zendesk_apps_support 4.27.0 → 4.29.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98c46bd59f486032480d291ecd0daa4fb479665e9a9e114b2c1966223eeb9f11
-  data.tar.gz: 74f5b5e00169a98c185a919648905917438c41e3c7126804b70a1651b139a253
+  metadata.gz: dba69f9baf26e1f28d4cd6538eb63d67f9f182b04469cb3ab6d9b02f69579081
+  data.tar.gz: 29a12f5b4f0dc4f24d9f92fe3654050ca2f20f3d3036353b411024053db94a86
 SHA512:
-  metadata.gz: ad1e834cfee32a905ad10ec1bc0164cffa567a3b40e7f1b1a2a17b3c0b5d88b145aef6eeae86da08b1f97e50212678afd21043ae18e7d72a1aaece71eb8fda66
-  data.tar.gz: fc2a957936239bbc3ff72adb5ef40ab98a120090e1f2b0f0a926433e456aea07d965433319b07de91854998ec8a6066417252d9a12d8b59e29f4af5e8663ba69
+  metadata.gz: cf68d496dfb03184b5e2065e35e13d87c6baa932809d91963c72c836142eb23b3c487d74fb0a434a0fa4345563886e9b8dd456080ee3fd805e8b7d8a993d534d
+  data.tar.gz: 29d5b553e3df6fdae73ac4185c41023185c8a1cc52de1733faa0977ea90d0be481cd3f2a0c66152823ffacf35f6547516f8308018ddbe5e333349d6f798adb2d

data/README.md

@@ -22,7 +22,7 @@ This project uses Rspec, which can be run with `bundle exec rake`.
 
 ## Contribute
 * Put up a PR into the master branch.
-* CC and get two +1 from @zendesk/vegemite.
+* CC and get two +1 from @zendesk/dingo, @zendesk/wattle, or @zendesk/vegemite.
 
 ## Bugs
 Bugs can be reported as an issue here on github, or submitted to support@zendesk.com. By mentioning this project it will assigned to the right team.

data/config/locales/en.yml

@@ -62,7 +62,6 @@ en:
               other: Unsupported MIME types detected in %{file_names}.
             multiple_channel_integrations: Specifying multiple channel integrations
               in requirements.json is not supported.
-            too_many_oauth_parameters: "Too many parameters with type 'oauth': one permitted"
             invalid_cr_schema_keys:
               one: 'Custom resources schema contains an invalid key: %{invalid_keys}'
               other: 'Custom resources schema contains invalid keys: %{invalid_keys}'
@@ -78,6 +77,8 @@ en:
               missing:
                 one: 'Missing required oauth field in manifest: %{missing_keys}'
                 other: 'Missing required oauth fields in manifest: %{missing_keys}'
+            too_many_oauth_parameters: 'Too many parameters with type ''oauth'': one
+              permitted'
             missing_source: Could not find app.js
             style_in_template: "<style> tag in %{template}. Use an app.css file instead."
             no_code_for_ifo_notemplate: Javascripts, stylesheets, and templates are
@@ -139,6 +140,8 @@ en:
             invalid_v1_location:
               one: "%{invalid_locations} is an invalid location in framework v1."
               other: "%{invalid_locations} are invalid locations in framework v1."
+            oauth_parameter_cannot_be_secure: oauth parameter cannot be set to be
+              secure.
         warning:
           app_build:
             deprecated_version: You are targeting a deprecated version of the framework.

data/config/locales/translations/zendesk_apps_support.yml

@@ -399,3 +399,7 @@ parts:
       key: "txt.apps.admin.error.app_build.invalid_v1_location.other"
       title: "The locations listed are not available in framework v1."
       value: "%{invalid_locations} are invalid locations in framework v1."
+  - translation:
+      key: "txt.apps.admin.error.app_build.oauth_parameter_cannot_be_secure"
+      title: "oauth parameter cannot be set to be secure."
+      value: "oauth parameter cannot be set to be secure."

data/lib/zendesk_apps_support/location.rb

@@ -63,7 +63,9 @@ module ZendeskAppsSupport
       Location.new(id: 21, name: 'dashboard', product_code: Product::SELL.code, visible: true),
       Location.new(id: 22, name: 'note_editor', product_code: Product::SELL.code, visible: true),
       Location.new(id: 23, name: 'call_log_editor', product_code: Product::SELL.code, visible: true),
-      Location.new(id: 24, name: 'email_editor', product_code: Product::SELL.code, visible: true)
+      Location.new(id: 24, name: 'email_editor', product_code: Product::SELL.code, visible: true),
+      Location.new(id: 25, name: 'top_bar', product_code: Product::SELL.code, visible: true),
+      Location.new(id: 26, name: 'visit_editor', product_code: Product::SELL.code, visible: true)
     ].freeze
   end
 end

data/lib/zendesk_apps_support/package.rb

@@ -16,7 +16,10 @@ module ZendeskAppsSupport
     DEFAULT_SCSS   = File.read(File.expand_path('../assets/default_styles.scss', __FILE__))
     SRC_TEMPLATE   = Erubis::Eruby.new(File.read(File.expand_path('../assets/src.js.erb', __FILE__)))
 
