Force Google Apps users to change password periodically - google-apps-script

I'm wondering if anyone has updated the following script for the new "Admin SDK Directory Service" as I currently get an error with the "UserManager" is not defined.
The original script is from this site (Thank you),
http://www.googleappsscript.org/home/force-google-apps-users-to-change-password-periodically
I'm not a developer but I have used this script before and it worked great.

This is the line that is giving you the error:
//get all users in domain
var users = UserManager.getAllUsers();
That API is now deprecated:
Google Documentation - google-apps/provisioning
In order to use the new API, it must be explicitly enabled in your Apps Script editor. And you will need a domain name.
Google Support - What is a domain?
If you have a domain name, you can use this example code, to get a list of all the users:
Apps Script Documentation - Admin SDK Directory Service
The code you were using would need to be totally re-written. It's not really what stackoverflow is meant for.

Related

Access google sheet using google API key credentials

I was using google sheet from one application using htttp request like https://script.google.com/macros/s/XXXXXXXX/exec
but now Google has changed the access method. now I cannot access the URL mentioned above (XXXXXXXX : Replaced with my sheetid).
Now I was searching the access method and I found that we can also access using google API keys. which has to send in the HTTP request. Here is the page for more information.
https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps#httprest_1
But I am not getting a complete idea for HTTP request.
Anyone has tried the same or related.
From the question
I was using google sheet from one application using htttp request like https://script.google.com/macros/s/XXXXXXXX/exec but now Google has changed the access method. now I cannot access the URL mentioned above (XXXXXXXX : Replaced with my sheetid).
The XXXXXXXX is not the the sheetid, it's a unique id assigned to the corresponding web app deployment.
To get the web app full URL you have to go to your script, using the new Google Apps Script IDE, click on Deploy > Manage Deployments then select the corresponding deployment.
Resources
https://developers.google.com/apps-script/guides/web

How can I Find All Uses of a Google Script Library?

I have a Google Script library that is used by at least 100 other scripts (some that are bound to spreadsheets/documents, some that are not). How can I find all of these client scripts that reference my library script?
More specifically, I need to be able to add a new feature into the library that requires new permissions that I (the user) must grant. The client scripts won't run if I just add this feature to the library without granting the permissions to each of the client scripts. So ultimately, I need to give this new permission to each of the clients. And if I knew what scripts were actually using this library, I could do that manually for each one. But I need to URL's or ID's or something for each of those scripts.
Answer:
Unfortunately this is not possible to do.
More Information
It is possible to get a list of standalone Scripts from your Drive, though scripts bound to a file can not be searched for using regular searching methods.
It is possible, using the help of this Google Account page to get a list of all the Apps that have access to your account, though only files you have authorised will appear here, and apps which are not just those created by you in Apps Script will appear there (for example, other add-ons or even Android Apps bound to your account appear here).
A Partial Workaround:
Using Google Apps Script, you can list all Apps Script Projects that you own with help of the MimeType enumeration GOOGLE_APPS_SCRIPT
var scripts = DriveApp.getFilesByType(MimeType.GOOGLE_APPS_SCRIPT);
var arr =[ ];
while (scripts.hasNext()) {
var script = scripts.next();
arr.push(script)
}
Logger.log(arr);
Or even just searching for type:script in Drive, however this only returns a list of scripts that are not bound to a file.
You can then use regular Google Drive search terms to find which of these files contain, for example, a unique method name that the library uses. I am aware this isn't a perfect solution and you would still have to look for projects bound to a file using the above webpage.
Feature Request:
It appears that back in 2014 a feature request for this was made on Google's Issue Tracker, though I would suggest creating another feature request for this here as it was marked as a duplicate of another issue. You can make a feature request under the correct Apps Script component here.
References:
Google Apps Script - Enum MimeType
Google Drive Search Query Terms
Apps with access to your account
Google's Issue Tracker
Feature Request: Listing and searching for container bound scripts
Create an Apps Script Feature Request

Google App Scripts cannot be given Authorization or Permission

Why am I not able to give permission/authorization to a Google Apps Script that I also made using the same Google account?
It seems like Google doesnt trust myself to use my own Google Apps Script with my own Spreadsheet.
Here is the line of code that breaks everything. If this line doesnt exist, I'm not asked for permission.
var sheet = SpreadsheetApp.getActiveSheet();
So it's trying to access the spreadsheet that created this Google Apps Script, also made using my account but I cant grant permission.
When I run the line of code above, I am told I need to give permissions, so I do by selecting the account name I am already logged into. I am greeted by this error,
This app isn't verified
which unfortunately does not provide competent documentation to troubleshoot.
Any feedback or help would be much appreciated! Thanks!
Click on the "Advanced" link and you'll be able to authorize your script.
To reduce the scope of permissions you request, you also have the option of declaring your script project to be only able to interact with the bound document:
/* #OnlyCurrentDoc */
function myFunction() {
...
This declaration is incompatible with some methods (such as SpreadsheetApp.openById()), and using an incompatible method results in an error in the application execution.
Successfully adding it to your project is generally sufficient to remove the "This application is unsafe" layer of the authentication flow, meaning the authorization and permission list is not hidden behind the "Advanced" tab.
In addition to declaring as current document only, manually editing the requested scopes of your project in its project manifest can help reduce the perceived threat from an unverified application (for example, retaining only the "read_only" version of certain scopes, where applicable). Apps Script documentation offers more details on project manifests.

