ืื!
ืืขืจ ืึทืจืืืงื ืืืขื ืืึทืฉืจืืึทืื ืื ืืืคึผืืึทืืขื ืืืืฉืึทื ืคืื PowerShell ืื ืืขืจืึทืงืฉืึทื ืืื ืื Google API ืฆื ืืึทื ืืคึผืืืืจื G Suite ืืืืขืจื.
ืืืจ ื ืืฆื ืขืืืขืืข ืื ืขืจืืขื ืืื ืืืึธืืงื ืืึทืืื ืื ืืก ืึทืจืืืขืจ ืื ืึธืจืืึทื ืืืึทืฆืืข. ืฆืื ืืขืจืกืื, ืืขืจ ืืขืจืืืืืขื ืืฉ ืืื ืืื ืงืืื ืึทืจืึธืคึผ ืฆื Google ืึธืืขืจ ืึทืงืืืืืข Directory, ืฆืืืืฉื ืืืึธืก ืืืจ ืงืขื ืขื ื ืืฉื ืืึทืืื ืึท ืจืขืคึผืืืงืข; ืึทืงืึธืจืืื ืืื, ืืืขื ืึท ื ืืึทืข ืึธื ืืขืฉืืขืืืขืจ ืคืึทืจืืึธืื, ืืืจ ืืึทืจืคึฟื ืฆื ืฉืึทืคึฟื / ืืขืื ืึท ืืฉืืื ืืื ืื ืฆืืืื ืกืืกืืขืืขื. ืฆื ืึธืืึทืืืื ืืขื ืคึผืจืึธืฆืขืก, ืืืจ ืืึทืฉืืึธืกื ืฆื ืฉืจืืึทืื ืึท ืฉืจืืคื ืืืึธืก ืงืึทืืขืงืฅ ืืื ืคึฟืึธืจืืึทืฆืืข ืืื ืกืขื ืื ืขืก ืฆื ืืืืืข ืืึทืืื ืื ืืก.
ืืขืจืืืืืขื ืืฉ
ืืืขื ืื ืจืขืงืืืืจืขืืขื ืฅ, ืืืจ ืืึทืฉืืึธืกื ืฆื ื ืืฆื ืคืึทืงืืืฉ ืืขื ืืฉ ืึทืืืื ืืกืืจืึทืืึธืจืก ืคึฟืึทืจ ืืขืจืืืืืขื ืืฉ; ืืึธืก ืกืืืคึผืืึทืคืืื ืื ืึทื ืึทืืืกืืก ืคืื ืึทืงืฉืึทื ื ืืื ืคืึทื ืคืื ืึทืงืกืึทืืขื ืืึทื ืึธืืขืจ ืื ืืขื ืฉืึทื ืึทื ืืึทืกืืื ืขื ืืขืจืื ืืขื.
Google ืึทืคึผืืก ื ืืฆื ืื OAuth 2.0 ืคึผืจืึธืืึธืงืึธื ืคึฟืึทืจ ืึธืืขื ืืึทืงืืืฉืึทื ืืื ืืขืจืืืืืขื ืืฉ. ื ืืฆื ืงืึทืกืขืก ืืื ืืขืจ ืืืืืืื ืืืกืงืจืืคึผืฉืึทื ื ืงืขื ืขื ืืืื ืืขืคึฟืื ืขื ืืึธ:
ืืื ืืืืกืืขืจืืืืืื ืื ืฉืจืืคื ืืืึธืก ืืื ืืขื ืืฆื ืคึฟืึทืจ ืืขืจืืืืืขื ืืฉ ืืื ืืขืกืงืืึทืคึผ ืึทืคึผืืึทืงืืืฉืึทื ื. ืขืก ืืื ืืืื ืึทื ืึธืคึผืฆืืข ืฆื ื ืืฆื ืึท ืืื ืกื ืืฉืืื, ืืืึธืก ืืื ื ืืฉื ืืึทืจืคื ืืื ืืืืืง ืืืืืืึทื ืฅ ืคืื ืื ืืึทื ืืฆืขืจ.
ืื ืืืื ืืื ืื ืืื ืึท ืกืืขืืึทืืืฉ ืืึทืฉืจืืึทืืื ื ืคืื ืื ืืืืกืืขืงืืืื ืกืฆืขื ืึทืจ ืคืื ืื Google ืืืึทื.
