RubyGems - zuora_connect - Versions diffs - 2.0.5zj → 2.0.5 - Mend

zuora_connect 2.0.5zj → 2.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

checksums.yaml +4 -4
data/app/controllers/zuora_connect/static_controller.rb +17 -4
data/app/helpers/zuora_connect/application_helper.rb +0 -10
data/app/models/zuora_connect/app_instance_base.rb +66 -109
data/app/models/zuora_connect/telegraf.rb +2 -2
data/app/models/zuora_connect/zuora_user.rb +0 -1
data/app/views/zuora_connect/static/invalid_app_instance_error.html.erb +65 -0
data/app/views/zuora_connect/static/invalid_launch_request.html.erb +81 -0
data/app/views/zuora_connect/static/launch.html.erb +75 -74
data/app/views/zuora_connect/static/permission_error.html.erb +80 -0
data/app/views/zuora_connect/static/session_error.html.erb +63 -0
data/config/routes.rb +2 -0
data/lib/middleware/request_id_middleware.rb +1 -1
data/lib/resque/plugins/custom_logger.rb +1 -1
data/lib/zuora_connect.rb +42 -59
data/lib/zuora_connect/configuration.rb +3 -3
data/lib/zuora_connect/controllers/helpers.rb +183 -253
data/lib/zuora_connect/engine.rb +1 -2
data/lib/zuora_connect/railtie.rb +6 -10
data/lib/zuora_connect/version.rb +1 -1
data/lib/zuora_connect/views/helpers.rb +9 -0
metadata +54 -54
data/app/views/zuora_connect/static/error_handled.html.erb +0 -77
data/app/views/zuora_connect/static/error_unhandled.erb +0 -82
data/config/initializers/patches.rb +0 -9
data/db/migrate/20190520232222_add_unique_index.rb +0 -6
data/lib/middleware/json_parse_errors.rb +0 -22

data/config/routes.rb CHANGED Viewed

@@ -1,6 +1,8 @@
 ZuoraConnect::Engine.routes.draw do
   get '/health' => 'static#health'
   get '/internal/data' => 'static#metrics'
+  get '/invalid_session' => 'static#session_error', :as => :invalid_session
+  get '/invalid_instance' => "static#invalid_app_instance_error", :as => :invalid_instance
   post '/initialize_app' => 'static#initialize_app'
   namespace :api do

data/lib/middleware/request_id_middleware.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module ZuoraConnect
   class RequestIdMiddleware
     mattr_accessor :request_id
     mattr_accessor :zuora_request_id
-    mattr_accessor :zuora_rest_domain
     def initialize(app)
       @app = app
     end

data/lib/resque/plugins/custom_logger.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module Resque
   module Plugins
     module CustomLogger
       def before_perform(*args)
-        Rails.logger.with_fields = { trace_id: SecureRandom.uuid, name: "RailsWorker"} if Rails.logger.class.to_s == 'Ougai::Logger' && ZuoraConnect.configuration.json_logging
+        Rails.logger.with_fields = { trace_id: SecureRandom.uuid, name: "RailsWorker"} if Rails.logger.class.to_s == 'Ougai::Logger'
         case args.class.to_s
         when "Array"
           if args.first.class == Hash

data/lib/zuora_connect.rb CHANGED Viewed

@@ -2,6 +2,7 @@ require 'zuora_connect/configuration'
 require "zuora_connect/engine"
 require 'zuora_connect/exceptions'
 require 'zuora_connect/controllers/helpers'
+require 'zuora_connect/views/helpers'
 require 'zuora_connect/railtie'
 require 'resque/additions'
 require 'resque/dynamic_queues'
@@ -24,49 +25,30 @@ module ZuoraConnect
       else
         @logger ||= custom_logger(name: "Connect", level: Rails.logger.level)
       end
-    end
+    end
     def custom_logger(name: "", level: Rails.logger.present? ? Rails.logger.level : MonoLogger::INFO, type: :ougai)
       #puts name + ' - ' + {Logger::WARN => 'Logger::WARN', Logger::ERROR => 'Logger::ERROR', Logger::DEBUG => 'Logger::DEBUG', Logger::INFO => 'Logger::INFO' }[level] + ' - '
       if type == :ougai
         require 'ougai'
-        require "ougai/formatters/customizable"
         #logger = Ougai::Logger.new(MonoLogger.new(STDOUT))
-        logger = Ougai::Logger.new(STDOUT)
+        logger = Ougai::Logger.new(STDOUT)
+        logger.formatter = Ougai::Formatters::ConnectFormatter.new(name)
         logger.level = level
-        if ZuoraConnect.configuration.json_logging
-          logger.formatter = Ougai::Formatters::ConnectFormatter.new(name)
-          logger.before_log = lambda do |data|
-            data[:trace_id] = ZuoraConnect::RequestIdMiddleware.request_id if ZuoraConnect::RequestIdMiddleware.request_id.present?
