
20 | const normalGUID = validateGUID("123e4567-e89b-12d3-a456-426652340000");
21 |
22 | // A v1 GUID is a valid GUID. The GUID validator should return true.
23 | expect(normalGUID).to.equal(true);
24 | });
25 |
26 | it("Validates an array with a single GUID object as a GUID", () => {
27 | // Attempt to validate an array with a single index that is a proper GUID
28 | const arrayGUID = validateGUID(["123e4567-e89b-12d3-a456-426652340000"]);
29 |
30 | // An array with a single index that is a GUID is a proper GUID. The GUID validator should return true.
31 | expect(arrayGUID).to.equal(true);
32 | });
33 | });
34 |
35 | describe("Validation of non GUID", () => {
36 | it("Validates undefined input as not a GUID", () => {
37 | // An undefined value is not a valid GUID
38 | const undefinedData = validateGUID(undefined);
39 |
40 | // This should return false
41 | expect(undefinedData).to.equal(false);
42 | });
43 |
44 | it("Validates null input as not a GUID", () => {
45 | // The null value is not a valid GUID
46 | const nullData = validateGUID(null);
47 |
48 | // This should return false
49 | expect(nullData).to.equal(false);
50 | });
51 |
52 | it("Validates non GUID string input as not a GUID", () => {
53 | // GUIDs are structured very specifically, this is not the valid structure
54 | const stringData = validateGUID("Hello world!");
55 |
56 | // This should return false
57 | expect(stringData).to.equal(false);
58 | });
59 |
60 | it("Validates integer input as not a GUID", () => {
61 | // An integer can't be a valid GUID as GUIDs have special characters
62 | const integerData = validateGUID(1234234567890);
63 |
64 | // This should return false
65 | expect(integerData).to.equal(false);
66 | });
67 |
68 | });
69 | });
70 |
71 | describe("Email Validator", () => {
72 | describe("Validation of a correct single email address", () => {
73 | it("Validates a normal email address", () => {
74 | // Collect results of validateEmail using a normal email address
75 | const validNormalEmail = validateEmail("something@something.com");
76 |
77 | // A normal email address is a valid email address, the validNormalEmail should be true.
78 | expect(validNormalEmail).to.equal(true);
79 | });
80 |
81 | it("Validates a custom TLD email address", () => {
82 | // Collect results of validateEmail using a custom TLD email address
83 | const customTLDEmail = validateEmail("someone@localhost.localdomain");
84 |
85 | // A custom TLD email address is a valid email address, the customTLDEmail should be true.
86 | expect(customTLDEmail).to.equal(true);
87 | });
88 |
89 | // ***DOESN'T WORK WITH CURRENT REGEX***
90 | // TODO Fix REGEX to work with IP addresses, or remove this test
91 | // it("Validates a IP Address as host email address", () => {
92 | // // Collect results of validateEmail using a IP Address as host email address
93 | // const ipAddressAsHostEmail = validateEmail("someone@127.0.0.1");
94 |
95 | // // A IP Address as host email address is a valid email address, the ipAddressAsHostEmail should be true.
96 | // expect(ipAddressAsHostEmail).to.equal(true);
97 | // });
98 | });
99 | });
100 |
101 |
102 | // //TEMPLATE - VALID EMAIL TYPE
103 | // // it("Validates a email address", () => {
104 | // // // Collect results of validateEmail using a as host email address
105 | // // const = validateEmail("");
106 |
107 | // // // A IP Address as host email address is a valid email address, the should be true.