- ืขืจืฉืืขืจ, ืืืจ ืฉืืงื ืืขื ืืึทื ืืฆืขืจ ืฆื ืื Google ืึทืงืึทืื ื ืึธืืขื ืืึทืงืืืฉืึทื ืืืึทื, ืกืคึผืขืฆืืคืืฆืืจื GET ืคึผืึทืจืึทืืขืืขืจืก:
- ืึทืคึผืืึทืงืืืฉืึทื ืฉืืึทื
- ืืขืืืื ืฆื ืืืึธืก ืื ืึทืคึผืืึทืงืืืฉืึทื ืืึทืจืฃ ืึทืงืกืขืก
- ืื ืึทืืจืขืก ืฆื ืืืึธืก ืืขืจ ืืึทื ืืฆืขืจ ืืืขื ืืืื ืจืืืขืจืขืงืืื ื ืึธื ืงืึทืืคึผืืืืื ื ืื ืคึผืจืึธืฆืขืืืจ
- ืื ืืืขื ืืืจ ืืืขืื ืืขืจืืืึทื ืืืงื ืื ืกืืืขื
- ืืืืขืจืืืึทื ืงืึธื
- ืืืขืจืึทืคืึทืงืืืฉืึทื ืงืึธื ืืจืึทื ืกืืืกืืข ืคึฟืึธืจืืึทื
- ื ืึธื ืืขืจืืืืืขื ืืฉ ืืื ืืขืขื ืืืงื, ืืขืจ ืืึทื ืืฆืขืจ ืืืขื ืืืื ืจืืืขืจืขืงืืื ืฆื ืื ืืืึทื ืกืคึผืขืกืืคืืขื ืืื ืืขืจ ืขืจืฉืืขืจ ืืขืื, ืืื ืึท ืืขืืช ืึธืืขืจ ืืขืจืืืืืขื ืืฉ ืงืึธื ืืืจืืืขืืื ืืขื ืืืจื GET ืคึผืึทืจืึทืืขืืขืจืก
- ืื ืึทืคึผืืึทืงืืืฉืึทื (ืฉืจืืคื) ืืืขื ืืึทืจืคึฟื ืฆื ืืึทืงืืืขื ืื ืคึผืึทืจืึทืืขืืขืจืก ืืื, ืืืื ืืืงืืืขื ืื ืงืึธื, ืืึทืื ืื ืคืืืืขื ืืข ืืขืื ืฆื ืืึทืงืืืขื ืืึธืงืขื ืก
- ืืืื ืื ืืงืฉื ืืื ืจืืืืืง, ืื Google API ืงืขืจื:
- ืึทืงืกืขืก ืกืืืขื ืืื ืืืึธืก ืืืจ ืงืขื ืขื ืืึทืื ืจืืงืืืขืก
- ืื ืืืืืืงืืึทื ืฆืืึทื ืคืื ืืขื ืกืืืขื
- ืืขืจืคืจืืฉื ืืึธืงืขื ืคืืจืืื ืื ืฆื ืืขืจืคืจืืฉื ืื ืึทืงืกืขืก ืกืืืขื.
ืขืจืฉืืขืจ ืืืจ ืืึทืจืคึฟื ืฆื ืืืื ืฆื ืื Google API ืงืึทื ืกืึธืื:
ืฆื ืืึทืื ืขืก ืืขืจ ืืึทืงืืืขื ืฆื ืืืืขื ืขื ืื ืฉืจืืคื ืึทืืืขืจืืืึทื, ืืืจ ืงืขื ืขื ืืืืึทืื ืื ืขืจืฉืืขืจ ืกืืขืคึผืก ืืื ืึท ืืึทืืื ืืขืจ ืคืื ืงืฆืืข ืืืึธืก ืืืขื ืฆืืจืืงืงืืืขื ืึทืงืกืขืก ืืื ืืขืจืคืจืืฉื ืืึธืงืขื ืก ืคึฟืึทืจ ืื ืึทืคึผืืึทืงืืืฉืึทื:
$client_secret = 'Our Client Secret'
$client_id = 'Our Client ID'
function Get-GoogleAuthToken {
if (-not [System.Net.HttpListener]::IsSupported) {
"HttpListener is not supported."
exit 1
}
$codeverifier = -join ((65..90) + (97..122) + (48..57) + 45 + 46 + 95 + 126 |Get-Random -Count 60| % {[char]$_})
$hasher = new-object System.Security.Cryptography.SHA256Managed
$hashByteArray = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($codeverifier))
$base64 = ((([System.Convert]::ToBase64String($hashByteArray)).replace('=','')).replace('+','-')).replace('/','_')
$ports = @(10600,15084,39700,42847,65387,32079)
$port = $ports[(get-random -Minimum 0 -maximum 5)]
Write-Host "Start browser..."
Start-Process "https://accounts.google.com/o/oauth2/v2/auth?code_challenge_method=S256&code_challenge=$base64&access_type=offline&client_id=$client_id&redirect_uri=http://localhost:$port&response_type=code&scope=https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.group"
$listener = New-Object System.Net.HttpListener
$listener.Prefixes.Add("http://localhost:"+$port+'/')
try {$listener.Start()} catch {
"Unable to start listener."
exit 1
}
while (($code -eq $null)) {
$context = $listener.GetContext()
Write-Host "Connection accepted" -f 'mag'
$url = $context.Request.RawUrl
$code = $url.split('?')[1].split('=')[1].split('&')[0]
if ($url.split('?')[1].split('=')[0] -eq 'error') {
Write-Host "Error!"$code -f 'red'
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Error!"+$code)
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
exit 1
}
$buffer = [System.Text.Encoding]::UTF8.GetBytes("Now you can close this browser tab.")
