zendesk_apps_support 4.17.0 → 4.20.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: b9e6c1b0f73a414798ff651dfa81572508499a30a54c4edf6e5fd09b13391424
-  data.tar.gz: a889c5ccf500f94aae9bc6ab1cd13a64dbe9cb9b0f916dbf048e5367381a5187
+SHA1:
+  metadata.gz: 05fdb1c1548cd1f0788f3c4f4e4acae77159f191
+  data.tar.gz: d7d7384f09edcd3973c01e9a688120e0484974f9
 SHA512:
-  metadata.gz: 22f0f135b839ee5bba993f1907f713bfd0585272bbd928e79fbae9c47d1e0e5f0bdae08b91f85f5ab84aad223f1c6ea844b71a176ba29d7bbaa303ef5bdf77be
-  data.tar.gz: 0e94c79424df86521f7887b40829e87704b923d43d22f439127740c25f4f566a990583b132a70acd7a551998e07bfc1b23da47f24af4342006017f19f6e61b06
+  metadata.gz: d1bdb5b392048f13c25fd596d6e491322d516c8c063ef6da1a4bf4c9aaa685e3ff46e9ad5f872fa6f0973fa769676fe6dfa671eac918c8ce1a7d43405677a22d
+  data.tar.gz: 9cecde83aab2cd520ba65d21235577ce1f5dc67cf2bba7ee016fe35b2a3a20f4eafc509ee916967e5bd3a4fd3c6c4cbbce02a1fcd2bad635a1a4fcff512afbb3

data/config/locales/en.yml

@@ -1,4 +1,5 @@
-# This file is generated by rake i18n:standardize. Do NOT edit it directly.
+# This is a generated file. Do NOT edit directly.
+# To update, run 'bundle exec rake i18n:standardize'.
 ---
 en:
   txt:
@@ -54,8 +55,8 @@ en:
               one: 'requirements.json contains an invalid type: %{invalid_types}'
               other: 'requirements.json contains invalid types: %{invalid_types}'
             unsupported_mime_type_detected:
-              one: 'Unsupported MIME type detected in %{file_names}'
-              other: 'Unsupported MIME types detected in %{file_names}'
+              one: Unsupported MIME type detected in %{file_names}.
+              other: Unsupported MIME types detected in %{file_names}.
             multiple_channel_integrations: Specifying multiple channel integrations
               in requirements.json is not supported.
             invalid_cr_schema_keys:
@@ -74,6 +75,8 @@ en:
             style_in_template: "<style> tag in %{template}. Use an app.css file instead."
             no_code_for_ifo_notemplate: Javascripts, stylesheets, and templates are
               not allowed when an iframe URI or noTemplate is specified
+            no_source_required_apps: Javascripts, stylesheets, and templates are not
+              required for marketingOnly or requirementsOnly apps
             invalid_default_locale: "%{default_locale} is not a valid default locale."
             missing_translation_file: 'Missing translation file for locale ''%{default_locale}''.
               Learn more: https://developer.zendesk.com/apps/docs/developer-guide/deploying#app-internationalization'
@@ -84,8 +87,6 @@ en:
             blank_location_uri: "%{location} location does not specify a URI."
             invalid_location_uri: "%{uri} is either an invalid location URI, refers
               to a missing asset, or does not use HTTPS."
-            signed_setting_uri: The url (%{uri}) cannot use a setting because it is
-              a signed url.
             name_as_parameter_name: Can't call a parameter 'name'
             invalid_hidden_parameter:
               one: "%{invalid_params} is set to hidden and cannot be required."
@@ -111,6 +112,8 @@ en:
                 for %{product}: %{missing_key}'
               products_do_not_match_manifest_products: Products in manifest (%{manifest_products})
                 do not match products in translations (%{translation_products})
+              insecure_token_parameter_in_manifest: 'Make sure to set secure to true
+                when using keys in Settings. Learn more: %{link}'
             stylesheet_error: 'Sass error: %{sass_error}'
             invalid_type_parameter:
               one: "%{invalid_types} is an invalid parameter type."
@@ -144,6 +147,6 @@ en:
               other: Possible secrets found in %{files}. Consider reviewing the contents
                 of these files before submitting your app.
             insecure_http_request: Possible insecure HTTP request to %{uri} in %{file}.
-              Consider instead using the HTTPS protocol.
+              Consider using the HTTPS protocol instead.
             application_secret: Possible %{secret_type} found in %{file}. Consider
               reviewing the contents of this file before submitting your app.

