zendesk_apps_support 4.29.3 → 4.29.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dba69f9baf26e1f28d4cd6538eb63d67f9f182b04469cb3ab6d9b02f69579081
-  data.tar.gz: 29a12f5b4f0dc4f24d9f92fe3654050ca2f20f3d3036353b411024053db94a86
+  metadata.gz: '05133378592731040e3105b29a3624fe85d190ba5ed7bfc872d99da645aad8c5'
+  data.tar.gz: 5e3bb520f055e87596585d2cd93821e801ad79a509f5c6bff1a12555d69214f4
 SHA512:
-  metadata.gz: cf68d496dfb03184b5e2065e35e13d87c6baa932809d91963c72c836142eb23b3c487d74fb0a434a0fa4345563886e9b8dd456080ee3fd805e8b7d8a993d534d
-  data.tar.gz: 29d5b553e3df6fdae73ac4185c41023185c8a1cc52de1733faa0977ea90d0be481cd3f2a0c66152823ffacf35f6547516f8308018ddbe5e333349d6f798adb2d
+  metadata.gz: 5c4b261f98f1b4ee30324ba70f7f78b24a9d4fbefc0e5e6c209cecd5764218b6aa738ef6fbdb6989cb5de170f40af454a32d738d371b6ce385a8b14f598ca0cb
+  data.tar.gz: 7c283902ea1fe0907abbcb12679fc12fe2ec3d41884babb1e8a6ee50c781b2b78d76c12ee070302ac46fbe2a6d4a52b4c443d641b90754e3a15419dddb0a5ec6

data/config/locales/en.yml

@@ -62,6 +62,7 @@ en:
               other: Unsupported MIME types detected in %{file_names}.
             multiple_channel_integrations: Specifying multiple channel integrations
               in requirements.json is not supported.
+            oauth_parameter_required: "Please upgrade to our new oauth format. Learn more: %{link}"
             invalid_cr_schema_keys:
               one: 'Custom resources schema contains an invalid key: %{invalid_keys}'
               other: 'Custom resources schema contains invalid keys: %{invalid_keys}'
@@ -122,6 +123,9 @@ en:
                 do not match products in translations (%{translation_products})
               insecure_token_parameter_in_manifest: 'Make sure to set secure to true
                 when using keys in Settings. Learn more: %{link}'
+              default_secure_or_hidden_parameter_in_manifest: Default values for secure
+                or hidden parameters are not stored securely. Be sure to review them
+                and confirm they do not contain sensitive data
             stylesheet_error: 'Sass error: %{sass_error}'
             invalid_type_parameter:
               one: "%{invalid_types} is an invalid parameter type."

data/config/locales/translations/zendesk_apps_support.yml

@@ -351,6 +351,11 @@ parts:
       title: "Validation message to indicate missing secure(true) field in manifest's token parameter. Do not translate 'secure' and 'true'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
       value: "Make sure to set secure to true when using keys in Settings. Learn more: %{link}"
       screenshot: "https://drive.google.com/open?id=1ss3nNN2RG29R7StjCtiH8qjuwFBlRApJ"
+  - translation:
+      key: "txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest"
+      title: "Validation message to indicate that a hidden or secure manifest parameter has a default value. Do not translate 'secure' and 'hidden'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
+      value: "Default values for secure or hidden parameters are not stored securely. Be sure to review them and confirm they do not contain sensitive data"
+      screenshot: "https://drive.google.com/file/d/1MI6ci6Jz6xtwOXjcbHFCfNi1FjXKOuv9/view?usp=sharing"
   - translation:
       key: "txt.apps.admin.error.app_build.stylesheet_error"
       title: "App builder job: invalid stylesheet syntax"

data/lib/zendesk_apps_support/sass_functions.rb

@@ -26,9 +26,9 @@ require 'sassc'
 module SassC::Script::Functions
   module AppAssetUrl
     def app_asset_url(name)
-      raise ArgumentError, "Expected #{name} to be a string" unless name.is_a? Sass::Script::Value::String
+      raise ArgumentError, "Expected #{name} to be a string" unless name.is_a? SassC::Script::Value::String
       result = %{url("#{app_asset_url_helper(name)}")}
-      SassC::Script::String.new(result)
+      SassC::Script::Value::String.new(result)
     end
 
     private

data/lib/zendesk_apps_support/validations/manifest.rb

@@ -10,6 +10,7 @@ module ZendeskAppsSupport
       REQUIRED_MANIFEST_FIELDS = RUBY_TO_JSON.select { |k| %i[author default_locale].include? k }.freeze
       OAUTH_REQUIRED_FIELDS = %w[client_id client_secret authorize_uri access_token_uri].freeze
       PARAMETER_TYPES = ZendeskAppsSupport::Manifest::Parameter::TYPES
+      OAUTH_MANIFEST_LINK = 'https://developer.zendesk.com/apps/docs/developer-guide/manifest#oauth'
 
