zuora_connect 3.1.0.pre.e → 3.1.1.pre.a
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/zuora_connect/application_controller.rb +5 -3
- data/app/models/zuora_connect/app_instance_base.rb +130 -38
- data/app/views/zuora_connect/application/ldap_login.html.erb +3 -2
- data/config/initializers/redis.rb +9 -0
- data/db/migrate/20190520232224_add_environment_fields.rb +3 -0
- data/lib/tasks/zuora_connect_tasks.rake +9 -17
- data/lib/zuora_connect/configuration.rb +3 -1
- data/lib/zuora_connect/controllers/helpers.rb +10 -25
- data/lib/zuora_connect/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 575850a90d1e2c6aaca6a638ce4c353f337c617d3ff1460731b48a208d8942c1
|
4
|
+
data.tar.gz: 5e2a26d1ff920f57243bca6cd1de689158d0c996bb31b6c3793c9d004572d248
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e5592409632f985f3db6c42c2cc4c28e86ad7daed2f359ef08e4cb503efdef0095388a62f48832a1498f9ce7d7f8bdccc0155af1a4d68dc32412ae061dec45c4
|
7
|
+
data.tar.gz: 12c7cdb0591645a712ee19ead68473d8a67763c8b88dcb02e9b2195112577b898636079c681a164ea6e3bbd1d03a37c0af5c7941caa93946ef391fbf7ba69ef1
|
@@ -12,7 +12,9 @@ module ZuoraConnect
|
|
12
12
|
|
13
13
|
begin
|
14
14
|
if ZuoraConnect::LDAP::Adapter.valid_credentials?(username, password)
|
15
|
-
|
15
|
+
id = ZuoraConnect::AppInstance.first.id
|
16
|
+
session["appInstance"] = ZuoraConnect::AppInstance.first.id
|
17
|
+
session["#{id}::admin"] = true
|
16
18
|
respond_to do |format|
|
17
19
|
format.html { redirect_to '/admin/app_instances' }
|
18
20
|
end
|
@@ -20,13 +22,13 @@ module ZuoraConnect
|
|
20
22
|
render 'zuora_connect/application/ldap_login', locals: {
|
21
23
|
title: 'LDAP Authentication Failed',
|
22
24
|
message: 'Invalid username or password'
|
23
|
-
}
|
25
|
+
}, :layout => false
|
24
26
|
end
|
25
27
|
rescue Net::LDAP::Error
|
26
28
|
render 'zuora_connect/application/ldap_login', locals: {
|
27
29
|
title: 'LDAP Authentication Net Error',
|
28
30
|
message: 'Failed to connect to server while authenticating the LDAP credentials. Please retry later.'
|
29
|
-
}
|
31
|
+
}, :layout => false
|
30
32
|
end
|
31
33
|
end
|
32
34
|
end
|
@@ -187,7 +187,7 @@ module ZuoraConnect
|
|
187
187
|
raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
|
188
188
|
self.refresh(session: session)
|
189
189
|
|
190
|
-
elsif session["#{self.id}::task_data"].blank?
|
190
|
+
elsif session["#{self.id}::task_data"].blank? && !ZuoraConnect.configuration.local_task_data
|
191
191
|
self.new_session_message = "REFRESHING - Task Data Blank"
|
192
192
|
ZuoraConnect.logger.debug(self.new_session_message)
|
193
193
|
raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
|
@@ -264,6 +264,7 @@ module ZuoraConnect
|
|
264
264
|
end
|
265
265
|
end
|
266
266
|
|
267
|
+
tenants = (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['entityId']}.uniq if tenants.blank?
|
267
268
|
params = {
|
268
269
|
name: self.task_data.dig('name'),
|
269
270
|
zuora_entity_ids: (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['id']}.uniq,
|
@@ -353,7 +354,8 @@ module ZuoraConnect
|
|
353
354
|
|
354
355
|
def fetch_connect_data(session: {})
|
355
356
|
self.check_oauth_state
|
356
|
-
|
357
|
+
request_url = ZuoraConnect.configuration.url + "/api/#{self.api_version}/tools/tasks/#{self.id}.json"
|
358
|
+
response = HTTParty.get(request_url,:body => {:access_token => self.access_token})
|
357
359
|
|
358
360
|
if response.code == 200
|
359
361
|
begin
|
@@ -366,7 +368,7 @@ module ZuoraConnect
|
|
366
368
|
self.set_backup_creds
|
367
369
|
self.save(validate: false) if self.changed?
|
368
370
|
else
|
369
|
-
raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error
|
371
|
+
raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error communicating with Connect for '#{request_url}' with #{response.code}", response.body, response.code)
|
370
372
|
end
|
371
373
|
end
|
372
374
|
|
@@ -415,10 +417,6 @@ module ZuoraConnect
|
|
415
417
|
raise
|
416
418
|
end
|
417
419
|
|
418
|
-
def aws_secrets
|
419
|
-
(Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
|
420
|
-
end
|
421
|
-
|
422
420
|
#### START KMS ENCRYPTION Methods ####
|
423
421
|
def set_backup_creds
|
424
422
|
if self.kms_key.present? && self.kms_key.match(/^arn:aws:.*/) && self.task_data.present?
