zuora_connect 2.0.5 → 2.0.8

data/lib/zuora_connect/configuration.rb

@@ -3,11 +3,11 @@ module ZuoraConnect
 
     attr_accessor :default_locale, :default_time_zone, :url, :mode, :delayed_job,:private_key, :additional_apartment_models
 
-    attr_accessor :enable_metrics, :telegraf_endpoint, :telegraf_debug, :custom_prometheus_update_block, :silencer_resque_finish, :blpop_queue, :app_access_permissions
+    attr_accessor :enable_metrics, :telegraf_endpoint, :telegraf_debug, :custom_prometheus_update_block, :silencer_resque_finish, :blpop_queue
 
     attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
 
-    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name
+    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :json_logging
 
     def initialize
       @default_locale = :en
@@ -19,7 +19,6 @@ module ZuoraConnect
       @additional_apartment_models = []
       @silencer_resque_finish = true
       @blpop_queue = false
-      @app_access_permissions = false
 
       # Setting the app name for telegraf write
       @enable_metrics = false
@@ -43,6 +42,7 @@ module ZuoraConnect
       @aws_region = "us-west-2"
       @s3_bucket_name = "rbm-apps"
       @s3_folder_name = Rails.application.class.parent_name
+      @json_logging = Rails.env.to_s == 'development' ? false : true
     end
 
     def private_key

data/lib/zuora_connect/controllers/helpers.rb

@@ -16,7 +16,7 @@ module ZuoraConnect
           ZuoraConnect.logger.debug("[#{@appinstance.id}] API REQUEST - API token") if @appinstance.present?
           check_instance
         elsif ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
-          zuora_host, zuora_entity_id, zuora_instance_id = [request.headers['zuora-host'], request.headers['zuora-entity-ids'].gsub('-',''), request.headers['zuora-instance-id']]
+          zuora_host, zuora_entity_id, zuora_instance_id = [request.headers['zuora-host'], (request.headers['zuora-entity-ids'] || "").gsub('-',''), request.headers['zuora-instance-id']]
 
           #Validate host present
           if zuora_host.blank?
@@ -37,21 +37,24 @@ module ZuoraConnect
 
           if appinstances.size == 0
             render json: {"status": 401, "message": "Missing mapping or no deployment for '#{zuora_host}-#{zuora_entity_id}' ."}, status: :unauthorized
+            return
           elsif appinstances.size > 1
             render json: {"status": 401, "message": "More than one app instance binded to host and entity ids. Please indicate correct instance via 'zuora-instance-id' header"}, status: :unauthorized
+            return
           else
             @appinstance = appinstances.first
+            check_instance
           end
-
-        else #if request.headers.fetch("Authorization", "").include?("Basic ")
+      
+        elsif request.headers.fetch("Authorization", "").include?("Basic ")
           authenticate_or_request_with_http_basic do |username, password|
             @appinstance = ZuoraConnect::AppInstance.where(:token => password).first
             @appinstance ||= ZuoraConnect::AppInstance.where(:api_token => password).first
             ZuoraConnect.logger.debug("[#{@appinstance.id}] API REQUEST - Basic Auth") if @appinstance.present?
             check_instance
           end
-        # else
-        #   check_instance
+        else
+          check_instance
         end
         
         if @appinstance.present?
@@ -59,175 +62,253 @@ module ZuoraConnect
         end
       end
 
+       #API ONLY
+      def check_instance
+        if defined?(@appinstance) && @appinstance.present?
+          if @appinstance.new_session_for_api_requests(:params => params)
+            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
+          end
+          Thread.current[:appinstance] = @appinstance
+          PaperTrail.whodunnit = "API User" if defined?(PaperTrail)
+          ElasticAPM.set_user("API User")  if defined?(ElasticAPM) && ElasticAPM.running?
+          return true
+        else
+          response.set_header('WWW-Authenticate', "Basic realm=\"Application\"")
+          render json: {"status": 401, "message": "Access Denied"}, status: :unauthorized
+          return false
+        end
+      end
+
       def authenticate_connect_app_request
         ElasticAPM.set_tag(:trace_id, request.uuid) if defined?(ElasticAPM) && ElasticAPM.running?
         Thread.current[:appinstance] = nil
+        start_time = Time.now
 