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length)
$context.Response.OutputStream.Close()
$listener.Stop()
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -Body @{
code = $code
client_id = $client_id
client_secret = $client_secret
redirect_uri = 'http://localhost:'+$port
grant_type = 'authorization_code'
code_verifier = $codeverifier
}
$code = $null
ืืืจ ืฉืืขืื ืื ืงืืืขื ื ืฉืืึทื ืืื ืงืืืขื ื ืกืื ืืืงืืืขื ืืื ืื OAuth ืงืืืขื ื ืืืืขื ืึทืคืืื ืคึผืจืึธืคึผืขืจืืืขืก, ืืื ืื ืงืึธื ืืืขืจืึทืคืืืขืจ ืืื ืึท ืฉืืจืืงื ืคืื 43 ืฆื 128 ืืืชืืืช ืืืึธืก ืืืื ืืืื ืจืึทื ืืึทืืื ืืืฉืขื ืขืจืืืืึทื ืคึฟืื ืึทื ืจืืืขืจืืื ืืืชืืืช: [AZ] / [ืึทื] / [0-9] / "-" / "." / "_" / "~".
ืืขืจ ืงืึธื ืืืขื ืืขืืึธืื ืืืื ืืจืึทื ืกืืืืืขื ืืืืืขืจ. ืขืก ืืืืืึทื ืืืฅ ืื ืืืึทืื ืขืจืึทืืืืืื ืืื ืืืึธืก ืึท ืึทืืึทืงืขืจ ืงืขื ืื ืืขืจืกืขืคึผื ืึท ืขื ืืคืขืจ ืืืืืขืงืขืจื ืืื ืึท ืจืืืขืจืขืงื ื ืึธื ืืึทื ืืฆืขืจ ืืขืจืืืืืขื ืืฉ.
ืืืจ ืงืขื ืขื ืฉืืงื ืึท ืงืึธื ืืืขืจืืคืืืขืจ ืืื ืืขื ืงืจืึทื ื ืืขืื ืืื ืงืืึธืจ ืืขืงืกื (ืืืึธืก ืืืื ืขืก ืืื ืื ืืืึทืก - ืืึธืก ืืื ืืืืื ืคึผืึทืกืืง ืคึฟืึทืจ ืกืืกืืขืืขื ืืืึธืก ืืึธื ื ืื ืฉืืืฆื SHA256), ืึธืืขืจ ืืืจื ืงืจืืืืืื ื ืึท ืืึทืฉ ืืื ืื SHA256 ืึทืืืขืจืืืึทื, ืืืึธืก ืืืื ืืืื ืขื ืงืึธืืืื ืืื BASE64Url (ืืืคืขืจืขื ืืื). ืคึฟืื Base64 ืืืจื ืฆืืืื ืืืฉ ืืืชืืืช) ืืื ืจืืืืืืื ื ืื ืืึทืจืึทืงืืขืจ ืฉืืจื ืขื ืืื ืื: =.
ืืขืจื ืึธื, ืืืจ ืืึทืจืคึฟื ืฆื ืึธื ืืืืื ืฆืืืขืืขืจื ืฆื http ืืืืฃ ืื ืืืืข ืืึทืฉืื ืฆื ืืึทืงืืืขื ืึท ืขื ืืคืขืจ ื ืึธื ืืขืจืืืืืขื ืืฉ, ืืืึธืก ืืืขื ืืืื ืืืืืขืงืขืจื ืืื ืึท ืจืืืขืจืขืงื.
ืึทืืืื ืืกืืจืึทืืืืืข ืืึทืกืงืก ืืขื ืขื ืืืจืืืขืงืึธืื ืืืืฃ ืึท ืกืคึผืขืฆืืขื ืกืขืจืืืขืจ, ืืืจ ืงืขื ืขื ื ืืฉื ืืืกืฉืืืกื ืื ืืขืืืขืืงืืื ืึทื ืขืืืขืืข ืึทืืืื ืืกืืจืึทืืึธืจืก ืืืขืื ืืืืคื ืื ืฉืจืืคื ืืื ืืขืจ ืืขืืืืงืขืจ ืฆืืื, ืึทืืื ืขืก ืืืขื ืจืึทื ืืึทืืื ืืืืกืงืืืึทืื ืึท ืคึผืึธืจื ืคึฟืึทืจ ืืขื ืงืจืึทื ื ืืึทื ืืฆืขืจ, ืึธืืขืจ ืืื ืกืคึผืขืกืืคืืขื ืคึผืจืขืืขืคืื ืขื ืคึผืึธืจืฅ ืืืืึทื ืืื ืืืื ืืืื ืืืื ืืืกืืฃ ืืื ืืจืึทืกืืื ืืื ืื ืึทืคึผื ืงืึทื ืกืึธืื.
