#Load Snapin
Add-PSSnapin ShareFile

#Workdir
#This is where the Script and all Credentials are stored
$workDir = "D:\CloudStation\Scripts\ShareFileReset"

#Load Accounts
$colLabs = Import-Csv "$workDir\StudentAccounts.csv"

##Settings in SSO
#ShareFile Issuer
$AccountSSOIssuer = "mich.gibts.net"
$AccountSSOLoginURL = "https://mich.gibts.net"
#Certificate Replaced
$AccountSSOCert = "-----BEGIN CERTIFICATE-----MIIFSTCCBDGgAwIBAgITWQAAAAm2pWNdR32CTgAAAAAACTANBgkqhkiG9w0BAQUFADBAMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNjY2gxEjAQBgNVBAMTCWNjaC1EQy1DQTAeFw0xNTAzMTcxNDU2MzdaFw0xNzAzMTYxNDU2MzdaMIGAMQswCQYDVQQGEwJVUzEVMBMGA1UECBMMU2NobHVtcGZsYW5kMRcwFQYDVQQHEw5TY2hsdW1wZmhhdXNlbjEWMBQGA1UEChMNU2NobHVtcGYgSW5jLjEQMA4GA1UECxMHQWthZGVteTEXMBUGA1UEAxMObWljaC5naWJ0cy5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO86Ie9iwZq5c54Sl/m1djNKkPlN26zcEcfsDQcthDM7accPZ0vxUnMrhigPH52h09ddhm6gqrFY2XOBxtytUxMy4s0beWWqL7zNSv8tjtqsBz9gRBty0ivhI8alabRCTZLWzxS/eZn5il4LGGfwv/tO1Mgr7Zawv0cbAb39nYz9AgMBAAGjggJ9MIICeTAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEweAYJKoZIhvcNAQkPBGswaTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglghkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNVHQ4EFgQUSIP+mAjAho4B6QEA5oz50wQreUcwHwYDVR0jBBgwFoAUj85S1WYcQOc2ToRD7DvvvLMxK7gwgbwGA1UdHwSBtDCBsTCBrqCBq6CBqIaBpWxkYXA6Ly8vQ049Y2NoLURDLUNBLENOPWRjLENOPUNEUCxDTj1QdWJsaWMgS2V5IFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9Y2NoLERDPWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCBtQYIKwYBBQUHAQEEgagwgaUwgaIGCCsGAQUFBzAChoGVbGRhcDovLy9DTj1jY2gtREMtQ0EsQ049QUlBLENOPVB1YmxpYyBLZXkgU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1jY2gsREM9bG9jYWw/Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdENsYXNzPWNlcnRpZmljYXRpb25BdXRob3JpdHkwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkqhkiG9w0BAQUFAAOCAQEABTTxHc3DFUwqMCBYM6JdKiyObmx+j6RAhO4ZLavJTvc32stUdYjk4MKSYTxAQUAwwUaVIUNKQMWC4niW44K9jckhawAAJHNZwK5sE6nITyygPg6h7e4DhlxtcOKblxgH4EDMXRmX0SofgZqsINV4j2lWArVmTh2gw77zpArY2nl6XvGqMivVmnNK13s48kFEIXwshfpW1nQuDosB4A8iyFg05Obe+Ae3vgbHn8ihFDvu4kT9seJlR7Zik1A1M9ZiMJO6wl4nHoIwtmmvcagFG0W1jnUq+Z6dKMMKIR71gpfRQZmeG121TOsSnHLCdsHWiWSCAFbaIXJOMod/qqDwwg==-----END CERTIFICATE-----"


#Loop through all csv provided accounts
foreach ($Lab in $colLabs){
	Write-Host "##############################################" -ForegroundColor Yellow -BackgroundColor Black
	Write-Host "Doing" $Lab.Account -ForegroundColor Yellow -BackgroundColor Black
	
	#Building Credentials from loaded csv
	$sfUsername = $Lab."Login Name"
	$sfPassword = convertto-securestring -String $Lab.Password -AsPlainText -Force
	$sfCred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $sfUsername, $sfpassword

	#Name the AccountName short, pretty and useable
	$sfShortAccountName = $Lab.Account.Substring(0,$lab.Account.IndexOf("."))


