Refactoring

.gitignore

@@ -16,4 +16,7 @@ markdownissues.txt
 node_modules
 package-lock.json
 func.ps1
-GetMGApplicationCertificateAndSecretExpiration.ps1
+GetMGApplicationCertificateAndSecretExpiration.ps1
+test1.ps1
+testitem.txt
+testitem.zip

CHANGELOG.md

@@ -7,8 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
+- Add support for newer versions of each module.
+- Add support for numbers in pattern for app prefix.
+
+### Fixed
+
+- Fixed approved verb for main public function.
+- Some Error handling improvements.
+- Function names are now more consistent with approved verbs.
+- Refactored code to improve readability.
+- Consolidated functions to reduce complexity.
+- Minor Change to README.md.
+
+## [0.1.0] - 2023-07-15
+
+### Added
+
 - Add support for multiple attachments
 - Release to public.
+
 ## [0.1.0-preview0001] - 2023-07-15
 
 ### Added

README.md

@@ -1,13 +1,36 @@
-# GraphEmailApp
+# GraphEmailApp Module Functions
 
-A module for creating a graphemail app
+## Connect-ToMGGraph
 
-## Make it yours
+Connects to Microsoft Graph and Exchange Online.
 
----
-Generated with Plaster and the SampleModule template
+- **Permissions**: Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Directory.ReadWrite.All.
+- **Modules**: Microsoft.Graph, ExchangeOnlineManagement, SecretManagement modules.
+- **User Interaction**: Requires key press prompts.
+- **Outputs**: Connection established, no direct output.
 
+## Publish-GraphEmailApp
 
-This is a sample Readme
+Deploys Microsoft Graph Email app with app-only authentication.
 
-## Make it yours
+- **Parameters**: AppPrefix, CertThumbprint (optional), AuthorizedSenderUserName, MailEnabledSendingGroup.
+- **Permissions**: Administrator-level for app and Exchange Online access.
+- **Requirements**: Internet connectivity, mail-enabled security group in Exchange Online.
+- **Outputs**: Custom object with AppId, CertThumbprint, TenantID, CertExpires.
+
+## Initialize-GraphEmailAppCert
+
+Retrieves or creates a new certificate.
+
+- **Parameters**: CertThumbprint (optional), AppName.
+- **Permissions**: Certificate store access.
+- **Outputs**: Custom object with certificate details.
+
+## Send-GraphAppEmail
+
+Sends an email via Microsoft Graph API.
+
+- **Parameters**: AppName, To, FromAddress, Subject, EmailBody, AttachmentPath (optional).
+- **Modules**: Microsoft.Graph, MSAL.PS.
+- **Requirements**: AppName with necessary permissions and configurations.
+- **Outputs**: Email sent, no direct output.

source/Private/ConvertTo-ParameterSplat.ps1

@@ -0,0 +1,20 @@
+function ConvertTo-ParameterSplat {
+    [CmdletBinding()]
+    [OutputType([string])]
+    param (
+        [Parameter(Mandatory = $true, ValueFromPipeline = $true)]
+        [PSObject]$InputObject
+    )
+    process {
+        $splatScript = "`$params = @{`n"
+        $InputObject.psobject.Properties | ForEach-Object {
+            $value = $_.Value
+            if ($value -is [string]) {
+                $value = "`"$value`""
+            }
+            $splatScript += "    $($_.Name) = $value`n"
+        }
+        $splatScript += "}"
+        Write-Output $splatScript
+    }
+}