data/config/locales/translations/zendesk_apps_support.yml

@@ -15,10 +15,12 @@ parts:
       key: "txt.apps.admin.error.app_build.jshint.one"
       title: "App builder job: JSHint error message"
       value: "JSHint error in %{file}: %{errors}"
+      obsolete: "2019-11-01"
   - translation:
       key: "txt.apps.admin.error.app_build.jshint.other"
       title: "App builder job: JSHint error messages"
       value: "JSHint errors in %{file}: %{errors}"
+      obsolete: "2019-11-01"
   - translation:
       key: "txt.apps.admin.error.app_build.no_template_deprecated_in_v2"
       title: "App builder job: prevent using noTemplate in v2 apps and give advice on how to migrate. Leave noTemplate and autoHide as is (do not localize)"
@@ -167,6 +169,7 @@ parts:
       key: "txt.apps.admin.error.app_build.missing_source"
       title: "App builder job: missing app.js error"
       value: "Could not find app.js"
+      obsolete: "2019-11-01"
   - translation:
       key: "txt.apps.admin.error.app_build.style_in_template"
       title: "App builder job: <style> tags in template error"
@@ -175,6 +178,12 @@ parts:
       key: "txt.apps.admin.error.app_build.no_code_for_ifo_notemplate"
       title: "App builder job: code included for a type of app that shouldn't have code"
       value: "Javascripts, stylesheets, and templates are not allowed when an iframe URI or noTemplate is specified"
+      obsolete: "2019-11-01"
+  - translation:
+      key: "txt.apps.admin.error.app_build.no_source_required_apps"
+      title: "Inform users that no source files are required when uploading marketingOnly and requirementsOnly apps. Do not translate 'marketingOnly' and 'requirementsOnly', these are Manifest properties (https://developer.zendesk.com/apps/docs/developer-guide/manifest). Also refer to https://en.wikipedia.org/wiki/Style_sheet_(web_development) for stylesheets."
+      value: "Javascripts, stylesheets, and templates are not required for marketingOnly or requirementsOnly apps"
+      screenshot: "https://drive.google.com/open?id=12B7CMtErshVxI2b-Eo-DjexOqer27oxV"
   - translation:
       key: "txt.apps.admin.error.app_build.invalid_default_locale"
       title: "App builder job: invalid default locale"
@@ -203,12 +212,6 @@ parts:
       key: "txt.apps.admin.error.app_build.invalid_location_uri"
       title: "App builder job: invalid URI for an iframe in the manifest"
       value: "%{uri} is either an invalid location URI, refers to a missing asset, or does not use HTTPS."
-  - translation:
-      key: "txt.apps.admin.error.app_build.signed_setting_uri"
-      title: "App builder job: invalid URI for an iframe in the manifest. The `manifest` is a setting file, the `signed url` is https://cloud.google.com/storage/docs/access-control/signed-urls"
-      value: "The url (%{uri}) cannot use a setting because it is a signed url."
-      screenshot: "https://drive.google.com/open?id=1oQmBeGfNT5EDaEH3oEQoNjaCzBw5XAvL"
-      obsolete: '2019-04-10'
   - translation:
       key: "txt.apps.admin.error.app_build.name_as_parameter_name"
       title: "App builder job: error message when developer names a parameter 'name'"
@@ -224,7 +227,8 @@ parts:
   - translation:
       key: "txt.apps.admin.warning.app_build.deprecated_version"
       title: "App builder job: deprecated version specified"
-      value: 'You are targeting a deprecated version of the framework. Your app will work, but it might break when the new framework version is deployed.'
+      value: "You are targeting a deprecated version of the framework. Your app will work, but it might break when the new framework version is deployed."
+      obsolete: "2019-11-01"
   - translation:
       key: "txt.apps.admin.warning.app_build.sanitised_svg"
       title: "App builder job: warning that contents of svg have been sanitised and overwritten"
@@ -246,7 +250,7 @@ parts:
   - translation:
       key: "txt.apps.admin.warning.app_build.insecure_http_request"
       title: "App builder job: warning on detecting an insecure http request call in app source files"
-      value: "Possible insecure HTTP request to %{uri} in %{file}. Consider instead using the HTTPS protocol."
+      value: "Possible insecure HTTP request to %{uri} in %{file}. Consider using the HTTPS protocol instead."
       screenshot: "https://drive.google.com/file/d/1V-lXrVoAXAZEtBoekq7XLyetomUZRqY-"
   - translation:
       key: "txt.apps.admin.error.app_build.blocked_request"
@@ -278,6 +282,7 @@ parts:
       key: "txt.apps.admin.error.app_build.old_version"
       title: "App builder job: old framework version"
       value: "Iframe Only apps must target framework versions 2.0 or greater."
+      obsolete: "2019-11-01"
   - translation:
       key: "txt.apps.admin.error.app_build.parameters_not_an_array"
       title: "App builder job: app parameters must be an array"
@@ -319,6 +324,11 @@ parts:
       key: "txt.apps.admin.error.app_build.translation.products_do_not_match_manifest_products"
       title: "App builder job: products specified in translation file don't match products in manifest"
       value: "Products in manifest (%{manifest_products}) do not match products in translations (%{translation_products})"
+  - translation:
+      key: "txt.apps.admin.error.app_build.translation.insecure_token_parameter_in_manifest"
+      title: "Validation message to indicate missing secure(true) field in manifest's token parameter. Do not translate 'secure' and 'true'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
+      value: "Make sure to set secure to true when using keys in Settings. Learn more: %{link}"
+      screenshot: "https://drive.google.com/open?id=1ss3nNN2RG29R7StjCtiH8qjuwFBlRApJ"
   - translation:
       key: "txt.apps.admin.error.app_build.stylesheet_error"
       title: "App builder job: invalid stylesheet syntax"

