Sawubona!
Eli nqaku liza kuchaza usebenziso lwePowerShell kunye neGoogle API ukukhohlisa abasebenzisi beG Suite.
Sisebenzisa iinkonzo ezininzi zangaphakathi kunye nelifu kwintlangano yonke. Ubukhulu becala, ugunyaziso kuzo lwehlela kuGoogle okanye kwiLayibrari eSebenzayo, phakathi apho singenako ukugcina i-replica; ngokufanelekileyo, xa umqeshwa omtsha ehamba, kufuneka wenze / uvule iakhawunti kwezi nkqubo zimbini. Ukuzenzekelayo inkqubo, sagqiba ekubeni sibhale iskripthi esiqokelela ulwazi kwaye siyithumele kuzo zombini iinkonzo.
Ngena
Xa sizoba iimfuno, sigqibe kwelokuba sisebenzise abalawuli abangabantu bokwenyani ukugunyazisa; oku kwenza lula uhlalutyo lwezenzo kwimeko yotshintsho olukhulu lwengozi okanye ngabom.
Ii-API zikaGoogle zisebenzisa i-OAuth 2.0 iprotocol yokuqinisekisa kunye nogunyaziso. Iimeko zokusetyenziswa kunye neenkcazo ezithe vetshe zinokufumaneka apha: .
Ndikhethe iskripthi esisetyenziselwa ugunyaziso kwizicelo zedesktop. Kukho nenketho yokusebenzisa i-akhawunti yenkonzo, engadingi ukunyakaza okungadingekile kumsebenzisi.
Lo mfanekiso ungezantsi yinkcazo yeskim yemeko ekhethiweyo kwiphepha likaGoogle.
- Okokuqala, sithumela umsebenzisi kwiphepha lokuqinisekisa iAkhawunti kaGoogle, echaza iiparamitha zeGET:
- isicelo id
- iindawo apho isicelo sifuna ukufikelela kuzo
- idilesi apho umsebenzisi uya kuthunyelwa kwakhona emva kokugqiba inkqubo
- indlela esiya kuyihlaziya ngayo ithokheni
- Ikhowudi yokhuseleko
- ikhowudi yothumelo format
- Emva kokuba ugunyaziso lugqityiwe, umsebenzisi uya kuhanjiswa kwiphepha elichazwe kwisicelo sokuqala, ngempazamo okanye ikhowudi yogunyaziso egqithiswe yi-GET parameters.
- Isicelo (isikripthi) siya kufuna ukufumana ezi parameters kwaye, ukuba ifunyenwe ikhowudi, yenza isicelo esilandelayo ukufumana amathokheni.
- Ukuba isicelo sichanekile, iGoogle API iyabuya:
- Ithokheni yokufikelela esinokwenza ngayo izicelo
- Ixesha lokuqinisekisa lo mqondiso
- Ukuhlaziya ithokheni efunekayo ukuvuselela ithokheni yoFikelelo.
Okokuqala kufuneka uye kuGoogle API console: , khetha isicelo esifunwayo kwaye kwicandelo leZiqinisekiso yenza isichongi se-OAuth yomxhasi. Apho (okanye kamva, kwiipropathi zesazisi esenziweyo) kufuneka uchaze iidilesi apho ukuhanjiswa kwakhona kuvunyelwe. Kwimeko yethu, ezi ziya kuba ziindwendwe ezininzi zasekhaya ezinamazibuko ahlukeneyo (jonga ngezantsi).
Ukwenza kube lula ngakumbi ukufunda i-algorithm yeskripthi, ungabonisa amanyathelo okuqala kumsebenzi owahlukileyo oza kubuyisela uFikelelo kunye nokuhlaziya iithokheni zesicelo:
$client_secret = 'Our Client Secret'
$client_id = 'Our Client ID'
function Get-GoogleAuthToken {
if (-not [System.Net.HttpListener]::IsSupported) {
"HttpListener is not supported."
exit 1
}
$codeverifier = -join ((65..90) + (97..122) + (48..57) + 45 + 46 + 95 + 126 |Get-Random -Count 60| % {[char]$_})
$hasher = new-object System.Security.Cryptography.SHA256Managed
$hashByteArray = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($codeverifier))
$base64 = ((([System.Convert]::ToBase64String($hashByteArray)).replace('=','')).replace('+','-')).replace('/','_')
$ports = @(10600,15084,39700,42847,65387,32079)
$port = $ports[(get-random -Minimum 0 -maximum 5)]
Write-Host "Start browser..."