source/Private/Initialize-GraphAppRegistration.ps1

@@ -0,0 +1,104 @@
+function Initialize-GraphAppRegistration {
+    [CmdletBinding()]
+    param(
+        [Parameter(
+            Mandatory = $true,
+            HelpMessage = 'The App Registration object.'
+        )]
+        $AppRegistration,
+        [Parameter(
+            Mandatory = $true,
+            HelpMessage = 'The Graph Service Principal Id.'
+        )]
+        [string]$GraphServicePrincipalId,
+        [Parameter(
+            Mandatory = $true,
+            HelpMessage = 'The Azure context.'
+        )]
+        $Context,
+        [Parameter(
+            Mandatory = $false,
+            HelpMessage = 'One or more OAuth2 scopes to grant. Defaults to Mail.Send.'
+        )]
+        [string[]]$Scopes = @('Mail.Send'),
+        [Parameter(
+            Mandatory = $false,
+            HelpMessage = 'Auth method (placeholder). Currently only "Certificate" is used.'
+        )]
+        [ValidateSet('Certificate','ClientSecret','ManagedIdentity','None')]
+        [string]$AuthMethod = 'Certificate',
+        [Parameter(
+            Mandatory = $false,
+            HelpMessage = 'Certificate thumbprint if using Certificate-based auth.'
+        )]
+        [string]$CertThumbprint
+    )
+    begin {
+        if (-not $script:LogString) {
+            Write-AuditLog -Start
+        }
+        else {
+            Write-AuditLog -BeginFunction
+        }
+        Write-AuditLog '###############################################'
+        if ($AuthMethod -eq 'Certificate' -and -not $CertThumbprint) {
+            throw "CertThumbprint is required when AuthMethod is 'Certificate'."
+        }
+    }
+    process {
+        try {
+            # 1. If using certificate auth, retrieve the certificate
+            $Cert = $null
+            if ($AuthMethod -eq 'Certificate') {
+                Write-AuditLog "Retrieving certificate with thumbprint $CertThumbprint."
+                $Cert = Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object { $_.Thumbprint -eq $CertThumbprint }
+                if (-not $Cert) {
+                    throw "Certificate with thumbprint $CertThumbprint not found in Cert:\CurrentUser\My."
+                }
+            }
+            # 2. Create a Service Principal for the app (if not existing).
+            Write-AuditLog "Creating service principal for app with AppId $($AppRegistration.AppId)."
+            [void](New-MgServicePrincipal -AppId $AppRegistration.AppId -AdditionalProperties @{})
+            # 3. Get the client Service Principal for the created app.
+            $ClientSp = Get-MgServicePrincipal -Filter "appId eq '$($AppRegistration.AppId)'"
+            if (-not $ClientSp) {
+                Write-AuditLog "Client service principal not found for $($AppRegistration.AppId)." -Severity Error
+                throw "Unable to find client service principal."
+            }
+            # 4. Combine all scopes into a single space-delimited string
+            $combinedScopes = $Scopes -join ' '
+            Write-AuditLog "Granting the following scope(s) to Service Principal $($ClientSp.DisplayName): $combinedScopes"
+            $Params = @{
+                ClientId    = $ClientSp.Id
+                ConsentType = 'AllPrincipals'
+                ResourceId  = $GraphServicePrincipalId
+                Scope       = $combinedScopes
+            }
+            [void](New-MgOauth2PermissionGrant -BodyParameter $Params -Confirm:$false)
+            # 5. Build the admin consent URL
+            $adminConsentUrl = 'https://login.microsoftonline.com/' + $Context.TenantId + '/adminconsent?client_id=' + $AppRegistration.AppId
+            Write-Verbose 'Please go to the following URL in your browser to provide admin consent:' -Verbose
+            Write-Host $adminConsentUrl -ForegroundColor DarkGray
+            Write-Verbose 'After providing admin consent, you can use the following command for certificate-based auth:' -Verbose
+            if ($AuthMethod -eq 'Certificate') {
+                $connectGraph = 'Connect-MgGraph -ClientId "' + $AppRegistration.AppId + '" -TenantId "' +
+                                $Context.TenantId + '" -CertificateName "' + $Cert.SubjectName.Name + '"'
+                Write-Host "`n$connectGraph`n" -ForegroundColor DarkGreen
+            }
+            else {
+                # Placeholder for other auth methods
+                Write-Host "Future logic for $AuthMethod auth can go here."
+            }
+        }
+        catch {
+            $line = $_.InvocationInfo.Line
+            $lineNum = $_.InvocationInfo.ScriptLineNumber
+            throw [System.Management.Automation.RuntimeException]::new(
+                "Error in $($MyInvocation.MyCommand.Name) at line $lineNum`:`n'$line' - $($_.Exception.Message)",
+                $_.Exception
+            )
+        }
+        Write-AuditLog -EndFunction
+    }
+    end {}
+}