zuora_connect 3.1.0.pre.e → 3.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/zuora_connect/application_controller.rb +5 -3
- data/app/models/zuora_connect/app_instance_base.rb +127 -36
- data/app/views/zuora_connect/application/ldap_login.html.erb +3 -2
- data/config/initializers/redis.rb +9 -0
- data/db/migrate/20190520232224_add_environment_fields.rb +3 -0
- data/lib/tasks/zuora_connect_tasks.rake +9 -17
- data/lib/zuora_connect/configuration.rb +3 -1
- data/lib/zuora_connect/controllers/helpers.rb +10 -25
- data/lib/zuora_connect/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5eedfed1cc9d304e303303bbda985be007df987f6c50c8cebf4bef6ee2f630a2
|
|
4
|
+
data.tar.gz: 77bbf5a323c63814cb50521ffd244c601b40e3f5c07bc8208f9996b83fe5090e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 519cf6f3002ff33a5849e297e74ccd7a541a9677fdbf28e7481848d3ef74f2521555c129fa215db87dc5565fa7c0afa4ea3ce19c6555ad0bec8878fe41d48d78
|
|
7
|
+
data.tar.gz: 6db95ad4869e55739c648492a830054c8f59b574a6ddabf80b8de24ff1e67356e7df492fcf742a6afea5bb65f34f215252dd2466d5c264578c5c0cd224866fe4
|
|
@@ -12,7 +12,9 @@ module ZuoraConnect
|
|
|
12
12
|
|
|
13
13
|
begin
|
|
14
14
|
if ZuoraConnect::LDAP::Adapter.valid_credentials?(username, password)
|
|
15
|
-
|
|
15
|
+
id = ZuoraConnect::AppInstance.first.id
|
|
16
|
+
session["appInstance"] = ZuoraConnect::AppInstance.first.id
|
|
17
|
+
session["#{id}::admin"] = true
|
|
16
18
|
respond_to do |format|
|
|
17
19
|
format.html { redirect_to '/admin/app_instances' }
|
|
18
20
|
end
|
|
@@ -20,13 +22,13 @@ module ZuoraConnect
|
|
|
20
22
|
render 'zuora_connect/application/ldap_login', locals: {
|
|
21
23
|
title: 'LDAP Authentication Failed',
|
|
22
24
|
message: 'Invalid username or password'
|
|
23
|
-
}
|
|
25
|
+
}, :layout => false
|
|
24
26
|
end
|
|
25
27
|
rescue Net::LDAP::Error
|
|
26
28
|
render 'zuora_connect/application/ldap_login', locals: {
|
|
27
29
|
title: 'LDAP Authentication Net Error',
|
|
28
30
|
message: 'Failed to connect to server while authenticating the LDAP credentials. Please retry later.'
|
|
29
|
-
}
|
|
31
|
+
}, :layout => false
|
|
30
32
|
end
|
|
31
33
|
end
|
|
32
34
|
end
|
|
@@ -187,7 +187,7 @@ module ZuoraConnect
|
|
|
187
187
|
raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
|
|
188
188
|
self.refresh(session: session)
|
|
189
189
|
|
|
190
|
-
elsif session["#{self.id}::task_data"].blank?
|
|
190
|
+
elsif session["#{self.id}::task_data"].blank? && !ZuoraConnect.configuration.local_task_data
|
|
191
191
|
self.new_session_message = "REFRESHING - Task Data Blank"
|
|
192
192
|
ZuoraConnect.logger.debug(self.new_session_message)
|
|
193
193
|
raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
|
|
@@ -264,6 +264,7 @@ module ZuoraConnect
|
|
|
264
264
|
end
|
|
265
265
|
end
|
|
266
266
|
|
|
267
|
+
tenants = (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['entityId']}.uniq if tenants.blank?
|
|
267
268
|
params = {
|
|
268
269
|
name: self.task_data.dig('name'),
|
|
269
270
|
zuora_entity_ids: (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['id']}.uniq,
|
|
@@ -415,10 +416,6 @@ module ZuoraConnect
|
|
|
415
416
|
raise
|
|
416
417
|
end
|
|
417
418
|
|
|
418
|
-
def aws_secrets
|
|
419
|
-
(Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
|
|
420
|
-
end
|
|
421
|
-
|
|
422
419
|
#### START KMS ENCRYPTION Methods ####
|
|
423
420
|
def set_backup_creds
|
|
424
421
|
if self.kms_key.present? && self.kms_key.match(/^arn:aws:.*/) && self.task_data.present?
