public/Get-VPASPasswordHistory.ps1

<#
.Synopsis
   GET PASSWORD HISTORY
   CREATED BY: Vadim Melamed, EMAIL: vmelamed5@gmail.com
.DESCRIPTION
   USE THIS FUNCTION TO GET HISTORY OF OLD PASSWORDS OF AN ACCOUNT IN CYBERARK
.PARAMETER token
   HashTable of data containing various pieces of login information (PVWA, LoginToken, HeaderType, etc).
   If -token is not passed, function will use last known hashtable generated by New-VPASToken
.PARAMETER safe
   Safe name that will be used to query for the target account if no AcctID is passed
.PARAMETER username
   Username that will be used to query for the target account if no AcctID is passed
.PARAMETER platform
   PlatformID that will be used to query for the target account if no AcctID is passed
.PARAMETER address
   Address that will be used to query for the target account if no AcctID is passed
.PARAMETER AcctID
   Unique ID that maps to a single account, passing this variable will skip any query functions
.PARAMETER ShowTemporary
   Specify if temporary passwords should be included in the history that is being pulled
   Temporary passwords are passwords that the CPM attempted to set on the account but failed to do so
.EXAMPLE
   $AccountPasswordsHistoryJSON = Get-VPASPasswordHistory -ShowTemporary -safe {SAFE VALUE} -address {ADDRESS VALUE}
.OUTPUTS
   If successful:
   {
        "Versions": [
                         {
                             "versionID": 43,
                             "modifiedBy": "vadim@vman.com",
                             "modificationDate": 1721098334,
                             "isTemporary": false
                         },
                         {
                             "versionID": 44,
                             "modifiedBy": "vadim@vman.com",
                             "modificationDate": 1721098984,
                             "isTemporary": false
                         }
                     ],
        "Total": 2
   }
   ---
   $false if failed
#>

function Get-VPASPasswordHistory{
    [OutputType('System.Object',[bool])]
    [CmdletBinding()]
    Param(

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=0)]
        [String]$safe,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=1)]
        [String]$platform,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=2)]
        [String]$username,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=3)]
        [String]$address,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=4)]
        [Switch]$ShowTemporary,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=5)]
        [String]$AcctID,

        [Parameter(Mandatory=$false,ValueFromPipelineByPropertyName=$true,Position=6)]
        [hashtable]$token
    )

    Begin{
        $tokenval,$sessionval,$PVWA,$Header,$ISPSS,$IdentityURL,$EnableTextRecorder,$AuditTimeStamp,$NoSSL,$VaultVersion,$HideWarnings,$AuthenticatedAs,$SubDomain = Get-VPASSession -token $token
        $CommandName = $MyInvocation.MyCommand.Name
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType COMMAND
    }
    Process{
        write-verbose "SUCCESSFULLY PARSED PVWA VALUE"
        write-verbose "SUCCESSFULLY PARSED TOKEN VALUE"

        if([String]::IsNullOrEmpty($AcctID)){

            Write-Verbose "NO ACCOUNT ID PROVIDED, INVOKING HELPER FUNCTION"

            $AcctID = Get-VPASAccountIDHelper -token $token -safe $safe -platform $platform -username $username -address $address

            write-verbose "ACCOUNT ID WAS RETURNED"
            if($AcctID -eq -1){
                $log = Write-VPASTextRecorder -inputval "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-Verbose "COULD NOT FIND UNIQUE ACCOUNT ENTRY WITH SPECIFIED PARAMETERS"
                Write-VPASOutput -str "COULD NOT FIND UNIQUE ACCOUNT ENTRY, INCLUDE MORE SEARCH PARAMETERS" -type E
                return $false
            }
            elseif($AcctID -eq -2){
                $log = Write-VPASTextRecorder -inputval "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-Verbose "COULD NOT FIND ACCOUNT WITH SPECIFIED PARAMETERS"
                Write-VPASOutput -str "NO ACCOUNTS FOUND" -type E
                return $false
            }
            else{
                try{
                    Write-Verbose "MAKING API CALL TO CYBERARK"
                    if($NoSSL){
                        Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                        if($ShowTemporary){
                            write-verbose "SHOWTEMPORARY PASSWORDS ENABLED"
                            $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true"
                        }
                        else{
                            write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED"
                            $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false"
                        }

                    }
                    else{
                        Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                        if($ShowTemporary){
                            write-verbose "SHOWTEMPORARY PASSWORDS ENABLED"
                            $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true"
                        }
                        else{
                            write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED"
                            $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false"
                        }
                    }
                    $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                    $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                    if($sessionval){
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                    }
                    else{
                        $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                    }
                    $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN
                    $log = Write-VPASTextRecorder -inputval "===BREAK===" -token $token -LogType MISC
                    $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY
                    Write-Verbose "PARSING DATA FROM CYBERARK"
                    Write-Verbose "RETURNING PASSWORD HISTORY"
                    return $response
                }catch{
                    $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
                    $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                    Write-Verbose "COULD NOT RETRIEVE PASSWORD HISTORY"
                    Write-VPASOutput -str $_ -type E
                    return $false
                }
            }
        }
        else{
            Write-Verbose "ACCOUNT ID PROVIDED, SKIPPING HELPER FUNCTION"
            try{
                Write-Verbose "MAKING API CALL TO CYBERARK"

                if($NoSSL){
                    Write-Verbose "NO SSL ENABLED, USING HTTP INSTEAD OF HTTPS"
                    if($ShowTemporary){
                        write-verbose "SHOWTEMPORARY PASSWORDS ENABLED"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true"
                    }
                    else{
                        write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED"
                        $uri = "http://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false"
                    }

                }
                else{
                    Write-Verbose "SSL ENABLED BY DEFAULT, USING HTTPS"
                    if($ShowTemporary){
                        write-verbose "SHOWTEMPORARY PASSWORDS ENABLED"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=true"
                    }
                    else{
                        write-verbose "SHOWTEMPORARY PASSWORD IS NOT ENABLED"
                        $uri = "https://$PVWA/PasswordVault/api/Accounts/$AcctID/Secret/Versions?showTemporary=false"
                    }
                }
                $log = Write-VPASTextRecorder -inputval $uri -token $token -LogType URI
                $log = Write-VPASTextRecorder -inputval "GET" -token $token -LogType METHOD

                if($sessionval){
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json" -WebSession $sessionval
                }
                else{
                    $response = Invoke-RestMethod -Headers @{"Authorization"=$Header} -Uri $uri -Method GET -ContentType "application/json"
                }
                $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURN
                $log = Write-VPASTextRecorder -inputval "===BREAK===" -token $token -LogType MISC
                $log = Write-VPASTextRecorder -inputval $response -token $token -LogType RETURNARRAY
                Write-Verbose "PARSING DATA FROM CYBERARK"
                Write-Verbose "RETURNING PASSWORD HISTORY"
                return $response
            }catch{
                $log = Write-VPASTextRecorder -inputval $_ -token $token -LogType ERROR
                $log = Write-VPASTextRecorder -inputval "REST API COMMAND RETURNED: FALSE" -token $token -LogType MISC
                Write-Verbose "COULD NOT RETRIEVE PASSWORD HISTORY"
                Write-VPASOutput -str $_ -type E
                return $false
            }
        }
    }
    End{
        $log = Write-VPASTextRecorder -inputval $CommandName -token $token -LogType DIVIDER
    }
}