Fixes

Correct issue with auth signature - fixes #16 Add PushInfo parameter to Send-DuoAuth PSScriptAnalyzer fixes
JohnDuprey · Mar 9, 2023 · 081f993 · 081f993
1 parent 1db7a57
commit 081f993
Show file tree

Hide file tree

Showing 114 changed files with 992 additions and 1,049 deletions.
diff --git a/DuoSecurity/DuoSecurity.psd1 b/DuoSecurity/DuoSecurity.psd1
@@ -9,31 +9,31 @@
 @{
 
     # Script module or binary module file associated with this manifest.
-    RootModule           = 'DuoSecurity.psm1'
+    RootModule        = 'DuoSecurity.psm1'
 
     # Version number of this module.
-    ModuleVersion        = '1.1.0.2'
+    ModuleVersion     = '1.1.0.2'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
 
     # ID used to uniquely identify this module
-    GUID                 = '6fb1dd3c-fb6d-4a45-8d9b-7648047d440c'
+    GUID              = '6fb1dd3c-fb6d-4a45-8d9b-7648047d440c'
 
     # Author of this module
-    Author               = 'John Duprey'
+    Author            = 'John Duprey'
 
     # Company or vendor of this module
-    CompanyName          = ''
+    CompanyName       = ''
 
     # Copyright statement for this module
-    Copyright            = '2022 John Duprey'
+    Copyright         = '2022 John Duprey'
 
     # Description of the functionality provided by this module
-    Description          = 'Duo Security REST module'
+    Description       = 'Duo Security REST module'
 
     # Minimum version of the PowerShell engine required by this module
-    PowerShellVersion    = '7.0'
+    PowerShellVersion = '7.0'
 
     # Name of the PowerShell host required by this module
     # PowerShellHostName = ''
@@ -57,7 +57,7 @@
     # RequiredAssemblies = @()
 
     # Script files (.ps1) that are run in the caller's environment prior to importing this module.
-    ScriptsToProcess     = @()
+    ScriptsToProcess  = @()
 
     # Type files (.ps1xml) to be loaded when importing this module
     # TypesToProcess = @()
@@ -69,7 +69,7 @@
     # NestedModules = @()
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport    = '*'
+    FunctionsToExport = '*'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     #CmdletsToExport = '*'
@@ -90,7 +90,7 @@
     # FileList = @()
 
     # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-    PrivateData          = @{
+    PrivateData       = @{
 
         PSData = @{
 

diff --git a/DuoSecurity/DuoSecurity.psm1 b/DuoSecurity/DuoSecurity.psm1
@@ -6,8 +6,7 @@ $Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction Silen
 foreach ($import in @($Public + $Private)) {
     Try {
         . $import.fullName
-    }
-    Catch {
+    } Catch {
         Write-Error -Message "Failed to import function $($import.fullName): $_"
     }
 }

diff --git a/DuoSecurity/Private/REST Handler/Invoke-DuoPaginatedRequest.ps1 b/DuoSecurity/Private/REST Handler/Invoke-DuoPaginatedRequest.ps1
@@ -2,25 +2,25 @@ function Invoke-DuoPaginatedRequest {
     <#
     .SYNOPSIS
     Paginated requests to Duo API
-    
+
     .DESCRIPTION
     Wraps Invoke-DuoRequest setting offset to next_offset
-    
+
     .PARAMETER DuoRequest
     Request to paginate
-    
+
     #>
     [CmdletBinding()]
     Param(
         $DuoRequest
     )
 
-    do { 
+    do {
         $Request = Invoke-DuoRequest @DuoRequest
         $Request.response
         if ($Request.metadata.next_offset) {
             $DuoRequest.Params.offset = $Request.metadata.next_offset
-        } 
+        }
     } while ($Request.metadata.next_offset -and $Request.stat -eq 'OK')
 
     if ($Request.stat -ne 'OK') {

diff --git a/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1 b/DuoSecurity/Private/REST Handler/Invoke-DuoRequest.ps1
@@ -2,16 +2,16 @@ function Invoke-DuoRequest {
     <#
     .SYNOPSIS
     Main Duo API function
-    
+
     .DESCRIPTION
     Calls Duo API with signed token for request
-    
+
     .PARAMETER Method
     GET,POST,DELETE
-    
+
     .PARAMETER Path
     Path to API endpoint
-    
+
     .PARAMETER Params
     Hashtable of parameters
 
