ΠΡΠΈΠ²Π΅Ρ!
Nkhaniyi ifotokoza momwe PowerShell imathandizira ndi Google API kuti iwononge ogwiritsa ntchito a G Suite.
Timagwiritsa ntchito ntchito zingapo zamkati ndi zamtambo m'gulu lonse. Nthawi zambiri, chilolezo mwa iwo chimatsikira ku Google kapena Active Directory, pomwe sitingathe kukhala ndi chofananira; chifukwa chake, wogwira ntchito watsopano akachoka, muyenera kupanga / kuyambitsa akaunti pamakina awiriwa. Kuti izi zitheke, tinaganiza zolemba script yomwe imasonkhanitsa zambiri ndikuzitumiza kuzinthu zonse ziwiri.
Kulowa
Popanga zofunikira, tidaganiza zogwiritsa ntchito oyang'anira anthu enieni kuti avomereze; izi zimathandizira kusanthula kwazomwe zikuchitika pakasintha mwangozi kapena mwadala.
Ma API a Google amagwiritsa ntchito protocol ya OAuth 2.0 kutsimikizira ndi kuvomereza. Zogwiritsira ntchito ndi mafotokozedwe atsatanetsatane angapezeke apa: .
Ndidasankha script yomwe imagwiritsidwa ntchito pakuvomerezeka pamapulogalamu apakompyuta. Palinso njira yogwiritsira ntchito akaunti yautumiki, yomwe sikutanthauza kusuntha kosafunikira kuchokera kwa wogwiritsa ntchito.
Chithunzi chili m'munsichi ndi kufotokoza kwachidule kwa zomwe zasankhidwa patsamba la Google.
- Choyamba, timatumiza wogwiritsa ntchito patsamba lovomerezeka la Akaunti ya Google, kutchula magawo a GET:
- ntchito id
- madera omwe pulogalamuyo ikufunika kuwafikira
- adilesi yomwe wogwiritsa ntchitoyo adzatumizidwako akamaliza ndondomekoyi
- momwe tidzasinthire chizindikiro
- Nambala yachitetezo
- mtundu wotsitsira ma code
- Chilolezo chikamalizidwa, wogwiritsa ntchitoyo adzatumizidwa kutsamba lomwe latchulidwa mu pempho loyamba, ndi cholakwika kapena chilolezo choperekedwa ndi magawo a GET.
- Kugwiritsa ntchito (script) kudzafunika kulandira magawowa ndipo, ngati mutalandira code, funsani zotsatirazi kuti mupeze zizindikiro.
- Ngati pempho lili lolondola, Google API ibwereranso:
- Chizindikiro chofikira chomwe tingapemphe nacho
- Nthawi yovomerezeka ya chizindikiro ichi
- Chizindikiro chotsitsimutsa chikufunika kuti mutsegulenso chizindikiro cha Access.
Choyamba muyenera kupita ku Google API console: , sankhani pulogalamu yomwe mukufuna ndipo pagawo la Credentials pangani chizindikiritso cha kasitomala OAuth. Kumeneko (kapena pambuyo pake, muzozindikiritsa zomwe zidapangidwa) muyenera kufotokoza maadiresi omwe kulozeranso kumaloledwa. Kwa ife, awa adzakhala zolemba zingapo zapamalo okhala ndi madoko osiyanasiyana (onani pansipa).
Kuti zikhale zosavuta kuti muwerenge script algorithm, mutha kuwonetsa masitepe oyamba munjira ina yomwe ingabweretsenso Access ndikutsitsimutsa zizindikiro za pulogalamuyi:
$client_secret = 'Our Client Secret'
$client_id = 'Our Client ID'
function Get-GoogleAuthToken {
if (-not [System.Net.HttpListener]::IsSupported) {
"HttpListener is not supported."
exit 1
}
$codeverifier = -join ((65..90) + (97..122) + (48..57) + 45 + 46 + 95 + 126 |Get-Random -Count 60| % {[char]$_})
$hasher = new-object System.Security.Cryptography.SHA256Managed
$hashByteArray = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($codeverifier))
$base64 = ((([System.Convert]::ToBase64String($hashByteArray)).replace('=','')).replace('+','-')).replace('/','_')
$ports = @(10600,15084,39700,42847,65387,32079)
$port = $ports[(get-random -Minimum 0 -maximum 5)]
Write-Host "Start browser..."