    #Login to ShareFile
    $sfLogin = New-SfClient -Name "$workDir\$sfShortAccountName" -Credential $sfCred -Account $sfShortAccountName
    
    ######################
    #Users
    ######################
    #Fetch all Users
    $colAccountsEmployees = Send-SfRequest -Client $sfLogin -Entity Accounts/Employees -Select "Id,url,Email"
    
    #Select accounts to delete
    $colAccountsEmployeestoDelete = $colAccountsEmployees  | Where-Object {$_.Email -notlike $sfUsername}

    #Loop through all accounts and start deleting
    foreach ($sfEmployee in $colAccountsEmployeestoDelete){
        #Delete User
        Write-Host "Deleting User" $sfEmployee.Email
    
        #Find the right URI using email
        $sfEmployeeMail = $sfEmployee.Email.ToString()
        $sfEmployeeUrlHost = $SFemployee.url.Host.ToString()
        $sfEmployeeURI = (Send-SfRequest -Client $sfLogin -Method GET -Uri "https://$sfEmployeeUrlHost/sf/v3/Users?emailaddress=$sfEmployeeMail").url.AbsoluteUri
    
        #Prepare Command for complete delete
        $sfEmployeeCommand = $sfEmployeeURI + "?completely=true"

        #Send Command to ShareFile
        Send-SfRequest -Client $sfLogin -Method DELETE -Uri $sfEmployeeCommand
    }
    #Tidy Up
    Remove-Variable colAccountsEmployees
    Remove-Variable colAccountsEmployeestoDelete

    ######################
    #StorageZones
    ######################
    #Get Zones
    $colZones = Send-SfRequest -Client $sfLogin -Entity Zones
    #Filter Zones which are customer managed
    $colZonestoDelete = $colZones | where {$_.ZoneType.Enum -eq "Private"}

    foreach ($sfZone in $colZonestoDelete){
    Write-Host "Deleting Zone" $sfZone.Name
    $sfZoneURI = $sfZone.url.AbsoluteUri

    #Prepare Command for complete delete
    $sfZoneCommand = $sfZoneURI + "?force=true"

    #Send Command to ShareFile
    Send-SfRequest -Client $sfLogin -Method DELETE -Uri $sfZoneCommand
    }

    #Tidy Up
     Remove-Variable colZones
     Remove-Variable colZonestoDelete

	 ######################
	 #Appearance
	 ######################
	 #Get current Branding
	 $AccountBranding = Send-SfRequest -Client $sfLogin -Entity Accounts/Branding
	 
	 #Clear the branding styles
	 $AccountBranding.BrandingStyles.Clear()
	 
	 #Set the branding Style
	 Send-SfRequest -Client $sfLogin -Method PATCH -Entity Accounts/Branding -Body $AccountBranding
	 
	 #Tidy Up
	 Remove-Variable AccountBranding
	 	 
	 #####################
	 # Single Sign On Settings
	 #####################
	 #Get current SSO Settings
	 $AccountSSO = Send-SfRequest -Client $sfLogin -Method GET -Entity Accounts/SSO
	 
	 #Modify/Reset Settings
	 $AccountSSO.LoginURL = $AccountSSOLoginURL
	 $AccountSSO.EntityID = $AccountSSOIssuer
	 $AccountSSO.Certificate = $AccountSSOCert
	 $AccountSSO.UseWebAuthentication = $false
	 $AccountSSO.IsActive = $false
	 $AccountSSO.ForceSSO = $false
	 
	 #Set the SSO settings
	 Send-SfRequest -Client $sfLogin -Method PATCH -Entity Accounts/SSO -Body $AccountSSO
	 
}