@@ -20,7 +20,7 @@ function Invoke-DuoRequest {
 
     .PARAMETER FilePath
     Path to save output file to
-    
+
     .EXAMPLE
     Invoke-DuoRequest -Path '/admin/v1/users' -Method GET
     #>
@@ -48,7 +48,7 @@ function Invoke-DuoRequest {
         $ApiHost = $script:DuoApiHost
         $IntegrationKey = $script:DuoIntegrationKey
         $SecretKey = $script:DuoSecretKey
-        
+
         if ($script:DuoAccountId) {
             $AccountId = $script:DuoAccountId
         }
@@ -78,36 +78,38 @@ function Invoke-DuoRequest {
 
     # RFC 2822 date format in UTC
     $XDuoDate = (Get-Date).ToUniversalTime().ToString('ddd, dd MMM yyyy HH:mm:ss -0000')
-    
+
     # Assemble parameters
     $ParamCollection = [System.Web.HttpUtility]::ParseQueryString([String]::Empty)
 
     if ($AccountId) {
         Write-Verbose "account_id = $AccountId"
         $ParamCollection.Add('account_id', $AccountId)
     }
-    
+
     # Sort parameters
     foreach ($Item in ($Params.GetEnumerator() | Sort-Object -CaseSensitive -Property Key)) {
         $ParamCollection.Add($Item.Key, $Item.Value)
     }
 
     # Query string
     $Request = $ParamCollection.ToString() -replace '%7E', '~' -replace '\+', '%20'
+    $Request = [regex]::Replace($Request, '(%[0-9A-Fa-f][0-9A-Fa-f])', { $args[0].Value.ToUpperInvariant() })
+    $Request = [regex]::Replace($Request, "([!'()*])", { '%' + [System.Convert]::ToByte($args[0].Value[0]).ToString('X') })
 
     # Build Duo signature body linefeed separated
-    $SigantureParts = @(
+    $SignatureParts = @(
         $XDuoDate
         $Method.ToUpper()
         $ApiHost.ToLower()
         $Path
         $Request
     )
-    $SignatureBody = $SigantureParts -join "`n"
+    $SignatureBody = $SignatureParts -join "`n"
 
     # Encode signature with secretbytes
-    [byte[]]$KeyBytes = [System.Text.Encoding]::UTF8.GetBytes($SecretKey)
-    [byte[]]$DataBytes = [System.Text.Encoding]::UTF8.GetBytes($SignatureBody)
+    [byte[]]$KeyBytes = [System.Text.Encoding]::UTF8.GetBytes($SecretKey.ToCharArray())
+    [byte[]]$DataBytes = [System.Text.Encoding]::UTF8.GetBytes($SignatureBody.ToCharArray())
 
     # Generate an HMAC SHA1 hash
     $HmacSha1 = New-Object System.Security.Cryptography.HMACSHA1
@@ -140,7 +142,7 @@ function Invoke-DuoRequest {
     if ($Method -ne 'POST') {
         $UriBuilder.Query = $Request
     }
-    
+
     Write-Verbose ( '{0} [{1}]' -f $Method, $UriBuilder.Uri )
 
     $RestMethod = @{

diff --git a/DuoSecurity/Public/Accounts API/Get-DuoAccountEdition.ps1 b/DuoSecurity/Public/Accounts API/Get-DuoAccountEdition.ps1
@@ -2,13 +2,13 @@ function Get-DuoAccountEdition {
     <#
     .SYNOPSIS
     Get Edition
-    
+
     .DESCRIPTION
     Returns the edition for a child account.
 
     .PARAMETER AccountId
     The child customer account ID as returned by Retrieve Accounts. This is a 20 character string, for example DA9VZOC5X63I2W72NRP9.
-    
+
     .EXAMPLE
     Get-DuoAccounts | Select-Object name,account_id, @{n='edition'; e={($_ | Get-DuoAccountEdition).edition}}
 