|
|
@@ -434,14 +431,105 @@ module ZuoraConnect
|
|
|
434
431
|
|
|
435
432
|
def zuora_logins
|
|
436
433
|
raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Zuora Logins is blank, cannot decrypt.") if super.blank?
|
|
437
|
-
return JSON.parse(kms_decrypt(super))
|
|
434
|
+
return JSON.parse(kms_decrypt(super, field_name: :zuora_logins))
|
|
435
|
+
end
|
|
436
|
+
|
|
437
|
+
def kms_client
|
|
438
|
+
@kms_client ||= Aws::KMS::Client.new({region: aws_secrets['AWS_REGION'], credentials: self.aws_auth_client}.delete_if { |k, v| v.blank? })
|
|
439
|
+
return @kms_client
|
|
440
|
+
end
|
|
441
|
+
|
|
442
|
+
def decrypted_data_key
|
|
443
|
+
$cleartextkey ||= kms_client.decrypt(ciphertext_blob: Base64.strict_decode64(encrypted_data_key)).plaintext
|
|
444
|
+
return $cleartextkey
|
|
445
|
+
end
|
|
446
|
+
|
|
447
|
+
def aws_secrets
|
|
448
|
+
(Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
|
|
449
|
+
end
|
|
450
|
+
|
|
451
|
+
def connect_secrets
|
|
452
|
+
(Rails.application.secrets.connect || {}).transform_keys { |key| key.to_s }
|
|
453
|
+
end
|
|
454
|
+
|
|
455
|
+
def kms_key(raise_on_blank: false)
|
|
456
|
+
kms_value = ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
|
|
457
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing KMS key") if raise_on_blank && kms_value.blank?
|
|
458
|
+
return kms_value
|
|
459
|
+
end
|
|
460
|
+
|
|
461
|
+
def iv_key
|
|
462
|
+
iv_key_value = ENV['IV_KEY'] || connect_secrets['IV_KEY']
|
|
463
|
+
#Create new one 'Base64.strict_encode64(OpenSSL::Cipher.new('AES-256-CBC').random_iv)'
|
|
464
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing IV cipher key") if iv_key_value.blank?
|
|
465
|
+
return iv_key_value
|
|
466
|
+
end
|
|
467
|
+
|
|
468
|
+
def encrypted_data_key
|
|
469
|
+
#Base64.strict_encode64(kms_client.generate_data_key(key_id: kms_key, key_spec: 'AES_256').ciphertext_blob)
|
|
470
|
+
encrypted_data_key_value = ENV['ENCRYPTED_DATA_KEY'] || connect_secrets['ENCRYPTED_DATA_KEY']
|
|
471
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing encrypted data key 'ENCRYPTED_DATA_KEY'.") if encrypted_data_key_value.blank?
|
|
472
|
+
return encrypted_data_key_value
|
|
473
|
+
end
|
|
474
|
+
|
|
475
|
+
def aws_auth_client
|
|
476
|
+
if Rails.env.to_s == 'development'
|
|
477
|
+
return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
|
|
478
|
+
else
|
|
479
|
+
return nil
|
|
480
|
+
end
|
|
481
|
+
end
|
|
482
|
+
|
|
483
|
+
def fetch_cipher(type)
|
|
484
|
+
raise "Type must be set to 'encrypt' or 'decrypt'" if !['decrypt','encrypt'].include?(type)
|
|
485
|
+
cipher = OpenSSL::Cipher.new('AES-256-CBC')
|
|
486
|
+
cipher.send(type)
|
|
487
|
+
cipher.key = self.decrypted_data_key
|
|
488
|
+
cipher.iv = Base64.strict_decode64(self.iv_key)
|
|
489
|
+
return cipher
|
|
438
490
|
end
|
|
439
491
|
|
|
440
|
-
def kms_decrypt(value)
|
|
492
|
+
def kms_decrypt(value, field_name: nil, encryption_type: ZuoraConnect.configuration.encryption_type)
|
|
441
493
|
kms_tries ||= 0
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
494
|
+
original_encryption_type ||= encryption_type.dup
|
|
495
|
+
|
|
496
|
+
case encryption_type
|
|
497
|
+
when :direct
|
|
498
|
+
result = kms_client.decrypt(ciphertext_blob: [value].pack("H*") ).plaintext
|
|
499
|
+
#Update original encryption
|
|
500
|
+
if original_encryption_type != encryption_type && field_name.present?