-        if request.headers['ZuoraCurrentEntity'].present?
-  
-          #Do we need to refresh session identity
-          zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
-          if request.headers["Zuora-Auth-Token"].present?
-            zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
-          elsif cookies['ZSession'].present?
-            zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
-          else
-            raise ZuoraConnect::Exceptions::Error.new("Neither the ZSession cookie nor the Zuora-Auth-Token are present in payload.")
-          end
-          zuora_entity_id = request.headers['ZuoraCurrentEntity']
-          zuora_instance_id = params[:sidebar_launch].to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
+        if ZuoraConnect.configuration.mode == "Production"
+          zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
 
-          #Identity blank or current entity different
-          if (session["ZuoraCurrentIdentity"].blank? || session["ZuoraCurrentEntity"] != zuora_entity_id)
-            begin
-              identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
-              session["ZuoraCurrentIdentity"] = identity
-              session["ZuoraCurrentEntity"] = identity['entityId']
+          if zuora_entity_id.present?
+            zuora_tenant_id = cookies['Zuora-Tenant-Id']
+            zuora_user_id = cookies['Zuora-User-Id']
+            zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
 
-              raise ZuoraConnect::Exceptions::Error.new("Header entity id, '#{zuora_entity_id}' does not match identity call entity id, '#{identity['entityId']}'.") if zuora_entity_id != identity['entityId']
-            rescue => ex
-              ZuoraConnect.logger.error(ex)
-              render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
-              return              
-            end
-          end
+            zuora_details = {'host' => zuora_host, 'user_id' => zuora_user_id, 'tenant_id' => zuora_tenant_id, 'entity_id' => zuora_entity_id}
 
-          #Find matching app instances.
-          if zuora_instance_id.present?
-            appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id).pluck(:id, :name)
-          else
-            #if app_instance_ids is present then permissions still controlled by connect
-            if params[:app_instance_ids].present? 
-              begin
-                navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
-                urls = navbar['menus'].map {|x| x['url']}
-                app_env = ENV["DEIS_APP"] || "xyz123"
-                url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
-                task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
-                
-                appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
-              rescue => ex
-                ZuoraConnect.logger.error(ex)
-                render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
-                return
-              end
+            #Do we need to refresh session identity
+            if request.headers["Zuora-Auth-Token"].present?
+              zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
+            elsif cookies['ZSession'].present?
+              zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
             else
-              appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
+              render "zuora_connect/static/error_handled", :locals => {
+                :title => "Missing Authorization Token", 
+                :message => "Zuora 'Zuora-Auth-Token' header and 'ZSession' cookie not present."
+              }, :layout => false
+              return
             end
-          end
 
-          zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
+            begin
+              zuora_instance_id = params[:sidebar_launch].to_s.to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
+
+              #Identity blank or current entity different
+              different_zsession = session["ZSession"] != cookies['ZSession']
+              missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
+              missing_identity = session["ZuoraCurrentIdentity"].blank?
 
-          #One deployed instance
-          if appinstances.size == 1
-            ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
+              if (missing_identity || missmatched_entity || different_zsession)
+                zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
+                identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
+                session["ZuoraCurrentIdentity"] = identity
+                session["ZuoraCurrentEntity"] = identity['entityId']
+                session["ZSession"] = cookies['ZSession']
+                zuora_instance_id = nil
+                zuora_details["identity"]["entityId"] = identity['entityId']
 
