Introduced filestorage & partners namespaces, fixes for revoke_delegated_permissions method

Author: vgrem

examples/auth/__init__.py

@@ -0,0 +1,41 @@
+AdministrativeUnit.ReadWrite.All
+Application.Read.All
+Application.ReadWrite.All
+AuditLog.Read.All
+BackupRestore-Control.Read.All
+Bookings.Manage.All
+Calendars.ReadWrite.Shared
+ChannelMember.ReadWrite.All
+ChannelMessage.ReadWrite
+Chat.ReadWrite
+Chat.ReadWrite.All
+DeviceLocalCredential.Read.All
+DeviceManagementConfiguration.Read.All
+DeviceManagementManagedDevices.ReadWrite.All
+Directory.AccessAsUser.All
+Directory.ReadWrite.All
+Domain.ReadWrite.All
+Files.Read.All
+Files.ReadWrite.All
+Group.Read.All
+Group.ReadWrite.All
+Mail.ReadWrite
+MailboxSettings.ReadWrite
+Notes.Create
+Notes.ReadWrite.All
+OnlineMeetings.ReadWrite
+Presence.Read.All
+Presence.ReadWrite
+Reports.Read.All
+ServiceHealth.Read.All
+SharePointTenantSettings.ReadWrite.All
+Sites.Manage.All
+Sites.ReadWrite.All
+Tasks.ReadWrite
+Tasks.ReadWrite.Shared
+Team.ReadBasic.All
+TeamMember.ReadWrite.All
+ThreatAssessment.ReadWrite.All
+User.ReadWrite.All
+UserActivity.ReadWrite.CreatedByApp
+UserAuthenticationMethod.Read.All

examples/auth/delegated.txt

@@ -0,0 +1,19 @@
+"""
+Demonstrates how to login when the user may be prompted for input by the authorization server.
+For example, to sign in, perform multi-factor authentication (MFA), or to grant consent
+to more resource access permissions.
+
+Prerequisite: In Azure Portal, configure the Redirect URI of your
+        "Mobile and Desktop application" as ``http://localhost``.
+
+https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#interactive-and-non-interactive-authentication
+"""
+
+from office365.sharepoint.client_context import ClientContext
+from tests import test_client_id, test_site_url, test_tenant
+
+ctx = ClientContext(test_site_url).with_interactive(test_tenant, test_client_id)
+me = ctx.web.current_user.get().execute_query()
+web = ctx.web.get().execute_query()
+print(me.login_name)
+print(web.title)

examples/auth/sharepoint/interactive.py

@@ -9,8 +9,10 @@
     openssl req -x509 -newkey rsa:2048 -keyout selfsignkey.pem -out selfsigncert.pem -nodes -days 365
 
 2. register Azure AD application
-3. add permissions
-4. upload certificate (public key)
+3. assign permissions (for instance Sites.FullControl.All permission)
+4. grant Admin Consent.
+4. create and upload certificate (public key).
+5. assign App-Only Role to SharePoint.
 
 """
 

examples/auth/interactive_sharepoint.py renamed to examples/auth/sharepoint/interactive_custom.py

@@ -21,7 +21,6 @@
 
 
 resource = client.service_principals.get_by_name("Microsoft Graph")
-# app_role = "User.Read.All"
-app_role = "DeviceLocalCredential.Read.All"
+app_role = "FileStorageContainer.Selected"
 user = client.users.get_by_principal_name(test_user_principal_name)
 resource.grant_delegated_permissions(test_client_id, user, app_role).execute_query()

examples/auth/register_sharepoint_apponly.py renamed to examples/auth/sharepoint/register_apponly.py

@@ -17,10 +17,9 @@
 )
 
 resource = client.service_principals.get_by_name("Microsoft Graph")
-scope = "DeviceLocalCredential.Read.All"
+scope = "FileStorageContainer.Selected"
 user = client.users.get_by_principal_name(test_admin_principal_name)
 client_app = client.applications.get_by_app_id(test_client_id)
-# result = resource.get_delegated_permissions(test_client_id, user).execute_query()
 result = resource.get_delegated_permissions(test_client_id).execute_query()
 if len([cur_scope for cur_scope in result.value if cur_scope == scope]) == 0:
     print("Delegated permission '{0}' is not granted".format(scope))

examples/directory/applications/grant_delegated_perms.py

@@ -0,0 +1,22 @@
+"""
+Disable MFA
+"""
+
+from office365.graph_client import GraphClient
+from tests import test_client_id, test_password, test_tenant, test_username
+
+client = GraphClient(tenant=test_tenant).with_username_and_password(
+    test_client_id, test_username, test_password
+)
+
+resource = client.service_principals.get_by_name("Microsoft Graph")
+
+# resource.revoke_delegated_permissions(test_client_id).execute_query()
+
+resource.grant_delegated_permissions(
+    test_client_id, None, "UserAuthenticationMethod.ReadWrite"
+).execute_query()
+
+methods = client.me.authentication.microsoft_authenticator_methods.get().execute_query()
+for method in methods:
+    method.delete_object().execute_query()