data/lib/zendesk_apps_support.rb

@@ -26,9 +26,9 @@ module ZendeskAppsSupport
     autoload :Source,                'zendesk_apps_support/validations/source'
     autoload :Templates,             'zendesk_apps_support/validations/templates'
     autoload :Translations,          'zendesk_apps_support/validations/translations'
-    autoload :JSHintValidationError, 'zendesk_apps_support/validations/validation_error'
     autoload :Stylesheets,           'zendesk_apps_support/validations/stylesheets'
     autoload :Requirements,          'zendesk_apps_support/validations/requirements'
+    autoload :Requests,              'zendesk_apps_support/validations/requests'
     autoload :Banner,                'zendesk_apps_support/validations/banner'
     autoload :Svg,                   'zendesk_apps_support/validations/svg'
   end

data/lib/zendesk_apps_support/location.rb

@@ -49,7 +49,13 @@ module ZendeskAppsSupport
       Location.new(id: 13, name: 'system_top_bar',
                    product_code: Product::STANDALONE_CHAT.code, v2_only: false),
       Location.new(id: 14, name: 'background',
-                   product_code: Product::CHAT.code)
+                   product_code: Product::CHAT.code),
+      Location.new(id: 15, name: 'deal_card', product_code: Product::SELL.code, collapsible: true),
+      Location.new(id: 16, name: 'contact_card', product_code: Product::SELL.code, collapsible: true),
+      Location.new(id: 17, name: 'lead_card', product_code: Product::SELL.code, collapsible: true),
+      Location.new(id: 18, name: 'background', product_code: Product::SELL.code),
+      Location.new(id: 19, name: 'modal', product_code: Product::SELL.code),
+      Location.new(id: 20, name: 'dashboard', product_code: Product::SELL.code)
     ].freeze
   end
 end

