rforce 0.10 → 0.15

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c3a071a2857df828c3921bb9cd49fab785f959bac60cfd01065dde0313f59e6c
+  data.tar.gz: 05afbdbf418ec1d4e1a7c58a390e2fc44c7b04d1c374e6acbba058f3e0a8863e
+SHA512:
+  metadata.gz: 55baa254981ef2dbcd6c0d301579905beea00e2f0b4e1be0ac1eb0a311a805ed1409878ee0eef9d877a7cce307819cb1cbaf6aea9d8d55331d17fff3ad3b15b5
+  data.tar.gz: 4d2053a4e2c77d7da535fd770a779b5e313b0e753759f80e63128d94198c0095e289eeffd44c72ac23daff71e19a4f6438f45b46645219adb4eab39ce10e0a61

data/.gitignore

@@ -0,0 +1,3 @@
+.bundle
+Gemfile.lock
+pkg

data/.travis.yml

@@ -0,0 +1,15 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.0
+before_install: gem install bundler -v 2.0.2
+install: "bundle install"
+script: "bundle exec rake spec"
+rvm:
+  - 2.3
+  - 2.4
+  - 2.5
+  - 2.6
+  - jruby

data/{History.txt → CHANGELOG.txt}

@@ -1,3 +1,38 @@
+== 0.15.0 2021-04-22
+
+* 1 security update
+  * Upgraded away from vulnerable OAuth version
+* 1 compatibility update
+  * Dropped expat/xmlbuilder for lack of compatibility
+
+== 0.14.0 2019-08-20
+
+* 1 security update
+  * Upgraded away from vulnerable Nokogiri version
+* 1 enhancement
+  * Slightly modernized project layout
+
+== 0.13.0 2015-01-05
+* 1 bug fix
+  * Attempt server connection even if caller hasn't logged in yet
+    (reported by desheikh)
+
+== 0.12.0 2014-07-27
+* 2 enhancements
+  * Clearer errors when skipping login (Victor Stan)
+  * Allow passing in an optional logger (Jeff Jolma)
+* 3 bug fixes
+  * Fixed URL error in OAuth flow (reported by karthickbabuos)
+  * Corrected UTF-8 handling error (Maxime Rety)
+  * Fixed repeat login issue (Jeff Jolma)
+
+== 0.11.0 2013-06-08
+* 1 minor enhancement
+  * Give the README an .rdoc extension for easy Github viewing
+    (Brad Dunn)
+* 1 bug fix
+  * Fixed malformed request (Jeff Jolma)
+
 == 0.10.0 2012-09-12
 * 1 bug fix
   * Integer auto-parsing mangles ZIP codes (reported by Jason

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at erin.dees@stitchfix.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in rforce.gemspec
+gemspec

data/Gemfile.ci

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem 'builder', '~> 3.0'
+gem 'oauth', '~> 0.5.5'
+gem 'rspec', '~> 3.0'
+gem 'nokogiri', '~> 1.10.4'

data/{README.txt → README.rdoc}

@@ -1,14 +1,13 @@
 = rforce
 
-* http://rforce.rubyforge.org
-* http://rubyforge.org/projects/rforce
-* http://bitbucket.org/undees/rforce
 * http://github.com/undees/rforce
 
 == DESCRIPTION:
 
 RForce is a simple, usable binding to the Salesforce API.
 
+{<img src="https://travis-ci.org/undees/rforce.png" />}[https://travis-ci.org/undees/rforce]
+
 == FEATURES:
 
 Rather than enforcing adherence to the sforce.com schema, RForce assumes you are familiar with the API. Ruby method names become SOAP method names. Nested Ruby hashes become nested XML elements.
@@ -73,7 +72,7 @@ Rather than enforcing adherence to the sforce.com schema, RForce assumes you are
 
 == LICENSE:
 
-Copyright (c) 2005-2012 Ian Dees and contributors
+Copyright (c) 2005-2019 Erin Dees and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Rakefile

@@ -1,32 +1,8 @@
-# -*- ruby -*-
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
 
-$:.unshift './lib'
+RSpec::Core::RakeTask.new(:spec)
 