-            data[:zuora_trace_id] = ZuoraConnect::RequestIdMiddleware.zuora_request_id if ZuoraConnect::RequestIdMiddleware.zuora_request_id.present?
-            #data[:traces] = {amazon_id: data[:trace_id], zuora_id: data[:zuora_trace_id]}
-            if !['ElasticAPM', 'ResqueScheduler', 'ResquePool', 'Resque', 'Makara'].include?(name)
-              if Thread.current[:appinstance].present? && Thread.current[:appinstance].id.present?
-                data[:app_instance_id] = Thread.current[:appinstance].id
-                logitems = Thread.current[:appinstance].logitems
-                if logitems.present? && logitems.class == Hash
-                  data[:tenant_ids] = logitems[:tenant_ids] if logitems[:tenant_ids].present?
-                  data[:organization] = logitems[:organization] if logitems[:organization].present?
-                end
+        logger.before_log = lambda do |data|
+          data[:trace_id] = ZuoraConnect::RequestIdMiddleware.request_id if ZuoraConnect::RequestIdMiddleware.request_id.present?
+          data[:zuora_trace_id] = ZuoraConnect::RequestIdMiddleware.zuora_request_id if ZuoraConnect::RequestIdMiddleware.zuora_request_id.present?
+          #data[:traces] = {amazon_id: data[:trace_id], zuora_id: data[:zuora_trace_id]}
+          if !['ElasticAPM', 'ResqueScheduler', 'ResquePool', 'Resque', 'Makara'].include?(name)
+            if Thread.current[:appinstance].present?
+              data[:app_instance_id] = Thread.current[:appinstance].id
+              logitems = Thread.current[:appinstance].logitems
+              if logitems.present? && logitems.class == Hash
+                data[:tenant_ids] = logitems[:tenant_ids] if logitems[:tenant_ids].present?
+                data[:organization] = logitems[:organization] if logitems[:organization].present?
               end
             end
           end
-        else
-          logger.formatter = Ougai::Formatters::Customizable.new(
-            format_err: proc do |data|
-              next nil unless data.key?(:err)
-              err = data.delete(:err)
-              "  #{err[:name]} (#{err[:message]})\n #{err[:stack]}"
-            end,
-            format_data: proc do |data|
-              format('%s %s: %s', 'DATA'.ljust(6), Time.now.strftime('%FT%T.%6NZ'), "#{data.to_json}") if data.present?
-            end,
-            format_msg: proc do |severity, datetime, _progname, data|
-              msg = data.delete(:msg)
-              format('%s %s: %s', severity.ljust(6), datetime, msg)
-            end
-          )
-          logger.formatter.datetime_format = '%FT%T.%6NZ'
         end
       else
         logger = MonoLogger.new(STDOUT)
@@ -76,39 +58,40 @@ module ZuoraConnect
             msg = JSON.parse(msg)
           rescue JSON::ParserError => ex
           end
-          if ZuoraConnect.configuration.json_logging
-            require 'json'
-            store = {
-              name: name,
-              level: serverity,
-              timestamp: datetime.strftime('%FT%T.%6NZ'),
-              pid: Process.pid,
-              message: name == "ActionMailer" ? msg.strip : msg
-            }
-            if !['ElasticAPM', 'ResqueScheduler', 'ResquePool','Resque', 'Makara'].include?(name)
-              if Thread.current[:appinstance].present? && Thread.current[:appinstance].id.present?
-                store[:app_instance_id] = Thread.current[:appinstance].id
-                logitems = Thread.current[:appinstance].logitems
-                if logitems.present? && logitems.class == Hash
-                  store[:tenant_ids] = logitems[:tenant_ids] if logitems[:tenant_ids].present?