data/lib/zendesk_apps_support/package.rb

@@ -37,6 +37,7 @@ module ZendeskAppsSupport
         errors << Validations::Source.call(self)
         errors << Validations::Translations.call(self, skip_marketplace_translations: skip_marketplace_translations)
         errors << Validations::Requirements.call(self)
+        errors << Validations::Requests.call(self)
 
         unless manifest.requirements_only? || manifest.marketing_only? || manifest.iframe_only?
           errors << Validations::Templates.call(self)
@@ -94,7 +95,11 @@ module ZendeskAppsSupport
     end
 
     def js_files
-      @js_files ||= files.select { |f| f =~ %r{^(app|lib\/.*)\.js$} }
+      @js_files ||= files.select { |f| f =~ %r{^.*\.jsx?$} }
+    end
+
+    def html_files
+      @html_files ||= files.select { |f| f =~ %r{.*\.html?$} }
     end
 
     def lib_files

data/lib/zendesk_apps_support/product.rb

@@ -19,11 +19,13 @@ module ZendeskAppsSupport
     PRODUCTS_AVAILABLE = [
       Product.new(code: 1, name: 'support', legacy_name: 'zendesk'),
       Product.new(code: 2, name: 'chat', legacy_name: 'zopim'),
-      Product.new(code: 3, name: 'standalone_chat', legacy_name: 'lotus_box')
+      Product.new(code: 3, name: 'standalone_chat', legacy_name: 'lotus_box'),
+      Product.new(code: 4, name: 'sell', legacy_name: 'sell')
     ].freeze
 
     SUPPORT = find_by!(name: 'support')
     CHAT = find_by!(name: 'chat')
     STANDALONE_CHAT = find_by!(name: 'standalone_chat')
+    SELL = find_by!(name: 'sell')
   end
 end

data/lib/zendesk_apps_support/validations/requests.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'ipaddress_2'
+require 'uri'
+
+module ZendeskAppsSupport
+  module Validations
+    module Requests
+      class << self
+        IP_ADDRESS = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/
+
+        def call(package)
+          errors = []
+          files = package.js_files + package.html_files
+
+          files.each do |file|
+            file_content = file.read
+
+            http_protocol_urls = find_address_containing_http(file_content)
+            if http_protocol_urls.any?
+              package.warnings << I18n.t(
+                'txt.apps.admin.warning.app_build.insecure_http_request',
+                uri: http_protocol_urls.join(I18n.t('txt.apps.admin.error.app_build.listing_comma')),
+                file: file.relative_path
+              )
+            end
+
+            ip_addresses = file_content.scan(IP_ADDRESS)
+            if ip_addresses.any?
+              errors << blocked_ips_validation(file.relative_path, ip_addresses)
+            end
+          end
+
+          errors
+        end
+
+        private
+
+        def blocked_ips_validation(file_path, ip_addresses)
+          ip_addresses.each_with_object([]) do |ip_address, error_messages|
+            blocked_type = blocked_ip_type(ip_address)
+            next unless blocked_type
+
+            error_messages << I18n.t(
+              'txt.apps.admin.error.app_build.blocked_request',
+              type: blocked_type,
+              uri:  ip_address,
+              file: file_path
+            )
+          end
+        end
+
+        def blocked_ip_type(ip_address)
+          block_type =
+            case IPAddress.parse(ip_address)
+            when proc(&:private?) then 'private'
+            when proc(&:loopback?) then 'loopback'
+            when proc(&:link_local?) then 'link_local'
+            end
+
+          block_type && I18n.t("txt.apps.admin.error.app_build.blocked_request_#{block_type}")
+        end
+
+        def find_address_containing_http(file_content)
+          file_content.scan(URI.regexp(['http'])).map(&:compact).map(&:last)
+        end
+      end
+    end
+  end
+end