|
@@ -434,14 +432,105 @@ module ZuoraConnect
|
|
434
432
|
|
435
433
|
def zuora_logins
|
436
434
|
raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Zuora Logins is blank, cannot decrypt.") if super.blank?
|
437
|
-
return JSON.parse(kms_decrypt(super))
|
435
|
+
return JSON.parse(kms_decrypt(super, field_name: :zuora_logins))
|
436
|
+
end
|
437
|
+
|
438
|
+
def kms_client
|
439
|
+
@kms_client ||= Aws::KMS::Client.new({region: aws_secrets['AWS_REGION'], credentials: self.aws_auth_client}.delete_if { |k, v| v.blank? })
|
440
|
+
return @kms_client
|
441
|
+
end
|
442
|
+
|
443
|
+
def decrypted_data_key
|
444
|
+
$cleartextkey ||= kms_client.decrypt(ciphertext_blob: Base64.strict_decode64(encrypted_data_key)).plaintext
|
445
|
+
return $cleartextkey
|
446
|
+
end
|
447
|
+
|
448
|
+
def aws_secrets
|
449
|
+
(Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
|
450
|
+
end
|
451
|
+
|
452
|
+
def connect_secrets
|
453
|
+
(Rails.application.secrets.connect || {}).transform_keys { |key| key.to_s }
|
454
|
+
end
|
455
|
+
|
456
|
+
def kms_key(raise_on_blank: false)
|
457
|
+
kms_value = ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
|
458
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing KMS key") if raise_on_blank && kms_value.blank?
|
459
|
+
return kms_value
|
460
|
+
end
|
461
|
+
|
462
|
+
def iv_key
|
463
|
+
iv_key_value = ENV['IV_KEY'] || connect_secrets['IV_KEY']
|
464
|
+
#Create new one 'Base64.strict_encode64(OpenSSL::Cipher.new('AES-256-CBC').random_iv)'
|
465
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing IV cipher key") if iv_key_value.blank?
|
466
|
+
return iv_key_value
|
467
|
+
end
|
468
|
+
|
469
|
+
def encrypted_data_key
|
470
|
+
#Base64.strict_encode64(kms_client.generate_data_key(key_id: kms_key, key_spec: 'AES_256').ciphertext_blob)
|
471
|
+
encrypted_data_key_value = ENV['ENCRYPTED_DATA_KEY'] || connect_secrets['ENCRYPTED_DATA_KEY']
|
472
|
+
raise ZuoraConnect::Exceptions::Error.new("Missing encrypted data key 'ENCRYPTED_DATA_KEY'.") if encrypted_data_key_value.blank?
|
473
|
+
return encrypted_data_key_value
|
474
|
+
end
|
475
|
+
|
476
|
+
def aws_auth_client
|
477
|
+
if Rails.env.to_s == 'development'
|
478
|
+
return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
|
479
|
+
else
|
480
|
+
return nil
|
481
|
+
end
|
482
|
+
end
|
483
|
+
|
484
|
+
def fetch_cipher(type)
|
485
|
+
raise "Type must be set to 'encrypt' or 'decrypt'" if !['decrypt','encrypt'].include?(type)
|
486
|
+
cipher = OpenSSL::Cipher.new('AES-256-CBC')
|
487
|
+
cipher.send(type)
|
488
|
+
cipher.key = self.decrypted_data_key
|
489
|
+
cipher.iv = Base64.strict_decode64(self.iv_key)
|
490
|
+
return cipher
|
438
491
|
end
|
439
492
|
|
440
|
-
def kms_decrypt(value)
|
493
|
+
def kms_decrypt(value, field_name: nil, encryption_type: ZuoraConnect.configuration.encryption_type)
|
441
494
|
kms_tries ||= 0
|
442
|
-
|
443
|
-
|
444
|
-
|
495
|
+
original_encryption_type ||= encryption_type.dup
|
496
|
+
|
497
|
+
case encryption_type
|
498
|
+
when :direct
|
499
|
+
result = kms_client.decrypt(ciphertext_blob: [value].pack("H*") ).plaintext
|
500
|
+
#Update original encryption
|
501
|
+
if original_encryption_type != encryption_type && field_name.present?
|
502
|
+
ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
|
503
|
+
self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
|
504
|
+
end
|
505
|
+
|
506
|
+
return result
|
507
|
+
when :envelope
|
508
|
+
cipher = fetch_cipher('decrypt')
|
509
|
+
result = cipher.update(Base64.strict_decode64(value)) + cipher.final
|
510
|
+
|
511
|
+
#Update original encryption
|
512
|
+
if original_encryption_type != encryption_type && field_name.present?