-                  store[:organization] = logitems[:organization] if logitems[:organization].present?
-                end
+          require 'json'
+          store = {
+            name: name,
+            level: serverity,
+            timestamp: datetime.strftime('%FT%T.%6NZ'),
+            pid: Process.pid,
+            message: name == "ActionMailer" ? msg.strip : msg
+          }
+          if !['ElasticAPM', 'ResqueScheduler', 'ResquePool','Resque', 'Makara'].include?(name)
+            if Thread.current[:appinstance].present?
+              store[:app_instance_id] = Thread.current[:appinstance].id
+              logitems = Thread.current[:appinstance].logitems
+              if logitems.present? && logitems.class == Hash
+                store[:tenant_ids] = logitems[:tenant_ids] if logitems[:tenant_ids].present?
+                store[:organization] = logitems[:organization] if logitems[:organization].present?
               end
             end
-            JSON.dump(store) + "\n"
-          else
-            format('%s %s: %s', serverity.ljust(6), datetime, msg) + "\n"
           end
+          JSON.dump(store) + "\n"
         end
       end
       return logger
-    end
+    end
   end
   module Controllers
     autoload :Helpers,        'zuora_connect/controllers/helpers'
   end
+  module Views
+    ActionView::Base.send(:include, Helpers)
+  end
   def self.configuration
     @configuration ||= Configuration.new
   end
@@ -146,23 +129,23 @@ module ZuoraConnect
       }
     when 'test'
       defaults = {
-        active: false,
+        active: false,
         disable_send: true
       }
     end
     defaults.merge!({
       disable_start_message: true,
-      pool_size: 1,
-      transaction_max_spans: 500,
-      ignore_url_patterns: ['^\/admin\/resque.*', '^\/admin\/redis.*', '^\/admin\/peek.*', '^\/peek.*'],
+      pool_size: 1,
+      transaction_max_spans: 500,
+      ignore_url_patterns: ['^\/admin\/resque.*', '^\/admin\/redis.*', '^\/admin\/peek.*', '^\/peek.*'],
       verify_server_cert: false,
       log_level: Logger::INFO,
       service_name: ENV['DEIS_APP'].present? ? ENV['DEIS_APP'] : Rails.application.class.parent_name,
       logger: ZuoraConnect.custom_logger(name: "ElasticAPM", level: MonoLogger::WARN)
     })
     defaults.merge!({disable_send: true}) if defined?(Rails::Console)
     return defaults
   end
 end

data/lib/zuora_connect/configuration.rb CHANGED Viewed

@@ -3,11 +3,11 @@ module ZuoraConnect
     attr_accessor :default_locale, :default_time_zone, :url, :mode, :delayed_job,:private_key, :additional_apartment_models
-    attr_accessor :enable_metrics, :telegraf_endpoint, :telegraf_debug, :custom_prometheus_update_block, :silencer_resque_finish, :blpop_queue
+    attr_accessor :enable_metrics, :telegraf_endpoint, :telegraf_debug, :custom_prometheus_update_block, :silencer_resque_finish, :blpop_queue, :app_access_permissions
     attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
-    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :json_logging
+    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name
     def initialize
       @default_locale = :en
@@ -19,6 +19,7 @@ module ZuoraConnect
       @additional_apartment_models = []
       @silencer_resque_finish = true
       @blpop_queue = false
+      @app_access_permissions = false
       # Setting the app name for telegraf write
       @enable_metrics = false
@@ -42,7 +43,6 @@ module ZuoraConnect
       @aws_region = "us-west-2"
       @s3_bucket_name = "rbm-apps"
       @s3_folder_name = Rails.application.class.parent_name
-      @json_logging = Rails.env.to_s == 'development' ? false : true
     end
     def private_key

data/lib/zuora_connect/controllers/helpers.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module ZuoraConnect
           ZuoraConnect.logger.debug("[#{@appinstance.id}] API REQUEST - API token") if @appinstance.present?
           check_instance
         elsif ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
-          zuora_host, zuora_entity_id, zuora_instance_id = [request.headers['zuora-host'], (request.headers['zuora-entity-ids'] || "").gsub('-',''), request.headers['zuora-instance-id']]
+          zuora_host, zuora_entity_id, zuora_instance_id = [request.headers['zuora-host'], request.headers['zuora-entity-ids'].gsub('-',''), request.headers['zuora-instance-id']]
           #Validate host present
           if zuora_host.blank?