108 | // // expect(TYPEOFEMAILADDRESSVARIABLE).to.equal(true);
109 | // // });
110 |
111 | // });
112 |
113 | // describe("Validation of non GUID", () => {
114 | // it("Validates undefined input as not a GUID", () => {
115 | // // An undefined value is not a valid GUID
116 | // const undefinedData = validateEmail(undefined);
117 |
118 | // // This should return false
119 | // expect(undefinedData).to.equal(false);
120 | // });
121 |
122 | // it("Validates null input as not a GUID", () => {
123 | // // The null value is not a valid GUID
124 | // const nullData = validateEmail(null);
125 |
126 | // // This should return false
127 | // expect(nullData).to.equal(false);
128 | // });
129 |
130 | // it("Validates non GUID string input as not a GUID", () => {
131 | // // GUIDs are structured very specifically, this is not the valid structure
132 | // const stringData = validateEmail("Hello world!");
133 |
134 | // // This should return false
135 | // expect(stringData).to.equal(false);
136 | // });
137 |
138 | // it("Validates integer input as not a GUID", () => {
139 | // // An integer can't be a valid GUID as GUIDs have special characters
140 | // const integerData = validateEmail(1234234567890);
141 |
142 | // // This should return false
143 | // expect(integerData).to.equal(false);
144 | // });
145 |
146 | // it("Validates an array with a single GUID object as a GUID", () => {
147 | // // Give the validator multiple GUIDs to validate in a single sitting
148 | // const arrayGUID = validateEmail(["123e4567-e89b-12d3-a456-426652340000", "00000000-0000-0000-0000-000000000000"]);
149 |
150 | // // This should return false as the GUID validator was designed to only work with one GUID at a time
151 | // expect(arrayGUID).to.equal(false);
152 | // });
153 | // });
154 | // });
155 |
156 |
157 | // Will not accept - *, / , {}, \, ", [], `, +, =, comma, <>, (), emoji
158 | // Will Accept - #, !, ^, ', ., ~, -, _, A-Z, a-z, 0-9,
159 |
160 |
161 | // Email address examples to be tested in the unit test
162 |
163 | // debug("Valid single addresses when 'multiple' attribute is not set.");
164 | // emailCheck("a@b.b", "a@b.b", expectValid); Single letter TLD
165 | // emailCheck("a/b@domain.com", "a/b@domain.com", expectValid); Forward-slash in Username field
166 | // emailCheck("{}@domain.com", "{}@domain.com", expectValid); Brackets as valid user name
167 | // emailCheck("m*'!%@something.sa", "m*'!%@something.sa", expectValid);
168 | // emailCheck("tu!!7n7.ad##0!!!@company.ca", "tu!!7n7.ad##0!!!@company.ca", expectValid);
169 | // emailCheck("%@com.com", "%@com.com", expectValid);
170 | // emailCheck("!#$%&'*+/=?^_`{|}~.-@com.com", "!#$%&'*+/=?^_`{|}~.-@com.com", expectValid);
171 | // emailCheck(".wooly@example.com", ".wooly@example.com", expectValid);
172 | // emailCheck("wo..oly@example.com", "wo..oly@example.com", expectValid);
173 | // emailCheck("someone@do-ma-in.com", "someone@do-ma-in.com", expectValid);
174 | // emailCheck("somebody@example", "somebody@example", expectValid);
175 | // emailCheck("\u000Aa@p.com\u000A", "a@p.com", expectValid); - emoji
176 | // emailCheck("\u000Da@p.com\u000D", "a@p.com", expectValid);