access_type=ืึธืคืคืืื ืข ืืืื ืึทื ืื ืึทืคึผืืึทืงืืืฉืึทื ืงืขื ืขื ืืขืจืืืึทื ืืืงื ืึทื ืืืืกืืขืืื ืืขื ืกืืืขื ืืืืฃ ืืื ืึธื ืืึทื ืืฆืขืจ ืื ืืขืจืึทืงืฉืึทื ืืื ืืขื ืืืขืืขืจืขืจ,
ืจืขืกืคึผืึธื ืกืข_ืืืคึผ = ืงืึธื ืฉืืขืื ืืขื ืคึฟืึธืจืืึทื ืคืื ืืื ืืขืจ ืงืึธื ืืืขื ืืืื ืืืืืขืงืขืจื (ืึท ืจืขืคึฟืขืจืขื ืฅ ืฆื ืื ืึทืื ืืขืจืืืืืขื ืืฉ ืืืคึฟื, ืืืขื ืืขืจ ืืึทื ืืฆืขืจ ืงืึทืคึผืื ืื ืงืึธื ืคืื ืืขื ืืืขืืขืจืขืจ ืืื ืื ืฉืจืืคื),
ืคืึทืจื ืขื ืื ืืืงืืืฅ ืื ืคืึทืจื ืขื ืืื ืืืคึผ ืคืื ืึทืงืกืขืก. ืืื ืืืื ืืืื ืืคืืขืฉืืืื ืืืจื ืกืคึผืืืกืึทื ืึธืืขืจ% 20 (ืืืื URL ืงืึธืืืจืื ื). ื ืจืฉืืื ืคืื ืึทืงืกืขืก ืืขืืืื ืืื ืืืืคึผืก ืงืขื ืขื ืืืื ืืขืืขื ืืึธ:
ื ืึธื ืืืงืืืขื ืื ืืขืจืืืืืขื ืืฉ ืงืึธื, ืื ืึทืคึผืืึทืงืืืฉืึทื ืืืขื ืฆืืจืืงืงืืืขื ืึท ื ืึธืขื ื ืึธื ืืึธื ืฆื ืืขื ืืืขืืขืจืขืจ, โโืืึทืืื ืฆืืืขืืขืจื ืืื ืื ืคึผืึธืจื ืืื ืฉืืงื ืึท POST ืืขืื ืฆื ืืึทืงืืืขื ืืขื ืกืืืขื. ืืืจ ืึธื ืืืืึทืื ืืื ืขืก ืื ืคืจืืขืจ ืกืคึผืขืกืืคืืขื ืฉืืึทื ืืื ืกืื ืคืื ืื ืงืึทื ืกืึธืื ืึทืคึผื, ืื ืึทืืจืขืก ืฆื ืืืึธืก ืืขืจ ืืึทื ืืฆืขืจ ืืืขื ืืืื ืจืืืขืจืขืงืืื ืืื ืืจืึทื ื_ืืืคึผืข ืืื ืืืื ืืื ืื ืคึผืจืึธืืึธืงืึธื ืืึทืฉืจืืึทืืื ื.
ืืื ืขื ืืคืขืจ, ืืืจ ืืืขืื ืืึทืงืืืขื ืึทื ืึทืงืกืขืก ืกืืืขื, ืืืื ืืืืืืงืืึทื ืฆืืึทื ืืื ืกืขืงืื ืืขืก, ืืื ืึท ืจืขืคืจืขืฉ ืกืืืขื, ืืื ืืืึธืก ืืืจ ืงืขื ืขื ืืขืจืืืึทื ืืืงื ืื ืึทืงืกืขืก ืกืืืขื.
ืื ืึทืคึผืืึทืงืืืฉืึทื ืืืื ืงืจืึธื ืืึธืงืขื ืก ืืื ืึท ืืืืขืจ ืคึผืืึทืฅ ืืื ืึท ืืึทื ื ืคึผืึธืืืฆืข ืืขืื, ืึทืืื ืืื ืืืจ ืึธืคึผืจืืคื ืื ืึทืงืกืขืก ืืืงืืืขื, ืื ืึทืคึผืืึทืงืืืฉืึทื ืืืขื ื ืืฉื ืฆืืจืืงืงืืืขื ืื ืืขืจืคืจืืฉื ืืึธืงืขื. ืืื ืื ืกืืฃ, ืืื ืฆืืืขืืขืื ืึท ืืงืฉื ืฆื ืึธืคึผืจืืคื ืื ืกืืืขื; ืืืื ืื ืึทืคึผืืึทืงืืืฉืึทื ืืื ื ืืฉื ืืฆืืื ืืขืขื ืืืงื ืืื ืื ืืขืจืคืจืืฉื ืกืืืขื ืืื ื ืืฉื ืืืืืขืงืขืจื, ืขืก ืืืขื ืึธื ืืืืื ืื ืคึผืจืึธืฆืขืืืจ ืืืืืขืจ (ืืืจ ืืึธืื ืืขืืืืื ืขืก ืึทื ืกืืืฃ ืฆื ืงืจืึธื ืืึธืงืขื ืก ืืึธืืงืึทืื ืืืืฃ ืื ืืืึธืงืืึทื, ืืื ืืืจ ืืึธื ื ืืฉื ืืืขืื ืฆื ืงืึธืืคึผืืืฆืืจื ืืื ืื ืืื ืงืจืืคึผืืึธืืจืึทืคื ืึธืืขืจ ืึธืคื ืขืคืขื ืขื ืืขื ืืืขืืขืจืขืจ).