-    LOCATIONS_WITH_ICONS = %w[top_bar nav_bar system_top_bar ticket_editor].freeze
+    LOCATIONS_WITH_ICONS_PER_PRODUCT = {
+      Product::SUPPORT => %w[top_bar nav_bar system_top_bar ticket_editor].freeze,
+      Product::SELL => %w[top_bar].freeze
+    }.freeze
 
     attr_reader :lib_root, :root, :warnings
 
@@ -37,10 +40,10 @@ module ZendeskAppsSupport
         errors << Validations::Source.call(self)
         errors << Validations::Translations.call(self, skip_marketplace_translations: skip_marketplace_translations)
         errors << Validations::Requirements.call(self)
-        errors << Validations::Requests.call(self)
 
         # only adds warnings
         Validations::SecureSettings.call(self)
+        Validations::Requests.call(self)
 
         unless manifest.requirements_only? || manifest.marketing_only? || manifest.iframe_only?
           errors << Validations::Templates.call(self)
@@ -275,6 +278,24 @@ module ZendeskAppsSupport
       end
     end
 
+    def location_icons
+      Hash.new { |h, k| h[k] = {} }.tap do |location_icons|
+        manifest.location_options.each do |location_options|
+          # no location information in the manifest
+          next unless location_options.location
+
+          product = location_options.location.product
+          location_name = location_options.location.name
+          # the location on the product does not support icons
+          next unless LOCATIONS_WITH_ICONS_PER_PRODUCT.fetch(product, []).include?(location_name)
+
+          host = location_options.location.product.name
+          product_directory = manifest.products.count > 1 ? "#{host}/" : ''
+          location_icons[host][location_name] = build_location_icons_hash(location_name, product_directory)
+        end
+      end
+    end
+
     private
 
     def generate_logo_hash(products)
@@ -318,21 +339,6 @@ module ZendeskAppsSupport
       has_file?('assets/banner.png')
     end
 
-    def location_icons
-      Hash.new { |h, k| h[k] = {} }.tap do |location_icons|
-        manifest.location_options.each do |location_options|
-          next unless location_options.location &&
-                      LOCATIONS_WITH_ICONS.include?(location_options.location.name) &&
-                      location_options.location.product == Product::SUPPORT
-
-          host = location_options.location.product.name
-          location = location_options.location.name
-          product_directory = manifest.products.count > 1 ? "#{host}/" : ''
-          location_icons[host][location] = build_location_icons_hash(location, product_directory)
-        end
-      end
-    end
-
     def build_location_icons_hash(location, product_directory)
       inactive_png = "icon_#{location}_inactive.png"
       if has_file?("assets/#{product_directory}icon_#{location}.svg")

data/lib/zendesk_apps_support/validations/manifest.rb

@@ -33,51 +33,71 @@ module ZendeskAppsSupport
         def collate_manifest_errors(package)
           manifest = package.manifest
 
-          errors = []
-          errors << missing_keys_error(manifest)
-          errors << type_checks(manifest)
-          errors << oauth_error(manifest)
-          errors << default_locale_error(manifest, package)
+          errors = [
+            missing_keys_error(manifest),
+            type_checks(manifest),
+            oauth_error(manifest),
+            default_locale_error(manifest, package),
+            validate_parameters(manifest),
+            if manifest.requirements_only? || manifest.marketing_only?
+              [ ban_location(manifest),
+                ban_framework_version(manifest) ]
+            else
+              [ validate_location(package),
+                missing_framework_version(manifest),
+                invalid_version_error(manifest) ]
+            end,
+            ban_no_template(manifest)
+          ]
+          errors.flatten.compact
+        end
 
+        def validate_location(package)
+          manifest = package.manifest
+          [
+            missing_location_error(package),
+            invalid_location_error(package),
+            invalid_v1_location(package),
+            location_framework_mismatch(manifest)
+          ]
+        end
+
+        def validate_parameters(manifest)
           if manifest.marketing_only?
-            errors.push(*marketing_only_errors(manifest))
+            marketing_only_errors(manifest)
           else
-            errors << parameters_error(manifest)
-            errors << invalid_hidden_parameter_error(manifest)
-            errors << invalid_type_error(manifest)
-            errors << too_many_oauth_parameters(manifest)
-            errors << name_as_parameter_name_error(manifest)
+            [
+              parameters_error(manifest),
+              invalid_hidden_parameter_error(manifest),
+              invalid_type_error(manifest),
+              too_many_oauth_parameters(manifest),
+              oauth_cannot_be_secure(manifest),
+              name_as_parameter_name_error(manifest)
+            ]
           end
+        end
 