177 | // emailCheck("a\u000A@p.com", "a@p.com", expectValid);
178 | // emailCheck("a\u000D@p.com", "a@p.com", expectValid);
179 | // emailCheck("", "", expectValid);
180 | // emailCheck(" ", "", expectValid);
181 | // emailCheck(" a@p.com", "a@p.com", expectValid);
182 | // emailCheck("a@p.com ", "a@p.com", expectValid);
183 | // emailCheck(" a@p.com ", "a@p.com", expectValid);
184 | // emailCheck("\u0020a@p.com\u0020", "a@p.com", expectValid);
185 | // emailCheck("\u0009a@p.com\u0009", "a@p.com", expectValid);
186 | // emailCheck("\u000Ca@p.com\u000C", "a@p.com", expectValid);
187 |
188 | // debug("Invalid single addresses when 'multiple' attribute is not set.");
189 | // emailCheck("invalid:email@example.com", "invalid:email@example.com", expectInvalid);
190 | // emailCheck("@somewhere.com", "@somewhere.com", expectInvalid);
191 | // emailCheck("example.com", "example.com", expectInvalid);
192 | // emailCheck("@@example.com", "@@example.com", expectInvalid);
193 | // emailCheck("a space@example.com", "a space@example.com", expectInvalid);
194 | // emailCheck("something@ex..ample.com", "something@ex..ample.com", expectInvalid);
195 | // emailCheck("a\b@c", "a\b@c", expectInvalid);
196 | // emailCheck("someone@somewhere.com.", "someone@somewhere.com.", expectInvalid);
197 | // emailCheck("\"\"test\blah\"\"@example.com", "\"\"test\blah\"\"@example.com", expectInvalid);
198 | // emailCheck("\"testblah\"@example.com", "\"testblah\"@example.com", expectInvalid);
199 | // emailCheck("someone@somewhere.com@", "someone@somewhere.com@", expectInvalid);
200 | // emailCheck("someone@somewhere_com", "someone@somewhere_com", expectInvalid);
201 | // emailCheck("someone@some:where.com", "someone@some:where.com", expectInvalid);
202 | // emailCheck(".", ".", expectInvalid);
203 | // emailCheck("F/s/f/a@feo+re.com", "F/s/f/a@feo+re.com", expectInvalid);
204 | // emailCheck("some+long+email+address@some+host-weird-/looking.com", "some+long+email+address@some+host-weird-/looking.com", expectInvalid);
205 | // emailCheck("a @p.com", "a @p.com", expectInvalid);
206 | // emailCheck("a\u0020@p.com", "a\u0020@p.com", expectInvalid);
207 | // emailCheck("a\u0009@p.com", "a\u0009@p.com", expectInvalid);
208 | // emailCheck("a\u000B@p.com", "a\u000B@p.com", expectInvalid);
209 | // emailCheck("a\u000C@p.com", "a\u000C@p.com", expectInvalid);
210 | // emailCheck("a\u2003@p.com", "a\u2003@p.com", expectInvalid);
211 | // emailCheck("a\u3000@p.com", "a\u3000@p.com", expectInvalid);
212 | // emailCheck("ddjk-s-jk@asl-.com", "ddjk-s-jk@asl-.com", expectInvalid);
213 | // emailCheck("someone@do-.com", "someone@do-.com", expectInvalid);
214 | // emailCheck("somebody@-p.com", "somebody@-p.com", expectInvalid);
215 | // emailCheck("somebody@-.com", "somebody@-.com", expectInvalid);
--------------------------------------------------------------------------------
/User-Interface/src/models/mocks/autopilotDeviceMock.ts:
--------------------------------------------------------------------------------
1 | // Copyright (c) Microsoft Corporation.
2 | // Licensed under the MIT license.
3 |
4 | import type { IPsmAutopilotDevice } from ".."