do {
$token_result = Get-GoogleAuthToken
$token = $token_result.access_token
if ($token_result.refresh_token -eq $null) {
Write-Host ("Session is not destroyed. Revoking token...")
Invoke-WebRequest -Uri ("https://accounts.google.com/o/oauth2/revoke?token="+$token)
}
} while ($token_result.refresh_token -eq $null)
$refresh_token = $token_result.refresh_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($token_result.expires_in))))+((Get-date).Hour)
minute = $minute
}
ืืื ืืืจ ืฉืืื ืืืืขืจืงื, ืืืขื ืจืืืืึธืืงืื ื ืึท ืกืืืขื, Invoke-WebRequest ืืื ืืขื ืืฆื. ื ืื ืขื ืืขื Invoke-RestMethod, ืขืก ืงืขื ื ืืฉื ืฆืืจืืงืงืืืขื ืื ืืืงืืืขื ืืึทืื ืืื ืึท ื ืืฆืืขื ืคึฟืึธืจืืึทื ืืื ืืืืึทืื ืื ืกืืึทืืืก ืคืื ืื ืืขืื.
ืืขืจื ืึธื, ืืขืจ ืฉืจืืคื ืคืจืขืื ืืืจ ืฆื ืึทืจืืึทื ืื ืขืจืฉืืขืจ ืืื ืืขืฆืืข ื ืึธืืขื ืคืื ืื ืืึทื ืืฆืขืจ, ืืืฉืขื ืขืจืืืืื ื ืึท ืืึธืืื + ืืืืฆืคึผืึธืกื.
ืจืืงืืืขืก
ืืขืจ ืืืืึทืืขืจ ืจืืงืืืขืก ืืืขื ืืืื - ืขืจืฉืืขืจ ืคืื ืึทืืข, ืืืจ ืืึทืจืคึฟื ืฆื ืงืึธื ืืจืึธืืืจื ืฆื ืึท ืืึทื ืืฆืขืจ ืืื ืืขืจ ืืขืืืืงืขืจ ืืึธืืื ืฉืืื ืืืืืกืฅ ืฆื ืืึทืงืืืขื ืึท ืืึทืฉืืืก ืฆื ืฉืึทืคึฟื ืึท ื ืืึทืข ืึธืืขืจ ืืขืื ืืขื ืงืจืึทื ื.
ืืื ืืึทืฉืืึธืกื ืฆื ืื ืกืืจืืืขื ื ืึทืืข ืจืืงืืืขืก ืืื ืื ืคึฟืึธืจืืึทื ืคืื ืืืื ืคืื ืงืฆืืข ืืื ืึท ืกืขืืขืงืฆืืข, ื ืืฆื ืืึทืฉืืืืขื:
function GoogleQuery {
param (
$type,
$query
)
switch ($type) {
"SearchAccount" {
Return Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body @{
domain = 'rocketguys.com'
query = "email:$query"
}
}
"UpdateAccount" {
$body = @{
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Put -Uri ("https://www.googleapis.com/admin/directory/v1/users/"+$query['email']) -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"CreateAccount" {
$body = @{
primaryEmail = $query['email']
name = @{
givenName = $query['givenName']
familyName = $query['familyName']
}
suspended = 'false'
password = $query['password']
changePasswordAtNextLogin = 'true'
phones = @(@{
primary = 'true'
value = $query['phone']
type = "mobile"
})
orgUnitPath = $query['orgunit']
}
Return Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/admin/directory/v1/users" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
}
"AddMember" {
$body = @{
userKey = $query['email']
}
$ifrequest = Invoke-RestMethod -Method Get -Uri "https://www.googleapis.com/admin/directory/v1/groups" -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body $body
$array = @()
foreach ($group in $ifrequest.groups) {$array += $group.email}
if ($array -notcontains $query['groupkey']) {
$body = @{
email = $query['email']
role = "MEMBER"
}