@@ -37,24 +37,21 @@ module ZuoraConnect
           if appinstances.size == 0
             render json: {"status": 401, "message": "Missing mapping or no deployment for '#{zuora_host}-#{zuora_entity_id}' ."}, status: :unauthorized
-            return
           elsif appinstances.size > 1
             render json: {"status": 401, "message": "More than one app instance binded to host and entity ids. Please indicate correct instance via 'zuora-instance-id' header"}, status: :unauthorized
-            return
           else
             @appinstance = appinstances.first
-            check_instance
           end
-        elsif request.headers.fetch("Authorization", "").include?("Basic ")
+        else #if request.headers.fetch("Authorization", "").include?("Basic ")
           authenticate_or_request_with_http_basic do |username, password|
             @appinstance = ZuoraConnect::AppInstance.where(:token => password).first
             @appinstance ||= ZuoraConnect::AppInstance.where(:api_token => password).first
             ZuoraConnect.logger.debug("[#{@appinstance.id}] API REQUEST - Basic Auth") if @appinstance.present?
             check_instance
           end
-        else
-          check_instance
+        # else
+        #   check_instance
         end
         if @appinstance.present?
@@ -62,253 +59,175 @@ module ZuoraConnect
         end
       end
-       #API ONLY
-      def check_instance
-        if defined?(@appinstance) && @appinstance.present?
-          if @appinstance.new_session_for_api_requests(:params => params)
-            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
-          end
-          Thread.current[:appinstance] = @appinstance
-          PaperTrail.whodunnit = "API User" if defined?(PaperTrail)
-          ElasticAPM.set_user("API User")  if defined?(ElasticAPM) && ElasticAPM.running?
-          return true
-        else
-          response.set_header('WWW-Authenticate', "Basic realm=\"Application\"")
-          render json: {"status": 401, "message": "Access Denied"}, status: :unauthorized
-          return false
-        end
-      end
       def authenticate_connect_app_request
         ElasticAPM.set_tag(:trace_id, request.uuid) if defined?(ElasticAPM) && ElasticAPM.running?
         Thread.current[:appinstance] = nil
-        start_time = Time.now
-        if ZuoraConnect.configuration.mode == "Production"
-          zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
+        if request.headers['ZuoraCurrentEntity'].present?
+          #Do we need to refresh session identity
+          zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
+          if request.headers["Zuora-Auth-Token"].present?
+            zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
+          elsif cookies['ZSession'].present?
+            zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
+          else
+            raise ZuoraConnect::Exceptions::Error.new("Neither the ZSession cookie nor the Zuora-Auth-Token are present in payload.")
+          end
+          zuora_entity_id = request.headers['ZuoraCurrentEntity']
+          zuora_instance_id = params[:sidebar_launch].to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
-          if zuora_entity_id.present?
-            zuora_tenant_id = cookies['Zuora-Tenant-Id']
-            zuora_user_id = cookies['Zuora-User-Id']
-            zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
+          #Identity blank or current entity different
+          if (session["ZuoraCurrentIdentity"].blank? || session["ZuoraCurrentEntity"] != zuora_entity_id)
+            begin
+              identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
+              session["ZuoraCurrentIdentity"] = identity
+              session["ZuoraCurrentEntity"] = identity['entityId']
-            zuora_details = {'host' => zuora_host, 'user_id' => zuora_user_id, 'tenant_id' => zuora_tenant_id, 'entity_id' => zuora_entity_id}
+              raise ZuoraConnect::Exceptions::Error.new("Header entity id, '#{zuora_entity_id}' does not match identity call entity id, '#{identity['entityId']}'.") if zuora_entity_id != identity['entityId']
+            rescue => ex
+              ZuoraConnect.logger.error(ex)
+              render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
+              return
+            end
+          end
-            #Do we need to refresh session identity
-            if request.headers["Zuora-Auth-Token"].present?
-              zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
-            elsif cookies['ZSession'].present?
-              zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
+          #Find matching app instances.
+          if zuora_instance_id.present?
+            appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id).pluck(:id, :name)
+          else
+            #if app_instance_ids is present then permissions still controlled by connect
+            if params[:app_instance_ids].present?