Start-Process "https://accounts.google.com/o/oauth2/v2/auth?code_challenge_method=S256&code_challenge=$base64&access_type=offline&client_id=$client_id&redirect_uri=http://localhost:$port&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group"
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add("http://localhost:"+$port+'/')
try {$listener.Start()} catch {
"Unable to start listener."
exit 1
}
while (($code -eq $null)) {
$context = $listener.GetContext()
Write-Host "Connection accepted" -f 'mag'
$url = $context.Request.RawUrl
$code = $url.split('?')[1].split('=')[1].split('&')[0]
if ($url.split('?')[1].split('=')[0] -eq 'error') {
Write-Host "Error!"$code -f 'red'
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Error!"+$code)
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
exit 1
}
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Now you can close this browser tab.")
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -Body @{
code = $code
client_id = $client_id
client_secret = $client_secret
redirect_uri = 'http://localhost:'+$port
grant_type = 'authorization_code'
code_verifier = $codeverifier
}
$code = $null
Siseta i-ID yoMthengi kunye neMfihlo yoMthengi efunyenwe kwiipropati zomxhasi we-OAuth, kwaye isiqinisekisi sekhowudi luhlu lwamagama angama-43 ukuya kwi-128 ekufuneka iveliswe ngokungacwangciswanga kwiimpawu ezingagcinwanga: [AZ] / [az] / [0-9] / "-" / "." / "_" / "~".
Le khowudi iya kuthunyelwa kwakhona. Iphelisa ukuba sesichengeni apho umhlaseli anokuthi athintele impendulo ebuyisiwe njengokwalathiswa ngokutsha emva kogunyaziso lomsebenzisi.
Ungathumela umqinisekisi wekhowudi kwisicelo sangoku kwisicatshulwa esicacileyo (okwenza ukuba kungabi nantsingiselo - oku kulungele kuphela iinkqubo ezingaxhasi i-SHA256), okanye ngokudala i-hash usebenzisa i-algorithm ye-SHA256, ekufuneka ifakwe kwi-BASE64Url (eyahlukileyo ukusuka kwi-Base64 ngabalinganiswa ababini betafile) kunye nokususa iziphelo zomgca weempawu: =.
Emva koko, kufuneka siqale ukuphulaphula i-http kumatshini wendawo ukuze sifumane impendulo emva kokugunyazwa, eya kubuyiselwa njengendlela yokuqondisa kwakhona.
Imisebenzi yolawulo yenziwa kumncedisi okhethekileyo, asikwazi ukukhupha ukuba kungenzeka ukuba abalawuli abaninzi baqhube iskripthi ngaxeshanye, ngoko ke iya kukhetha ngokungakhethi izibuko lomsebenzisi wangoku, kodwa ndichaze izibuko ezichazwe kwangaphambili kuba kufuneka bongezwe njengoko bathenjiweyo kwi-API console.
access_type=ngaphandle kweintanethi kuthetha ukuba usetyenziso lunokuhlaziya uphawu oluphelelweyo ngokwalo ngaphandle kokunxibelelana komsebenzisi kunye nesikhangeli,
response_type=ikhowudi icwangcisa ifomathi yendlela ikhowudi eya kubuyiselwa ngayo (ireferensi yendlela yogunyaziso yakudala, xa umsebenzisi ekopa ikhowudi esuka kwisikhangeli kwiskripthi),
ububanzi ibonisa umda kunye nodidi lofikelelo. Mazahlulwe zizithuba okanye %20 (ngokungqinelana ne-URL Encoding). Uluhlu lweendawo zofikelelo ezineentlobo zinokubonwa apha: .
Emva kokufumana ikhowudi yokugunyazwa, isicelo siya kubuyisela umyalezo osondeleyo kwisikhangeli, uyeke ukuphulaphula kwi-port kwaye uthumele isicelo se-POST ukufumana ithokheni. Sibonisa kuyo i-id ekhankanyiweyo ngaphambili kunye nemfihlo evela kwi-console API, idilesi apho umsebenzisi aya kuphinda aqondiswe khona kwaye grant_type ngokuhambelana nemigaqo yomthetho.
Ekuphenduleni, siya kufumana ithokheni yoFikelelo, ixesha lokuqinisekiswa kwayo kwimizuzwana, kunye nethokheni yokuvuselela, apho sinokuhlaziya ithokheni yokuFikelela.
Isicelo kufuneka sigcine amathokheni kwindawo ekhuselekileyo kunye neshelufu ende, ngoko ke de sirhoxise ukufikelela okufunyenweyo, isicelo asiyi kubuyisela ithokheni yokuvuselela. Ekugqibeleni, ndongeze isicelo sokurhoxisa ithokheni; ukuba isicelo asigqitywanga ngempumelelo kwaye ithokheni yokuhlaziya ayizange ibuyiswe, iya kuqalisa inkqubo kwakhona (sikuthathele ingqalelo njengokungakhuselekanga ukugcina amathokheni kwindawo yendawo kwi-terminal, kwaye asizange siphumelele. 'ukufuna ukwenza nzima izinto nge-cryptography okanye ukuvula isikhangeli rhoqo).
do {
$token_result = Get-GoogleAuthToken
$token = $token_result.access_token
if ($token_result.refresh_token -eq $null) {
Write-Host ("Session is not destroyed. Revoking token...")