-require 'hoe'
-require 'hoe/gemspec2'
+task :default => :spec
 
-Hoe.plugin :gemspec2
-
-Hoe.spec 'rforce' do
-  developer('Ian Dees', 'undees@gmail.com')
-
-  self.extra_deps << ['builder', '~> 3.0']
-  self.extra_deps << ['oauth', '~> 0.4']
-
-  self.extra_dev_deps << ['rspec', '~> 2.8']
-  self.extra_dev_deps << ['hoe-gemspec2', '~> 1.1']
-  self.extra_dev_deps << ['hpricot', '~> 0.8']
-  self.extra_dev_deps << ['nokogiri', '~> 1.5']
-  self.extra_dev_deps << ['xmlparser', '~> 0.7']
-
-  self.rdoc_locations = ['undees@rforce.rubyforge.org:/var/www/gforge-projects/rforce']
-  self.remote_rdoc_dir = ''
-
-  self.rspec_options = ['-rubygems', '--options', 'spec/spec.opts']
-end
-
-task :test => :spec
-
-Dir['tasks/**/*.rake'].each { |rake| load rake }
-
-# vim: syntax=Ruby
+Dir['lib/tasks/**/*.rake'].each { |rake| load rake }

data/examples/oauth_setup.rb

@@ -0,0 +1,26 @@
+require 'oauth'
+
+consumer_key    = ENV['SALESFORCE_CONSUMER_KEY']
+consumer_secret = ENV['SALESFORCE_CONSUMER_SECRET']
+
+oauth_options = {
+  :site               => 'https://login.salesforce.com',
+  :scheme             => :body,
+  :request_token_path => '/_nc_external/system/security/oauth/RequestTokenHandler',
+  :authorize_path     => '/setup/secur/RemoteAccessAuthorizationPage.apexp',
+  :access_token_path  => '/_nc_external/system/security/oauth/AccessTokenHandler',
+}
+
+consumer = OAuth::Consumer.new consumer_key, consumer_secret, oauth_options
+# consumer.http.set_debug_output STDERR # if you're curious
+
+request       = consumer.get_request_token
+authorize_url = request.authorize_url :oauth_consumer_key => consumer_key
+
+puts "Go to #{authorize_url} in your browser, then enter the verification code:"
+verification_code = gets.strip
+
+access = request.get_access_token :oauth_verifier => verification_code
+
+puts "Access Token:  " + access.token
+puts "Access Secret: " + access.secret

data/examples/oauth_use.rb

@@ -0,0 +1,25 @@
+require 'rforce'
+
+oauth = {
+  :consumer_key    => ENV['SALESFORCE_CONSUMER_KEY'],
+  :consumer_secret => ENV['SALESFORCE_CONSUMER_SECRET'],
+  :access_token    => ENV['SALESFORCE_ACCESS_TOKEN'],
+  :access_secret   => ENV['SALESFORCE_ACCESS_SECRET'],
+  :login_url       => 'https://login.salesforce.com/services/OAuth/u/20.0'
+}
+
+binding = RForce::Binding.new \
+  'https://www.salesforce.com/services/Soap/u/20.0',
+  nil,
+  oauth
+
+binding.login_with_oauth
+
+answer = binding.search \
+  :searchString =>
+    'find {McFakerson Co} in name fields returning account(id)'
+
+account = answer.searchResponse.result.searchRecords.record
+account_id = account.Id
+
+puts account_id

data/examples/simple.rb

@@ -0,0 +1,20 @@
+require 'rforce'
+
+email    = ENV['SALESFORCE_USER']
+password = ENV['SALESFORCE_PASS']
+token    = ENV['SALESFORCE_TOKEN']
+
+binding = RForce::Binding.new \
+  'https://www.salesforce.com/services/Soap/u/20.0'
+
+binding.login \
+  email, password + token
+
+answer = binding.search \
+  :searchString =>
+    'find {McFakerson Co} in name fields returning account(id)'
+
+account = answer.searchResponse.result.searchRecords.record
+account_id = account.Id
+
+puts account_id

data/lib/rforce.rb

@@ -1,5 +1,5 @@
 =begin
-Copyright (c) 2005-2010 Ian Dees and contributors
+Copyright (c) 2005-2019 Erin Dees and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -53,8 +53,8 @@ module RForce
   # Expand Ruby data structures into XML.
   def expand(builder, args, xmlns = nil)
     # Nest arrays: [:a, 1, :b, 2] => [[:a, 1], [:b, 2]]
-    if (args.class == Array)
-      args.each_index{|i| args[i, 2] = [args[i, 2]]}
+    if args.is_a?(Array)
+      args = args.each_slice(2).to_a
     end
 
     args.each do |key, value|

data/lib/rforce/binding.rb

@@ -44,99 +44,87 @@ module RForce
     MruHeader = '<partner:MruHeader soap:mustUnderstand="1"><partner:updateMru>true</partner:updateMru></partner:MruHeader>'
     ClientIdHeader = '<partner:CallOptions soap:mustUnderstand="1"><partner:client>%s</partner:client></partner:CallOptions>'
 
