From 171adeae424c4cd6cd258d09a63c21d875814d02 Mon Sep 17 00:00:00 2001
From: mbrg <11074433+mbrg@users.noreply.github.com>
Date: Sun, 30 Jul 2023 16:52:11 +0300
Subject: [PATCH 1/2] remove readme after intro of wiki

---
 src/powerpwn/powerdoor/readme.md | 36 --------------------------------
 1 file changed, 36 deletions(-)
 delete mode 100644 src/powerpwn/powerdoor/readme.md

diff --git a/src/powerpwn/powerdoor/readme.md b/src/powerpwn/powerdoor/readme.md
deleted file mode 100644
index 4a17289..0000000
--- a/src/powerpwn/powerdoor/readme.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# Backdoor Flow
-
-[![stars](https://img.shields.io/github/stars/mbrg?icon=github&style=social)](https://github.com/mbrg)
-[![twitter](https://img.shields.io/twitter/follow/mbrg0?icon=twitter&style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=mbrg0)
-[![email me](https://img.shields.io/badge/michael.bargury-owasp.org-red?logo=Gmail)](mailto:michael.bargury@owasp.org)
-
-Backdoor Flow is a demo showing how to maintain persistency on Power Platform by installing an automation factory that creates, executes and deletes arbitrary commands.
-
-<a href="https://powerautomate.microsoft.com/en-us/robotic-process-automation/"><img src="https://docs.microsoft.com/en-us/power-pages/media/overview/power-platform.png" alt="Power Pwn" width="500" height="250" /></a>
-
-Disclaimer: these materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome.
-
-## Usage
-**As a python package**
-
-```python
-from powerpwn.powerdoor.backdoor_flow import BackdoorFlow
-from powerpwn.powerdoor.samples.forward_email_backdoor_flow import SAMPLE_FLOW
-POST_URL = ""
-factory = BackdoorFlow(post_url=POST_URL)
-
-flow = factory.create_flow(
-    environment_id=SAMPLE_FLOW["environment"], 
-    flow_display_name=SAMPLE_FLOW["flowDisplayName"], 
-    flow_definition=SAMPLE_FLOW["flowDefinition"], 
-    flow_state=SAMPLE_FLOW["flowState"], 
-    connection_references=EXAMPLE["connectionReferences"]
-)
-
-factory.delete_flow(environment_id=SAMPLE_FLOW["environment"], flow_id=flow["name"])
-```
-
-**From powerpwn cli**
-* Run `powerpwn exec --help` to get all available commands.
-* To create flow run `powerpwn exec create-flow -e {environment-id} -webhook-url {url to installed factory} -i {full path to input}`
-	* You can find an example to input file in samples/sample_backdoor_flow_cli_input.json

From 18ef94d54b80b05236b2ce5282e26ae5e3a4b884 Mon Sep 17 00:00:00 2001
From: mbrg <11074433+mbrg@users.noreply.github.com>
Date: Sun, 30 Jul 2023 17:02:07 +0300
Subject: [PATCH 2/2] add exception for edge case where we couldn't get tokens

---
 src/powerpwn/powerdump/utils/auth.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/powerpwn/powerdump/utils/auth.py b/src/powerpwn/powerdump/utils/auth.py
index 14a6b59..269f57e 100644
--- a/src/powerpwn/powerdump/utils/auth.py
+++ b/src/powerpwn/powerdump/utils/auth.py
@@ -43,7 +43,13 @@ def acquire_token(scope: str, tenant: Optional[str] = None) -> str:
         )
     )
 
-    bearer = azure_cli_bearer_tokens_for_scope.get("token_type") + " " + azure_cli_bearer_tokens_for_scope.get("access_token")
+    if "token_type" not in azure_cli_bearer_tokens_for_scope or "access_token" not in azure_cli_bearer_tokens_for_scope:
+        logger.debug(
+            f"Acquired a token package with scope={scope}, tenant={tenant}. Received the following keys: {list(azure_cli_bearer_tokens_for_scope.key())}."
+        )
+        raise RuntimeError(f"Something went wrong when trying to fetch tokens with scope={scope}, tenant={tenant}. Try removing cached credentials.")
+
+    bearer = azure_cli_bearer_tokens_for_scope["token_type"] + " " + azure_cli_bearer_tokens_for_scope["access_token"]
     logger.info(f"Access token for {scope} acquired successfully")
 
     # cache refresh token for cli to use in further FOCI authentication