Start-Process "https://accounts.google.com/o/oauth2/v2/auth?code_challenge_method=S256&code_challenge=$base64&access_type=offline&client_id=$client_id&redirect_uri=http://localhost:$port&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group"
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add("http://localhost:"+$port+'/')
try {$listener.Start()} catch {
"Unable to start listener."
exit 1
}
while (($code -eq $null)) {
$context = $listener.GetContext()
Write-Host "Connection accepted" -f 'mag'
$url = $context.Request.RawUrl
$code = $url.split('?')[1].split('=')[1].split('&')[0]
if ($url.split('?')[1].split('=')[0] -eq 'error') {
Write-Host "Error!"$code -f 'red'
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Error!"+$code)
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
exit 1
}
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Now you can close this browser tab.")
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -Body @{
code = $code
client_id = $client_id
client_secret = $client_secret
redirect_uri = 'http://localhost:'+$port
grant_type = 'authorization_code'
code_verifier = $codeverifier
}
$code = $null
Timakhazikitsa Client ID ndi Client Secret zopezeka muzozindikiritsa kasitomala wa OAuth, ndipo chotsimikizira ma code ndi mzere wa zilembo 43 mpaka 128 zomwe ziyenera kupangidwa mwachisawawa kuchokera ku zilembo zosasungidwa: [AZ] / [az] / [0-9 ] / "-" / "." / "_" / "~".
Khodi iyi idzatumizidwanso. Imachotsa chiwopsezo chomwe wowukira angalandire yankho lomwe labwezedwa ngati lolozera pambuyo pa chilolezo cha ogwiritsa ntchito.
Mutha kutumiza zotsimikizira pamakina omwe afunsidwa pakali pano m'mawu omveka bwino (zomwe zimapangitsa kuti zikhale zopanda tanthauzo - izi ndizoyenera machitidwe omwe sagwirizana ndi SHA256), kapena kupanga hashi pogwiritsa ntchito algorithm ya SHA256, yomwe iyenera kulembedwa mu BASE64Url (yosiyana). kuchokera ku Base64 ndi zilembo ziwiri za tebulo) ndikuchotsa mathero a mzere: =.
Kenaka, tifunika kuyamba kumvetsera http pamakina am'deralo kuti tilandire yankho pambuyo pa chilolezo, chomwe chidzabwezeredwa ngati kuwongolera.
Ntchito zoyang'anira zimachitika pa seva yapadera, sitinganene kuti mwina olamulira angapo aziyendetsa script nthawi imodzi, chifukwa chake amasankha mwachisawawa doko kwa omwe akugwiritsa ntchito pano, koma ndidatchula madoko omwe adafotokozedweratu chifukwa. Ayeneranso kuwonjezeredwa monga odalirika mu API console.
access_type=opanda intaneti zikutanthauza kuti pulogalamuyo imatha kusintha chizindikiro chomwe chatha pachokha popanda kugwiritsa ntchito msakatuli,
response_type=kodi imayika mawonekedwe a momwe kachidindo idzabwezeredwera (zonena za njira yakale yololeza, pomwe wogwiritsa ntchito adakopera kachidindo kuchokera pa msakatuli kupita ku script),
chiwerengero zimasonyeza kukula ndi mtundu wa mwayi. Ayenera kulekanitsidwa ndi mipata kapena %20 (malinga ndi URL Encoding). Mndandanda wa malo ofikira okhala ndi mitundu ukhoza kuwonedwa apa: .
Mukalandira kachidindo kovomerezeka, pulogalamuyi idzabwezera uthenga wapafupi kwa osatsegula, kusiya kumvetsera pa doko ndikutumiza pempho la POST kuti mupeze chizindikiro. Timawonetsamo id ndi chinsinsi chomwe chidatchulidwa m'mbuyomu kuchokera ku console API, adilesi yomwe wogwiritsa ntchito adzatumizidwa ndi grant_type molingana ndi ndondomeko.
Poyankha, tidzalandira chizindikiro cha Access, nthawi yovomerezeka mumasekondi, ndi chizindikiro chotsitsimutsa, chomwe tingathe kusintha chizindikiro cha Access.
Ntchitoyi iyenera kusungira ma tokeni pamalo otetezeka okhala ndi alumali yayitali, kotero mpaka titachotsa mwayi womwe walandilidwa, pulogalamuyo sidzabwezera chizindikiro chotsitsimutsa. Pamapeto pake, ndinawonjezera pempho lochotsa chizindikirocho; ngati ntchitoyo sinamalizidwe bwino ndipo chizindikiro chotsitsimutsa sichinabwezedwe, chidzayambiranso ndondomekoyi (tinkaona kuti ndizosayenera kusunga zizindikiro kwanuko pa terminal, ndipo sitinatero. sindikufuna kusokoneza zinthu ndi cryptography kapena kutsegula msakatuli pafupipafupi).
do {
$token_result = Get-GoogleAuthToken
$token = $token_result.access_token
if ($token_result.refresh_token -eq $null) {
Write-Host ("Session is not destroyed. Revoking token...")
