zuora_connect 2.0.35 → 2.0.36

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c3c6b7ac935c55509c6e6a17119ae886704a3a53aab7cf68d4f632d41941160
-  data.tar.gz: 6797088f6387e6ed51ffce504653a087e8a902b142dc166d9dc09fc4759d6d51
+  metadata.gz: ec4f417ea781c1789f8905c8cdb151c0a78d4618f14e7a862e350087455291a7
+  data.tar.gz: f83ae2e442291a687fabee9bad24166f8ac1c85fe050f873196102088f8e9118
 SHA512:
-  metadata.gz: fd5ee82d006aa5383af74246b5668f3ef8457596d3192b920147ef26389ff090d6d1a81078a1ca5c9c4210e5cfdb74e9f050c1a39d9faa8aba19eed42d67557c
-  data.tar.gz: 622acfefb244129ef4c493ac6723df3d7ca564076744908524cbb9af9b6f306f9663a69b6fcba3c13104b1426b8eb0224a4ffecc360074391f3446dedbd540fa
+  metadata.gz: 756176debe1e03eb0e40559fcedcf463f0459299a349903e386e3acceb628751138f37a78c930a481fb1f4e763500508887ff9f77d1108d62138949bf05935cb
+  data.tar.gz: 8be3d81dae05302104544f97cc8a39c50933fba6c2f9c8ab9452c14d6c76a90ea8430d24522ce0af082fdb9c1b3a01996543c29e1f92c044a21d363a114f2a2f

data/app/models/zuora_connect/app_instance_base.rb

@@ -851,13 +851,7 @@ module ZuoraConnect
         while !response["nextPage"].blank?
           url = login.rest_endpoint(response["nextPage"].split('/v1/').last)
           ZuoraConnect.logger.debug("Fetch Catalog URL #{url}")
-          output_json, response = login.rest_call(:debug => false, :url => url, :errors => [ZuoraAPI::Exceptions::ZuoraAPISessionError], :timeout_retry => true)
-          ZuoraConnect.logger.debug("Fetch Catalog Response Code #{response.code}")
-
-          if !output_json['success'] =~ (/(true|t|yes|y|1)$/i) || output_json['success'].class != TrueClass
-            ZuoraConnect.logger.error("Fetch Catalog DATA #{output_json.to_json}")
-            raise ZuoraAPI::Exceptions::ZuoraAPIError.new("Error Getting Catalog: #{output_json}")
-          end
+          output_json, response = login.rest_call(:debug => false, :url => url, :timeout_retry => true)
 
           output_json["products"].each do |product|
             ActiveRecord::Base.connection.execute('UPDATE "public"."zuora_connect_app_instances" SET "catalog_mapping" = jsonb_set("catalog_mapping", \'{tmp, %s}\', \'%s\') where "id" = %s' % [product["id"], {"productId" => product["id"]}.to_json.gsub("'", "''"), self.id])

data/config/initializers/redis.rb

@@ -1,7 +1,16 @@
 redis_url = ENV["REDIS_URL"].present? ?  ENV["REDIS_URL"] : defined?(Rails.application.secrets.redis) ? Rails.application.secrets.redis : 'redis://localhost:6379/1'
 resque_url = ENV["RESQUE_URL"].present? ?  ENV["RESQUE_URL"] : defined?(Rails.application.secrets.resque) ? Rails.application.secrets.resque : 'redis://localhost:6379/1'
-flash_url = ENV["FLASH_URL"].present? ?  ENV["FLASH_URL"] : defined?(Rails.application.secrets.flash) ? Rails.application.secrets.flash : 'redis://localhost:6379/1'
+flash_url = ENV["FLASH_URL"].present? ?  ENV["FLASH_URL"] : defined?(Rails.application.secrets.flash) ? Rails.application.secrets.flash : nil
 browser_urls = {}
+class RedisFlash
+  def self.current
+    @current ||= Redis.new()
+  end
+  def self.current=(redis)
+    @current = redis
+  end
+end
+
 if defined?(Redis.current)
   Redis.current = Redis.new(:id => "#{ZuoraConnect::Telegraf.full_process_name(process_name: 'Redis')}", :url => redis_url, :timeout => 6, :reconnect_attempts => 2)
   browser_urls['Redis'] = { "url" => redis_url }
@@ -13,7 +22,7 @@ if defined?(Redis.current)
       Resque.redis = Redis.current
     end
   end
-  if defined?(RedisFlash)
+  if defined?(flash_url.present?)
     RedisFlash.current = Redis.new(:id => "#{ZuoraConnect::Telegraf.full_process_name(process_name: 'Flash')}", :url => flash_url, :timeout => 6, :reconnect_attempts => 2) 
     browser_urls['Flash'] = { "url" => flash_url }
   end