-    # Connect to the server securely.  If you pass an oauth hash, it
-    # must contain the keys :consumer_key, :consumer_secret,
+    # Create a binding to the server (after which you can call login
+    # or login_with_oauth to connect to it). If you pass an oauth
+    # hash, it must contain the keys :consumer_key, :consumer_secret,
     # :access_token, :access_secret, and :login_url.
     #
     # proxy may be a URL of the form http://user:pass@example.com:port
     #
-    def initialize(url, sid = nil, oauth = nil, proxy = nil)
+    # if a logger is specified, it will be used for very verbose SOAP logging
+    #
+    def initialize(url, sid = nil, oauth = nil, proxy = nil, logger = nil)
       @session_id = sid
       @oauth = oauth
       @proxy = proxy
       @batch_size = DEFAULT_BATCH_SIZE
-
-      init_server(url)
+      @logger = logger
+      @url = URI.parse(url)
     end
 
-
     def show_debug
       ENV['SHOWSOAP'] == 'true'
     end
 
+    def create_server(url)
+      server = Net::HTTP.Proxy(@proxy).new(url.host, url.port)
+      server.use_ssl = (url.scheme == 'https')
+      server.verify_mode = OpenSSL::SSL::VERIFY_NONE
 
-    def init_server(url)
-      @url = URI.parse(url)
-
-      if (@oauth)
-        consumer = OAuth::Consumer.new \
-          @oauth[:consumer_key],
-          @oauth[:consumer_secret],
-          {
-            :site => url,
-            :proxy => @proxy
-          }
-
-        consumer.http.set_debug_output $stderr if show_debug
-
-        @server  = OAuth::AccessToken.new \
-          consumer,
-          @oauth[:access_token],
-          @oauth[:access_secret]
-
-        class << @server
-          alias_method :post2, :post
-        end
-      else
-        @server = Net::HTTP.Proxy(@proxy).new(@url.host, @url.port)
-        @server.use_ssl = @url.scheme == 'https'
-        @server.verify_mode = OpenSSL::SSL::VERIFY_NONE
-
-        # run ruby with -d or env variable SHOWSOAP=true to see SOAP wiredumps.
-        @server.set_debug_output $stderr if show_debug
-      end
-    end
-
-    #  Connect to remote server
-    #
-    def connect(user, password)
-      @user = user
-      @password = password
+      # run ruby with -d or env variable SHOWSOAP=true to see SOAP wiredumps.
+      server.set_debug_output $stderr if show_debug
 
-      call_remote(:login, [:username, user, :password, password])
+      return server
     end
 
     # Log in to the server with a user name and password, remembering
     # the session ID returned to us by Salesforce.
     def login(user, password)
-      response = connect(user, password)
+      @user     = user
+      @password = password
+      @server   = create_server(@url)
+      response  = call_remote(:login, [:username, user, :password, password])
 
       raise "Incorrect user name / password [#{response.Fault}]" unless response.loginResponse
 
-      result = response[:loginResponse][:result]
+      result      = response[:loginResponse][:result]
       @session_id = result[:sessionId]
+      @url        = URI.parse(result[:serverUrl])
+      @server     = create_server(@url)
 
-      init_server(result[:serverUrl])
-
-      response
+      return response
     end
 
     # Log in to the server with OAuth, remembering
     # the session ID returned to us by Salesforce.
     def login_with_oauth
-      result = @server.post \
-        @oauth[:login_url],
+      consumer = OAuth::Consumer.new \
+        @oauth[:consumer_key],
+        @oauth[:consumer_secret]
+
+      access = OAuth::AccessToken.new \
+        consumer, @oauth[:access_token],
+        @oauth[:access_secret]
+
+      login_url = @oauth[:login_url]
+
+      result = access.post \
+        login_url,
         '',
         {'content-type' => 'application/x-www-form-urlencoded'}
 
       case result
       when Net::HTTPSuccess
-        doc = REXML::Document.new result.body
+        doc         = REXML::Document.new result.body
         @session_id = doc.elements['*/sessionId'].text
-        server_url  = doc.elements['*/serverUrl'].text
-        init_server server_url
+        @url        = URI.parse(doc.elements['*/serverUrl'].text)
+        @server     = access
+
+        class << @server
+          alias_method :post2, :post
+        end
 
