From 3883e33a4af569b55741ae346e21448062961aff Mon Sep 17 00:00:00 2001
From: DrIOS <58635327+DrIOSX@users.noreply.github.com>
Date: Tue, 28 May 2024 13:17:11 -0500
Subject: [PATCH] fix: 1.3.1 aligned with test-template

---
 .../tests/Test-PasswordNeverExpirePolicy.ps1  | 45 +++++++++++--------
 1 file changed, 27 insertions(+), 18 deletions(-)

diff --git a/source/tests/Test-PasswordNeverExpirePolicy.ps1 b/source/tests/Test-PasswordNeverExpirePolicy.ps1
index 8faaf24..66e039a 100644
--- a/source/tests/Test-PasswordNeverExpirePolicy.ps1
+++ b/source/tests/Test-PasswordNeverExpirePolicy.ps1
@@ -1,45 +1,54 @@
 function Test-PasswordNeverExpirePolicy {
     [CmdletBinding()]
     param (
+        # Aligned
         [Parameter(Mandatory)]
         [string]$DomainName # DomainName parameter is now mandatory
     )
 
     begin {
-        # Dot source the class script
-
-        $auditResults = @()
+        # Dot source the class script if necessary
+        #. .\source\Classes\CISAuditResult.ps1
+        # Initialization code, if needed
     }
 
     process {
         # 1.3.1 (L1) Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'
-        # Pass if PasswordValidityPeriodInDays is 0.
-        # Fail otherwise.
+        # Pass if PasswordValidityPeriodInDays is 0. Fail otherwise.
 
-        $passwordPolicy = Get-MgDomain -DomainId $DomainName | Select-Object PasswordValidityPeriodInDays
+        # Retrieve password expiration policy
+        $passwordPolicy = Get-MgDomain -DomainId $DomainName | Select-Object -ExpandProperty PasswordValidityPeriodInDays
 
-        # Create an instance of CISAuditResult and populate it
+        # Prepare failure reasons and details based on compliance
+        $failureReasons = if ($passwordPolicy -ne 0) {
+            "Password expiration is not set to never expire"
+        }
+        else {
+            "N/A"
+        }
+
+        $details = "Validity Period: $passwordPolicy days"
+
+        # Create and populate the CISAuditResult object
         $auditResult = [CISAuditResult]::new()
-        $auditResult.Rec = "1.3.1"
-        $auditResult.RecDescription = "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'"
+        $auditResult.Status = if ($passwordPolicy -eq 0) { "Pass" } else { "Fail" }
         $auditResult.ELevel = "E3"
         $auditResult.ProfileLevel = "L1"
+        $auditResult.Rec = "1.3.1"
+        $auditResult.RecDescription = "Ensure the 'Password expiration policy' is set to 'Set passwords to never expire'"
         $auditResult.CISControlVer = "v8"
         $auditResult.CISControl = "5.2"
         $auditResult.CISDescription = "Use Unique Passwords"
         $auditResult.IG1 = $true
         $auditResult.IG2 = $true
-        $auditResult.IG3 = $true # All are true
-        $auditResult.Result = $passwordPolicy.PasswordValidityPeriodInDays -eq 0
-        $auditResult.Details = "Validity Period: $($passwordPolicy.PasswordValidityPeriodInDays) days"
-        $auditResult.FailureReason = if ($passwordPolicy.PasswordValidityPeriodInDays -eq 0) { "N/A" } else { "Password expiration is not set to never expire" }
-        $auditResult.Status = if ($passwordPolicy.PasswordValidityPeriodInDays -eq 0) { "Pass" } else { "Fail" }
-
-        $auditResults += $auditResult
+        $auditResult.IG3 = $true
+        $auditResult.Result = $passwordPolicy -eq 0
+        $auditResult.Details = $details
+        $auditResult.FailureReason = $failureReasons
     }
 
     end {
-        # Return auditResults
-        return $auditResults
+        # Return the audit result
+        return $auditResult
     }
 }