5 |
6 | export const autopilotDeviceList: IPsmAutopilotDevice[] = [
7 | {
8 | "serialNumber": "dumvxj",
9 | "azureActiveDirectoryDeviceId": "0776442e-6846-4ea1-9c20-089244ea43de",
10 | "azureAdDeviceId": "0776442e-6846-4ea1-9c20-089244ea43de"
11 | },
12 | {
13 | "serialNumber": "skbtngeu",
14 | "azureActiveDirectoryDeviceId": "ea6f7e9b-91ee-4910-9e5f-217430d9b759",
15 | "displayName": "Desktop-cmlroks",
16 | "azureAdDeviceId": "ea6f7e9b-91ee-4910-9e5f-217430d9b759"
17 | },
18 | {
19 | "serialNumber": "ajeyikdn",
20 | "azureActiveDirectoryDeviceId": "ed8d9ea1-d517-457b-9587-d2ab3262ad36",
21 | "azureAdDeviceId": "ed8d9ea1-d517-457b-9587-d2ab3262ad36"
22 | },
23 | {
24 | "serialNumber": "vwpzjhy",
25 | "azureActiveDirectoryDeviceId": "914c5734-ab85-4352-a874-b29f03bab63d",
26 | "displayName": "Desktop-vpsldib",
27 | "azureAdDeviceId": "914c5734-ab85-4352-a874-b29f03bab63d"
28 | },
29 | {
30 | "serialNumber": "yhvwux",
31 | "azureActiveDirectoryDeviceId": "150caf82-9db0-41ce-bfbf-3b2c443123fd",
32 | "azureAdDeviceId": "150caf82-9db0-41ce-bfbf-3b2c443123fd"
33 | },
34 | {
35 | "serialNumber": "indry",
36 | "azureActiveDirectoryDeviceId": "ac1e099a-50fb-4529-a904-837feba837ba",
37 | "displayName": "Desktop-ynifogu",
38 | "azureAdDeviceId": "ac1e099a-50fb-4529-a904-837feba837ba"
39 | },
40 | {
41 | "serialNumber": "mklpsbtd",
42 | "azureActiveDirectoryDeviceId": "31a05039-51ec-48c8-90b6-2e73c5151dce",
43 | "displayName": "Desktop-bghdrup",
44 | "azureAdDeviceId": "31a05039-51ec-48c8-90b6-2e73c5151dce"
45 | },
46 | {
47 | "serialNumber": "rlyuzfkd",
48 | "azureActiveDirectoryDeviceId": "142ef523-b6ba-4a23-9642-e233afe137e4",
49 | "displayName": "Desktop-zosqluf",
50 | "azureAdDeviceId": "142ef523-b6ba-4a23-9642-e233afe137e4"
51 | },
52 | {
53 | "serialNumber": "iksqunwtcr",
54 | "azureActiveDirectoryDeviceId": "4c4232da-7758-4061-846d-2b793f4e4a6f",
55 | "azureAdDeviceId": "4c4232da-7758-4061-846d-2b793f4e4a6f"
56 | },
57 | {
58 | "serialNumber": "baxqen",
59 | "azureActiveDirectoryDeviceId": "6b839edc-43c6-46c6-9d5d-d418a9a40023",
60 | "azureAdDeviceId": "6b839edc-43c6-46c6-9d5d-d418a9a40023"
61 | },
62 | {
63 | "serialNumber": "naumpdw",
64 | "azureActiveDirectoryDeviceId": "e71e4dbd-915c-4e7d-a871-1ce819ba90c8",
65 | "displayName": "Desktop-xvohuji",
66 | "azureAdDeviceId": "e71e4dbd-915c-4e7d-a871-1ce819ba90c8"
67 | },
68 | {
69 | "serialNumber": "jkcmf",
70 | "azureActiveDirectoryDeviceId": "c236af0d-e95c-4d17-a443-9b951233c058",
71 | "displayName": "Desktop-muqvsgk",
72 | "azureAdDeviceId": "c236af0d-e95c-4d17-a443-9b951233c058"
73 | },
74 | {
75 | "serialNumber": "xgjwov",
76 | "azureActiveDirectoryDeviceId": "960259c5-7fc7-43ec-85cf-155c1fe131c3",
