Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Mordecai last won the day on January 15

Mordecai had the most liked content!

About Mordecai

  • Rank
    Advanced Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @Marcel and others: For german umlauts and other diacritic characters you need to remove or convert these characters before importing them to the api. The api does not understand and does not accept them (f.e. 'ßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýþÿ'). You will only get an error page and no specific error about that problem, too. Another workaround is to HtmlEncode these variables before making the POST request to the API, but this will not work on every API method: $Message = [System.Net.WebUtility]::HtmlEncode($Message) You can use these little helper function that i have integrated in the PasswordState-Management powershell module to convert these characters. (ä to ae, ö to oe etc.). Function: Remove-DiacriticsFromString Example: "German Test string: äöüß" | Remove-DiacriticsFromString Result: "German Test string: aeoeuess" I am using these helper function for example in the New-PasswordStateSelfDestructMessage function for converting all umlauts/diacritics to something understandable for the api (See variables: EmailBody, PrefixMessageContent, AppendMessageContent, Message). if you generally do not want to accept these characters instead of converting them, you can use a little function or the ValidateScript method in the parameter definition: [parameter(ValueFromPipelineByPropertyName, Position = 1, Mandatory = $false)] [ValidateScript( { # Exclude german umlauts and other latin/non-latin diacritics or invalid characters that the api does not understand. $InvalidChars = 'ßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýþÿ' $regex = [Regex]::Escape($InvalidChars) $regex = "[$regex]" $Invalid = [Regex]::Matches($_, $regex, 'IgnoreCase') | Select-Object -ExpandProperty Value | Sort-Object -Unique if ($null -ne $Invalid) { throw "ERROR: The specified FirstName contains the following illegal characters: '$Invalid'. Please do not use the characters '$InvalidChars' for the FirstName since the api does not understand/convert these characters." } return $true })] [string]$ToFirstName, I'm also thinking about integrating an import function for Keepass into the Passwordstate-Management Powershell module, which is needed quite often. René
  2. Hi @support and All, with the latest release 8925 the problem is fixed now: Made same changes to attempt to resolve an inconsistent issue of Permission methods in the API failing since upgrading to build 8903 Thanks to the great support team and the quick resolution of the problem. The functions for interacting with the permission api methods are now working and part of the PasswordState-Management powershell module.
  3. @support Someone else tested this yesterday and in his environment it is working fine. So the problem seems to exist only in my current environment. I have opened a support request (id=20203312060517) Every time i try to access the *permissions api methods (f.e. /winapi/folderpermissions) i get an unknown exception from the w3wp.exe. Using the following example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName): $PasswordStateURL = 'https://passwordstate/winapi' $jsonData = ' { "FolderID":"253", "Permission":"A", "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins" } ' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials Same behaviour with ApplyPermissionsForSecurityGroupID and ApplyPermissionsForUserID. Error: Translated 'Event message': An unhandled exception has occurred. Translated 'Exception message': The input string has the wrong format. Translated 'Thread Account Name': NT AUTHORITY\NETWORK SERVICE Source: ASP.NET 4.0.30319.0 Event code: 3005 Event message: Es ist eine unbehandelte Ausnahme aufgetreten. Event time: 12.05.2020 11:26:39 Event time (UTC): 12.05.2020 09:26:39 Event ID: f5f70f8b1d5e465fa67d16857e986904 Event sequence: 1320 Event occurrence: 79 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT/WinAPI-4-132322076194075323 Trust level: Full Application Virtual Path: /WinAPI Application Path: d:\inetpub\Passwordstate\winapi\ Machine name: hostname Process information: Process ID: 2968 Process name: w3wp.exe Account name: NT-AUTORITÄT\Netzwerkdienst Exception information: Exception type: FormatException Exception message: Die Eingabezeichenfolge hat das falsche Format. bei Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat) bei Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) Request information: Request URL: https://passwordstate.domain.local:443/winapi/folderpermissions Request path: /winapi/folderpermissions User host address: x.x.x.x User: domain\user Is authenticated: True Authentication Type: Negotiate Thread account name: NT-AUTORITÄT\Netzwerkdienst Thread information: Thread ID: 81 Thread account name: NT-AUTORITÄT\Netzwerkdienst Is impersonating: False Stack trace: bei Microsoft.VisualBasic.CompilerServices.Conversions.ParseDouble(String Value, NumberFormatInfo NumberFormat) bei Microsoft.VisualBasic.CompilerServices.Conversions.ToDouble(String Value, NumberFormatInfo NumberFormat) Custom event details:
