Merge pull request #10 from bitsofinfo/nf/key-based-auth

Added two init/destroy methods to use key based Exchange authentication

Author: bitsofinfo

README.md

@@ -26,6 +26,20 @@ This provides the PSCommandService class which is a wrapper around [StatefulProc
 
 This script simply exports a few useful pre-defined parameter sets (that one would pass to the constructor of StatefulProcessComamndProxy) for the initialization, destruction and auto-invalidation of "powershell" processes who connect to o365 and establish a remote PSSession that will be long lived. (and validate that the session is still legit)
 
+#### Exchange authentication
+
+`o365Utils.js` init command `getO365PSInitCommands` is using a deprecated authentication [method](https://techcommunity.microsoft.com/t5/exchange-team-blog/modern-auth-and-unattended-scripts-in-exchange-online-powershell/ba-p/1497387)
+
+Mictosoft has added [Exchange Online PowerShell V2](https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-the-exchange-online/ba-p/1436623) that supports cerificate based authentication.
+
+Full setup is descibed [here](https://adamtheautomator.com/exchange-online-powershell-mfa/)
+
+Three sets of init commands are availiable as of version `1.1.0`:
+
+* `getO365PSInitCommands` - backward compatible old basic authentication
+* `getO365PSKeyInitCommands` - new Exchange authentication with private key and password
+* `getO365PSThumbprintInitCommands` - new Exchange authentication with the thumb print for the certificate
+
 ### <a name="usage"></a>Usage
 
 1) Configure your o365 tenant with a user with the appropriate permissions to manage o365 via Powershell. [See this article to get going](https://bitsofinfo.wordpress.com/2015/01/06/configuring-powershell-for-azure-ad-and-o365-exchange-management/)
@@ -34,15 +48,18 @@ This script simply exports a few useful pre-defined parameter sets (that one wou
 
 3) From within this project install the necessary npm dependencies for this module, including [stateful-process-command-proxy](https://github.com/bitsofinfo/stateful-process-command-proxy). You can checkout the latter manually and do a ```npm install stateful-process-command-proxy```
 
-4) Configure ```example.js``` appropriately, in particular the ```initCommands``` for the StatefulProcessCommandProxy; the paths to the items you created via the second step above
+4) Configure ```example.js```/```example_key_auth.js```/```examplekey_thumb_auth.js``` appropriately, in particular the ```initCommands``` for the StatefulProcessCommandProxy; the paths to the items you created via the second step above
 
-5) Tweak the group that is fetched at the bottom of ```example.js```
+5) Tweak the group that is fetched at the bottom of ```example.js```/```example_key_auth.js```/```examplekey_thumb_auth.js```
 
-7) There is also a unit-test (```test\all.js```) for the command registry in ```o365Utils.js``` which gives an example of usage.
+7) There is also a unit-test (```test\all.js```) for the command registry in ```o365Utils.js``` which gives an example of usage for all thre possible Exchange connect variations.
 