Return Invoke-RestMethod -Method Post -Uri ("https://www.googleapis.com/admin/directory/v1/groups/"+$query['groupkey']+"/members") -Headers @{Authorization = "Bearer "+(Get-GoogleToken)} -Body (ConvertTo-Json $body) -ContentType 'application/json; charset=utf-8'
} else {
Return ($query['email']+" now is a member of "+$query['groupkey'])
}
}
}
}
ืืื ืืขืืขืจ ืืงืฉื, ืืืจ ืืึทืจืคึฟื ืฆื ืฉืืงื ืึทื ืืืืืึธืจืืืึทืืืึธื ืืขืืขืจ ืืื ืื ืกืืืขื ืืืคึผ ืืื ืื ืึทืงืกืขืก ืกืืืขื ืืื. ืืขืจืืืืึทื, ืื ืกืืืขื ืืืคึผ ืืื ืฉืืขื ืืืง ืืจืขืืขืจ. ืืืืึทื ืืืจ ืืึทืจืคึฟื ืฆื ืงืึธื ืืจืึธืืืจื ืึทื ืื ืกืืืขื ืืื ื ืืฉื ืืืืกืืขืืื ืืขื ืืื ืืขืจืืืึทื ืืืงื ืขืก ื ืึธื ืึท ืฉืขื ืคืื ืืขื ืืึธืืขื ื ืขืก ืืื ืืจืืืก, ืืื ืกืคึผืขืฆืืคืืฆืืจื ืึท ืืงืฉื ืคึฟืึทืจ ืื ืื ืืขืจ ืคึฟืื ืงืฆืืข ืืืึธืก ืงืขืจื ืึทื ืึทืงืกืขืก ืกืืืขื. ืืขืจ ืืขืืืืงืขืจ ืฉืืืง ืคืื ืงืึธื ืืื ืืื ืื ืึธื ืืืื ืคืื ืื ืฉืจืืคื ืืืขื ืืืจ ืืึทืงืืืขื ืื ืขืจืฉืืขืจ ืึทืงืกืขืก ืกืืืขื:
function Get-GoogleToken {
if (((Get-date).Hour -gt $token_expire.hour) -or (((Get-date).Hour -ge $token_expire.hour) -and ((Get-date).Minute -gt $token_expire.minute))) {
Write-Host "Token Expired. Refreshing..."
$request = (Invoke-RestMethod -Method Post -Uri "https://www.googleapis.com/oauth2/v4/token" -ContentType 'application/x-www-form-urlencoded' -Body @{
client_id = $client_id
client_secret = $client_secret
refresh_token = $refresh_token
grant_type = 'refresh_token'
})
$token = $request.access_token
$minute = ([int]("{0:mm}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Minute)-2
if ($minute -lt 0) {$minute += 60}
elseif ($minute -gt 59) {$minute -=60}
$script:token_expire = @{
hour = ([int]("{0:hh}" -f ([timespan]::fromseconds($request.expires_in))))+((Get-date).Hour)
minute = $minute
}
}
return $token
}
ืงืึธื ืืจืึธืืืจื ืื ืืึธืืื ืคึฟืึทืจ ืขืงืืืกืืขื ืฅ:
function Check_Google {
$query = (GoogleQuery 'SearchAccount' $username)
if ($query.users -ne $null) {
$user = $query.users[0]
Write-Host $user.name.fullName' - '$user.PrimaryEmail' - suspended: '$user.Suspended
$GAresult = $user
}
if ($GAresult) {
$return = $GAresult
} else {$return = 'gg'}
return $return
}
ืื E- ืืจืืื: $ ืึธื ืคึฟืจืขื ืืขืื ืืืขื ืืขืื ืื ืึทืคึผื ืฆื ืืืื ืึท ืืึทื ืืฆืขืจ ืืื ืคึผืื ืงื ืืขื E- ืืจืืื, ืึทืจืืึทื ืืขืจืขืื ื ืืืืืึทืกืื. ืืืจ ืงืขื ื ืืืื ื ืืฆื ืืืืืืงืึทืจื: =, :, :{ืคึผืจืขืคืืงืก}*.
ืฆื ืงืจืืื ืืึทืื, ื ืืฆื ืื GET ืืขืื ืืืคึฟื, ืฆื ืึทืจืืึทื ืืืืื ืืึทืื (ืฉืึทืคื ืึท ืืฉืืื ืึธืืขืจ ืึทืืื ื ืึท ืืืืืืื ืฆื ืึท ืืจืืคึผืข) - POST, ืฆื ืืขืจืืืึทื ืืืงื ืืืืืกืืื ื ืืึทืื - PUT, ืฆื ืืืกืืขืงื ืึท ืจืขืงืึธืจื (ืืืฉื, ืึท ืืืืืืื ืคืื ืึท ืืจืืคึผืข) - ืืืกืืขืงื.