examples/directory/applications/has_delegated_perms.py

@@ -26,13 +26,13 @@ def export_to_file(path, content):
     "--endpoint",
     dest="endpoint",
     help="Import metadata endpoint",
-    default="graph",
+    default="sharepoint",
 )
 parser.add_argument(
     "-p",
     "--path",
     dest="path",
-    default="./metadata/Graph.xml",
+    default="./metadata/SharePoint.xml",
     help="Import metadata endpoint",
 )
 

examples/directory/users/disable_mfa.py

@@ -20466,6 +20466,11 @@ within the time frame of their original request."/>
             <Member Name="selfRenew" Value="9"/>
             <Member Name="unknownFutureValue" Value="10"/>
          </EnumType>
+         <EnumType Name="incompatiblePrinterSettings">
+            <Member Name="show" Value="0"/>
+            <Member Name="hide" Value="1"/>
+            <Member Name="unknownFutureValue" Value="2"/>
+         </EnumType>
          <EnumType Name="printColorMode">
             <Member Name="blackAndWhite" Value="0"/>
             <Member Name="grayscale" Value="1"/>
@@ -33115,6 +33120,9 @@ within the time frame of their original request."/>
             <Property Name="notificationType" Type="Edm.String"/>
             <Property Name="recipientType" Type="Edm.String"/>
          </EntityType>
+         <ComplexType Name="airPrintSettings">
+            <Property Name="incompatiblePrinters" Type="graph.incompatiblePrinterSettings" Nullable="false"/>
+         </ComplexType>
          <ComplexType Name="archivedPrintJob">
             <Property Name="acquiredByPrinter" Type="Edm.Boolean" Nullable="false"/>
             <Property Name="acquiredDateTime" Type="Edm.DateTimeOffset"/>
@@ -33186,6 +33194,9 @@ within the time frame of their original request."/>
             <Property Name="quality" Type="graph.printQuality"/>
             <Property Name="scaling" Type="graph.printScaling"/>
          </ComplexType>
+         <ComplexType Name="printerDiscoverySettings">
+            <Property Name="airPrint" Type="graph.airPrintSettings" Nullable="false"/>
+         </ComplexType>
          <ComplexType Name="printerLocation">
             <Property Name="altitudeInMeters" Type="Edm.Int32"/>
             <Property Name="building" Type="Edm.String"/>
@@ -33252,6 +33263,7 @@ within the time frame of their original request."/>
          </ComplexType>
          <ComplexType Name="printSettings">
             <Property Name="documentConversionEnabled" Type="Edm.Boolean" Nullable="false"/>
+            <Property Name="printerDiscoverySettings" Type="graph.printerDiscoverySettings"/>
          </ComplexType>
          <ComplexType Name="printTaskStatus">
             <Property Name="description" Type="Edm.String" Nullable="false"/>
@@ -33317,16 +33329,20 @@ within the time frame of their original request."/>
          <EntityType Name="printDocument" BaseType="graph.entity" HasStream="true">
             <Property Name="contentType" Type="Edm.String"/>
             <Property Name="displayName" Type="Edm.String"/>
+            <Property Name="downloadedDateTime" Type="Edm.DateTimeOffset"/>
             <Property Name="size" Type="Edm.Int64" Nullable="false"/>
+            <Property Name="uploadedDateTime" Type="Edm.DateTimeOffset"/>
          </EntityType>
          <EntityType Name="printTaskTrigger" BaseType="graph.entity">
             <Property Name="event" Type="graph.printEvent" Nullable="false"/>
             <NavigationProperty Name="definition" Type="graph.printTaskDefinition" Nullable="false"/>
          </EntityType>
          <EntityType Name="printJob" BaseType="graph.entity">
+            <Property Name="acknowledgedDateTime" Type="Edm.DateTimeOffset"/>
             <Property Name="configuration" Type="graph.printJobConfiguration" Nullable="false"/>
             <Property Name="createdBy" Type="graph.userIdentity"/>
             <Property Name="createdDateTime" Type="Edm.DateTimeOffset" Nullable="false"/>
+            <Property Name="errorCode" Type="Edm.Int32"/>
             <Property Name="isFetchable" Type="Edm.Boolean" Nullable="false"/>
             <Property Name="redirectedFrom" Type="Edm.String"/>
             <Property Name="redirectedTo" Type="Edm.String"/>

generator/import_metadata.py

@@ -42,6 +42,21 @@ def fido2_methods(self):
             ),
         )
 
