functions/Credentials.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

function Export-Credentials([Parameter(Mandatory=$true)]$container, $cred, [Alias("dir")]$cacheDir = "pscredentials") {
    $pass = $null
    if ($cred.password -eq $null) {
        throw "missing password"
    }
    if ($cred.password -is [SecureString]) {
        $pass = $cred.Password | convertfrom-securestring
    }
    elseif ($cred.password -is [string]) {
        throw "expected password as securestring"
    }
    else {
        throw "don't know how to handle password with type '$($cred.password.gettype().name)'"
    }
    $result = New-Object -TypeName pscustomobject -Property @{ Password = $pass; Username = $cred.UserName }
    export-cache $result -container $container -dir $cacheDir
}

function Import-Credentials([Parameter(Mandatory=$true)] $container, [Alias("dir")]$cacheDir = "pscredentials") {
    $lastcred = import-cache $container -dir $cacheDir
    if ($lastcred -ne $null) {
        if (![string]::isnullorempty($lastcred.Password)) {
            $password = $lastcred.Password | ConvertTo-SecureString
            $username = $lastcred.Username
            $cred = New-Object System.Management.Automation.PsCredential $username,$password
        }
    }

    return $cred
}

function Get-PasswordCached {
    [CmdletBinding()]
    param([Parameter(Mandatory=$true)]$container, $message, [switch][bool] $allowuserUI, [switch][bool]$secure, [switch][bool]$reset = $false) 
        
        $cacheDir = "pscredentials"
        try {
            $cred = $null
            if (!$reset) {
                $cred = import-credentials $container -dir $cacheDir
            }
            if ($cred -eq $null) { 
                write-verbose "password not found for container '$container'"
                if ($allowuserUI) {
                      $cred = Get-CredentialsCached -container $container -message $message -reset:$reset
                } else {
                    write-verbose "allowuserUI=$allowuserUI. not asking for credentials"
                    return $null 
                }
            }
            if ($secure) {
                return $cred.password
            } else {
                return $cred.GetNetworkCredential().Password
            }
        } catch {            
            throw
            return $null
        }
}

function Get-CredentialsCached {
[CmdletBinding()]
param([Parameter(Mandatory=$true)]$container, $message, [switch][bool]$reset = $false, [switch][bool] $noprompt) 

    $cred = $null
    $cacheDir = "pscredentials"
    if ($reset) {
        Remove-CredentialsCached $container
    }
    if (!$reset) {
        try {
            $cred = import-credentials $container -dir $cacheDir
        } catch {
            write-error "failed to import credentials from container '$container': $($_.exception.message)"
        }
    } else {
        write-verbose "resetting credentials in container '$container'"
    }    
    if ($cred -eq $null) {
        write-verbose "cached credentials not found in container '$container'"
        
        if ($message -eq $null) {
            $message = "Please provide credentials for '$container'"
        }
        if ($global:promptpreference -ne 'SilentlyContinue' -and !$noprompt) {
            import-module Microsoft.PowerShell.Security -verbose:$false
            $cred = Microsoft.PowerShell.Security\Get-Credential -Message $message
        }
        else {
            write-verbose "promptpreference=$($global:promptpreference). not asking for credentials"
            return $null
        }

        # store aquired credentials
        export-credentials $container $cred -dir $cacheDir
    }
    return $cred
}

function Remove-CredentialsCached([Parameter(Mandatory=$true)]$container) {
    $cacheDir = "pscredentials"
    remove-cache $container -dir $cacheDir
}