data/lib/zendesk_apps_support/validations/source.rb

@@ -1,68 +1,23 @@
 # frozen_string_literal: true
 
-require 'jshintrb'
-
 module ZendeskAppsSupport
   module Validations
     module Source
-      LINTER_OPTIONS = {
-        # enforcing options:
-        noarg: true,
-        undef: true,
-
-        # relaxing options:
-        eqnull: true,
-        laxcomma: true,
-        sub: true,
-
-        # predefined globals:
-        predef: %w[_ console services helpers alert confirm self
-                   JSON Base64 require module exports moment],
-
-        browser: true
-      }.freeze
-
-      class <<self
+      class << self
         def call(package)
-          files = package.js_files
-          app   = files.find { |file| file.relative_path == 'app.js' }
-
-          if package_needs_app_js?(package)
-            return [ ValidationError.new(:missing_source) ] unless app
-          else
-            return (package_has_code?(package) ? [ ValidationError.new(:no_code_for_ifo_notemplate) ] : [])
+          if app_doesnt_require_source?(package.manifest) && contain_source_files?(package)
+            ValidationError.new(:no_code_for_ifo_notemplate)
           end
-
-          jshint_errors(files).flatten!
         end
 
         private
 
-        def package_has_code?(package)
-          !(package.js_files.empty? && package.template_files.empty? && package.app_css.empty?)
-        end
-
-        def package_needs_app_js?(package)
-          return false if package.manifest.marketing_only?
-          return false if package.manifest.requirements_only?
-          return false if package.manifest.iframe_only?
-          true
-        end
-
-        def jshint_error(file)
-          errors = linter.lint(file.read)
-          [JSHintValidationError.new(file.relative_path, errors)] if errors.any?
-        end
-
-        def jshint_errors(files)
-          files.each_with_object([]) do |file, errors|
-            error = jshint_error(file)
-            errors << error unless error.nil?
-          end
+        def contain_source_files?(package)
+          package.js_files.any? || package.template_files.any? || !package.app_css.empty?
         end
 
-        def linter
-          Jshintrb::Lint.new(LINTER_OPTIONS)
+        def app_doesnt_require_source?(manifest)
+          manifest.requirements_only? || manifest.marketing_only?
         end
       end
     end

data/lib/zendesk_apps_support/validations/translations.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'jshintrb'
 require 'json'
 
 module ZendeskAppsSupport

data/lib/zendesk_apps_support/validations/validation_error.rb

@@ -73,32 +73,5 @@ module ZendeskAppsSupport
         end
       end
     end
-
-    class JSHintValidationError < ValidationError
-      attr_reader :filename, :jshint_errors
-
-      def self.vivify(hash)
-        new(hash['filename'], hash['jshint_errors'])
-      end
-
-      def initialize(filename, jshint_errors)
-        errors = jshint_errors.compact.map { |err| "\n  L#{err['line']}: #{err['reason']}" }.join('')
-        @filename = filename
-        @jshint_errors = jshint_errors
-        super(:jshint, {
-          file: filename,
-          errors: errors,
-          count: jshint_errors.length
-        })
-      end
-
-      def as_json(*)
-        {
-          'class' => self.class.to_s,
-          'filename' => filename,
-          'jshint_errors' => jshint_errors
-        }
-      end
-    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: zendesk_apps_support
 version: !ruby/object:Gem::Version
-  version: 4.17.0
+  version: 4.20.0
 platform: ruby
 authors:
 - James A. Rosen
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-06-26 00:00:00.000000000 Z
+date: 2019-07-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
@@ -97,20 +97,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: jshintrb
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.3.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.3.0
 - !ruby/object:Gem::Dependency
   name: loofah
   requirement: !ruby/object:Gem::Requirement
@@ -167,6 +153,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.3.3
+- !ruby/object:Gem::Dependency
+  name: ipaddress_2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.13.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -276,6 +276,7 @@ files:
 - lib/zendesk_apps_support/validations/manifest.rb
 - lib/zendesk_apps_support/validations/marketplace.rb
 - lib/zendesk_apps_support/validations/mime.rb
+- lib/zendesk_apps_support/validations/requests.rb
 - lib/zendesk_apps_support/validations/requirements.rb
 - lib/zendesk_apps_support/validations/secrets.rb
 - lib/zendesk_apps_support/validations/source.rb
@@ -304,7 +305,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.6
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Support to help you develop Zendesk Apps.