-          if manifest.requirements_only? || manifest.marketing_only?
-            errors << ban_location(manifest)
-            errors << ban_framework_version(manifest)
-          else
-            errors << missing_location_error(package)
-            errors << invalid_location_error(package)
-            errors << invalid_v1_location(package)
-            errors << missing_framework_version(manifest)
-            errors << location_framework_mismatch(manifest)
-            errors << invalid_version_error(manifest)
+        def oauth_cannot_be_secure(manifest)
+          manifest.parameters.map do |parameter|
+            if parameter.type == 'oauth' && parameter.secure
+              return ValidationError.new('oauth_parameter_cannot_be_secure')
+            end
           end
-
-          errors << ban_no_template(manifest) if manifest.iframe_only?
-
-          errors.flatten.compact
         end
 
         def marketing_only_errors(manifest)
-          [].tap do |errors|
-            errors << ban_parameters(manifest)
-            errors << private_marketing_app_error(manifest)
-          end
+          [
+            ban_parameters(manifest),
+            private_marketing_app_error(manifest)
+          ]
         end
 
         def type_checks(manifest)
-          errors = []
-          errors << boolean_error(manifest)
-          errors << string_error(manifest)
-          errors << no_template_format_error(manifest)
+          errors = [
+            boolean_error(manifest),
+            string_error(manifest),
+            no_template_format_error(manifest)
+          ]
           unless manifest.experiments.is_a?(Hash)
             errors << ValidationError.new(
               :unacceptable_hash,
@@ -152,6 +172,7 @@ module ZendeskAppsSupport
         end
 
         def ban_no_template(manifest)
+          return unless manifest.iframe_only?
           no_template_migration_link = 'https://developer.zendesk.com/apps/docs/apps-v2/manifest#location'
           if manifest.no_template? || !manifest.no_template_locations.empty?
             ValidationError.new(:no_template_deprecated_in_v2, link: no_template_migration_link)

data/lib/zendesk_apps_support/validations/requests.rb

@@ -7,62 +7,25 @@ module ZendeskAppsSupport
   module Validations
     module Requests
       class << self
-        IP_ADDRESS = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/
-
         def call(package)
-          errors = []
           files = package.js_files + package.html_files
-          private_app = package.manifest.private?
 
           files.each do |file|
             file_content = file.read
 
             http_protocol_urls = find_address_containing_http(file_content)
-            if http_protocol_urls.any?
-              package.warnings << insecure_http_requests_warning(
-                http_protocol_urls,
-                file.relative_path
-              )
-            end
-
-            ip_addresses = file_content.scan(IP_ADDRESS)
-            next unless ip_addresses.any?
-
-            ip_validation_messages = ip_validation_messages(
-              file.relative_path,
-              ip_addresses,
-              private_app
+            next unless http_protocol_urls.any?
+            package.warnings << insecure_http_requests_warning(
+              http_protocol_urls,
+              file.relative_path
             )
-
-            validation_group = private_app ? package.warnings : errors
-            validation_group << ip_validation_messages
           end
 
           package.warnings.flatten!
-          errors
         end
 
         private
 
-        def ip_validation_messages(file_path, ip_addresses, private_app)
-          ip_addresses.each_with_object([]) do |ip_address, messages|
-            ip_type_string = ip_type_string(ip_address)
-            next unless ip_type_string
-
-            string_params = {
-              type: ip_type_string, uri: ip_address, file: file_path
-            }
-            validation_message =
-              if private_app
-                I18n.t('txt.apps.admin.error.app_build.blocked_request', string_params)
-              else
-                ValidationError.new(:blocked_request, string_params)
-              end
-
-            messages << validation_message
-          end
-        end
-
         def insecure_http_requests_warning(http_protocol_urls, relative_path)
           http_protocol_urls = http_protocol_urls.join(
             I18n.t('txt.apps.admin.error.app_build.listing_comma')
@@ -75,19 +38,6 @@ module ZendeskAppsSupport
           )
         end
 
-        def ip_type_string(ip_address)
-          block_type =
-            case IPAddress.parse(ip_address)
-            when proc(&:private?) then 'private'
-            when proc(&:loopback?) then 'loopback'
-            when proc(&:link_local?) then 'link_local'
-            end
-
-          block_type && I18n.t("txt.apps.admin.error.app_build.blocked_request_#{block_type}")
-        rescue ArgumentError
-          nil # Ignore numbers which are not an IP address
-        end
-
         def find_address_containing_http(file_content)
           file_content.scan(URI.regexp(['http'])).map(&:compact).map(&:last)
         end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zendesk_apps_support
 version: !ruby/object:Gem::Version
-  version: 4.27.0
+  version: 4.29.3
 platform: ruby
 authors:
 - James A. Rosen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-09 00:00:00.000000000 Z
+date: 2020-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -319,8 +319,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.10
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Support to help you develop Zendesk Apps.