+              begin
+                navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
+                urls = navbar['menus'].map {|x| x['url']}
+                app_env = ENV["DEIS_APP"] || "xyz123"
+                url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
+                task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
+                appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
+              rescue => ex
+                ZuoraConnect.logger.error(ex)
+                render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
+                return
+              end
             else
-              render "zuora_connect/static/error_handled", :locals => {
-                :title => "Missing Authorization Token",
-                :message => "Zuora 'Zuora-Auth-Token' header and 'ZSession' cookie not present."
-              }, :layout => false
-              return
+              appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
             end
+          end
-            begin
-              zuora_instance_id = params[:sidebar_launch].to_s.to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
-              #Identity blank or current entity different
-              different_zsession = session["ZSession"] != cookies['ZSession']
-              missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
-              missing_identity = session["ZuoraCurrentIdentity"].blank?
+          zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
-              if (missing_identity || missmatched_entity || different_zsession)
-                zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
-                identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
-                session["ZuoraCurrentIdentity"] = identity
-                session["ZuoraCurrentEntity"] = identity['entityId']
-                session["ZSession"] = cookies['ZSession']
-                zuora_instance_id = nil
-                zuora_details["identity"]["entityId"] = identity['entityId']
+          #One deployed instance
+          if appinstances.size == 1
+            ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
-                client_describe, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-                session["ZuoraCurrentUserInfo"] = client_describe
-                raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") if zuora_entity_id != identity['entityId']
+            #Add user/update
+            @user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
+            if @user.present?
+              ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
+              if @user.updated_at < Time.now - 1.day
+                @user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
+                @user.save!
               end
+            else
+              ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
+              @user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
+            end
+            #Update access if admin in tenant
+            if session["ZuoraCurrentIdentity"]['platformRole'] == 'ADMIN' && !@user.app_permissions['access'].to_bool
+              @user.app_permissions['access'] = true
+              @user.save!
+            end
-              #Find matching app instances.
-              if zuora_instance_id.present?
-                appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id).pluck(:id, :name)
-              else
-                #if app_instance_ids is present then permissions still controlled by connect
-                if params[:app_instance_ids].present?
-                  navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
-                  urls = navbar['menus'].map {|x| x['url']}
-                  app_env = ENV["DEIS_APP"] || "xyz123"
-                  url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
-                  task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
-                  appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
-                else
-                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
-                end
+            #If user has has access to application
+            if @user.app_permissions['access'].to_bool || !ZuoraConnect.configuration.app_access_permissions
+              session["appInstance"] = appinstances.to_h.keys.first
+            else
+              Thread.current[:appinstance] = nil
+              session["appInstance"] = nil
+              admin_users = ZuoraConnect::ZuoraUser.select("zuora_identity_response #>> '{#{zuora_entity_id},username}' as username").where("zuora_identity_response #>> :selector = 'ADMIN' ", :selector => "{#{zuora_entity_id},platformRole}")
+              render "zuora_connect/static/permission_error", :locals => {:admins => admin_users}
+              return
+            end
+          #We have multiple, user must pick
+          elsif appinstances.size > 1
+            ZuoraConnect.logger.debug("User must select instance. #{@names}")
+            render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}
+            return
+          else
+            begin
+              #Ensure user can access oauth creation API
+              if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN'
+                raise ZuoraConnect::Exceptions::Error.new("User is not admin, workflow cannot be deployed.")
               end
-              zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
-              #One deployed instance
-              if appinstances.size == 1
-                ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
-                @appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
-                #Add user/update
-                @zuora_user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
-                if @zuora_user.present?
-                  ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
-                  if @zuora_user.updated_at < Time.now - 1.day
-                    @zuora_user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
-                    @zuora_user.save!