Invoke-WebRequest -Uri ("https://accounts.google.com/o/oauth2/revoke?token="+$token)
}
} while ($token_result.refresh_token -eq $null)
$refresh_token = $token_result.refresh_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Hour)
minute = $minute
}
Monga mwazindikira kale, mukachotsa chizindikiro, Invoke-WebRequest imagwiritsidwa ntchito. Mosiyana ndi Invoke-RestMethod, sibweza zomwe zalandilidwa mwanjira yoti zigwiritsidwe ntchito ndipo zimawonetsa momwe pempholo lilili.
Kenako, script imakufunsani kuti mulowetse dzina loyamba ndi lomaliza la wogwiritsa ntchito, ndikupanga lolowera + imelo.
Zopempha
Zopempha zotsatirazi zidzakhala - choyamba, muyenera kuyang'ana ngati wosuta yemwe ali ndi malowedwe omwewo alipo kale kuti mupeze chisankho chopanga chatsopano kapena kuthandizira panopa.
Ndinaganiza zogwiritsa ntchito zopempha zonse mumtundu wa ntchito imodzi ndikusankha, pogwiritsa ntchito switch:
function GoogleQuery {
param (
$type,
$query
)
switch ($type) {
"SearchAccount" {
Return Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body @{
domain = 'rocketguys.com'
query = "email:$query"
}
}
"UpdateAccount" {
$body = @{
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Put -Uri ("https://www.googleapis.com/admin/directory/v1/users/"+$query['email']) -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"CreateAccount" {
$body = @{
primaryEmail = $query['email']
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"AddMember" {
$body = @{
userKey = $query['email']
}
$ifrequest = Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/groups" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body $body
$array = @()
foreach ($group in $ifrequest.groups) {$array += $group.email}
if ($array -notcontains $query['groupkey']) {
$body = @{
email = $query['email']
role = "MEMBER"
}
Return Invoke-RestMethod -Method Post -Uri ("https://www.googleapis.com/admin/directory/v1/groups/"+$query['groupkey']+"/members") -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
} else {
Return ($query['email']+" now is a member of "+$query['groupkey'])
}
}
}
}Pa pempho lililonse, muyenera kutumiza mutu wa Authorization womwe uli ndi mtundu wa chizindikiro ndi chizindikiro cha Access chokha. Pakadali pano, mtundu wa chizindikiro nthawi zonse ndi Wonyamula. Chifukwa tiyenera kuyang'ana kuti chizindikirocho sichinathe ndikusintha pambuyo pa ola limodzi kuchokera pamene chinaperekedwa, ndinafotokozera pempho la ntchito ina yomwe imabwezeretsa chizindikiro cha Access. Chidutswa chomwechi chili kumayambiriro kwa script mukalandira chizindikiro choyamba cha Access:
function Get-GoogleToken {
if (((Get-date).Hour -gt $token_expire.hour) -or (((Get-date).Hour -ge $token_expire.hour) -and ((Get-date).Minute -gt $token_expire.minute))) {
Write-Host "Token Expired. Refreshing..."
$request = (Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -ContentType 'application/x-www-form-urlencoded' -Body @{
client_id = $client_id
client_secret = $client_secret
refresh_token = $refresh_token
grant_type = 'refresh_token'
})
$token = $request.access_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$script:token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Hour)
minute = $minute
}
}
return $token
}Kuwona malowedwe:
function Check_Google {
$query = (GoogleQuery 'SearchAccount' $username)
if ($query.users -ne $null) {
$user = $query.users[0]
Write-Host $user.name.fullName' - '$user.PrimaryEmail' - suspended: '$user.Suspended
$GAresult = $user
}
if ($GAresult) {
$return = $GAresult
} else {$return = 'gg'}
return $return
}Imelo:$query pempho idzafunsa API kuti iyang'ane wosuta yemwe ali ndi imelo, kuphatikiza zilembo. Mukhozanso kugwiritsa ntchito wildcard: =, :, :{PREFIX}*.
Kuti mupeze deta, gwiritsani ntchito njira yopempha GET, kuyika deta (kupanga akaunti kapena kuwonjezera membala ku gulu) - POST, kusintha zomwe zilipo - PUT, kuchotsa mbiri (mwachitsanzo, membala pagulu) - FUTA.
