public/Remove-VPASToken.ps1

<#
.Synopsis
   CLEAR CYBERARK LOGIN TOKEN
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO LOGOFF CYBERARK AND INVALIDATE THE LOGIN TOKEN
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER WhatIf
   Run code simulation to see what is affected by running the command as well as any possible implications
   This is a code simulation flag, meaning the command will NOT actually run
.PARAMETER HideWhatIfOutput
   Suppress any code simulation output from the console
.EXAMPLE
   $WhatIfSimulation = Remove-VPASToken -WhatIf
.EXAMPLE
   $LogoffStatus = Remove-VPASToken
.OUTPUTS
   $true if successful
   $false if failed
#>

function Remove-VPASToken{
    [OutputType([bool],'System.Object')]
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        [hashtable]$token,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [Switch]$WhatIf,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [Switch]$HideWhatIfOutput
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        try{
            if($NoSSL){
                Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                if($IdentityURL){
                    $uri = "http://$IdentityURL/Security/Logout"
                }
                else{
                    $uri = "http://$PVWA/PasswordVault/API/Auth/Logoff"
                }
            }
            else{
                Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                if($IdentityURL){
                    $uri = "https://$IdentityURL/Security/Logout"
                }
                else{
                    $uri = "https://$PVWA/PasswordVault/API/Auth/Logoff"
                }
            }
            $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
            $log = Write-VPASTextRecorder -inputval "POST" -token $token -LogType METHOD

            if($WhatIf){
                $log = Write-VPASTextRecorder -token $token -LogType WHATIF1
                $WhatIfHash = @{}
                Write-Verbose "INITIATING COMMAND SIMULATION"

                $WhatIfInfo = Get-VPASCurrentEPVUserDetails -token $token

                if($WhatIfInfo){
                    $WhatIfUsername = $WhatIfInfo.UserName
                    $WhatIfHeaderType = $Header
                    $WhatIfISPSS = $ISPSS
                    $WhatIfIdentityURL = $IdentityURL
                    $WhatIfToken = $tokenval
                    $WhatIfPVWA = $PVWA
                    $WhatIfSessionVal = $sessionval

                    if(!$HideWhatIfOutput){
                        Write-VPASOutput -str "====== BEGIN COMMAND SIMULATION ======" -type S
                        Write-VPASOutput -str "THE FOLLOWING AUTHENTICATION TOKEN WOULD BE DELETED:" -type S
                        Write-VPASOutput -str "UserName : $WhatIfUsername" -type S
                        Write-VPASOutput -str "HeaderType : $WhatIfHeaderType" -type S
                        Write-VPASOutput -str "ISPSS : $WhatIfISPSS" -type S
                        Write-VPASOutput -str "IdentityURL : $WhatIfIdentityURL" -type S
                        Write-VPASOutput -str "Token : $WhatIfToken" -type S
                        Write-VPASOutput -str "PVWA : $WhatIfPVWA" -type S
                        Write-VPASOutput -str "SessionVal : $WhatIfSessionVal" -type S
                        Write-VPASOutput -str "---" -type S
                        Write-VPASOutput -str "URI : $uri" -type S
                        Write-VPASOutput -str "METHOD : DELETE" -type S
                        Write-VPASOutput -str " " -type S
                        Write-VPASOutput -str "======= END COMMAND SIMULATION =======" -type S
                    }

                    $WhatIfHash = @{
                        WhatIf = @{
                            UserName = $WhatIfUsername
                            HeaderType = $WhatIfHeaderType
                            ISPSS = $WhatIfISPSS
                            IdentityURL = $WhatIfIdentityURL
                            Token = $WhatIfToken
                            PVWA = $WhatIfPVWA
                            SessionVal = $WhatIfSessionVal
                            RestURI = $uri
                            RestMethod = "DELETE"
                            Disclaimer = "THIS AUTHENTICATION TOKEN WILL BE DELETED IF -WhatIf FLAG IS REMOVED"
                        }
                    }
                    $WhatIfJSON = $WhatIfHash | ConvertTo-Json | ConvertFrom-Json
                    $log = Write-VPASTextRecorder -inputval $WhatIfJSON -token $token -LogType RETURNARRAY
                    $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                    return $WhatIfJSON
                }
                else{
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -token $token -LogType WHATIF2
                    return $false
                }
            }
            else{
                Write-Verbose "BEGINNING LOGOFF PROCEDURE"
                if($sessionval){
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType 'application/json' -WebSession $sessionval
                }
                else{
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method POST -ContentType 'application/json'
                }
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: TRUE" -token $token -LogType MISC
                Write-Verbose "SUCCESSFULLY LOGGED OFF CYBERARK"
                return $true
            }
        }catch{
            $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
            $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
            Write-Verbose "UNEXPECTED ERROR DURING LOGOFF PROCESS"
            Write-VPASOutput -str $_ -type E
            return $false
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}