  4. @All Is there anybody here with a different environment who can please test this for a moment? Not that it is because of my environment, although I honestly don't know what it is about. (I have a test and production environment, same problems on both environments) Example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName): $PasswordStateURL = 'https://passwordstate/winapi' $jsonData = ' { "FolderID":"253", "Permission":"A", "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins" } ' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials You could also use try to use ApplyPermissionsForSecurityGroupID and ApplyPermissionsForUserID, same behavior for me. Thanks
  5. With regard to this topic, two small things would be useful: Sync of description will not happen if the Active Directory Security Group will be imported when using the API. If i import the group manually through the web gui, the AD Group description will be imported. The description should also be imported when using the API. @Steve As workaround you can query the Report with ReportID 40 (What security groups exist, and who are their members?). If the group exists, you do not need to execute the request to the api for creating a AD Security Group. Add your SiteID or Remove the parameter from the below url. $PasswordstateUrl = "https://passwordstate/winapi/reporting/40?SiteID=<SiteID>" $result = Invoke-RestMethod -Uri $PasswordstateUrl -Method GET -UseDefaultCredentials Write-Host $result BUT it would be nice, if the API could refuse the import if the group name already exists.
  6. Hi, Short Version: For automating permissions of folders i need the ability to view the currently configured permissions for a folder, this is an essential feature. Can you please create a report or a api method for getting folder permissions, thanks. Long Version: In another post you said, that we should use the predefined reports to get permissions of folders/passwords/passwordlists via the API. But I cannot find a report where I can view the permissions of a folder. Only for Passwords and Password Lists. Password Permissions: Report 43: https://passwordstate/winapi/reporting/43?SiteID=0 PasswordList Permissions: Report 23: https://passwordlist/winapi/reporting/23?SiteID=0 It seems to me that Report 23 is only for Password Lists, Report 43 is only for Passwords. Report 24 & 25 are for users and groups (reverse). Report 38 is for folders, but the result is only a count on the administrators of the folder. I had tested all permission reports, they work and I can use them for many purposes (thanks for this). But unfortunately, as I said, I'm missing a report about folder permissions. Which report should i use? Or can't you introduce a new property in the API for this? Thanks, René
  7. Hi, thanks for your reply. The folder is already configured to manage it's permissions manually. My user (the user that is also using the api in my example) has admin permissions on this folder. I am using your example from the api documentation, the full "script" is in my first post. As already mentioned in my first post, i get valid error messages, see below examples. Here are two screenshots: If i am using the wrong parameters, i am getting valid error messages. Example of WRONG parameters and VALID error message: [{"errors":[{"message":"Forbidden"},{"phrase":"You have not specified if permissions are being applied for a User Account or Security group for the Folder."}]}] If i set the folder to " This Folder is inheriting permissions from all nested Folders and Password Lists." i also get valid error messages from the api, so the api method in general is working: Example of valid error message: [{"errors":[{"message":"Forbidden"},{"phrase":"Folder of ID 253 is not configured to have its permissions managed manually, so you are unable to manually apply permissions to it."}]}] If i only add Permission and FolderID, i also get an approriate error message: [{"errors":[{"message":"Forbidden"},{"phrase":"You have not specified if permissions are being applied for a User Account or Security group for the Folder."}]}] EDIT: I have the same problem for the password list permissions and password permissions api method (passwordlistpermissions & passwordpermissions). I have no problem with all the other api methods.