77 | "displayName": "Desktop-tqkfyve",
78 | "azureAdDeviceId": "960259c5-7fc7-43ec-85cf-155c1fe131c3"
79 | },
80 | {
81 | "serialNumber": "ujqlygdw",
82 | "azureActiveDirectoryDeviceId": "f0c6db2c-65fa-49f4-b7c6-5be32a1c238c",
83 | "displayName": "Desktop-cblwspo",
84 | "azureAdDeviceId": "f0c6db2c-65fa-49f4-b7c6-5be32a1c238c"
85 | },
86 | {
87 | "serialNumber": "kigudyt",
88 | "azureActiveDirectoryDeviceId": "3ae30854-be27-40ff-acf7-8e04672a198c",
89 | "azureAdDeviceId": "3ae30854-be27-40ff-acf7-8e04672a198c"
90 | },
91 | {
92 | "serialNumber": "pfdklnm",
93 | "azureActiveDirectoryDeviceId": "87ef2f84-cd6b-4ad2-b57f-dc67cbcfb3c8",
94 | "displayName": "Desktop-nerdvwf",
95 | "azureAdDeviceId": "87ef2f84-cd6b-4ad2-b57f-dc67cbcfb3c8"
96 | },
97 | {
98 | "serialNumber": "kgbxtlsnqj",
99 | "azureActiveDirectoryDeviceId": "03f52ecc-6ee5-4a08-a1ab-f4dcb0e323db",
100 | "displayName": "Desktop-rkyjpot",
101 | "azureAdDeviceId": "03f52ecc-6ee5-4a08-a1ab-f4dcb0e323db"
102 | },
103 | {
104 | "serialNumber": "qckpbdx",
105 | "azureActiveDirectoryDeviceId": "424f5c0d-8afd-4da0-9b8b-bc30c3332dbb",
106 | "displayName": "Desktop-zdpexsa",
107 | "azureAdDeviceId": "424f5c0d-8afd-4da0-9b8b-bc30c3332dbb"
108 | },
109 | {
110 | "serialNumber": "qyujkpem",
111 | "azureActiveDirectoryDeviceId": "a8118077-dcdc-4975-a694-82e10c4213f8",
112 | "displayName": "Desktop-cmkhyzn",
113 | "azureAdDeviceId": "a8118077-dcdc-4975-a694-82e10c4213f8"
114 | },
115 | {
116 | "serialNumber": "tiwmjn",
117 | "azureActiveDirectoryDeviceId": "d34bf26f-c905-4755-9a27-242155993857",
118 | "azureAdDeviceId": "d34bf26f-c905-4755-9a27-242155993857"
119 | },
120 | {
121 | "serialNumber": "ojwecqgy",
122 | "azureActiveDirectoryDeviceId": "5ad2a73f-f9c5-444d-9191-a4be28040383",
123 | "displayName": "Desktop-zofnhgw",
124 | "azureAdDeviceId": "5ad2a73f-f9c5-444d-9191-a4be28040383"
125 | },
126 | {
127 | "serialNumber": "tepqhjafv",
128 | "azureActiveDirectoryDeviceId": "8b49acdf-2ff4-4f52-a885-fefadac308c1",
129 | "azureAdDeviceId": "8b49acdf-2ff4-4f52-a885-fefadac308c1"
130 | },
131 | {
132 | "serialNumber": "vikho",
133 | "azureActiveDirectoryDeviceId": "a567c4fb-0fdb-4e64-bd94-2c84971512a9",
134 | "displayName": "Desktop-dbgipmh",
135 | "azureAdDeviceId": "a567c4fb-0fdb-4e64-bd94-2c84971512a9"
136 | },
137 | {
138 | "serialNumber": "yzcrsx",
139 | "azureActiveDirectoryDeviceId": "d6159b50-f3ed-4def-a4c2-1dba07e3930e",
140 | "azureAdDeviceId": "d6159b50-f3ed-4def-a4c2-1dba07e3930e"
141 | },
142 | {
143 | "serialNumber": "dnfkzo",
144 | "azureActiveDirectoryDeviceId": "d0891700-9197-401f-a333-5378436c6b99",