-            #Add user/update 
-            @user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
-            if @user.present?
-              ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
-              if @user.updated_at < Time.now - 1.day
-                @user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
-                @user.save!
+                client_describe, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
+                session["ZuoraCurrentUserInfo"] = client_describe
+              
+                raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") if zuora_entity_id != identity['entityId']
               end
-            else
-              ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
-              @user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
-            end 
-            #Update access if admin in tenant
-            if session["ZuoraCurrentIdentity"]['platformRole'] == 'ADMIN' && !@user.app_permissions['access'].to_bool
-              @user.app_permissions['access'] = true 
-              @user.save!
-            end
 
-            #If user has has access to application
-            if @user.app_permissions['access'].to_bool || !ZuoraConnect.configuration.app_access_permissions
-              session["appInstance"] = appinstances.to_h.keys.first
-            else
-              Thread.current[:appinstance] = nil
-              session["appInstance"] = nil
-              admin_users = ZuoraConnect::ZuoraUser.select("zuora_identity_response #>> '{#{zuora_entity_id},username}' as username").where("zuora_identity_response #>> :selector = 'ADMIN' ", :selector => "{#{zuora_entity_id},platformRole}")
-              render "zuora_connect/static/permission_error", :locals => {:admins => admin_users}
-              return
-            end
-          #We have multiple, user must pick
-          elsif appinstances.size > 1
-            ZuoraConnect.logger.debug("User must select instance. #{@names}")
-            render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}
-            return
-          else 
-            begin
-              #Ensure user can access oauth creation API 
-              if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN'
-                raise ZuoraConnect::Exceptions::Error.new("User is not admin, workflow cannot be deployed.")
+              #Find matching app instances.
+              if zuora_instance_id.present?
+                appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id).pluck(:id, :name)
+              else
+                #if app_instance_ids is present then permissions still controlled by connect
+                if params[:app_instance_ids].present? 
+                  navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
+                  urls = navbar['menus'].map {|x| x['url']}
+                  app_env = ENV["DEIS_APP"] || "xyz123"
+                  url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
+                  task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
+                  
+                  appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
+                else
+                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
+                end
               end
-              
-              body = {
-                'userId' => zuora_user_id, 
-                'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')], 
-                'customAuthorities' => [], 
-                'additionalInformation' => {
-                  'description' => 'This user is for workflow application.', 
-                  'name' => 'Workflow API User'
-                }
-              }
-
-              oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-
-              new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
-              
-              client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
-
-              Apartment::Tenant.switch!("public")
-              next_id = (ZuoraConnect::AppInstance.all.where(:access_token => nil).order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
-              begin
-                Apartment::Tenant.create(next_id.to_s)
-              rescue Apartment::TenantExists => ex
-                ZuoraConnect.logger.debug("Tenant Already Exists")
+
+              zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
+
+              #One deployed instance
+              if appinstances.size == 1
+                ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
+                @appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
+
+                #Add user/update 
+                @zuora_user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
+                if @zuora_user.present?
+                  ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
+                  if @zuora_user.updated_at < Time.now - 1.day
+                    @zuora_user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
+                    @zuora_user.save!
+                  end
+                else
+                  ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
+                  @zuora_user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
+                end 
+                @zuora_user.session = session
+                session["#{@appinstance.id}::user::email"] = session['ZuoraCurrentIdentity']["username"]
+                session["#{@appinstance.id}::user::timezone"] = session['ZuoraCurrentIdentity']["timeZone"]