Invoke-WebRequest -Uri ("https://accounts.google.com/o/oauth2/revoke?token="+$token)
}
} while ($token_result.refresh_token -eq $null)
$refresh_token = $token_result.refresh_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Hour)
minute = $minute
}
Njengoko sele uqaphele, xa urhoxisa ithokheni, i-Invoke-WebRequest isetyenziswa. Ngokungafaniyo ne-Invoke-RestMethod, ayibuyiseli idatha efunyenweyo ngendlela esebenzisekayo kwaye ibonisa ubume besicelo.
Emva koko, iskripthi sikucela ukuba ufake igama lomsebenzisi kunye nefani yokugqibela, uvelisa igama lokungena + i-imeyile.
Izicelo
Izicelo ezilandelayo ziya kuba - okokuqala kuzo zonke, kufuneka ujonge ukuba ngaba umsebenzisi onokungena okufanayo sele ekhona ukuze ufumane isigqibo sokwenza entsha okanye ukwenza ekhoyo.
Ndagqiba ekubeni ndiphumeze zonke izicelo kwifomathi yomsebenzi omnye ngokhetho, usebenzisa iswitshi:
function GoogleQuery {
param (
$type,
$query
)
switch ($type) {
"SearchAccount" {
Return Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body @{
domain = 'rocketguys.com'
query = "email:$query"
}
}
"UpdateAccount" {
$body = @{
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Put -Uri ("https://www.googleapis.com/admin/directory/v1/users/"+$query['email']) -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"CreateAccount" {
$body = @{
primaryEmail = $query['email']
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"AddMember" {
$body = @{
userKey = $query['email']
}
$ifrequest = Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/groups" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body $body
$array = @()
foreach ($group in $ifrequest.groups) {$array += $group.email}
if ($array -notcontains $query['groupkey']) {
$body = @{
email = $query['email']
role = "MEMBER"
}
Return Invoke-RestMethod -Method Post -Uri ("https://www.googleapis.com/admin/directory/v1/groups/"+$query['groupkey']+"/members") -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
} else {
Return ($query['email']+" now is a member of "+$query['groupkey'])
}
}
}
}Kwisicelo ngasinye, kufuneka uthumele i-header yoGunyaziso equlethe uhlobo lwethokheni kunye nethokheni yoFikelelo ngokwayo. Okwangoku, uhlobo lwethokheni luhlala luMthwali. Ngokuba kufuneka sijonge ukuba uphawu aluphelelwanga kwaye luhlaziye emva kweyure ukusuka ngexesha lokukhutshwa kwalo, ndichaze isicelo somnye umsebenzi obuyisela uphawu loFikelelo. Iqhekeza elifanayo lekhowudi lisekuqaleni kweskripthi xa ufumana ithokheni yoFikelelo yokuqala:
function Get-GoogleToken {
if (((Get-date).Hour -gt $token_expire.hour) -or (((Get-date).Hour -ge $token_expire.hour) -and ((Get-date).Minute -gt $token_expire.minute))) {
Write-Host "Token Expired. Refreshing..."
$request = (Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -ContentType 'application/x-www-form-urlencoded' -Body @{
client_id = $client_id
client_secret = $client_secret
refresh_token = $refresh_token
grant_type = 'refresh_token'
})
$token = $request.access_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$script:token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Hour)
minute = $minute
}
}
return $token
}Ijonga indawo yokungena ukuba ikhona:
function Check_Google {
$query = (GoogleQuery 'SearchAccount' $username)
if ($query.users -ne $null) {
$user = $query.users[0]
Write-Host $user.name.fullName' - '$user.PrimaryEmail' - suspended: '$user.Suspended
$GAresult = $user
}
if ($GAresult) {
$return = $GAresult
} else {$return = 'gg'}
return $return
}I-imeyile:isicelo sombuzo siya kucela i-API ukuba ikhangele umsebenzisi one-imeyile kanye, kuquka neziteketiso. Unokusebenzisa i-wildcard: =, :, :{PREFIX}*.
Ukufumana idatha, sebenzisa indlela yokucela i-GET, ukufaka idatha (ukudala i-akhawunti okanye ukongeza ilungu kwiqela) - I-POST, ukuhlaziya idatha ekhoyo - PUT, ukucima irekhodi (umzekelo, ilungu kwiqela) - CIMA.
