GregSmid

That does help, thank you! Greg

Similar to this thread, but I'm not trying to find the PasswordList ID based on a Password ID... I just want to know where to find the PasswordList ID for a private password list within the web GUI. It's needed when users want to run scripts on their own private list using the API. I know in a previous version of PasswordState, I could hover over my password list and its list ID would pop up as alt-text. Looks like that has disappeared at some point. We're on 7.8 (build 7847) right now. It would be great if the list ID could be exposed on the Edit Password List screen, either on the Password List Details tab or the API Key and Settings tab. Or, just bring the hover text back. Greg

Hey guys, ran into a related issue. We have a few users that got fancy new phones for Christmas, and I've attempted to email them their Google Auth QR codes using the steps above... but no email ever gets sent. I've tested while running Wireshark on both our PasswordState server and our local Exchange server, and when I click that Email button on the user's Authentication tab, no SMTP packets are even generated. Other email functions in PasswordState are working fine, it just seems to be this Email button for Google Authenticator. Greg

Final version of the script! User is prompted for Password List ID, API Key, and their new password New password is verified API Key and Passwords are not displayed on screen Error checking to make sure the API calls worked Information about the number of passwords that got updated and which ones is displayed at the end <# .SYNOPSIS Search for Specific Password Records and update them to the same password .NOTES Requires Password List API Key, Password List ID, name of field to search, and search terms .REFERENCE This all came from https://www.clickstudios.com.au/community/index.php?/topic/1781-password-field-reference-to-another-password/ if you're interested in the history of the script. #> #These are the two 'hard-coded' valuses for the script - the Password List field to search, and the search term. Script could be modified to prompt the user for these instead: $PasswordstateURL = "https://passwordstate.url" $SearchField = "Notes" $SearchTerm = "ADCreds" #Get the Password List ID: Write-Host "Enter the ID of your private password list.`nYou can find it by hovering your mouse over top of of the list name.`n" $PasswordListID = Read-Host -Prompt 'Password List ID' #Prompt the user for the API key for their specific Password List. They can set/find it in the Password List settings on the API Key tab: Write-Host "`nEnter the API Key of your private password list.`nYou can set it in the Password List settings, on the API Key tab.`n" $APIKey = Read-Host -Prompt 'Enter your API Key' -AsSecureString $APIKey = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($APIKey)) Write-Host "" #Prompt the user for their new AD password: $NewPassword = Read-Host -Prompt 'Enter your new AD Password' -AsSecureString $NewPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)) #Have the user verify their AD password: $NewPasswordVerify = Read-Host -Prompt 'Confirm your new AD Password' -AsSecureString $NewPasswordVerify = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPasswordVerify)) #Validate that $NewPassword and $NewPasswordVerify are the same. If not, exit the script: If ($NewPassword -ne $NewPasswordVerify) { Write-Host "`nSorry, your passwords don't match. Please run the script again.`n" Exit } Write-Host "" #Combine the variables into the URL to use for the API call: $FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm #Create an array $SearchResults and fill it with all the password entries: $SearchResults = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey } #Create an array $PasswordIDs and fill it with all the Password IDs: $PasswordIDs = $SearchResults.PasswordID $PasswordTitles = $SearchResults.Title $PasswordURLs = $SearchResults.URL $PasswordCounter = 0 #Go through all the Password IDs and attempt to update them with the new password: Foreach ($PasswordRecord in $PasswordIDs){ #Gather the ID of the password to be updated along with the value for the new password: $jsonString = '{"PasswordID":"' + $PasswordRecord + '", "Password":"' + $NewPassword + '"}' #Clear the $Error catcher variable: $Error.Clear() #Attempt to send the API the password info gathered above: Try { Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey } } #If the password update call throws an error, show it to the user and exit the script: Catch { Write-Host "Uh oh, was at least one error! The API said:`n`n$Error`n`nNumber of passwords updated: $PasswordCounter" Write-Host "`nIf any passwords got updated, you should check your passwords and make sure they are what they should be.`n" Exit } #If the password update succeeded, increment the counter and clear the screen so the password isn't visible: $PasswordCounter = $PasswordCounter + 1 cls } #Give the user some info about the passwords that got updated: Write-Host "`n$PasswordCounter passswords updated!`n" $x = 0 While ($x -lt $PasswordCounter) { Write-Host "$($PasswordTitles[$x]) --- $($PasswordURLs[$x])" $x++ } #Goodbye! Exit

Hi guys, It occurred to me that we probably don't want to encourage people to leave scripts laying around on their computers that have their AD creds and their PasswordState API key in them, just waiting for someone to steal. I've changed the lines in the User Variables section to: $APIKey = Read-Host -Prompt 'Enter your API Key' $NewPassword = Read-Host -Prompt 'Enter your new AD Password' This way the script will prompt them to enter their password and API key instead.