+                session["#{@appinstance.id}::user::locale"] = session['ZuoraCurrentIdentity']["language"]
+                session["appInstance"] = @appinstance.id
+
+              #We have multiple, user must pick
+              elsif appinstances.size > 1 
+                ZuoraConnect.logger.debug("User must select instance. #{@names}")
+                render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}, :layout => false
+                return
+
+              #We have no deployed instance for this tenant
+              else 
+                #Ensure user can access oauth creation API 
+                if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN' 
+                  Thread.current[:appinstance] = nil
+                  session["appInstance"] = nil
+                  render "zuora_connect/static/error_handled", :locals => {
+                    :title => "Application can only complete its initial setup via platform administrator", 
+                    :message => "Please contact admin of tenant and have them click on link again to launch application."
+                  }, :layout => false
+                  return
+                end
+                Apartment::Tenant.switch!("public")
+                ActiveRecord::Base.transaction do
+                  ActiveRecord::Base.connection.execute('LOCK public.zuora_users IN ACCESS EXCLUSIVE MODE')
+                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
+
+                  if appinstances.size > 0
+                    redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
+                    return
+                  end
+
+                  next_id = (ZuoraConnect::AppInstance.all.where('id > 24999999').order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
+                  user = (ENV['DEIS_APP'] || "Application").split('-').map(&:capitalize).join(' ')
+                  body = {
+                    'userId' => zuora_user_id, 
+                    'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')], 
+                    'customAuthorities' => [], 
+                    'additionalInformation' => {
+                      'description' => "This user is for #{user} application.", 
+                      'name' => "#{user} API User #{next_id}"
+                    }
+                  }
+
+                  oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
+
+                  new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
+                  if session["ZuoraCurrentUserInfo"].blank?
+                    client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
+                  else
+                    client_describe = session["ZuoraCurrentUserInfo"]
+                  end
+
+                  available_entities = client_describe["accessibleEntities"].select {|entity| entity['id'] == zuora_entity_id}
+                  task_data = {
+                    "id": next_id,
+                    "name": client_describe["tenantName"],
+                    "mode": "Collections",
+                    "status": "Running",
+                    ZuoraConnect::AppInstance::LOGIN_TENANT_DESTINATION => {
+                      "tenant_type": "Zuora",
+                      "username": session["ZuoraCurrentIdentity"]["username"],
+                      "url": new_zuora_client.url,
+                      "status": "Active",
+                      "oauth_client_id": oauth_response['clientId'],
+                      "oauth_secret": oauth_response['clientSecret'],
+                      "authentication_type": "OAUTH",
+                      "entities": available_entities.map {|e| e.merge({'displayName' => client_describe["tenantName"]})}
+                    },
+                    "tenant_ids": available_entities.map{|e| e['entityId']}.uniq,
+                  }
+                  mapped_values = {:id => next_id, :api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36), :zuora_logins => task_data, :oauth_expires_at => Time.now + 1000.years, :zuora_domain => zuora_client.rest_domain, :zuora_entity_ids => [zuora_entity_id]}
+                  @appinstance = ZuoraConnect::AppInstance.new(mapped_values)
+                  retry_count = 0
+                  begin
+                    @appinstance.save(:validate => false)
+                  rescue ActiveRecord::RecordNotUnique => ex
+                    if (retry_count += 1) < 3
+                      @appinstance.assign_attributes({:api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36)})
+                      retry
+                    else
+                      Thread.current[:appinstance] = nil
+                      session["appInstance"] = nil
+                      render "zuora_connect/static/error_handled", :locals => {
+                        :title => "Application could not create unique tokens.", 
+                        :message => "Please contact support or retry launching application."
+                      }, :layout => false
+                      return
+                    end
+                  end
+                end
+
+                Apartment::Tenant.switch!("public")
+                begin
+                  Apartment::Tenant.create(@appinstance.id.to_s)
+                rescue Apartment::TenantExists => ex
+                  ZuoraConnect.logger.debug("Tenant Already Exists")
+                end
+                @appinstance.refresh
+                session["appInstance"] = @appinstance.id
               end
 