-                  end
-                else
-                  ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
-                  @zuora_user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
-                end
-                @zuora_user.session = session
-                session["#{@appinstance.id}::user::email"] = session['ZuoraCurrentIdentity']["username"]
-                session["#{@appinstance.id}::user::timezone"] = session['ZuoraCurrentIdentity']["timeZone"]
-                session["#{@appinstance.id}::user::locale"] = session['ZuoraCurrentIdentity']["language"]
-                session["appInstance"] = @appinstance.id
-              #We have multiple, user must pick
-              elsif appinstances.size > 1
-                ZuoraConnect.logger.debug("User must select instance. #{@names}")
-                render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}, :layout => false
-                return
-              #We have no deployed instance for this tenant
-              else
-                #Ensure user can access oauth creation API
-                if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN'
-                  Thread.current[:appinstance] = nil
-                  session["appInstance"] = nil
-                  render "zuora_connect/static/error_handled", :locals => {
-                    :title => "Application can only complete its initial setup via platform administrator",
-                    :message => "Please contact admin of tenant and have them click on link again to launch application."
-                  }, :layout => false
-                  return
-                end
-                Apartment::Tenant.switch!("public")
-                ActiveRecord::Base.transaction do
-                  ActiveRecord::Base.connection.execute('LOCK public.zuora_users IN ACCESS EXCLUSIVE MODE')
-                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
-                  if appinstances.size > 0
-                    redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
-                    return
-                  end
-                  next_id = (ZuoraConnect::AppInstance.all.where('id > 24999999').order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
-                  user = (ENV['DEIS_APP'] || "Application").split('-').map(&:capitalize).join(' ')
-                  body = {
-                    'userId' => zuora_user_id,
-                    'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')],
-                    'customAuthorities' => [],
-                    'additionalInformation' => {
-                      'description' => "This user is for #{user} application.",
-                      'name' => "#{user} API User #{next_id}"
-                    }
-                  }
-                  oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-                  new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
-                  if session["ZuoraCurrentUserInfo"].blank?
-                    client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
-                  else
-                    client_describe = session["ZuoraCurrentUserInfo"]
-                  end
-                  available_entities = client_describe["accessibleEntities"].select {|entity| entity['id'] == zuora_entity_id}
-                  task_data = {
-                    "id": next_id,
-                    "name": client_describe["tenantName"],
-                    "mode": "Collections",
-                    "status": "Running",
-                    ZuoraConnect::AppInstance::LOGIN_TENANT_DESTINATION => {
-                      "tenant_type": "Zuora",
-                      "username": session["ZuoraCurrentIdentity"]["username"],
-                      "url": new_zuora_client.url,
-                      "status": "Active",
-                      "oauth_client_id": oauth_response['clientId'],
-                      "oauth_secret": oauth_response['clientSecret'],
-                      "authentication_type": "OAUTH",
-                      "entities": available_entities.map {|e| e.merge({'displayName' => client_describe["tenantName"]})}
-                    },
-                    "tenant_ids": available_entities.map{|e| e['entityId']}.uniq,
-                  }
-                  mapped_values = {:id => next_id, :api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36), :zuora_logins => task_data, :oauth_expires_at => Time.now + 1000.years, :zuora_domain => zuora_client.rest_domain, :zuora_entity_ids => [zuora_entity_id]}
-                  @appinstance = ZuoraConnect::AppInstance.new(mapped_values)
-                  retry_count = 0
-                  begin
-                    @appinstance.save(:validate => false)
-                  rescue ActiveRecord::RecordNotUnique => ex
-                    if (retry_count += 1) < 3
-                      @appinstance.assign_attributes({:api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36)})
-                      retry
-                    else
-                      Thread.current[:appinstance] = nil
-                      session["appInstance"] = nil
-                      render "zuora_connect/static/error_handled", :locals => {
-                        :title => "Application could not create unique tokens.",
-                        :message => "Please contact support or retry launching application."