|
|
501
|
+
ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
|
|
502
|
+
self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
|
|
503
|
+
end
|
|
504
|
+
|
|
505
|
+
return result
|
|
506
|
+
when :envelope
|
|
507
|
+
cipher = fetch_cipher('decrypt')
|
|
508
|
+
result = cipher.update(Base64.strict_decode64(value)) + cipher.final
|
|
509
|
+
|
|
510
|
+
#Update original encryption
|
|
511
|
+
if original_encryption_type != encryption_type && field_name.present?
|
|
512
|
+
ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
|
|
513
|
+
self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
|
|
514
|
+
end
|
|
515
|
+
return result
|
|
516
|
+
else
|
|
517
|
+
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
|
518
|
+
end
|
|
519
|
+
rescue ArgumentError => ex
|
|
520
|
+
if ex.message == 'invalid base64' && encryption_type == :envelope && (kms_tries += 1) < 3
|
|
521
|
+
ZuoraConnect.logger.warn("Fallback to encryption 'direct', from '#{encryption_type}'", ex, self.default_ougai_items)
|
|
522
|
+
encryption_type = :direct
|
|
523
|
+
retry
|
|
524
|
+
end
|
|
525
|
+
raise#Add protection when decrypting
|
|
526
|
+
rescue Aws::KMS::Errors::InvalidCiphertextException => ex
|
|
527
|
+
if encryption_type == :direct && (kms_tries += 1) < 3
|
|
528
|
+
ZuoraConnect.logger.warn("Fallback to encryption 'envelope', from '#{encryption_type}'", ex, self.default_ougai_items)
|
|
529
|
+
encryption_type = :envelope
|
|
530
|
+
retry
|
|
531
|
+
end
|
|
532
|
+
raise
|
|
445
533
|
rescue *AWS_AUTH_ERRORS => ex
|
|
446
534
|
if (kms_tries += 1) < 3
|
|
447
535
|
Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
|
|
@@ -452,12 +540,20 @@ module ZuoraConnect
|
|
|
452
540
|
end
|
|
453
541
|
end
|
|
454
542
|
|
|
455
|
-
def kms_encrypt(value)
|
|
543
|
+
def kms_encrypt(value, encryption_type: ZuoraConnect.configuration.encryption_type)
|
|
456
544
|
kms_tries ||= 0
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
545
|
+
case encryption_type
|
|
546
|
+
when :direct
|
|
547
|
+
resp = kms_client.encrypt({key_id: kms_key(raise_on_blank: true), plaintext: value})
|
|
548
|
+
return resp.ciphertext_blob.unpack('H*').first
|
|
549
|
+
when :envelope
|
|
550
|
+
cipher = fetch_cipher('encrypt')
|
|
551
|
+
value = cipher.update(value.to_s)
|
|
552
|
+
value << cipher.final
|
|
553
|
+
return Base64.strict_encode64(value)
|
|
554
|
+
else
|
|
555
|
+
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
|
556
|
+
end
|
|
461
557
|
rescue *AWS_AUTH_ERRORS => ex
|
|
462
558
|
if (kms_tries += 1) < 3
|
|
463
559
|
Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
|
|
@@ -467,18 +563,6 @@ module ZuoraConnect
|
|
|
467
563
|
raise
|
|
468
564
|
end
|
|
469
565
|
end
|
|
470
|
-
|
|
471
|
-
def kms_key
|
|
472
|
-
return ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
|
|
473
|
-
end
|
|
474
|
-
|
|
475
|
-
def aws_auth_client
|
|
476
|
-
if Rails.env.to_s == 'development'
|
|
477
|
-
return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
|
|
478
|
-
else
|
|
479
|
-
return nil
|
|
480
|
-
end
|
|
481
|
-
end
|
|
482
566
|
#### END KMS ENCRYPTION Methods ####
|
|
483
567
|
|
|
484
568
|
#### START Metrics Methods ####
|
|
@@ -504,9 +588,13 @@ module ZuoraConnect
|
|
|
504
588
|
def build_task(task_data: {}, session: {})
|
|
505
589
|
session = {} if session.blank?