-              task_data = {
-                "id": next_id,
-                "name": client_describe["tenantName"],
-                "mode": "Collections",
-                "status": "Running",
-                "target_login": {
-                    "tenant_type": "Zuora",
-                    "username": session["ZuoraCurrentIdentity"]["username"],
-                    "url": new_zuora_client.url,
-                    "status": "Active",
-                    "oauth_client_id": oauth_response['clientId'],
-                    "oauth_secret": oauth_response['clientSecret'],
-                    "authentication_type": "OAUTH",
-                    "entities": client_describe["accessibleEntities"].map {|e| e.merge({'displayName' => client_describe["tenantName"]})} #needs work
-                },
-                "tenant_ids": client_describe["accessibleEntities"].map{|e| e['entityId'] }.push(client_describe["tenantId"]).uniq,
-              }
-
-              appinstance = ZuoraConnect::AppInstance.new(:id => next_id, :zuora_logins => task_data.to_json, :oauth_expires_at => Time.now + 1000.years)
-              appinstance.save(:validate => false)
-              @appinstance = ZuoraConnect::AppInstance.find(appinstance.id)
-              @appinstance.apartment_switch(method = nil, migrate = true)
-
-              session["appInstance"] = @appinstance.id
-            rescue => ex
-              ZuoraConnect.logger.error(ex)
-              render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
+            rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
+              output_xml, input_xml = zuora_client.soap_call(errors: [], z_session: false) do |xml|
+                xml['api'].getUserInfo
+              end
+              final_error = output_xml.xpath('//fns:FaultCode', 'fns' =>'http://fault.api.zuora.com/').text
+              session.clear
+              ZuoraConnect.logger.warn(ex, zuora: zuora_details.merge({:error => final_error}))
+              redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
               return
+            rescue => ex
+              ZuoraConnect.logger.error(ex, zuora: zuora_details)
+              render "zuora_connect/static/error_unhandled", :locals => {:exception => ex}, :layout => false
+              return              
             end
-          end
-        end
-
-        start_time = Time.now
-        if ZuoraConnect.configuration.mode == "Production"
-          if request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
+          elsif request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
             setup_instance_via_data
           else
-            setup_instance_via_session
+            if session["appInstance"].present?
+              @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first 
+            else
+              render "zuora_connect/static/error_handled", :locals => {
+                :title => "Application state could not be verified", 
+                :message => "Please relaunch application."
+              }, :layout => false
+              return 
+            end
           end
         else
           setup_instance_via_dev_mode
         end
+
+        if !defined?(@appinstance) || @appinstance.blank?
+          render "zuora_connect/static/error_handled", :locals => {
+            :title => "Application state could not be found.", 
+            :message => "Please relaunch application."
+          }, :layout => false
+          return 
+        end
         #Call .data_lookup with the current session to retrieve session. In some cases session may be stored/cache in redis 
         #so data lookup provides a model method that can be overriden per app.
         if params[:controller] != 'zuora_connect/api/v1/app_instance' && params[:action] != 'drop'
@@ -235,16 +316,23 @@ module ZuoraConnect
             @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
           end
         end
+
         if session["#{@appinstance.id}::user::email"].present? 
           ElasticAPM.set_user(session["#{@appinstance.id}::user::email"])  if defined?(ElasticAPM) && ElasticAPM.running?
           PaperTrail.whodunnit =  session["#{@appinstance.id}::user::email"] if defined?(PaperTrail)
         end
         begin
-          I18n.locale = session["#{@appinstance.id}::user::locale"] ?  session["#{@appinstance.id}::user::locale"] : @appinstance.locale
+          locale = session["#{@appinstance.id}::user::locale"]
+          I18n.locale = locale.present? ? locale : @appinstance.locale
         rescue I18n::InvalidLocale => ex
           ZuoraConnect.logger.error(ex) if !ZuoraConnect::AppInstance::IGNORED_LOCALS.include?(ex.locale.to_s.downcase)
         end
-        Time.zone = session["#{@appinstance.id}::user::timezone"] ? session["#{@appinstance.id}::user::timezone"] : @appinstance.timezone
+        begin
+          Time.zone = session["#{@appinstance.id}::user::timezone"] ? session["#{@appinstance.id}::user::timezone"] : @appinstance.timezone
+        rescue 
+          ZuoraConnect.logger.error(ex) 
+        end
+
         ZuoraConnect.logger.debug("[#{@appinstance.blank? ? "N/A" : @appinstance.id}] Authenticate App Request Completed In - #{(Time.now - start_time).round(2)}s")
       end
 
