From 6a63335a58ca208f9e4375a177ca113609306178 Mon Sep 17 00:00:00 2001 From: Gautam Sheth Date: Sun, 9 Oct 2022 00:18:09 +0300 Subject: [PATCH 1/3] Fix #1180 - issue with PnP Management shell access in non-commercial clouds --- CHANGELOG.md | 1 + .../AzureAD/RegisterManagementShellAccess.cs | 19 ++++++++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0d96d16a..daf020b0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,6 +74,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Fixed `Add-PnPTeamsTab` cmdlet not working with certain types when using dynamic parameters. [#2405](https://github.com/pnp/powershell/pull/2405) - Fixed `Get-PnPVivaConnectionsDashboardACE` missing the `isVisible` property under `CardButtonActions` causing using `Update-PnPVivaConnectionsDashboardACE` to hide card buttons [#2433](https://github.com/pnp/powershell/pull/2433 - Fixed issue with `Set-PnPTeamsChannel -IsFavoriteByDefault` throwing a `Nullable object must have a value` under certain circumstances [#2425](https://github.com/pnp/powershell/pull/2425) +- Fixed `Register-PnPManagementShellAccess` for non-commercial cloud environment. Users must enter the tenant name if the environment is a non-commercial cloud environment. ### Contributors diff --git a/src/Commands/AzureAD/RegisterManagementShellAccess.cs b/src/Commands/AzureAD/RegisterManagementShellAccess.cs index e2f9748ab..89a8bc81e 100644 --- a/src/Commands/AzureAD/RegisterManagementShellAccess.cs +++ b/src/Commands/AzureAD/RegisterManagementShellAccess.cs @@ -31,13 +31,13 @@ public class RegisterManagementShellAccess : PSCmdlet public SwitchParameter ShowConsentUrl; [Parameter(Mandatory = false, ParameterSetName = ParameterSet_SHOWURL)] + [Parameter(Mandatory = false, ParameterSetName = ParameterSet_REGISTER)] public string TenantName; protected override void ProcessRecord() { source = new CancellationTokenSource(); var messageWriter = new CmdletMessageWriter(this); - CancellationToken cancellationToken = source.Token; var endPoint = string.Empty; using (var authManager = new AuthenticationManager()) @@ -45,6 +45,11 @@ protected override void ProcessRecord() endPoint = authManager.GetAzureADLoginEndPoint(AzureEnvironment); } + if (AzureEnvironment != AzureEnvironment.Production && string.IsNullOrEmpty(TenantName)) + { + WriteWarning("Please specify the Tenant name for non-commercial clouds, other the operation cannot proceed."); + } + Task.Factory.StartNew(() => { if (ParameterSetName == ParameterSet_REGISTER) @@ -55,11 +60,11 @@ protected override void ProcessRecord() }, successMessageHtml: $"You successfully consented the PnP Management Shell Application for use by PnP PowerShell. Feel free to close this window.", failureMessageHtml: $"You did not consent for the PnP Management Shell Application for use by PnP PowerShell. Feel free to close this browser window.", - azureEnvironment: AzureEnvironment)) + azureEnvironment: AzureEnvironment, tenantId: TenantName)) { try { - authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, cancellationToken, Microsoft.Identity.Client.Prompt.Consent).GetAwaiter().GetResult(); + authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, source.Token, Microsoft.Identity.Client.Prompt.Consent).GetAwaiter().GetResult(); } catch (Microsoft.Identity.Client.MsalException) { @@ -71,7 +76,7 @@ protected override void ProcessRecord() { if (!string.IsNullOrEmpty(TenantName)) { - messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\nhttps://login.microsoftonline.com/{TenantName}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}"); + messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\n{endPoint}/{TenantName}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}"); } else { @@ -87,7 +92,7 @@ protected override void ProcessRecord() var accessToken = string.Empty; try { - accessToken = authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, cancellationToken).GetAwaiter().GetResult(); + accessToken = authManager.GetAccessTokenAsync(new[] { $"https://{GetGraphEndPoint()}/.default" }, source.Token).GetAwaiter().GetResult(); } catch (Microsoft.Identity.Client.MsalException) { @@ -123,7 +128,7 @@ protected override void ProcessRecord() } } } - messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\nhttps://login.microsoftonline.com/{tenantId}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}"); + messageWriter.WriteMessage($"Share the following URL with a person that has appropriate access rights on the Azure AD to grant consent for Application Registrations:\n\n{endPoint}/{tenantId}/adminconsent?client_id={PnPConnection.PnPManagementShellClientId}"); if (tenantId == "{M365-Tenant-Id}") { messageWriter.WriteMessage($"To get M365-Tenant-Id value, use the Get-PnPTenantId cmdlet:\nhttps://pnp.github.io/powershell/cmdlets/Get-PnPTenantId.html"); @@ -132,7 +137,7 @@ protected override void ProcessRecord() } } messageWriter.Finished = true; - }, cancellationToken); + }, source.Token); messageWriter.Start(); } From b37fba82f7f0470015d27b17fd8fb6f3001321f3 Mon Sep 17 00:00:00 2001 From: Gautam Sheth Date: Sun, 9 Oct 2022 00:20:23 +0300 Subject: [PATCH 2/3] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index daf020b0f..f34104c67 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -74,7 +74,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Fixed `Add-PnPTeamsTab` cmdlet not working with certain types when using dynamic parameters. [#2405](https://github.com/pnp/powershell/pull/2405) - Fixed `Get-PnPVivaConnectionsDashboardACE` missing the `isVisible` property under `CardButtonActions` causing using `Update-PnPVivaConnectionsDashboardACE` to hide card buttons [#2433](https://github.com/pnp/powershell/pull/2433 - Fixed issue with `Set-PnPTeamsChannel -IsFavoriteByDefault` throwing a `Nullable object must have a value` under certain circumstances [#2425](https://github.com/pnp/powershell/pull/2425) -- Fixed `Register-PnPManagementShellAccess` for non-commercial cloud environment. Users must enter the tenant name if the environment is a non-commercial cloud environment. +- Fixed `Register-PnPManagementShellAccess` for non-commercial cloud environment. Users must enter the tenant name if the environment is a non-commercial cloud environment. [#2437](https://github.com/pnp/powershell/pull/2437) ### Contributors From 37bc31d3f57d2e5a50f5032a7164ce2317f11b55 Mon Sep 17 00:00:00 2001 From: Koen Zomers Date: Mon, 10 Oct 2022 19:53:22 +0200 Subject: [PATCH 3/3] Update RegisterManagementShellAccess.cs Minor grammar correction --- src/Commands/AzureAD/RegisterManagementShellAccess.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Commands/AzureAD/RegisterManagementShellAccess.cs b/src/Commands/AzureAD/RegisterManagementShellAccess.cs index 89a8bc81e..f0411731c 100644 --- a/src/Commands/AzureAD/RegisterManagementShellAccess.cs +++ b/src/Commands/AzureAD/RegisterManagementShellAccess.cs @@ -47,7 +47,7 @@ protected override void ProcessRecord() if (AzureEnvironment != AzureEnvironment.Production && string.IsNullOrEmpty(TenantName)) { - WriteWarning("Please specify the Tenant name for non-commercial clouds, other the operation cannot proceed."); + WriteWarning("Please specify the Tenant name for non-commercial clouds, otherwise this operation will fail."); } Task.Factory.StartNew(() => @@ -151,4 +151,4 @@ private string GetGraphEndPoint() return PnP.Framework.AuthenticationManager.GetGraphEndPoint(AzureEnvironment); } } -} \ No newline at end of file +}