|
|
506
590
|
self.task_data = task_data
|
|
591
|
+
if self.task_data.blank? && ZuoraConnect.configuration.local_task_data
|
|
592
|
+
self.task_data = self.zuora_logins
|
|
593
|
+
end
|
|
594
|
+
|
|
507
595
|
self.mode = self.task_data["mode"]
|
|
508
596
|
|
|
509
|
-
if task_data['id'].to_s != self.id.to_s
|
|
597
|
+
if self.task_data['id'].to_s != self.id.to_s
|
|
510
598
|
raise ZuoraConnect::Exceptions::MissMatch.new("Wrong Instance Identifier/Lookup")
|
|
511
599
|
end
|
|
512
600
|
|
|
@@ -544,7 +632,7 @@ module ZuoraConnect
|
|
|
544
632
|
raise
|
|
545
633
|
rescue => ex
|
|
546
634
|
ZuoraConnect.logger.error("Build Task Error", ex)
|
|
547
|
-
ZuoraConnect.logger.error("Task Data: #{task_data}") if task_data.present?
|
|
635
|
+
ZuoraConnect.logger.error("Task Data: #{self.task_data}") if self.task_data.present?
|
|
548
636
|
if session.present?
|
|
549
637
|
ZuoraConnect.logger.error("Task Session: #{session.to_h}") if session.methods.include?(:to_h)
|
|
550
638
|
ZuoraConnect.logger.error("Task Session: #{session.to_hash}") if session.methods.include?(:to_hash)
|
|
@@ -795,19 +883,19 @@ module ZuoraConnect
|
|
|
795
883
|
if login.tenant_type == "Zuora"
|
|
796
884
|
if login.available_entities.size > 1 && Rails.application.config.session_store != ActionDispatch::Session::CookieStore
|
|
797
885
|
login.available_entities.each do |entity_key|
|
|
798
|
-
session["#{self.id}::#{key}::#{entity_key}:current_session"] = login.client(entity_key).current_session if login.client.respond_to?(:current_session)
|
|
799
|
-
session["#{self.id}::#{key}::#{entity_key}:bearer_token"] = login.client(entity_key).bearer_token if login.client.respond_to?(:bearer_token)
|
|
800
|
-
session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"] = login.client(entity_key).oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at)
|
|
886
|
+
session["#{self.id}::#{key}::#{entity_key}:current_session"] = login.client(entity_key).current_session if login.client.respond_to?(:current_session) && login.client(entity_key).current_session.present?
|
|
887
|
+
session["#{self.id}::#{key}::#{entity_key}:bearer_token"] = login.client(entity_key).bearer_token if login.client.respond_to?(:bearer_token) && login.client(entity_key).bearer_token.present?
|
|
888
|
+
session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"] = login.client(entity_key).oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at) && login.client(entity_key).oauth_session_expires_at.present?
|
|
801
889
|
end
|
|
802
890
|
else
|
|
803
|
-
session["#{self.id}::#{key}:current_session"] = login.client.current_session if login.client.respond_to?(:current_session)
|
|
804
|
-
session["#{self.id}::#{key}:bearer_token"] = login.client.bearer_token if login.client.respond_to?(:bearer_token)
|
|
805
|
-
session["#{self.id}::#{key}:oauth_session_expires_at"] = login.client.oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at)
|
|
891
|
+
session["#{self.id}::#{key}:current_session"] = login.client.current_session if login.client.respond_to?(:current_session) && login.client.current_session.present?
|
|
892
|
+
session["#{self.id}::#{key}:bearer_token"] = login.client.bearer_token if login.client.respond_to?(:bearer_token) && login.client.bearer_token.present?
|
|
893
|
+
session["#{self.id}::#{key}:oauth_session_expires_at"] = login.client.oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at) && login.client.oauth_session_expires_at.present?
|
|
806
894
|
end
|
|
807
895
|
end
|
|
808
896
|
end
|
|
809
897
|
|
|
810
|
-
session["#{self.id}::task_data"] = self.task_data
|
|
898
|
+
session["#{self.id}::task_data"] = self.task_data if !ZuoraConnect.configuration.local_task_data
|
|
811
899
|
|
|
812
900
|
#Redis is not defined strip out old data
|
|
813
901
|
if !defined?(Redis.current)
|
|
@@ -847,6 +935,9 @@ module ZuoraConnect
|
|
|
847
935
|
else
|
|
848
936
|
begin
|
|
849
937
|
return JSON.parse(encryptor.decrypt_and_verify(CGI::unescape(data)))
|
|
938
|
+
rescue ActiveSupport::MessageEncryptor::InvalidMessage => ex
|
|
939
|
+
Rails.logger.error('Error Decrypting', ex, self.default_ougai_items) if log_fatal && !Rails.env.test?