@@ -266,6 +354,14 @@ module ZuoraConnect
         return session["#{@appinstance.id}::admin"]
       end
 
+      def zuora_user
+        return @zuora_user
+      end
+
+      def hallway_integration?
+        return (request.headers['ZuoraCurrentEntity'].present? || cookies['ZuoraCurrentEntity'].present?)
+      end
+
     private
       def setup_instance_via_data
         session.clear
@@ -287,6 +383,7 @@ module ZuoraConnect
         ZuoraConnect.logger.debug({msg: 'Setup values', connect: values}) if Rails.env != "production"
 
         @appinstance = ZuoraConnect::AppInstance.where(:id => values["appInstance"].to_i).first
+
         if @appinstance.blank?
           Apartment::Tenant.switch!("public")
           begin
@@ -294,29 +391,20 @@ module ZuoraConnect
           rescue Apartment::TenantExists => ex
             ZuoraConnect.logger.debug("Tenant Already Exists")
           end
-          @appinstance = ZuoraConnect::AppInstance.new(:api_token =>  values[:api_token],:id => values["appInstance"].to_i, :access_token => values["access_token"].blank? ? values["user"] : values["access_token"], :token => values["refresh_token"]  , :refresh_token => values["refresh_token"].blank? ? values["key"] : values["refresh_token"], :oauth_expires_at => values["expires"])
+          mapped_values = {:api_token => values['api_token'], :token => values['api_token'], :access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
+          @appinstance = ZuoraConnect::AppInstance.new(mapped_values.merge({:id => values["appInstance"].to_i}))
           @appinstance.save(:validate => false)
         else
-          @appinstance.access_token = values["access_token"] if !values["access_token"].blank? && @appinstance.access_token != values["access_token"]
-          @appinstance.refresh_token = values["refresh_token"] if !values["refresh_token"].blank? && @appinstance.refresh_token != values["refresh_token"]
-          @appinstance.oauth_expires_at = values["expires"] if !values["expires"].blank?
-          @appinstance.api_token = values["api_token"] if !values["api_token"].blank? && @appinstance.api_token != values["api_token"]
+          mapped_values = {:access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
+          @appinstance.assign_attributes(mapped_values)
           if @appinstance.access_token_changed? && @appinstance.refresh_token_changed?
             @appinstance.save(:validate => false)
           else
-            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mistmatch. Possible tampering")
+            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mismatch. Possible tampering")
           end
         end     
       end
 
-      def setup_instance_via_session
-        if session["appInstance"].present?
-          @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
-        else
-          raise ZuoraConnect::Exceptions::SessionInvalid.new("Session Blank -- Relaunch Application")
-        end
-      end
-
       def setup_instance_via_dev_mode
         session["appInstance"] = ZuoraConnect.configuration.dev_mode_appinstance
         user = ZuoraConnect.configuration.dev_mode_user
@@ -340,24 +428,6 @@ module ZuoraConnect
         end
         session["#{@appinstance.id}::admin"] =  ZuoraConnect.configuration.dev_mode_admin
       end
-
-      #API ONLY
-      def check_instance
-        if defined?(@appinstance) && @appinstance.present?
-          if @appinstance.new_session_for_api_requests(:params => params)
-            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
-          end
-          Thread.current[:appinstance] = @appinstance
-          PaperTrail.whodunnit = "API User" if defined?(PaperTrail)
-          ElasticAPM.set_user("API User")  if defined?(ElasticAPM) && ElasticAPM.running?
-          return true
-        else
-          response.set_header('WWW-Authenticate', "Basic realm=\"Application\"")
-          #render json: {"status": 401, "message": "Access Denied"}, status: :unauthorized
-          render html: "HTTP Basic: Access denied.\n", status: :unauthorized
-          render plain: "Access Denied", status: :unauthorized
-        end
-      end
     end
   end
 end