-                      }, :layout => false
-                      return
-                    end
-                  end
-                end
-                Apartment::Tenant.switch!("public")
-                begin
-                  Apartment::Tenant.create(@appinstance.id.to_s)
-                rescue Apartment::TenantExists => ex
-                  ZuoraConnect.logger.debug("Tenant Already Exists")
-                end
-                @appinstance.refresh
-                session["appInstance"] = @appinstance.id
+              body = {
+                'userId' => zuora_user_id,
+                'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')],
+                'customAuthorities' => [],
+                'additionalInformation' => {
+                  'description' => 'This user is for workflow application.',
+                  'name' => 'Workflow API User'
+                }
+              }
+              oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
+              new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
+              client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
+              Apartment::Tenant.switch!("public")
+              next_id = (ZuoraConnect::AppInstance.all.where(:access_token => nil).order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
+              begin
+                Apartment::Tenant.create(next_id.to_s)
+              rescue Apartment::TenantExists => ex
+                ZuoraConnect.logger.debug("Tenant Already Exists")
               end
-            rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
-              output_xml, input_xml = zuora_client.soap_call(errors: [], z_session: false) do |xml|
-                xml['api'].getUserInfo
-              end
-              final_error = output_xml.xpath('//fns:FaultCode', 'fns' =>'http://fault.api.zuora.com/').text
-              session.clear
-              ZuoraConnect.logger.warn(ex, zuora: zuora_details.merge({:error => final_error}))
-              redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
-              return
+              task_data = {
+                "id": next_id,
+                "name": client_describe["tenantName"],
+                "mode": "Collections",
+                "status": "Running",
+                "target_login": {
+                    "tenant_type": "Zuora",
+                    "username": session["ZuoraCurrentIdentity"]["username"],
+                    "url": new_zuora_client.url,
+                    "status": "Active",
+                    "oauth_client_id": oauth_response['clientId'],
+                    "oauth_secret": oauth_response['clientSecret'],
+                    "authentication_type": "OAUTH",
+                    "entities": client_describe["accessibleEntities"].map {|e| e.merge({'displayName' => client_describe["tenantName"]})} #needs work
+                },
+                "tenant_ids": client_describe["accessibleEntities"].map{|e| e['entityId'] }.push(client_describe["tenantId"]).uniq,
+              }
+              appinstance = ZuoraConnect::AppInstance.new(:id => next_id, :zuora_logins => task_data.to_json, :oauth_expires_at => Time.now + 1000.years)
+              appinstance.save(:validate => false)
+              @appinstance = ZuoraConnect::AppInstance.find(appinstance.id)
+              @appinstance.apartment_switch(method = nil, migrate = true)
+              session["appInstance"] = @appinstance.id
             rescue => ex
-              ZuoraConnect.logger.error(ex, zuora: zuora_details)
-              render "zuora_connect/static/error_unhandled", :locals => {:exception => ex}, :layout => false
-              return
+              ZuoraConnect.logger.error(ex)
+              render "zuora_connect/static/invalid_launch_request", :locals => {:exception => ex}
+              return
             end
-          elsif request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
+          end
+        end
+        start_time = Time.now
+        if ZuoraConnect.configuration.mode == "Production"
+          if request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
             setup_instance_via_data
           else
-            if session["appInstance"].present?
-              @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
-            else
-              render "zuora_connect/static/error_handled", :locals => {
-                :title => "Application state could not be verified",
-                :message => "Please relaunch application."
-              }, :layout => false
-              return
-            end
+            setup_instance_via_session
           end
         else
           setup_instance_via_dev_mode
         end
-        if !defined?(@appinstance) || @appinstance.blank?
-          render "zuora_connect/static/error_handled", :locals => {
-            :title => "Application state could not be found.",
-            :message => "Please relaunch application."
-          }, :layout => false
-          return
-        end
         #Call .data_lookup with the current session to retrieve session. In some cases session may be stored/cache in redis
         #so data lookup provides a model method that can be overriden per app.
         if params[:controller] != 'zuora_connect/api/v1/app_instance' && params[:action] != 'drop'
@@ -316,23 +235,16 @@ module ZuoraConnect
             @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
           end
         end
         if session["#{@appinstance.id}::user::email"].present?
           ElasticAPM.set_user(session["#{@appinstance.id}::user::email"])  if defined?(ElasticAPM) && ElasticAPM.running?
           PaperTrail.whodunnit =  session["#{@appinstance.id}::user::email"] if defined?(PaperTrail)
         end
         begin
-          locale = session["#{@appinstance.id}::user::locale"]
-          I18n.locale = locale.present? ? locale : @appinstance.locale
+          I18n.locale = session["#{@appinstance.id}::user::locale"] ?  session["#{@appinstance.id}::user::locale"] : @appinstance.locale
         rescue I18n::InvalidLocale => ex
           ZuoraConnect.logger.error(ex) if !ZuoraConnect::AppInstance::IGNORED_LOCALS.include?(ex.locale.to_s.downcase)
         end
-        begin
-          Time.zone = session["#{@appinstance.id}::user::timezone"] ? session["#{@appinstance.id}::user::timezone"] : @appinstance.timezone
-        rescue
-          ZuoraConnect.logger.error(ex)
-        end
+        Time.zone = session["#{@appinstance.id}::user::timezone"] ? session["#{@appinstance.id}::user::timezone"] : @appinstance.timezone
         ZuoraConnect.logger.debug("[#{@appinstance.blank? ? "N/A" : @appinstance.id}] Authenticate App Request Completed In - #{(Time.now - start_time).round(2)}s")
       end
@@ -354,14 +266,6 @@ module ZuoraConnect
         return session["#{@appinstance.id}::admin"]
       end
-      def zuora_user
-        return @zuora_user
-      end
-      def hallway_integration?