|
|
940
|
+
return JSON.parse(encryptor.decrypt_and_verify(data))
|
|
850
941
|
rescue ActiveSupport::MessageVerifier::InvalidSignature => ex
|
|
851
942
|
ZuoraConnect.logger.error("Error Decrypting", ex, self.default_ougai_items) if log_fatal
|
|
852
943
|
return rescue_return
|
|
@@ -11,6 +11,15 @@ class RedisFlash
|
|
|
11
11
|
end
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
class Redis
|
|
15
|
+
def self.current
|
|
16
|
+
@current ||= Redis.new()
|
|
17
|
+
end
|
|
18
|
+
def self.current=(redis)
|
|
19
|
+
@current = redis
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
14
23
|
if defined?(Redis.current)
|
|
15
24
|
Redis.current = Redis.new(:id => "#{ZuoraObservability::Env.full_process_name(process_name: 'Redis')}", :url => redis_url, :timeout => 6, :reconnect_attempts => 2)
|
|
16
25
|
browser_urls['Redis'] = { "url" => redis_url }
|
|
@@ -9,5 +9,8 @@ class AddEnvironmentFields < ActiveRecord::Migration[5.0]
|
|
|
9
9
|
if column_exists? :zuora_connect_app_instances, :organizations
|
|
10
10
|
change_column :zuora_connect_app_instances, :organizations, :jsonb, default: []
|
|
11
11
|
end
|
|
12
|
+
unless column_exists? :zuora_connect_app_instances, :zuora_global_tenant_id
|
|
13
|
+
add_column :zuora_connect_app_instances, :zuora_global_tenant_id, :text, default: ""
|
|
14
|
+
end
|
|
12
15
|
end
|
|
13
16
|
end
|
|
@@ -1,24 +1,16 @@
|
|
|
1
|
-
# desc "Explaining what the task does"
|
|
2
|
-
# task :connect do
|
|
3
|
-
# # Task goes here
|
|
4
|
-
# end
|
|
5
|
-
|
|
6
1
|
namespace :db do
|
|
7
2
|
desc 'Also create shared_extensions Schema'
|
|
8
3
|
task :extensions => :environment do
|
|
9
4
|
# Create Schema
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
5
|
+
at_exit {
|
|
6
|
+
ActiveRecord::Base.connection.execute 'CREATE SCHEMA IF NOT EXISTS shared_extensions;'
|
|
7
|
+
# Enable Hstore
|
|
8
|
+
ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS HSTORE SCHEMA shared_extensions;'
|
|
9
|
+
# Enable UUID-OSSP
|
|
10
|
+
ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp" SCHEMA shared_extensions;'
|
|
11
|
+
}
|
|
15
12
|
end
|
|
16
13
|
end
|
|
17
14
|
|
|
18
|
-
Rake::Task["db:create"].enhance
|
|
19
|
-
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
Rake::Task["db:test:purge"].enhance do
|
|
23
|
-
Rake::Task["db:extensions"].invoke
|
|
24
|
-
end
|
|
15
|
+
Rake::Task["db:create"].enhance [:extensions]
|
|
16
|
+
Rake::Task["db:test:purge"].enhance [:extensions]
|
|
@@ -7,7 +7,7 @@ module ZuoraConnect
|
|
|
7
7
|
|
|
8
8
|
attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
|
|
9
9
|
|
|
10
|
-
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect
|
|
10
|
+
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data
|
|
11
11
|
|
|
12
12
|
def initialize
|
|
13
13
|
@default_locale = :en
|
|
@@ -21,6 +21,8 @@ module ZuoraConnect
|
|
|
21
21
|
@blpop_queue = false
|
|
22
22
|
@insert_migrations = true
|
|
23
23
|
@skip_connect = false
|
|
24
|
+
@encryption_type = :direct
|
|
25
|
+
@local_task_data = false
|
|
24
26
|
|
|
25
27
|
# Setting the app name for telegraf write
|
|
26
28
|
@enable_metrics = false
|
|
@@ -305,7 +305,7 @@ module ZuoraConnect
|
|
|
305
305
|
private
|
|
306
306
|
def setup_instance_via_prod_mode
|
|
307
307
|
zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
|
|
308
|
-
ZuoraConnect::ZuoraUser.current_user_id =
|
|
308
|
+
ZuoraConnect::ZuoraUser.current_user_id = '3'
|
|
309
309
|
|
|
310
310
|
if zuora_entity_id.present?