+    @property
+    def microsoft_authenticator_methods(self):
+        from office365.directory.authentication.methods.microsoft_authenticator import (
+            MicrosoftAuthenticatorAuthenticationMethod,
+        )
+
+        return self.properties.get(
+            "microsoftAuthenticatorMethods",
+            EntityCollection(
+                self.context,
+                MicrosoftAuthenticatorAuthenticationMethod,
+                ResourcePath("microsoftAuthenticatorMethods", self.resource_path),
+            ),
+        )
+
     @property
     def phone_methods(self):
         """The phone numbers registered to a user for authentication."""
@@ -94,6 +109,7 @@ def get_property(self, name, default_value=None):
             property_mapping = {
                 "emailMethods": self.email_methods,
                 "fido2Methods": self.fido2_methods,
+                "microsoftAuthenticatorMethods": self.microsoft_authenticator_methods,
                 "passwordMethods": self.password_methods,
                 "phoneMethods": self.phone_methods,
             }

generator/metadata/Graph.xml

@@ -2,4 +2,5 @@
 
 
 class AuthenticationMethodTarget(Entity):
-    """"""
+    """A collection of groups that are enabled to use an authentication method as part of an authentication
+    method policy in Microsoft Entra ID."""

office365/directory/authentication/authentication.py

@@ -0,0 +1,6 @@
+from office365.directory.authentication.methods.method import AuthenticationMethod
+
+
+class MicrosoftAuthenticatorAuthenticationMethod(AuthenticationMethod):
+    """A representation of the Microsoft Authenticator app registered to a user. Microsoft Authenticator
+    is an authentication method."""

office365/directory/authentication/method_target.py

@@ -0,0 +1,9 @@
+from office365.directory.authentication.method_configuration import (
+    AuthenticationMethodConfiguration,
+)
+
+
+class SmsAuthenticationMethodConfiguration(AuthenticationMethodConfiguration):
+    """Represents a text message authentication methods policy. Authentication methods policies define
+    configuration settings and users or groups that are enabled to use the authentication method.
+    """

office365/directory/authentication/methods/microsoft_authenticator.py

@@ -4,8 +4,37 @@
 class SelfSignedCertificate(ClientValue):
     """Contains the public part of a signing certificate."""
 
-    def __init__(self, display_name=None):
+    def __init__(
+        self,
+        custom_key_identifier=None,
+        display_name=None,
+        end_datetime=None,
+        key=None,
+        key_id=None,
+        start_datetime=None,
+        thumbprint=None,
+        type_=None,
+        usage=None,
+    ):
         """
-        :param str display_name:
+        :param custom_key_identifier: 	Custom key identifier.
+        :param str display_name: The friendly name for the key.
+        :param end_datetime: The date and time at which the credential expires. The timestamp type represents date
+             and time information using ISO 8601 format and is always in UTC time
+        :param key: The value for the key credential. Should be a Base-64 encoded value.
+        :param key_id: 	The unique identifier (GUID) for the key.
+        :param start_datetime: The date and time at which the credential becomes valid. The timestamp type represents
+             date and time information using ISO 8601 format and is always in UTC time
+        :param thumbprint: 	The thumbprint value for the key.
+        :param type_: 	The type of key credential. AsymmetricX509Cert.
+        :param usage: A string that describes the purpose for which the key can be used. The possible value is Verify.
         """
+        self.customKeyIdentifier = custom_key_identifier
         self.displayName = display_name
+        self.endDateTime = end_datetime
+        self.key = key
+        self.keyId = key_id
+        self.startDateTime = start_datetime
+        self.thumbprint = thumbprint
+        self.type = type_
+        self.usage = usage

office365/directory/authentication/methods/sms.py

@@ -1,4 +1,6 @@
+from office365.directory.policies.conditional_access import ConditionalAccessPolicy
 from office365.entity import Entity
+from office365.entity_collection import EntityCollection
 from office365.runtime.paths.resource_path import ResourcePath
 
 
@@ -15,3 +17,15 @@ def authentication_strength(self):
                 self.context, ResourcePath("authenticationStrength", self.resource_path)
             ),
         )
+
+    @property
+    def policies(self):
+        """Returns a collection of the specified Conditional Access (CA) policies."""
+        return self.properties.get(
+            "policies",
+            EntityCollection(
+                self.context,
+                ConditionalAccessPolicy,
+                ResourcePath("policies", self.resource_path),
+            ),
+        )

office365/directory/certificates/self_signed.py

@@ -21,7 +21,7 @@ def templates(self):
         """Represents the base policy in the directory for multitenant organization settings."""
         return self.properties.get(
             "templates",
-              PolicyTemplate(
+            PolicyTemplate(
                 self.context,
                 ResourcePath("templates", self.resource_path),
             ),

office365/directory/identities/conditional_access_root.py

@@ -0,0 +1,16 @@
+from office365.entity import Entity
+
+
+class FeatureRolloutPolicy(Entity):
+    """
+    Represents a feature rollout policy associated with a directory object. Creating a feature rollout policy
+    helps tenant administrators to pilot features of Microsoft Entra ID with a specific group before enabling
+    features for entire organization. This minimizes the impact and helps administrators to test and rollout
+    authentication related features gradually.
+
+    The following are limitations of feature rollout:
+
+     - Each feature supports a maximum of 10 groups.
+     - The appliesTo field only supports groups.
+     - Dynamic groups and nested groups are not supported.
+    """