Script idzapemphanso nambala ya foni (chingwe chosavomerezeka) ndikuphatikizidwa mu gulu logawa chigawo. Imasankha gawo la bungwe lomwe wogwiritsa ntchito akuyenera kukhala nalo kutengera Active Directory OU yosankhidwa ndipo amabwera ndi mawu achinsinsi:
do {
$phone = Read-Host "Π’Π΅Π»Π΅ΡΠΎΠ½ Π² ΡΠΎΡΠΌΠ°ΡΠ΅ +7Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
"
} while (-not $phone)
do {
$moscow = Read-Host "Π ΠΠΎΡΠΊΠΎΠ²ΡΠΊΠΈΠΉ ΠΎΡΠΈΡ? (y/n) "
} while (-not (($moscow -eq 'y') -or ($moscow -eq 'n')))
$orgunit = '/'
if ($OU -like "*OU=Delivery,OU=Users,OU=ROOT,DC=rocket,DC=local") {
Write-host "ΠΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½Π° Π² /Team delivery"
$orgunit = "/Team delivery"
}
$Password = -join ( 48..57 + 65..90 + 97..122 | Get-Random -Count 12 | % {[char]$_})+"*Ba"
Kenako akuyamba kusintha akaunti:
$query = @{
email = $email
givenName = $firstname
familyName = $lastname
password = $password
phone = $phone
orgunit = $orgunit
}
if ($GMailExist) {
Write-Host "ΠΠ°ΠΏΡΡΠΊΠ°Π΅ΠΌ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ Π°ΠΊΠΊΠ°ΡΠ½ΡΠ°" -f mag
(GoogleQuery 'UpdateAccount' $query) | fl
write-host "ΠΠ΅ Π·Π°Π±ΡΠ΄Ρ ΠΏΡΠΎΠ²Π΅ΡΠΈΡΡ Π³ΡΡΠΏΠΏΡ Ρ Π²ΠΊΠ»ΡΡΠ΅Π½Π½ΠΎΠ³ΠΎ $Username Π² Google."
} else {
Write-Host "ΠΠ°ΠΏΡΡΠΊΠ°Π΅ΠΌ ΡΠΎΠ·Π΄Π°Π½ΠΈΠ΅ Π°ΠΊΠΊΠ°ΡΠ½ΡΠ°" -f mag
(GoogleQuery 'CreateAccount' $query) | fl
}
if ($moscow -eq "y"){
write-host "ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ Π² Π³ΡΡΠΏΠΏΡ moscowoffice"
$query = @{
groupkey = '[email protected]'
email = $email
}
(GoogleQuery 'AddMember' $query) | fl
}
Ntchito zosinthira ndi kupanga akaunti zimakhala ndi mawu ofanana; sizinthu zonse zowonjezera zomwe zimafunikira; mu gawo lomwe lili ndi manambala a foni, muyenera kufotokoza mndandanda womwe ungakhale ndi mbiri imodzi yokhala ndi nambala ndi mtundu wake.
Kuti tisalandire cholakwika powonjezera wogwiritsa ntchito pagulu, titha kuyang'ana kaye ngati ali kale mgululi popeza mndandanda wa omwe ali mgululi kapena zolemba kuchokera kwa wogwiritsa ntchitoyo.
Kufunsa umembala wa gulu la wogwiritsa ntchito sikungabwerezenso ndipo kumangowonetsa umembala wachindunji. Kuphatikizira wogwiritsa ntchito m'gulu la makolo omwe ali kale ndi gulu la ana lomwe wogwiritsa ntchitoyo ali membala adzachita bwino.
Pomaliza
Chotsalira ndikutumiza wogwiritsa ntchito mawu achinsinsi a akaunti yatsopano. Timachita izi kudzera pa SMS, ndikutumiza zambiri ndi malangizo ndikulowa ku imelo yaumwini, yomwe, pamodzi ndi nambala yafoni, idaperekedwa ndi dipatimenti yolembera anthu ntchito. M'malo mwake, mutha kusunga ndalama ndikutumiza mawu anu achinsinsi pamacheza achinsinsi a telegalamu, omwe amathanso kuonedwa ngati chinthu chachiwiri (MacBooks ikhala yosiyana).
Zikomo powerenga mpaka kumapeto. Ndikhala wokondwa kuwona malingaliro owongolera kalembedwe kazolemba ndipo ndikufuna kuti mutenge zolakwika zochepa polemba zolemba =)
Mndandanda wa maulalo omwe angakhale othandiza pamitu kapena kungoyankha mafunso:
Source: www.habr.com