       class << self
         def call(package)
@@ -197,14 +198,21 @@ module ZendeskAppsSupport
 
         def oauth_error(manifest)
           return unless manifest.oauth
-
+          oauth_errors = []
           missing = OAUTH_REQUIRED_FIELDS.select do |key|
             manifest.oauth[key].nil? || manifest.oauth[key].empty?
           end
 
           if missing.any?
-            ValidationError.new('oauth_keys.missing', missing_keys: missing.join(', '), count: missing.length)
+            oauth_errors << \
+              ValidationError.new('oauth_keys.missing', missing_keys: missing.join(', '), count: missing.length)
+          end
+
+          unless manifest.parameters.any? { |param| param.type == 'oauth' }
+            oauth_errors << ValidationError.new('oauth_parameter_required',
+                                                link: OAUTH_MANIFEST_LINK)
           end
+          oauth_errors
         end
 
         def parameters_error(manifest)

data/lib/zendesk_apps_support/validations/mime.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'mimemagic'
+require 'marcel'
 
 module ZendeskAppsSupport
   module Validations
@@ -20,9 +20,8 @@ module ZendeskAppsSupport
         private
 
         def block_listed?(app_file)
-          mime_type = MimeMagic.by_magic(app_file.read)
-
-          content_subtype = mime_type.subtype if mime_type
+          mime_type = Marcel::MimeType.for(StringIO.new(app_file.read))
+          content_subtype = mime_type.split('/', 2).last if mime_type
           extension_name = app_file.extension.delete('.')
 
           ([content_subtype, extension_name] & UNSUPPORTED_MIME_TYPES).any?

data/lib/zendesk_apps_support/validations/secure_settings.rb

@@ -11,12 +11,18 @@ module ZendeskAppsSupport
           manifest_params = package.manifest.parameters
 
           insecure_params_found = manifest_params.any? { |param| insecure_param?(param) }
-
           package.warnings << secure_settings_warning if insecure_params_found
+
+          secure_or_hidden_default_param_found = manifest_params.any? { |param| secure_or_hidden_default_param?(param) }
+          package.warnings << hidden_default_parameter_warning if secure_or_hidden_default_param_found
         end
 
         private
 
+        def secure_or_hidden_default_param?(parameter)
+          parameter.default? && (parameter.secure || parameter.type == 'hidden')
+        end
+
         def insecure_param?(parameter)
           parameter.name =~ SECURABLE_KEYWORDS_REGEXP && type_password_or_text?(parameter.type) && !parameter.secure
         end
@@ -25,6 +31,12 @@ module ZendeskAppsSupport
           parameter_type == 'text' || parameter_type == 'password'
         end
 
+        def hidden_default_parameter_warning
+          I18n.t(
+            'txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest'
+          )
+        end
+
         def secure_settings_warning
           I18n.t(
             'txt.apps.admin.error.app_build.translation.insecure_token_parameter_in_manifest',

metadata

@@ -1,17 +1,17 @@
 --- !ruby/object:Gem::Specification
 name: zendesk_apps_support
 version: !ruby/object:Gem::Version
-  version: 4.29.3
+  version: 4.29.8
 platform: ruby
 authors:
 - James A. Rosen
 - Likun Liu
 - Sean Caffery
 - Daniel Ribeiro
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-15 00:00:00.000000000 Z
+date: 2021-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -31,16 +31,16 @@ dependencies:
   name: sassc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.11.2
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.11.2
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sass
   requirement: !ruby/object:Gem::Requirement
@@ -73,16 +73,16 @@ dependencies:
   name: image_size
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: erubis
   requirement: !ruby/object:Gem::Requirement
@@ -103,28 +103,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.3.1
 - !ruby/object:Gem::Dependency
   name: nokogiri
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.11.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.5
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 1.11.0
 - !ruby/object:Gem::Dependency
   name: rb-inotify
   requirement: !ruby/object:Gem::Requirement
@@ -140,19 +146,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.9.10
 - !ruby/object:Gem::Dependency
-  name: mimemagic
+  name: marcel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.3.3
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ipaddress_2
   requirement: !ruby/object:Gem::Requirement
@@ -251,6 +257,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 1.17.3
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.12.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.12.1
 description: Support to help you develop Zendesk Apps.
 email:
 - dev@zendesk.com
@@ -304,7 +324,7 @@ homepage: http://github.com/zendesk/zendesk_apps_support
 licenses:
 - Apache License Version 2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -319,8 +339,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.2.17
+signing_key:
 specification_version: 4
 summary: Support to help you develop Zendesk Apps.
 test_files: []