 ### <a id="history"></a>History
 
 ```
+v1.1.0 - 2020-12-03
+    - Added option for key and thumbprint based Exchange authentication
+
 v1.0.0 - 2016-06-08
     - Get-DistributionGroupMember - added "-ResultSize Unlimited"
 

example.js

@@ -1,4 +1,3 @@
-var Promise = require('promise');
 var StatefulProcessCommandProxy = require("stateful-process-command-proxy");
 var PSCommandService = require('./psCommandService');
 var o365Utils = require('./o365Utils');

example_key_auth.js

@@ -0,0 +1,81 @@
+var StatefulProcessCommandProxy = require("stateful-process-command-proxy");
+var PSCommandService = require('./psCommandService');
+var o365Utils = require('./o365Utils');
+
+
+
+
+var statefulProcessCommandProxy = new StatefulProcessCommandProxy({
+  name: "StatefulProcessCommandProxy",
+  max: 1,
+  min: 1,
+  idleTimeoutMS:120000,
+  log: function(severity,origin,msg) {
+    console.log(severity.toUpperCase() + " " +origin+" "+ msg);
+  },
+
+  processCommand: 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe',
+  processArgs:    ['-Command','-'],
+
+
+  processRetainMaxCmdHistory : 20,
+  processInvalidateOnRegex : {
+    'any':[],
+    'stdout':[],
+    'stderr':[{'regex':'.*error.*'}]
+  },
+  processCwd : null,
+  processEnvMap : null,
+  processUid : null,
+  processGid : null,
+
+  initCommands: o365Utils.getO365PSKeyInitCommands(
+    'C:\\pathto\\decryptUtil.ps1',
+    'C:\\pathto\\encrypted.credentials',
+    'C:\\pathto\\secret.key',
+    'C:\\pathto\\certificate',
+    'certificatePassword',
+    '00000000-00000000-00000000-00000000',
+    'your.exhange.domain.name',
+    10000,30000,60000),
+
+
+  validateFunction: function(processProxy) {
+    var isValid = processProxy.isValid();
+    if(!isValid) {
+      console.log("ProcessProxy.isValid() returns FALSE!");
+    }
+    return isValid;
+  },
+
+
+  preDestroyCommands: o365Utils.getO365PSKeyDestroyCommands(),
+
+  processCmdWhitelistRegex: o365Utils.getO365WhitelistedCommands(),
+
+  processCmdBlacklistRegex: o365Utils.getO365BlacklistedCommands(),
+
+  autoInvalidationConfig: o365Utils.getO365AutoInvalidationConfig(30000)
+
+});
+
+var myLogFunction = function(severity,origin,message) {
+    console.log(severity.toUpperCase() + ' ' + origin + ' ' + message);
+}
+
+
+/**
+* Fetch a group!
+*/
+var psCommandService = new PSCommandService(statefulProcessCommandProxy,
+                                            o365Utils.o365CommandRegistry,
+                                            myLogFunction);
+
+psCommandService.execute('getDistributionGroup',{'Identity':"someGroupName"})
+          .then(function(groupJson) {
+              console.log(groupJson);
+          }).catch(function(error) {
+              console.log(error);
+          });
+
+setTimeout(function(){statefulProcessCommandProxy.shutdown()},80000);

example_key_thumb_auth.js

@@ -0,0 +1,80 @@
+var StatefulProcessCommandProxy = require("stateful-process-command-proxy");
+var PSCommandService = require('./psCommandService');
+var o365Utils = require('./o365Utils');
+
+
+
+
+var statefulProcessCommandProxy = new StatefulProcessCommandProxy({
+  name: "StatefulProcessCommandProxy",
+  max: 1,
+  min: 1,
+  idleTimeoutMS:120000,
+  log: function(severity,origin,msg) {
+    console.log(severity.toUpperCase() + " " +origin+" "+ msg);
+  },
+
+  processCommand: 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe',
+  processArgs:    ['-Command','-'],
+
+
+  processRetainMaxCmdHistory : 20,
+  processInvalidateOnRegex : {
+    'any':[],
+    'stdout':[],
+    'stderr':[{'regex':'.*error.*'}]
+  },
+  processCwd : null,
+  processEnvMap : null,
+  processUid : null,
+  processGid : null,
+
+  initCommands: o365Utils.getO365PSThumbprintInitCommands(
+    'C:\\pathto\\decryptUtil.ps1',
+    'C:\\pathto\\encrypted.credentials',
+    'C:\\pathto\\secret.key',
+    'certificatethumbprint',
+    '00000000-00000000-00000000-00000000',
+    'your.exhange.domain.name',
+    10000,30000,60000),
+
+
+  validateFunction: function(processProxy) {
+    var isValid = processProxy.isValid();
+    if(!isValid) {
+      console.log("ProcessProxy.isValid() returns FALSE!");
+    }
+    return isValid;
+  },
+
+
+  preDestroyCommands: o365Utils.getO365PSThumbprintDestroyCommands(),
+
+  processCmdWhitelistRegex: o365Utils.getO365WhitelistedCommands(),
+
+  processCmdBlacklistRegex: o365Utils.getO365BlacklistedCommands(),
+
+  autoInvalidationConfig: o365Utils.getO365AutoInvalidationConfig(30000)
+
+});
+
+var myLogFunction = function(severity,origin,message) {
+    console.log(severity.toUpperCase() + ' ' + origin + ' ' + message);
+}
+
+
+/**
+* Fetch a group!
+*/
+var psCommandService = new PSCommandService(statefulProcessCommandProxy,
+                                            o365Utils.o365CommandRegistry,
+                                            myLogFunction);
+
+psCommandService.execute('getDistributionGroup',{'Identity':"someGroupName"})
+          .then(function(groupJson) {
+              console.log(groupJson);
+          }).catch(function(error) {
+              console.log(error);
+          });
+
+setTimeout(function(){statefulProcessCommandProxy.shutdown()},80000);