-        return (request.headers['ZuoraCurrentEntity'].present? || cookies['ZuoraCurrentEntity'].present?)
-      end
     private
       def setup_instance_via_data
         session.clear
@@ -383,7 +287,6 @@ module ZuoraConnect
         ZuoraConnect.logger.debug({msg: 'Setup values', connect: values}) if Rails.env != "production"
         @appinstance = ZuoraConnect::AppInstance.where(:id => values["appInstance"].to_i).first
         if @appinstance.blank?
           Apartment::Tenant.switch!("public")
           begin
@@ -391,20 +294,29 @@ module ZuoraConnect
           rescue Apartment::TenantExists => ex
             ZuoraConnect.logger.debug("Tenant Already Exists")
           end
-          mapped_values = {:api_token => values['api_token'], :token => values['api_token'], :access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
-          @appinstance = ZuoraConnect::AppInstance.new(mapped_values.merge({:id => values["appInstance"].to_i}))
+          @appinstance = ZuoraConnect::AppInstance.new(:api_token =>  values[:api_token],:id => values["appInstance"].to_i, :access_token => values["access_token"].blank? ? values["user"] : values["access_token"], :token => values["refresh_token"]  , :refresh_token => values["refresh_token"].blank? ? values["key"] : values["refresh_token"], :oauth_expires_at => values["expires"])
           @appinstance.save(:validate => false)
         else
-          mapped_values = {:access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
-          @appinstance.assign_attributes(mapped_values)
+          @appinstance.access_token = values["access_token"] if !values["access_token"].blank? && @appinstance.access_token != values["access_token"]
+          @appinstance.refresh_token = values["refresh_token"] if !values["refresh_token"].blank? && @appinstance.refresh_token != values["refresh_token"]
+          @appinstance.oauth_expires_at = values["expires"] if !values["expires"].blank?
+          @appinstance.api_token = values["api_token"] if !values["api_token"].blank? && @appinstance.api_token != values["api_token"]
           if @appinstance.access_token_changed? && @appinstance.refresh_token_changed?
             @appinstance.save(:validate => false)
           else
-            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mismatch. Possible tampering")
+            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mistmatch. Possible tampering")
           end
         end
       end
+      def setup_instance_via_session
+        if session["appInstance"].present?
+          @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
+        else
+          raise ZuoraConnect::Exceptions::SessionInvalid.new("Session Blank -- Relaunch Application")
+        end
+      end
       def setup_instance_via_dev_mode
         session["appInstance"] = ZuoraConnect.configuration.dev_mode_appinstance
         user = ZuoraConnect.configuration.dev_mode_user
@@ -428,6 +340,24 @@ module ZuoraConnect
         end
         session["#{@appinstance.id}::admin"] =  ZuoraConnect.configuration.dev_mode_admin
       end
+      #API ONLY
+      def check_instance
+        if defined?(@appinstance) && @appinstance.present?
+          if @appinstance.new_session_for_api_requests(:params => params)
+            @appinstance.new_session(:session => @appinstance.data_lookup(:session => session))
+          end
+          Thread.current[:appinstance] = @appinstance
+          PaperTrail.whodunnit = "API User" if defined?(PaperTrail)
+          ElasticAPM.set_user("API User")  if defined?(ElasticAPM) && ElasticAPM.running?
+          return true
+        else
+          response.set_header('WWW-Authenticate', "Basic realm=\"Application\"")
+          #render json: {"status": 401, "message": "Access Denied"}, status: :unauthorized
+          render html: "HTTP Basic: Access denied.\n", status: :unauthorized
+          render plain: "Access Denied", status: :unauthorized
+        end
+      end
     end
   end
 end