data/lib/middleware/bad_multipart_form_data_sanitizer.rb

@@ -0,0 +1,21 @@
+module ZuoraConnect
+  class BadMultipartFormDataSanitizer
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      if env['CONTENT_TYPE'] =~ /multipart\/form-data/
+        begin
+          Rack::Multipart.parse_multipart(env)
+        rescue EOFError => ex
+          # set content-type to multipart/form-data without the boundary part
+          # to handle the case where empty content is submitted
+          env['CONTENT_TYPE'] = 'multipart/form-data'
+        end
+      end
+
+      @app.call(env)
+    end
+  end
+end

data/lib/resque/plugins/custom_logger.rb

@@ -7,7 +7,6 @@ module Resque
   module Plugins
     module CustomLogger
       def before_perform(*args)
-        Rails.logger.with_fields = { trace_id: SecureRandom.uuid, name: "RailsWorker"} if Rails.logger.class.to_s == 'Ougai::Logger' && ZuoraConnect.configuration.json_logging
         case args.class.to_s
         when "Array"
           if args.first.class == Hash
@@ -18,6 +17,8 @@ module Resque
         when "Hash"
           data = args.merge({:worker_class => self.to_s})
         end
+        Rails.logger.with_fields = {job: data, trace_id: SecureRandom.uuid, name: "RailsWorker"} if Rails.logger.class.to_s == 'Ougai::Logger' && ZuoraConnect.configuration.json_logging
+
         data = {:msg => 'Starting job', :job => data}
 
         app_instance_id = data.dig(:job, 'app_instance_id')

data/lib/zuora_connect/controllers/helpers.rb

@@ -263,7 +263,17 @@ module ZuoraConnect
               client_describe, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
               session["ZuoraCurrentUserInfo"] = client_describe
             
-              raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") if zuora_entity_id != identity['entityId']
+              if zuora_entity_id != identity['entityId']
+                if zuora_tenant_id.to_s == "10548"
+                  render "zuora_connect/static/error_handled", :locals => {
+                    :title => "Security Testing", 
+                    :message => "Ya we know it you"
+                  }, :layout => false
+                  return
+                else
+                  raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") 
+                end
+              end
             end
 
             #Find matching app instances.

data/lib/zuora_connect/railtie.rb

@@ -1,6 +1,7 @@
 require 'middleware/metrics_middleware'
 require 'middleware/request_id_middleware'
 require 'middleware/json_parse_errors'
+require 'middleware/bad_multipart_form_data_sanitizer'
 
 module ZuoraConnect
   class Railtie < Rails::Railtie
@@ -26,6 +27,7 @@ module ZuoraConnect
     initializer "zuora_connect.configure_rails_initialization" do |app|
       app.middleware.insert_after Rack::Sendfile, ZuoraConnect::MetricsMiddleware
       app.middleware.insert_after ActionDispatch::RequestId, ZuoraConnect::RequestIdMiddleware
+      app.middleware.insert_before Rack::Runtime, ZuoraConnect::BadMultipartFormDataSanitizer
       app.config.middleware.use ZuoraConnect::JsonParseErrors
     end
 

data/lib/zuora_connect/version.rb

@@ -1,3 +1,3 @@
 module ZuoraConnect
-  VERSION = "2.0.35"
+  VERSION = "2.0.36"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zuora_connect
 version: !ruby/object:Gem::Version
-  version: 2.0.35
+  version: 2.0.36
 platform: ruby
 authors:
 - Connect Team
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-20 00:00:00.000000000 Z
+date: 2020-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: apartment
@@ -340,6 +340,7 @@ files:
 - lib/logging/connect_formatter.rb
 - lib/metrics/influx/point_value.rb
 - lib/metrics/net.rb
+- lib/middleware/bad_multipart_form_data_sanitizer.rb
 - lib/middleware/json_parse_errors.rb
 - lib/middleware/metrics_middleware.rb
 - lib/middleware/request_id_middleware.rb