@@ -20,7 +20,7 @@ function Get-DuoAccountEdition {
 
     .LINK
     https://duo.com/docs/accountsapi#get-edition
-    
+
     #>
     [CmdletBinding(SupportsShouldProcess)]
     Param(
@@ -31,7 +31,7 @@ function Get-DuoAccountEdition {
 
     process {
         Select-DuoAccount -AccountId $AccountId -Quiet
-        
+
         $DuoRequest = @{
             Method = 'GET'
             Path   = '/admin/v1/billing/edition'
@@ -41,8 +41,7 @@ function Get-DuoAccountEdition {
             $Response = Invoke-DuoRequest @DuoRequest
             if ($Response.stat -eq 'OK') {
                 $Response.response
-            }
-            else { 
+            } else {
                 $Response
             }
         }

diff --git a/DuoSecurity/Public/Accounts API/Get-DuoAccountTelephonyCredits.ps1 b/DuoSecurity/Public/Accounts API/Get-DuoAccountTelephonyCredits.ps1
@@ -2,13 +2,13 @@ function Get-DuoAccountTelephonyCredits {
     <#
     .SYNOPSIS
     Get Telephony Credits
-    
+
     .DESCRIPTION
     Returns the available telephony credits for a child account.
 
     .PARAMETER AccountId
     The child customer account ID as returned by Retrieve Accounts. This is a 20 character string, for example DA9VZOC5X63I2W72NRP9.
-    
+
     .EXAMPLE
     Get-DuoAccounts | Select-Object name,account_id, @{n='credits'; e={($_ | Get-DuoAccountTelephonyCredits).credits}}
 
@@ -20,7 +20,7 @@ function Get-DuoAccountTelephonyCredits {
 
     .LINK
     https://duo.com/docs/accountsapi#get-telephony-credits
-    
+
     #>
     [CmdletBinding()]
     Param(
@@ -31,7 +31,7 @@ function Get-DuoAccountTelephonyCredits {
 
     process {
         Select-DuoAccount -AccountId $AccountId -Quiet
-        
+
         $DuoRequest = @{
             Method = 'GET'
             Path   = '/admin/v1/billing/telephony_credits'
@@ -40,8 +40,7 @@ function Get-DuoAccountTelephonyCredits {
         $Response = Invoke-DuoRequest @DuoRequest
         if ($Response.stat -eq 'OK') {
             $Response.response
-        }
-        else { 
+        } else {
             $Response
         }
     }

diff --git a/DuoSecurity/Public/Accounts API/Get-DuoAccounts.ps1 b/DuoSecurity/Public/Accounts API/Get-DuoAccounts.ps1
@@ -2,10 +2,10 @@ function Get-DuoAccounts {
     <#
     .SYNOPSIS
     Retrieve Accounts
-    
+
     .DESCRIPTION
     Returns a list of child accounts.
-    
+
     .EXAMPLE
     Get-DuoAccounts
 
@@ -17,7 +17,7 @@ function Get-DuoAccounts {
 
     .LINK
     https://duo.com/docs/accountsapi#retrieve-accounts
-    
+
     #>
     [CmdletBinding()]
     Param(
@@ -40,8 +40,7 @@ function Get-DuoAccounts {
         }
         $script:DuoAccountsList = $Accounts
         $Accounts
-    }
-    else { 
+    } else {
         $Response
     }
 }
diff --git a/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1 b/DuoSecurity/Public/Accounts API/New-DuoAccount.ps1
@@ -2,19 +2,19 @@ function New-DuoAccount {
     <#
     .SYNOPSIS
     Create Account
-    
+
     .DESCRIPTION
     Create a new child account.
-    
+
     .PARAMETER Name
     Name for the new customer.
-    
+
     .EXAMPLE
     New-DuoAccount -Name 'Some Company'
 
     .INPUTS
     None
-    
+
     .OUTPUTS
     PSCustomObject. Returns a Duo Response object.
 

diff --git a/DuoSecurity/Public/Accounts API/Remove-DuoAccount.ps1 b/DuoSecurity/Public/Accounts API/Remove-DuoAccount.ps1
@@ -2,13 +2,13 @@ function Remove-DuoAccount {
     <#
     .SYNOPSIS
     Delete Account
-    
+
     .DESCRIPTION
     Delete the account with ID account_id from the system.
-    
+
     .PARAMETER AccountId
     ID of the customer account to delete as returned by Retrieve Accounts. This is a 20 character string, for example DA9VZOC5X63I2W72NRP9.
-    
+
     .EXAMPLE
     Remove-DuoAccount -AccountId SOMEACCOUNTID
 
@@ -35,7 +35,7 @@ function Remove-DuoAccount {
             account_id = $AccountId
         }
     }
-    
+
     if ($PSCmdlet.ShouldProcess($AccountId)) {
         Invoke-DuoRequest @DuoRequest
     }