-        return {:sessionId => @sessionId, :serverUrl => server_url}
+        return {:sessionId => @session_id, :serverUrl => @url.to_s}
       when Net::HTTPUnauthorized
         raise 'Invalid OAuth tokens'
       else
@@ -148,8 +136,13 @@ module RForce
     # a hash or (if order is important) an array of alternating
     # keys and values.
     def call_remote(method, args)
+      @server ||= create_server(@url)
 
-      urn, soap_url = block_given? ? yield : ["urn:partner.soap.sforce.com", @url.path]
+      # Different URI requirements for regular vs. OAuth.  This is
+      # *screaming* for a refactor.
+      fallback_soap_url = @oauth ? @url.to_s : @url.path
+
+      urn, soap_url = block_given? ? yield : ["urn:partner.soap.sforce.com", fallback_soap_url]
 
       # Create XML text from the arguments.
       expanded = ''
@@ -157,12 +150,12 @@ module RForce
       expand(@builder, {method => args}, urn)
 
       extra_headers = ""
-      
+
       # QueryOptions is not valid when making an Apex Webservice SOAP call
       if !block_given?
         extra_headers << (QueryOptions % @batch_size)
       end
-      
+
       extra_headers << (AssignmentRuleHeaderUsingRuleId % assignment_rule_id) if assignment_rule_id
       extra_headers << AssignmentRuleHeaderUsingDefaultRule if use_default_rule
       extra_headers << MruHeader if update_mru
@@ -181,6 +174,7 @@ module RForce
       # Fill in the blanks of the SOAP envelope with our
       # session ID and the expanded XML of our request.
       request = (Envelope % [@session_id, extra_headers, expanded])
+      @logger && @logger.info("RForce request: #{request}")
 
       # reset the batch size for the next request
       @batch_size = DEFAULT_BATCH_SIZE
@@ -201,29 +195,42 @@ module RForce
       end
 
       # Send the request to the server and read the response.
+      @logger && @logger.info("RForce request to host #{@server} url #{soap_url} headers: #{headers}")
       response = @server.post2(soap_url, request.lstrip, headers)
 
       # decode if we have encoding
       content = decode(response)
 
+      # Fix charset encoding. Needed because the "content" variable may contain a UTF-8
+      # or ISO-8859-1 string, but is carrying the US-ASCII encoding.
+      content = fix_encoding(content)
+
       # Check to see if INVALID_SESSION_ID was raised and try to relogin in
       if method != :login and @session_id and content =~ /sf:INVALID_SESSION_ID/
-        login(@user, @password)
+        if @user
+          login(@user, @password)
+        else
+          raise "INVALID_SESSION_ID"
+        end
 
         # repackage and rencode request with the new session id
-        request = (Envelope % [@session_id, @batch_size, extra_headers, expanded])
+        request = (Envelope % [@session_id, extra_headers, expanded])
         request = encode(request)
 
         # Send the request to the server and read the response.
         response = @server.post2(soap_url, request.lstrip, headers)
 
         content = decode(response)
+
+        # Fix charset encoding. Needed because the "content" variable may contain a UTF-8
+        # or ISO-8859-1 string, but is carrying the US-ASCII encoding.
+        content = fix_encoding(content)
       end
 
+      @logger && @logger.info("RForce response: #{content}")
       SoapResponse.new(content).parse
     end
 
-
     # decode gzip
     def decode(response)
       encoding = response['Content-Encoding']
@@ -246,7 +253,6 @@ module RForce
       end
     end
 
-
     # encode gzip
     def encode(request)
       return request if show_debug
@@ -261,6 +267,28 @@ module RForce
       end
     end
 
+    # fix invalid US-ASCII strings by applying the correct encoding on ruby 1.9+
+    def fix_encoding(string)
+      if [:valid_encoding?, :force_encoding].all? { |m| string.respond_to?(m) }
+        if !string.valid_encoding?
+          # The 2 possible encodings in responses are UTF-8 and ISO-8859-1
+          # http://www.salesforce.com/us/developer/docs/api/Content/implementation_considerations.htm#topic-title_international
+          #
+          ["UTF-8", "ISO-8859-1"].each do |encoding_name|
+
+            s = string.dup.force_encoding(encoding_name)
+
+            if s.valid_encoding?
+              return s
+            end
+          end
+
+          raise "Invalid encoding in SOAP response: not in [US-ASCII, UTF-8, ISO-8859-1]"
+        end
+      end
+
+      return string
+    end
 
     # Turns method calls on this object into remote SOAP calls.
     def method_missing(method, *args)