zendesk_apps_support 4.44.0 → 4.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/config/locales/en.yml +15 -0
  3. data/config/locales/translations/zendesk_apps_support.yml +21 -0
  4. data/lib/zendesk_apps_support/package.rb +4 -1
  5. data/lib/zendesk_apps_support/validations/manifest.rb +1 -1
  6. data/lib/zendesk_apps_support/validations/secure_settings.rb +18 -1
  7. data/lib/zendesk_apps_support/version.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ab47aa0e5d6274fd6b7527a5bb09dc16c833359464c5535855940892466687e
4
- data.tar.gz: 34e8962b318292e95eb5b784bddaea7a409d4fe7feb0edd010aa76021bc13d04
3
+ metadata.gz: 8b8758656a8905a32b83c582ea409106a523ae0da29e2d27adab601b1b018600
4
+ data.tar.gz: 0b558941ca135311562c1ce19d0de5f7b601e7632aa52b3bd70034602869d5c0
5
5
  SHA512:
6
- metadata.gz: 3783f916fe8f1546a9c9eba93c13e91a7bb1690f8872fb056be89fec7f48f901b491f757a7b5117d7f14bf1bcb902ae2aef58dad4c9e733462c4a4648291eb37
7
- data.tar.gz: 3a075c7d184f66d49ab4fe5f569ea8196eca5ef51288fad0a36035d9de0058cea9868047cece4f0fca78351944133d05132e53a511113238c1cf2262f34a3145
6
+ metadata.gz: ef0392d1072ac538bf2f5aa052a68b9690efa985ad97e8780457dff4cabd75d7a30322b29f7f06b6106e3e34c51e3a759835a04091b27fcd81950527b1d8afd9
7
+ data.tar.gz: ecc883ab33aa84393276ef0c67244ba65e876a342252b867ec2ff2eda6ac4dfb013bd9351a19247f5ad9071dd44b08a0bc704cba1c73af7d3ec781038305ceb7
data/config/locales/en.yml CHANGED
@@ -175,6 +175,19 @@ en:
175
175
  invalid_cov2_trigger_conditions_structure_v2: The requirements.json file
176
176
  contains an invalid custom object trigger conditions structure. Conditions
177
177
  must be a hash with all and any arrays for trigger %{trigger_key}.
178
+ cov2_object_setting_placeholder_not_allowed: The requirements.json file
179
+ contains a placeholder in the objects array. The %{property_name} property
180
+ of object %{object_key} contains a placeholder %{property_value}. Placeholders
181
+ are not allowed in object definitions.
182
+ cov2_field_setting_placeholder_not_allowed: 'The requirements.json file
183
+ contains a placeholder in the object_fields array. The %{property_name}
184
+ property of field %{field_key} (object: %{object_key}) contains a placeholder
185
+ %{property_value}. Placeholders are not allowed in field definitions.'
186
+ cov2_trigger_setting_placeholder_not_allowed: 'The requirements.json file
187
+ contains a placeholder in the object_triggers array. The %{property_name}
188
+ property of trigger %{trigger_key} (object: %{object_key}) contains
189
+ a placeholder %{property_value}. Placeholders are not allowed in trigger
190
+ definitions.'
178
191
  missing_required_fields: 'Missing required fields in requirements.json:
179
192
  "%{field}" is required in "%{identifier}"'
180
193
  duplicate_requirements:
@@ -252,6 +265,8 @@ en:
252
265
  do not match products in translations (%{translation_products})
253
266
  insecure_token_parameter_in_manifest: 'Make sure to set secure to true
254
267
  when using keys in Settings. Learn more: %{link}'
268
+ secure_parameters_with_no_scopes_in_manifest: 'The scopes property is not configured for parameter(s): %{params}.
269
+ This may cause token exposure vulnerabilities. Learn about: %{link}'
255
270
  password_parameter_deprecated: 'Password parameter type is deprecated
256
271
  and will not be accepted in the future. Use Basic Access Authentication
257
272
  instead. Learn more: %{link}.'
data/config/locales/translations/zendesk_apps_support.yml CHANGED
@@ -310,6 +310,21 @@ parts:
310
310
  title: 'App builder job: requirements file contains invalid custom object trigger conditions structure. Conditions must be an object (a set of key-value pairs, like { "all": [], "any": [] } in JSON) with "all" and "any" arrays as keys. Do not translate "requirements.json". Do not translate "all" and "any" as it is part of schema.'
311
311