145 | "azureAdDeviceId": "d0891700-9197-401f-a333-5378436c6b99"
146 | },
147 | {
148 | "serialNumber": "pemwfhu",
149 | "azureActiveDirectoryDeviceId": "09aa5e98-e859-467d-8601-dd8465828553",
150 | "azureAdDeviceId": "09aa5e98-e859-467d-8601-dd8465828553"
151 | },
152 | {
153 | "serialNumber": "dazcisuyo",
154 | "azureActiveDirectoryDeviceId": "85da8e18-9ed9-4715-9252-3af036184ac0",
155 | "displayName": "Desktop-awpueqm",
156 | "azureAdDeviceId": "85da8e18-9ed9-4715-9252-3af036184ac0"
157 | },
158 | {
159 | "serialNumber": "fnimbol",
160 | "azureActiveDirectoryDeviceId": "68c972e1-a33e-43e4-9dda-9ea2e8f8715d",
161 | "displayName": "Desktop-iwutaph",
162 | "azureAdDeviceId": "68c972e1-a33e-43e4-9dda-9ea2e8f8715d"
163 | },
164 | {
165 | "serialNumber": "fibgmu",
166 | "azureActiveDirectoryDeviceId": "b5a9c121-7e19-4dbd-a447-d24d5462f644",
167 | "azureAdDeviceId": "b5a9c121-7e19-4dbd-a447-d24d5462f644"
168 | },
169 | {
170 | "serialNumber": "ukxcdzmahn",
171 | "azureActiveDirectoryDeviceId": "316af25c-e72e-47f4-9a40-40cb249de5b2",
172 | "azureAdDeviceId": "316af25c-e72e-47f4-9a40-40cb249de5b2"
173 | },
174 | {
175 | "serialNumber": "oupmaxlrtj",
176 | "azureActiveDirectoryDeviceId": "6fddb047-7be8-4470-9700-9e04d986ec77",
177 | "azureAdDeviceId": "6fddb047-7be8-4470-9700-9e04d986ec77"
178 | },
179 | {
180 | "serialNumber": "okpiyl",
181 | "azureActiveDirectoryDeviceId": "e13f73cd-588a-47a9-bf0a-de6c50c20032",
182 | "azureAdDeviceId": "e13f73cd-588a-47a9-bf0a-de6c50c20032"
183 | },
184 | {
185 | "serialNumber": "wkgjinb",
186 | "azureActiveDirectoryDeviceId": "17f94781-6585-4fa2-88b6-f309f34e8190",
187 | "azureAdDeviceId": "17f94781-6585-4fa2-88b6-f309f34e8190"
188 | },
189 | {
190 | "serialNumber": "grjfvoxmas",
191 | "azureActiveDirectoryDeviceId": "d36bc77b-830c-4591-a5ab-0e2409dbcb5a",
192 | "azureAdDeviceId": "d36bc77b-830c-4591-a5ab-0e2409dbcb5a"
193 | },
194 | {
195 | "serialNumber": "yrden",
196 | "azureActiveDirectoryDeviceId": "d8d50bd8-d458-4b69-af51-eb3309a40785",
197 | "azureAdDeviceId": "d8d50bd8-d458-4b69-af51-eb3309a40785"
198 | },
199 | {
200 | "serialNumber": "jumiz",
201 | "azureActiveDirectoryDeviceId": "19613951-fab8-413d-a3d6-6d74eb3e38b0",
202 | "displayName": "Desktop-ltfzxpd",
203 | "azureAdDeviceId": "19613951-fab8-413d-a3d6-6d74eb3e38b0"
204 | },
205 | {
206 | "serialNumber": "xbmkwt",
207 | "azureActiveDirectoryDeviceId": "480e5028-02b2-40fa-b5dd-d7b62505d633",
208 | "displayName": "Desktop-npxbtuo",
209 | "azureAdDeviceId": "480e5028-02b2-40fa-b5dd-d7b62505d633"
210 | },
211 | {
212 | "serialNumber": "ldncsz",
213 | "azureActiveDirectoryDeviceId": "38e12681-25e7-49eb-a549-86a5a5651671",
214 | "displayName": "Desktop-gcufnjd",