Correct scope for Google App Script Execution API?

I'm hoping to automate some HR work by running a Google App Script via the Execution API. Without getting too much into the details, I'd like to pass employee evaluation data as a parameter into the App Script. The script will then use this data to compile an "Employee Review" GDoc.
So far, I have ran a simple test App Script using the Execution API. For example, I can successfully run a simple function which logs a string or interacts with spreadsheets. So far so good.
But I run into problems when trying to write to a GDoc (which is unfortunately integral to my task). Here's my paired down script:
// TODO: Eventually, we'll pass these variables as arguments
var docId = "MY-DOC-ID";
// Find the team member review doc
var doc = DocumentApp.openById(docId);
// Replace placeholder text
var docBody = doc.getActiveSection();
docBody.replaceText('{{DATE}}', "Date set by App Script!!!");
doc.saveAndClose();
This script works when I press the "Run" button in the App Scripts web UI. But when I try to run via the Execution API, I get:
{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
So apparently I haven't provided the correct scope? Following the docs, I can find the necessary scope(s) in Project Properties > Scopes which says:
But when I try adding that scope, it wont work. As I said other scopes (e.g. https://www.googleapis.com/auth/spreadsheets) work just fine. Perhaps the auth/documents scope is no longer supported or there's a bug in their API?
Questions
What is the correct scope? I can see a big list here but I don't see https://www.googleapis.com/auth/documents, so?
Any other suggestions? For example, is it possible to write to a Google Doc using the Google Client API directly (i.e. without using App Scripts)?
Doh. I figured out the solution to my problem. While it was a dumb mistake, it's nevertheless worth posting as it may save others confusion in the future.
First, a little context about my setup. I'm authenticating to the Google Client API using a Service Account. Furthermore, as is common when using a service account setup, I am impersonating a user within our organization (specifically my own account).
My missing step (obvious in hindsight)...
Log into the App Script web UI as the person you are impersonating.
Manually run the script by pressing the play button
If the impersonated user has not already granted permissions to access the required scopes, you will be prompted to do so.
After granting access (specifically for the https://www.googleapis.com/auth/documents scope), my authorization error disappeared.
So the lesson: Make sure the account you are impersonating has granted access for all the scopes which your script requires.

Writing file to Application Data Folder on Add-ons from Google App Script server code

As mentioned in this document about storing application data, I would like to make it possible from a Google App Script Add-on server code.
I was able to create an arbitrary file into my google root drive folder this way.
DriveApp.createFile('Test', 'Test content');
But was not able to figure out how to create it into (hidden) app data folder:
var dir = DriveApp.getFolderById("appDataFolder");
var file = dir.createFile('Test', 'Test content');
Receiving "Access denied" by executing it.
I guess I have to apply this following scope to my app but do not know how apply it on a google app script.
Scope: https://www.googleapis.com/auth/drive.appdata
Drive API is well activated.
It would be nice if I could update these scopes (File>Project Properties menu):
Any help would be so appreciated.
Users have to explicitly grant your Add-on access to the private AppData folder. And currently that's only achievable by setting up an OAuth2 flow.
EDIT As of November 2017, Apps Script now supports explicit OAuth scopes. There is no longer a need to set up a custom OAuth flow, simply set the desired OAuth scope in the manifest file (as documented here) to request access to a user's App Data Folder.
Here's a video that provides a good overview of how OAuth2 works (independent of Apps Script)
OAuth 2.0: An Overview
If you're up to the task, you can review Google's OAuth2 documentation and figure out how to implement it for your use case, but you're better off leveraging the "official" OAuth2 library for Apps Script.
Here's another video that covers OAuth flows for Add-ons using said library:
OAuth2 flows in Add-ons
Note: Make sure that you use the appropriate scope(s) in your flow. In this case you only need to use one; https://www.googleapis.com/auth/drive.appdata
Also, if you're looking for some code implementing an OAuth flow to access the App Data folder check out this github repo from Spencer Easton:
Apps-Script-Appfolder-Library
The 2nd video is from Totally Unscripted, a vlog hosted by app script devs from the Google+ App Script community. Check it out, its a great resource for App Script development.
You've enabled Drive v2 API and use the alias appDataFolder which is for Drive v3. That may have contributed to the issue you're encountering.
If you'll be using v2, try to change the alias to appfolder. Hopefully this has been of help to you.
Happy coding!