All working! For any future visitors to this thread, here's what I ended up with: <# .SYNOPSIS Search for Specific Password Records and update them to the same password .NOTES Requires Password List API Key, Password List ID, name of field to search, and search terms #> ########################################## #User Variables - Fill in your PS URL, the Password List ID and API Key of your Password List, the field your're searching, your search term, and your new password $PasswordstateURL = "https://password.state.url" $PasswordListID = "10" #Password List ID can be found by hovering your mouse over the PW List name in the nav tree. $APIKey = "11223344556677889900aabbccddeeff" #Use the API key for your specific Password List. You can set it in the Password List settings on the API Key tab. $SearchField = "Notes" $SearchTerm = "ADCreds" $NewPassword = "FancYNewPasw0rd!" ########################################## $FullURL = "$PasswordstateURL/api/searchpasswords/" + $PasswordListID + "?" + $SearchField + "=" + $SearchTerm $results = Invoke-Restmethod -Method GET -Uri $FullURL -Header @{ "APIKey" = $APIKey } $PasswordIDs = $results.PasswordID Foreach ($PasswordRecord in $PasswordIDs) { $jsonString = ' { "PasswordID":"' + $PasswordRecord + '", "Password":"' + $NewPassword + '" } ' Invoke-Restmethod -Method PUT -Uri "$PasswordstateURL/api/passwords" -ContentType "application/json" -Body $jsonString -Header @{ "APIKey" = $APIKey } } Thanks again, this would have taken waaaaaay longer to figure out without your help! If you'd like to copy/move some or all of this thread over to the PowerShell Scripts area of the forums, feel free. Greg

Ah, ok, that makes sense. My plan was to get it working with the System level API first and then customize it to just the list level after. Will test with list level instead and let you know. Thanks again! Greg

Thanks for that, definitely a very helpful start! I'm having trouble actually getting the API call to return any search results though. Running the script was just returning an error: [{"errors":[{"message":"Not Found"},{"phrase":"You search for Password records return zero results."}]}] So, I've been testing in a browser directly, and still get the same error. I've attached a couple screenshots to show the search results working in the web GUI vs. not working in the API call. I've tried a few different things in the API call but so far it always returns zero results: Capital 'N' on 'Notes' vs. lower-case 'n' Capitalized ADCreds vs. lower-case adcreds Quotation marks around "adcreds" vs no quotation marks Using https://passwordstate/api/searchpasswords/?search= with all the above combos to search all fields instead of just Notes I have verified that it's at least connecting to the PasswordState API correctly... if I put the wrong APIKey in, it tells me it's the wrong key. I feel like we're really close here. Once I can get some search results back, I'm certain the updating part of the script will work as well. Do you see anything obviously wrong in the screenshot? Thanks! Greg

I'm running on Windows so PowerShell would definitely work. Anything you can do to help would be great... I had a look at your API documentation and it looked pretty straightforward but of course I'm a lot less familiar with it than you are. Greg

Hi guys, So, the time has come. I changed my AD password today, and now it's time to update my Password entries for all the sites that use it. I've been going through my Passwords and adding tagging each one in the Notes field with "ADCreds". So, I should be able to use the API to go through each password, check if it has "ADCreds" in the Notes field, and update the Password fields if it does. Do you have any starter scripts that could help with that? Or do I need to start from scratch? Thanks, Greg

Ahh, there it is... I knew it had to be an option somewhere. I was looking in the drop-down menu for each user account on the main Users listing page, but I hadn't actually opened the account up. Thanks!

Hi all, Is there a good way to re-send a user's Google Auth code or barcode when they get a new phone and/or have to re-install their Google Authenticator app? The only way I've been able to figure out so far is to impersonate their account, go to their Preferences and get the code from their Authentication Options page. Ideally, I'd rather not have to impersonate them. Thanks! Greg

+1 'Google Auth' and 'Email Temp PIN' would both allow a bad actor with an unlocked phone to access PasswordState.

Hi there, Is it possible to have the browser plugin capture/fill multiple password fields for a web page? I can get it to capture and fill the Password field in the attached example, but not the Admin Password field. Thanks! Greg

Thanks, I hadn't thought of either of those two options, I'll have to try them out. I think either one could work with a little planning. Do you think field references might be something that would be implemented in a future version? Greg