-
Notifications
You must be signed in to change notification settings - Fork 42
Expand file tree
/
Copy pathGet-EntraInactiveSignInUser.Tests.ps1
More file actions
143 lines (122 loc) · 6.49 KB
/
Get-EntraInactiveSignInUser.Tests.ps1
File metadata and controls
143 lines (122 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# ------------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All Rights Reserved. Licensed under the MIT License. See License in the project root for license information.
# ------------------------------------------------------------------------------
BeforeAll {
if ((Get-Module -Name Microsoft.Entra.Users) -eq $null) {
Import-Module Microsoft.Entra.Users
}
Import-Module (Join-Path $PSScriptRoot "..\..\Common-Functions.ps1") -Force
Mock -CommandName Get-Date -MockWith { [datetime]"2024-03-21T00:00:00Z" }
Mock -CommandName Invoke-GraphRequest -MockWith {
return @{
value = @(
@{
Id = "user1"
DisplayName = "John Doe"
UserPrincipalName = "johndoe@example.com"
Mail = "johndoe@example.com"
UserType = "Member"
AccountEnabled = $true
signInActivity = @{
lastSignInDateTime = (Get-Date).AddDays(-40).ToString("yyyy-MM-ddTHH:mm:ssZ")
lastSignInRequestId = "12345"
lastNonInteractiveSignInDateTime = (Get-Date).AddDays(-100).ToString("yyyy-MM-ddTHH:mm:ssZ")
lastNonInteractiveSignInRequestId = "67890"
}
CreatedDateTime = (Get-Date).AddDays(-365).ToString("yyyy-MM-ddTHH:mm:ssZ")
},
@{
Id = "user2"
DisplayName = "Jane Guest"
UserPrincipalName = "janeguest@example.com"
Mail = "janeguest@example.com"
UserType = "Guest"
AccountEnabled = $true
signInActivity = @{
lastSignInDateTime = (Get-Date).AddDays(-50).ToString("yyyy-MM-ddTHH:mm:ssZ")
lastSignInRequestId = "12345"
lastNonInteractiveSignInDateTime = $null
lastNonInteractiveSignInRequestId = $null
}
CreatedDateTime = (Get-Date).AddDays(-400).ToString("yyyy-MM-ddTHH:mm:ssZ")
},
@{
Id = "user3"
DisplayName = "Unknown Sign In"
UserPrincipalName = "unknownsign@example.com"
Mail = "unknownsign@example.com"
UserType = "Member"
AccountEnabled = $true
signInActivity = @{
lastSignInDateTime = $null
lastSignInRequestId = $null
lastNonInteractiveSignInDateTime = $null
lastNonInteractiveSignInRequestId = $null
}
CreatedDateTime = (Get-Date).AddDays(-100).ToString("yyyy-MM-ddTHH:mm:ssZ")
}
)
}
} -ModuleName Microsoft.Entra.Users
Mock -CommandName Get-EntraContext -MockWith { @{Scopes = @("AuditLog.Read.All", "User.Read.All") } } -ModuleName Microsoft.Entra.Users
}
Describe 'Get-EntraInactiveSignInUser' {
Context "Get-EntraInactiveSignInUser Tests" {
It "should throw when not connected and not invoke graph call" {
Mock -CommandName Get-EntraContext -MockWith { $null } -ModuleName Microsoft.Entra.Users
{ Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "All" } | Should -Throw "Not connected to Microsoft Graph*"
Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Entra.Users -Times 0
}
It "Should return all inactive users" {
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "All"
$result | Should -Not -BeNullOrEmpty
$result.Count | Should -Be 3
$result[0].UserID | Should -Be "user1"
$result[1].UserID | Should -Be "user2"
$result[2].UserID | Should -Be "user3"
}
It "Should allow LastSignInBeforeDaysAgo above 30" {
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 90 -UserType "All"
$result | Should -Not -BeNullOrEmpty
Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Entra.Users -Times 1
}
It "Should return only inactive Member users" {
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "Member"
$result | Should -Not -BeNullOrEmpty
$result.Count | Should -Be 2
$result[0].UserID | Should -Be "user1"
$result[1].UserID | Should -Be "user3"
}
It "Should return only inactive Guest users" {
$result = @(Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "Guest")
$result.Count | Should -Be 1
$result | Should -Not -BeNullOrEmpty
$result[0].UserID | Should -Be "user2"
}
It "Should handle users with null lastSignInDateTime" {
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "All"
$result | Should -Not -BeNullOrEmpty
$result.Count | Should -Be 3
$result[2].UserID | Should -Be "user3"
$result[2].LastSignInDateTime | Should -Be "Unknown"
}
It "Should return users based on specific date ranges" {
# Test with a smaller date range, expecting only user2 to be returned
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "All"
$result | Should -Not -BeNullOrEmpty
$result.Count | Should -Be 3
$result[0].UserID | Should -Be "user1"
$result[1].UserID | Should -Be "user2"
}
It "Should contain 'User-Agent' header" {
$userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Get-EntraInactiveSignInUser"
$result = Get-EntraInactiveSignInUser -LastSignInBeforeDaysAgo 30 -UserType "All"
$result | Should -Not -BeNullOrEmpty
$userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion Get-EntraInactiveSignInUser"
Should -Invoke -CommandName Invoke-GraphRequest -ModuleName Microsoft.Entra.Users -Times 1 -ParameterFilter {
$Headers.'User-Agent' | Should -Be $userAgentHeaderValue
$true
}
}
}
}