  value: 'The requirements.json file contains an invalid custom object trigger conditions structure. Conditions must be a hash with all and any arrays for trigger %{trigger_key}.'
312
312
  screenshot: "https://drive.google.com/file/d/1q9S42EyNDE1GPk8A32LT0n2ZQiBpuCEW/view?usp=sharing"
313
+ - translation:
314
+ key: "txt.apps.admin.error.app_build.cov2_object_setting_placeholder_not_allowed"
315
+ title: 'App builder job: requirements file contains placeholder in custom objects v2 object property. Placeholders are not allowed in object definitions. Leave requirements.json as is (do not translate). Do not translate "objects" as it is part of schema.'
316
+ value: 'The requirements.json file contains a placeholder in the objects array. The %{property_name} property of object %{object_key} contains a placeholder %{property_value}. Placeholders are not allowed in object definitions.'
317
+ screenshot: "https://drive.google.com/file/d/1UYrBruLjZ27WoQ40sWXqd07DNwtblg2W/view?usp=sharing"
318
+ - translation:
319
+ key: "txt.apps.admin.error.app_build.cov2_field_setting_placeholder_not_allowed"
320
+ title: 'App builder job: requirements file contains placeholder in custom objects v2 field property. Placeholders are not allowed in field definitions. Leave requirements.json as is (do not translate). Do not translate "object_fields" as it is part of schema.'
321
+ value: 'The requirements.json file contains a placeholder in the object_fields array. The %{property_name} property of field %{field_key} (object: %{object_key}) contains a placeholder %{property_value}. Placeholders are not allowed in field definitions.'
322
+ screenshot: "https://drive.google.com/file/d/1Bprc1VNv8kmzgbNeQn-noU0ItSci2obm/view?usp=sharing"
323
+ - translation:
324
+ key: "txt.apps.admin.error.app_build.cov2_trigger_setting_placeholder_not_allowed"
325
+ title: 'App builder job: requirements file contains placeholder in custom objects v2 trigger identifier. Placeholders are not allowed in trigger identifiers. Leave requirements.json as is (do not translate). Do not translate "object_triggers" as it is part of schema.'
326
+ value: 'The requirements.json file contains a placeholder in the object_triggers array. The %{property_name} property of trigger %{trigger_key} (object: %{object_key}) contains a placeholder %{property_value}. Placeholders are not allowed in trigger definitions.'
327
+ screenshot: "https://drive.google.com/file/d/1FwnzKj9srIDTxtk-WryA3xHTXGD7uS-W/view?usp=sharing"
313
328
  - translation:
314
329
  key: "txt.apps.admin.error.app_build.missing_required_fields"
315
330
  title: "App builder job: required key missing in requirements, e.g. \"title\" is required in \"my_custom_email_target\""
@@ -649,3 +664,9 @@ parts:
649
664
  key: "txt.apps.admin.error.app_build.field_contains_invalid_keys"
650
665
  title: "App builder job: Error for invalid field keys. Placeholder %{field} shows parameter fields like \"parameter[name='param'].scopes\" provided in the supplied manifest file, %{keys} shows the invalid keys found within the field."
651
666
  value: "%{field} contains invalid keys: %{keys}."
667
+ - translation:
668
+ key: "txt.apps.admin.error.app_build.translation.secure_parameters_with_no_scopes_in_manifest"
669
+ title: "Validation message to indicate missing scopes field in manifest's secure parameter.
670
+ Do not translate 'scopes'. %{params} refers to secure parameters with no scopes configured.
671
+ Scopes in manifest refers to https://developer.zendesk.com/documentation/apps/getting-started/setting-up-new-apps/#scopes"
672
+ value: "The scopes property is not configured for parameter(s): %{params}. This may cause token exposure vulnerabilities. Learn about: %{link}"
data/lib/zendesk_apps_support/package.rb CHANGED
@@ -48,7 +48,10 @@ module ZendeskAppsSupport
48
48
  errors << Validations::Requirements.call(self, validate_custom_objects_v2:)
49
49
 