215 | "azureAdDeviceId": "38e12681-25e7-49eb-a549-86a5a5651671"
216 | },
217 | {
218 | "serialNumber": "qgmdk",
219 | "azureActiveDirectoryDeviceId": "85baf69b-0faf-47b5-a8c3-2ab9ad2daeb8",
220 | "azureAdDeviceId": "85baf69b-0faf-47b5-a8c3-2ab9ad2daeb8"
221 | },
222 | {
223 | "serialNumber": "ywebl",
224 | "azureActiveDirectoryDeviceId": "d24c1675-aa36-4444-8287-97c3fddc1841",
225 | "azureAdDeviceId": "d24c1675-aa36-4444-8287-97c3fddc1841"
226 | },
227 | {
228 | "serialNumber": "gwobh",
229 | "azureActiveDirectoryDeviceId": "42c2934c-d7bb-43b4-8ff4-e8faaaf847ff",
230 | "azureAdDeviceId": "42c2934c-d7bb-43b4-8ff4-e8faaaf847ff"
231 | },
232 | {
233 | "serialNumber": "rehzaug",
234 | "azureActiveDirectoryDeviceId": "c9a2b364-0efc-4b75-ab61-671c6f2801e4",
235 | "azureAdDeviceId": "c9a2b364-0efc-4b75-ab61-671c6f2801e4"
236 | },
237 | {
238 | "serialNumber": "hzbnp",
239 | "azureActiveDirectoryDeviceId": "411d7369-7fd1-43cb-a08b-c18e50c0de29",
240 | "displayName": "Desktop-fjtvohi",
241 | "azureAdDeviceId": "411d7369-7fd1-43cb-a08b-c18e50c0de29"
242 | },
243 | {
244 | "serialNumber": "mibvkxe",
245 | "azureActiveDirectoryDeviceId": "e2b386ff-b44a-421d-abd0-5bd4f8300936",
246 | "displayName": "Desktop-koacfyd",
247 | "azureAdDeviceId": "e2b386ff-b44a-421d-abd0-5bd4f8300936"
248 | },
249 | {
250 | "serialNumber": "lcutbonyaf",
251 | "azureActiveDirectoryDeviceId": "fea8b717-2d9d-4e4d-9b14-5d43473fa2a5",
252 | "displayName": "Desktop-lwbyjgp",
253 | "azureAdDeviceId": "fea8b717-2d9d-4e4d-9b14-5d43473fa2a5"
254 | },
255 | {
256 | "serialNumber": "rjpxqnuf",
257 | "azureActiveDirectoryDeviceId": "feae6b79-843b-4d59-9d4b-a1eb00938b8b",
258 | "azureAdDeviceId": "feae6b79-843b-4d59-9d4b-a1eb00938b8b"
259 | },
260 | {
261 | "serialNumber": "qsfpev",
262 | "azureActiveDirectoryDeviceId": "c8bdde3b-6996-47f2-a8b4-e3e6132cb4f1",
263 | "azureAdDeviceId": "c8bdde3b-6996-47f2-a8b4-e3e6132cb4f1"
264 | },
265 | {
266 | "serialNumber": "izepnflvm",
267 | "azureActiveDirectoryDeviceId": "eebd70f6-25e8-4aec-a1be-4116e02044f4",
268 | "azureAdDeviceId": "eebd70f6-25e8-4aec-a1be-4116e02044f4"
269 | },
270 | {
271 | "serialNumber": "fbwsox",
272 | "azureActiveDirectoryDeviceId": "6e7f17b0-dc88-4b4c-9b70-cb17d34460b6",
273 | "displayName": "Desktop-ipndkyq",
274 | "azureAdDeviceId": "6e7f17b0-dc88-4b4c-9b70-cb17d34460b6"
275 | },
276 | {
277 | "serialNumber": "vzuhymqf",
278 | "azureActiveDirectoryDeviceId": "ca088fb9-4ca6-4908-a288-0112b342e446",
279 | "displayName": "Desktop-aynzkbd",
280 | "azureAdDeviceId": "ca088fb9-4ca6-4908-a288-0112b342e446"
281 | }
282 | ]
--------------------------------------------------------------------------------