ืืขืจ ืฉืจืืคื ืืืขื ืืืื ืืขืื ืึท ืืขืืขืคืึธื ื ืืืขืจ (ืึทื ืึทื ืืืึทืืึทืืืืืื ืฉืืจืืงื) ืืื ืื ืงืืืืฉืึทื ืืื ืึท ืจืขืืืึธื ืึทื ืคืึทืจืฉืคึผืจืืืืื ื ืืจืืคึผืข. ืขืก ืืืกืืืื ืืืึธืก ืึธืจืืึทื ืึทืืืืฉืึทื ืึทื ืึทืคึผืึทืจืึทื ืืขืจ ืืึทื ืืฆืขืจ ืืึธื ืืึธืื ืืืืืจื ืืืืฃ ืื ืืืืกืืขืงืืืื Active Directory OU ืืื ืงืืื ืืื ืึท ืคึผืึทืจืึธื:
do {
$phone = Read-Host "ะขะตะปะตัะพะฝ ะฒ ัะพัะผะฐัะต +7ั
ั
ั
ั
ั
ั
ั
ั
"
} while (-not $phone)
do {
$moscow = Read-Host "ะ ะะพัะบะพะฒัะบะธะน ะพัะธั? (y/n) "
} while (-not (($moscow -eq 'y') -or ($moscow -eq 'n')))
$orgunit = '/'
if ($OU -like "*OU=Delivery,OU=Users,OU=ROOT,DC=rocket,DC=local") {
Write-host "ะัะดะตั ัะพะทะดะฐะฝะฐ ะฒ /Team delivery"
$orgunit = "/Team delivery"
}
$Password = -join ( 48..57 + 65..90 + 97..122 | Get-Random -Count 12 | % {[char]$_})+"*Ba"
ืืื ืืขืืึธืื ืขืจ ืืืืื ืฆื ืืึทื ืืคึผืืืืจื ืืขื ืืฉืืื:
$query = @{
email = $email
givenName = $firstname
familyName = $lastname
password = $password
phone = $phone
orgunit = $orgunit
}
if ($GMailExist) {
Write-Host "ะะฐะฟััะบะฐะตะผ ะธะทะผะตะฝะตะฝะธะต ะฐะบะบะฐัะฝัะฐ" -f mag
(GoogleQuery 'UpdateAccount' $query) | fl
write-host "ะะต ะทะฐะฑัะดั ะฟัะพะฒะตัะธัั ะณััะฟะฟั ั ะฒะบะปััะตะฝะฝะพะณะพ $Username ะฒ Google."
} else {
Write-Host "ะะฐะฟััะบะฐะตะผ ัะพะทะดะฐะฝะธะต ะฐะบะบะฐัะฝัะฐ" -f mag
(GoogleQuery 'CreateAccount' $query) | fl
}
if ($moscow -eq "y"){
write-host "ะะพะฑะฐะฒะปัะตะผ ะฒ ะณััะฟะฟั moscowoffice"
$query = @{
groupkey = '[email protected]'
email = $email
}
(GoogleQuery 'AddMember' $query) | fl
}
ืื ืคืึทื ืืงืฉืึทื ื ืคึฟืึทืจ ืึทืคึผืืืืืื ื ืืื ืงืจืืืืืื ื ืึท ืืฉืืื ืืึธืื ืึท ืขื ืืขื ืกืื ืืึทืงืก; ื ืื ืึทืืข ื ืึธื ืคืขืืืขืจ ืืขื ืขื ืคืืจืืื ืื; ืืื ืืขืจ ืึธืคึผืืืืืื ื ืืื ืืขืืขืคืึธื ื ืืืขืจื, ืืืจ ืืึทืจืคึฟื ืฆื ืกืคึผืขืฆืืคืืฆืืจื ืึท ืืขื ืืข ืืืึธืก ืงืขื ืขื ืึทื ืืืึทืืื ืึทืจืืืฃ ืฆื ืืืื ืจืขืงืึธืจื ืืื ืื ื ืืืขืจ ืืื ืืืื ืืืคึผ.
ืืื ื ืืฉื ืฆื ืืืงืืืขื ื ืืขืืช ืืืขื ืืขื ืืืืื ื ืืื ืืฆืขืจ ืฆื ื ืืจืืคืข, ืงืขื ืขื ืืืจ ืงืืื ืืฉืขืง ืฆื ืขืจ ืืื ืฉืืื ื ืืืืืืื ืคืื ืืขืจ ืืจืืคืข ืืืจื ืืืงืืืขื ื ืืืกืืข ืคืื โโืืจืืคืข ืืืืืืืืขืจ ืืืขืจ ืงืืืคืืืืฆืืข ืคืื ืขื ืืื ืืฆืขืจ ืืืืื.
ืึธื ืคืจืขื ืื ืืจืืคึผืข ืืืืืืืืขืจืฉืึทืคื ืคืื ืึท ืกืคึผืขืฆืืคืืฉ ืืึทื ืืฆืขืจ ืืืขื ื ืืฉื ืืืื ืจืขืงืืจืกืืื ืืื ืืืขื ืืืืื ืืืืึทืื ืืืจืขืงื ืืืืืืืืขืจืฉืึทืคื. ืึทืจืืึทื ืืขืจืขืื ื ืึท ืืึทื ืืฆืขืจ ืืื ืึท ืคืึธืืขืจ ืืจืืคึผืข ืืืึธืก ืืื ืฉืืื ืึท ืงืื ื ืืจืืคึผืข ืืืึธืก ืืขืจ ืืึทื ืืฆืขืจ ืืื ืึท ืืืืืืื ืคืื ืืืขื ืืืื ืืขืจืึธืื.