  8. Hi, i am currently trying to set, update or delete folder permissions through the api and winapi. The connection is working properly and if i forget to add any Apply* property or the folder is not manually managed i am getting the appropriate error message from the api. But if all properties are given and correct i only get the default error page as response from the api. I have tested all ApplyPermissionsFor* with no success. My user has admin permissions to the folder, manually adding Administrator permissions for group/user is working. The ErrorConsole does not show up any new errors. Can someone/support please test that behavior? Is the folderpermissions api method working? Example Test Code from the official API Documentation (Change: FolderID, PasswordStateURL and ApplyPermissionsForSecurityGroupName): $PasswordStateURL = 'https://passwordstate/winapi' $jsonData = ' { "FolderID":"253", "Permission":"A", "ApplyPermissionsForSecurityGroupName":"LG_PasswordState_Security_Admins" } ' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateURL'/folderpermissions' -ContentType "application/json" -Body $jsonData -UseDefaultCredentials Verbose: VERBOSE: POST https://passwordstate/winapi/folderpermissions with 127-byte payload VERBOSE: received 19365-byte response of content type text/html VERBOSE: Content encoding: utf-8 ErrorPage Response: generalerror.aspx?aspxerrorpath=/winapi/folderpermissions Thanks, René
  9. Okay, perfect, thanks. In our case we also use templates or existing password lists to copy the settings. Then I rely on the API documentation and if I find bugs I will report them to you.
  10. Hi, i am developing extended powershell functions for communicating with the api. I try to stick to your API documentation for the properties here. It just seems to me that the API documentation is not up to date or does not contain all options of the individual methods, is that possible? My primary question: Is the API documentation up-to-date or, due to the fact that i want to integrate all current possible options, should I also test all options that are not documented? Furthermore I have already found some bugs in the API documentation. I would send you a list here as soon as I am done with it. An example based on the passwordlists api method: For example, the option Guide that is missing in your documentation, is working. Other options that also not available in your documentation like the following are not working: PasswordStrengthPolicyID PasswordGeneratorID PreventBadPasswordUse PasswordResetEnabled AllowExport Example query: You can see that the above mentioned options are not working (Compare Query <-> Response) body: { "PasswordList": "TestPublicList", "Description": "Test public password list", "CopySettingsFromPasswordListID": "", "CopySettingsFromTemplateID": "", "CopyPermissionsFromPasswordListID": "", "CopyPermissionsFromTemplateID": "", "NestUnderFolderID": 45, "LinkToTemplate": "", "SiteID": 0, "ApplyPermissionsForUserID": "domain\\user", "ApplyPermissionsForSecurityGroupID": "", "ApplyPermissionsForSecurityGroupName": "", "ImageFileName": "protect.png", "PasswordGeneratorID": 10, "PasswordStrengthPolicyID": 4, "PreventBadPasswordUse": false, "AllowExport": false, "PasswordResetEnabled": true, "Permission": "A", "Guide": "testguide" } Response: PasswordListID : 219 PasswordList : TestPublicList Description : Test public password list ImageFileName : protect.png Guide : testguide AllowExport : True PrivatePasswordList : False TimeBasedAccessRequired : False NoApprovers : 1 DisableNotifications : False PasswordStrengthPolicyID : 1 PasswordGeneratorID : 0 CodePage : Using Passwordstate Default Code Page PreventPasswordReuse : 5 AuthenticationType : None Required AuthenticationPerSession : False PreventExpiryDateModification : False SetExpiryDate : 0 ResetExpiryDate : 0 PreventDragDrop : True PreventBadPasswordUse : True ProvideAccessReason : False TreePath : \Services\Domain\Test TotalPasswords : 0 GeneratorName : Using user's personal Password Generator Options PolicyName : Default Policy PasswordResetEnabled : False ForcePasswordGenerator : False HidePasswords : False ShowGuide : False EnablePasswordResetSchedule : False PasswordResetSchedule : 00:00 AddDaysToExpiryDate : 90 SiteID : 0 SiteLocation : Internal OneTimePasswords : False EDIT: As workaround you can add the option "CopySettingsFromTemplateID": 1 to your json, so the settings will be copied from the specified TemplateID. Thanks, René
  11. Hi, It would be great if the API had a method to create, delete and edit templates (incl. custom fields content and values). We would like to automate most of the work in PasswordState as much as possible and reasonable. We have some special template settings and we use all generic fields, so if we want to change the contents of the generic fields or the password list settings, we would like to change this via the API/WinAPI and our CI/CD pipelines. For example, we have a "Customers" field that contains all customer names. This list is edited from time to time and must be changed in all password lists. This is not so nice to do manually with a lot of lists and the error rate (typos). Please vote for this feature request and stay healthy. Thanks, René
  • Create New...