|
|
311
311
|
zuora_tenant_id = cookies['Zuora-Tenant-Id']
|
|
@@ -320,11 +320,6 @@ module ZuoraConnect
|
|
|
320
320
|
elsif cookies['ZSession'].present?
|
|
321
321
|
zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'], entity_id: zuora_entity_id)
|
|
322
322
|
auth_headers.merge!({'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
|
|
323
|
-
elsif session["ldapAdmin"]
|
|
324
|
-
ZuoraConnect::logger.debug("Admin session found")
|
|
325
|
-
elsif ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
|
|
326
|
-
render "zuora_connect/application/ldap_login"
|
|
327
|
-
return
|
|
328
323
|
else
|
|
329
324
|
render "zuora_connect/static/error_handled", :locals => {
|
|
330
325
|
:title => "Missing Authorization Token",
|
|
@@ -341,7 +336,7 @@ module ZuoraConnect
|
|
|
341
336
|
missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
|
|
342
337
|
missing_identity = session["ZuoraCurrentIdentity"].blank?
|
|
343
338
|
|
|
344
|
-
if (missing_identity || missmatched_entity || different_zsession)
|
|
339
|
+
if (missing_identity || missmatched_entity || different_zsession)
|
|
345
340
|
zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
|
|
346
341
|
identity, response = zuora_client.rest_call(
|
|
347
342
|
url: zuora_client.rest_endpoint("identity"),
|
|
@@ -382,10 +377,7 @@ module ZuoraConnect
|
|
|
382
377
|
end
|
|
383
378
|
end
|
|
384
379
|
|
|
385
|
-
if
|
|
386
|
-
appinstances = ZuoraConnect::AppInstance.pluck(:id, :name)
|
|
387
|
-
#Find matching app instances.
|
|
388
|
-
elsif zuora_instance_id.present?
|
|
380
|
+
if zuora_instance_id.present?
|
|
389
381
|
appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id.to_i).pluck(:id, :name)
|
|
390
382
|
else
|
|
391
383
|
#if app_instance_ids is present then permissions still controlled by connect
|
|
@@ -423,23 +415,11 @@ module ZuoraConnect
|
|
|
423
415
|
appinstances ||= ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
|
|
424
416
|
end
|
|
425
417
|
|
|
426
|
-
|
|
427
|
-
zuora_user_id = "3"
|
|
428
|
-
else
|
|
429
|
-
zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
|
|
430
|
-
end
|
|
418
|
+
zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
|
|
431
419
|
|
|
432
420
|
if appinstances.size == 1
|
|
433
421
|
ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
|
|
434
422
|
@appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
|
|
435
|
-
session["appInstance"] = @appinstance.id
|
|
436
|
-
ZuoraConnect::ZuoraUser.current_user_id = zuora_user_id
|
|
437
|
-
end
|
|
438
|
-
|
|
439
|
-
if session["ldapAdmin"]
|
|
440
|
-
# Maybe error. Should we return because of condition?
|
|
441
|
-
session["#{@appinstance.id}::admin"] = true
|
|
442
|
-
return
|
|
443
423
|
end
|
|
444
424
|
|
|
445
425
|
# One deployed instance with credentials
|
|
@@ -643,7 +623,12 @@ module ZuoraConnect
|
|
|
643
623
|
if session["appInstance"].present?
|
|
644
624
|
@appinstance = ZuoraConnect::AppInstance.find_by(:id => session["appInstance"])
|
|
645
625
|
else
|
|
646
|
-
|
|
626
|
+
if ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
|
|
627
|
+
render "zuora_connect/application/ldap_login", :layout => false
|
|
628
|
+
return
|
|
629
|
+
else
|
|
630
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("No application state or session found.")
|
|
631
|
+
end
|
|
647
632
|
end
|
|
648
633
|
end
|
|
649
634
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zuora_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Connect Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-06
|
|
11
|
+
date: 2022-07-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: apartment
|
|
@@ -452,9 +452,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
452
452
|
version: '0'
|
|
453
453
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
454
454
|
requirements:
|
|
455
|
-
- - "
|
|
455
|
+
- - ">="
|
|
456
456
|
- !ruby/object:Gem::Version
|
|
457
|
-
version:
|
|
457
|
+
version: '0'
|
|
458
458
|
requirements: []
|
|
459
459
|
rubygems_version: 3.3.7
|
|
460
460
|
signing_key:
|