Iskripthi siya kucela kwakhona inombolo yefowuni (umtya ongavumelekanga) kunye nokubandakanywa kwiqela lokusabalalisa lengingqi. Ithatha isigqibo sokuba yeyiphi iyunithi yombutho ekufuneka umsebenzisi abenayo ngokusekwe kuluhlu olukhethiweyo lwe-Active Directory OU kwaye iza negama lokugqitha:
do {
$phone = Read-Host "Π’Π΅Π»Π΅ΡΠΎΠ½ Π² ΡΠΎΡΠΌΠ°ΡΠ΅ +7Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
Ρ
"
} while (-not $phone)
do {
$moscow = Read-Host "Π ΠΠΎΡΠΊΠΎΠ²ΡΠΊΠΈΠΉ ΠΎΡΠΈΡ? (y/n) "
} while (-not (($moscow -eq 'y') -or ($moscow -eq 'n')))
$orgunit = '/'
if ($OU -like "*OU=Delivery,OU=Users,OU=ROOT,DC=rocket,DC=local") {
Write-host "ΠΡΠ΄Π΅Ρ ΡΠΎΠ·Π΄Π°Π½Π° Π² /Team delivery"
$orgunit = "/Team delivery"
}
$Password = -join ( 48..57 + 65..90 + 97..122 | Get-Random -Count 12 | % {[char]$_})+"*Ba"
Kwaye ke uqala ukukhohlisa iakhawunti:
$query = @{
email = $email
givenName = $firstname
familyName = $lastname
password = $password
phone = $phone
orgunit = $orgunit
}
if ($GMailExist) {
Write-Host "ΠΠ°ΠΏΡΡΠΊΠ°Π΅ΠΌ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠ΅ Π°ΠΊΠΊΠ°ΡΠ½ΡΠ°" -f mag
(GoogleQuery 'UpdateAccount' $query) | fl
write-host "ΠΠ΅ Π·Π°Π±ΡΠ΄Ρ ΠΏΡΠΎΠ²Π΅ΡΠΈΡΡ Π³ΡΡΠΏΠΏΡ Ρ Π²ΠΊΠ»ΡΡΠ΅Π½Π½ΠΎΠ³ΠΎ $Username Π² Google."
} else {
Write-Host "ΠΠ°ΠΏΡΡΠΊΠ°Π΅ΠΌ ΡΠΎΠ·Π΄Π°Π½ΠΈΠ΅ Π°ΠΊΠΊΠ°ΡΠ½ΡΠ°" -f mag
(GoogleQuery 'CreateAccount' $query) | fl
}
if ($moscow -eq "y"){
write-host "ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ Π² Π³ΡΡΠΏΠΏΡ moscowoffice"
$query = @{
groupkey = '[email protected]'
email = $email
}
(GoogleQuery 'AddMember' $query) | fl
}
Imisebenzi yokuhlaziya kunye nokudala i-akhawunti ine-syntax efanayo; ayizizo zonke iindawo ezongezelelweyo ezifunekayo; kwicandelo elinamanani eefowuni, kufuneka uchaze uluhlu olunokuthi luqulathe irekhodi enye kunye nenombolo kunye nohlobo lwayo.
Ukuze ungafumani mpazamo xa usongeza umsebenzisi kwiqela, sinokuqala sijonge ukuba sele elilungu leqela ngokufumana uluhlu lwamalungu eqela okanye ukwakheka kumsebenzisi ngokwakhe.
Ukubuza ubulungu beqela lomsebenzisi othile akuyi kuphinda kuphindeke kwaye kuya kubonisa kuphela ubulungu obuthe ngqo. Ukuquka umsebenzisi kwiqela labazali esele lineqela labantwana umsebenzisi alilungu liya kuphumelela.
isiphelo
Ekuphela kwento eseleyo kukuthumela umsebenzisi igama eligqithisiweyo leakhawunti entsha. Senza oku nge-SMS, kwaye sithumela ulwazi oluqhelekileyo kunye nemiyalelo kunye nokungena kwi-imeyile yomntu, leyo, kunye nenombolo yefowuni, yanikezelwa lisebe lokuqasha. Njengenye indlela, unokonga imali kwaye uthumele igama eliyimfihlo kwingxoxo yetelegram eyimfihlo, enokuthi ithathelwe ingqalelo into yesibini (iMacBooks iya kuba yinto engafaniyo).
Enkosi ngokufunda kude kube sekupheleni. Ndiya kuvuya ukubona iingcebiso zokuphucula indlela yokubhala amanqaku kwaye ndinqwenela ukuba ubambe iimpazamo ezimbalwa xa ubhala izikripthi =)
Uluhlu lwamakhonkco anokuba luncedo ngokwemixholo okanye ngokulula aphendule imibuzo:
umthombo: www.habr.com