50
50
  # only adds warnings
51
- Validations::SecureSettings.call(self)
51
+ Validations::SecureSettings.call(
52
+ self,
53
+ validate_scopes_for_secure_parameter: validate_scopes_for_secure_parameter
54
+ )
52
55
  Validations::Requests.call(self)
53
56
 
54
57
  unless manifest.requirements_only? || manifest.marketing_only? || manifest.iframe_only?
data/lib/zendesk_apps_support/validations/manifest.rb CHANGED
@@ -11,7 +11,7 @@ module ZendeskAppsSupport
11
11
  OAUTH_REQUIRED_FIELDS = %w[client_id client_secret authorize_uri access_token_uri].freeze
12
12
  PARAMETER_TYPES = ZendeskAppsSupport::Manifest::Parameter::TYPES
13
13
  OAUTH_MANIFEST_LINK = 'https://developer.zendesk.com/apps/docs/developer-guide/manifest#oauth'
14
- SECURE_PARAM_SCOPES = %w[header body url_host url_path jwt_secret_key jwt_claim basic_auth_username basic_auth_password].freeze
14
+ SECURE_PARAM_SCOPES = %w[header body url jwt_secret_key jwt_claim basic_auth_username basic_auth_password].freeze
15
15
 
16
16
  class << self
17
17
  def call(package, error_on_password_parameter: false, validate_scopes_for_secure_parameter: false)
data/lib/zendesk_apps_support/validations/secure_settings.rb CHANGED
@@ -7,7 +7,7 @@ module ZendeskAppsSupport
7
7
  SECURABLE_KEYWORDS_REGEXP = Regexp.new(SECURABLE_KEYWORDS.join('|'), Regexp::IGNORECASE)
8
8
 
9
9
  class << self
10
- def call(package)
10
+ def call(package, validate_scopes_for_secure_parameter: false)
11
11
  manifest_params = package.manifest.parameters
12
12
 
13
13
  insecure_params_found = manifest_params.any? { |param| insecure_param?(param) }
@@ -15,6 +15,11 @@ module ZendeskAppsSupport
15
15
 
16
16
  secure_or_hidden_default_param_found = manifest_params.any? { |param| secure_or_hidden_default_param?(param) }
17
17
  package.warnings << hidden_default_parameter_warning if secure_or_hidden_default_param_found
18
+
19
+ if validate_scopes_for_secure_parameter
20
+ unscoped_secure_param_names = manifest_params.filter_map { |param| name_if_secure_unscoped(param) }
21
+ package.warnings << no_scopes_warning(unscoped_secure_param_names) if unscoped_secure_param_names.any?
22
+ end
18
23
  end
19
24
 
20
25
  private
@@ -43,6 +48,18 @@ module ZendeskAppsSupport
43
48
  link: 'https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings'
44
49
  )
45
50
  end
51
+
52
+ def name_if_secure_unscoped(param)
53
+ param.name if param.secure && !param.scopes&.any?
54
+ end
55
+
56
+ def no_scopes_warning(param_names)
57
+ I18n.t(
58
+ 'txt.apps.admin.error.app_build.translation.secure_parameters_with_no_scopes_in_manifest',
59
+ params: param_names.join(I18n.t('txt.apps.admin.error.app_build.listing_comma')),
60
+ link: 'https://developer.zendesk.com/documentation/apps/getting-started/setting-up-new-apps/#scopes'
61
+ )
62
+ end
46
63
  end
47
64
  end
48
65
  end
data/lib/zendesk_apps_support/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module ZendeskAppsSupport
2
- VERSION = "4.44.0"
2
+ VERSION = "4.45.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: zendesk_apps_support
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.44.0
4
+ version: 4.45.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - James A. Rosen
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2025-11-06 00:00:00.000000000 Z
14
+ date: 2025-12-04 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: i18n