Merge pull request #772 from KelvinTegelaar/dev

[pull] dev from KelvinTegelaar:dev

Author: pull[bot]

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Tenant/Administration/Invoke-SetAuthMethod.ps1

@@ -15,10 +15,20 @@ function Invoke-SetAuthMethod {
     $State = if ($Request.Body.state -eq 'enabled') { $true } else { $false }
     $TenantFilter = $Request.Body.tenantFilter
     $AuthenticationMethodId = $Request.Body.Id
-
+    $GroupIds = $Request.Body.GroupIds
 
     try {
-        $Result = Set-CIPPAuthenticationPolicy -Tenant $TenantFilter -APIName $APIName -AuthenticationMethodId $AuthenticationMethodId -Enabled $State -Headers $Headers
+        $Params = @{
+            Tenant                 = $TenantFilter
+            APIName                = $APIName
+            AuthenticationMethodId = $AuthenticationMethodId
+            Enabled                = $State
+            Headers                = $Headers
+        }
+        if ($GroupIds) {
+            $Params.GroupIds = @($GroupIds)
+        }
+        $Result = Set-CIPPAuthenticationPolicy @Params
         $StatusCode = [HttpStatusCode]::OK
     } catch {
         $Result = $_.Exception.Message

Modules/CIPPCore/Public/New-CIPPGroup.ps1

@@ -77,20 +77,11 @@ function New-CIPPGroup {
             $null
         }
 
-        # Extract local part of username if exists and remove special characters for mailNickname
-        if ($GroupObject.username -like '*@*') {
-            $MailNickname = ($GroupObject.username -split '@')[0]
+        # Determine if we should generate a mailNickname with a GUID, or use the username field
+        if (-not $GroupObject.Username) {
+            $MailNickname = (New-Guid).guid.substring(0, 10)
         } else {
-            $MailNickname = $GroupObject.username
-        }
-
-        # Remove forbidden characters per Microsoft 365 mailNickname requirements:
-        # ASCII 0-127 only, excluding: @ () / [] ' ; : <> , SPACE and any non-ASCII
-        $MailNickname = $MailNickname -replace "[@()\[\]/'`;:<>,\s]|[^\x00-\x7F]", ''
-
-        # Ensure max length of 64 characters
-        if ($MailNickname.Length -gt 64) {
-            $MailNickname = $MailNickname.Substring(0, 64)
+            $MailNickname = $GroupObject.Username
         }
 
         Write-LogMessage -API $APIName -tenant $TenantFilter -message "Creating group $($GroupObject.displayName) of type $NormalizedGroupType$(if ($NeedsEmail) { " with email $Email" })" -Sev Info

Modules/CIPPCore/Public/Set-CIPPAuthenticationPolicy.ps1

@@ -10,6 +10,7 @@ function Set-CIPPAuthenticationPolicy {
         $TAPDefaultLifeTime = 60, #minutes
         $TAPDefaultLength = 8, #TAP password generated length in chars
         $TAPisUsableOnce = $true,
+        [Parameter()][string[]]$GroupIds,
         [Parameter()][ValidateRange(1, 395)]$QRCodeLifetimeInDays = 365,
         [Parameter()][ValidateRange(8, 20)]$QRCodePinLength = 8,
         $APIName = 'Set Authentication Policy',
@@ -118,6 +119,20 @@ function Set-CIPPAuthenticationPolicy {
             throw "Somehow you hit the default case with an input of $AuthenticationMethodId . You probably made a typo in the input for AuthenticationMethodId. It`'s case sensitive."
         }
     }
+
+    if ($PSBoundParameters.ContainsKey('GroupIds') -and $GroupIds) {
+        $CurrentInfo.includeTargets = @(
+            foreach ($id in $GroupIds ) {
+                [pscustomobject]@{
+                    targetType = 'group'
+                    id         = $id
+                }
+            }
+        )
+        $OptionalLogMessage += " and targeted groups set to $($CurrentInfo.includeTargets.id -join ', ')"
+    }
+
+
     # Set state of the authentication method
     try {
         if ($PSCmdlet.ShouldProcess($AuthenticationMethodId, "Set state to $State $OptionalLogMessage")) {