ืกืึธืฃ
ืึทืืข ืืืึธืก ืืืืืื ืืื ืฆื ืฉืืงื ืืขื ืืึทื ืืฆืขืจ ืื ืคึผืึทืจืึธื ืคึฟืึทืจ ืื ื ืืึทืข ืืฉืืื. ืืืจ ืืึธื ืืึธืก ืืืจื SMS, ืืื ืฉืืงื ืึทืืืขืืืื ืข ืืื ืคึฟืึธืจืืึทืฆืืข ืืื ืืื ืกืืจืืงืฆืืขืก ืืื ืืึธืืื ืฆื ืึท ืคึผืขืจืืขื ืืขื ืืืืฆืคึผืึธืกื, ืืืึธืก, ืฆืืืึทืืขื ืืื ืึท ืืขืืขืคืึธื ื ืืืขืจ, ืืื ืฆืืืขืฉืืขืื ืืืจื ืื ืจืึทืงืจืืืืึทื ื ืึธืคึผืืืืืื ื. ืืื ืึทื ืึธืืืขืจื ืึทืืืื, ืืืจ ืงืขื ืขื ืฉืคึผืึธืจื ืืขืื ืืื ืฉืืงื ืืืื ืคึผืึทืจืึธื ืฆื ืึท ืืขืืืื ืืขืืขืืจืึทื ืฉืืืขืกื, ืืืึธืก ืงืขื ืขื ืืืื ืืืื ืืขืืืืื ืื ืจืืข ืคืึทืงืืึธืจ (ืืึทืงืืึธืึธืงืก ืืืขื ืืืื ืึท ืืืกื ืขื).
ืืื ืง ืืืจ ืคึฟืึทืจ ืืืืขื ืขื ืืื ืื ืกืืฃ. ืืื ืืืขื ืืืื ืฆืืคืจืืื ืฆื ืืขื ืคึฟืืจืืืืื ืฆื ืคึฟืึทืจืืขืกืขืจื ืืขื ื ืืกื ืคืื ืฉืจืืืื ืึทืจืืืงืืขื ืืื ืืืื ืืฉื ืืืจ ืฆื ืืึทืคึผื ืืืืื ืืงืขืจืข ืขืจืจืึธืจืก ืืืขื ืฉืจืืืื ืกืงืจืืคึผืก =)
ืจืฉืืื ืคืื ืืื ืงืก ืืืึธืก ืงืขื ืืืื ืืืืึทืืืงืื ื ืืฆืืง ืึธืืขืจ ืคืฉืื ืขื ืืคึฟืขืจื ืคึฟืจืืื:
OAuth 2.0 ืคึฟืึทืจ ืืึธืืื ืืื ืืขืกืงืืึธืคึผ ืึทืคึผืคึผืก ื ืืฆื OAuth 2.0 ืคึฟืึทืจ ืืืขื ืกืขืจืืืขืจ ืึทืคึผืคึผืืืงืึทืืืึธื ืก ืืขืจืืืืึทื ืฉืืืกื ืคึฟืึทืจ ืงืึธืื ืขืงืกืืฉืึทื ืืข ืืืจื OAuth ืคึผืืืืืง ืงืืืืึทื ืฅ ืืืฉืขื ืขืจืืื ืืจืึทืค ืืืชืืืช ืืื PowerShell ASCII ืืึทืืืข ืืื ืืึทืฉืจืืึทืืื ื PowerShell: ืืึทืงืืืขื ืื ืืึทืฉ ืืืขืจื ืคึฟืึทืจ ืึท ืฉืืจืืงื ืขื ืงืึธืื / ืืขืงืึธืืข Base64Url Base64 ืงืึธืืืจืื ื ืืืก Base64url ืงืึธืืืจืื ื ืื ืืืึธืืงืข-ืจืขืกืืืขืืืึธื ืืื PowerShell 5.1 ื ืื ืืึทืงืืืขื ืืขืจืคืจืืฉื ืกืืืขื ืืคืืื ืืึธืืฉ ืึทืงืกืขืก_ืืืคึผืข ืืื ืึธืคืคืืื ืข ืืื ืกืืขืคึผ 1 ืืืขืื ืคืึทืจืืืืึทื ืึธืคึผืขืจืืืืขืจื Directory API: ืืึทื ืืฆืขืจ ืึทืงืึทืื ืฅ ืืืื ืคึฟืึทืจ ื ืืฆืขืจืก Directory API: ืืจืืคึผืขืก ืืขืืช ืืึทื ืืืื ื ืคึฟืึทืจ Invoke-RestMethod - Powershell
ืืงืืจ: www.habr.com