|
513
|
+
ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
|
514
|
+
self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
|
515
|
+
end
|
516
|
+
return result
|
517
|
+
else
|
518
|
+
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
519
|
+
end
|
520
|
+
rescue ArgumentError => ex
|
521
|
+
if ex.message == 'invalid base64' && encryption_type == :envelope && (kms_tries += 1) < 3
|
522
|
+
ZuoraConnect.logger.warn("Fallback to encryption 'direct', from '#{encryption_type}'", ex, self.default_ougai_items)
|
523
|
+
encryption_type = :direct
|
524
|
+
retry
|
525
|
+
end
|
526
|
+
raise#Add protection when decrypting
|
527
|
+
rescue Aws::KMS::Errors::InvalidCiphertextException => ex
|
528
|
+
if encryption_type == :direct && (kms_tries += 1) < 3
|
529
|
+
ZuoraConnect.logger.warn("Fallback to encryption 'envelope', from '#{encryption_type}'", ex, self.default_ougai_items)
|
530
|
+
encryption_type = :envelope
|
531
|
+
retry
|
532
|
+
end
|
533
|
+
raise
|
445
534
|
rescue *AWS_AUTH_ERRORS => ex
|
446
535
|
if (kms_tries += 1) < 3
|
447
536
|
Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
|
@@ -452,12 +541,20 @@ module ZuoraConnect
|
|
452
541
|
end
|
453
542
|
end
|
454
543
|
|
455
|
-
def kms_encrypt(value)
|
544
|
+
def kms_encrypt(value, encryption_type: ZuoraConnect.configuration.encryption_type)
|
456
545
|
kms_tries ||= 0
|
457
|
-
|
458
|
-
|
459
|
-
|
460
|
-
|
546
|
+
case encryption_type
|
547
|
+
when :direct
|
548
|
+
resp = kms_client.encrypt({key_id: kms_key(raise_on_blank: true), plaintext: value})
|
549
|
+
return resp.ciphertext_blob.unpack('H*').first
|
550
|
+
when :envelope
|
551
|
+
cipher = fetch_cipher('encrypt')
|
552
|
+
value = cipher.update(value.to_s)
|
553
|
+
value << cipher.final
|
554
|
+
return Base64.strict_encode64(value)
|
555
|
+
else
|
556
|
+
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
557
|
+
end
|
461
558
|
rescue *AWS_AUTH_ERRORS => ex
|
462
559
|
if (kms_tries += 1) < 3
|
463
560
|
Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
|
@@ -467,18 +564,6 @@ module ZuoraConnect
|
|
467
564
|
raise
|
468
565
|
end
|
469
566
|
end
|
470
|
-
|
471
|
-
def kms_key
|
472
|
-
return ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
|
473
|
-
end
|
474
|
-
|
475
|
-
def aws_auth_client
|
476
|
-
if Rails.env.to_s == 'development'
|
477
|
-
return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
|
478
|
-
else
|
479
|
-
return nil
|
480
|
-
end
|
481
|
-
end
|
482
567
|
#### END KMS ENCRYPTION Methods ####
|
483
568
|
|
484
569
|
#### START Metrics Methods ####
|
@@ -504,9 +589,13 @@ module ZuoraConnect
|
|
504
589
|
def build_task(task_data: {}, session: {})
|
505
590
|
session = {} if session.blank?
|
506
591
|
self.task_data = task_data
|
592
|
+
if self.task_data.blank? && ZuoraConnect.configuration.local_task_data
|
593
|
+
self.task_data = self.zuora_logins
|
594
|
+
end
|
595
|
+
|
507
596
|
self.mode = self.task_data["mode"]
|
508
597
|
|
509
|
-
if task_data['id'].to_s != self.id.to_s
|
598
|
+
if self.task_data['id'].to_s != self.id.to_s
|
510
599
|
raise ZuoraConnect::Exceptions::MissMatch.new("Wrong Instance Identifier/Lookup")
|
511
600
|
end
|
512
601
|
|
@@ -544,7 +633,7 @@ module ZuoraConnect
|
|
544
633
|
raise
|
545
634
|
rescue => ex
|
546
635
|
ZuoraConnect.logger.error("Build Task Error", ex)
|
547
|
-
ZuoraConnect.logger.error("Task Data: #{task_data}") if task_data.present?
|
636
|
+
ZuoraConnect.logger.error("Task Data: #{self.task_data}") if self.task_data.present?
|
548
637
|
if session.present?
|
549
638
|
ZuoraConnect.logger.error("Task Session: #{session.to_h}") if session.methods.include?(:to_h)
|
550
639
|
ZuoraConnect.logger.error("Task Session: #{session.to_hash}") if session.methods.include?(:to_hash)
|
@@ -795,19 +884,19 @@ module ZuoraConnect
|
|
795
884
|
if login.tenant_type == "Zuora"
|
796
885
|
if login.available_entities.size > 1 && Rails.application.config.session_store != ActionDispatch::Session::CookieStore
|
797
886
|
login.available_entities.each do |entity_key|
|
798
|
-
session["#{self.id}::#{key}::#{entity_key}:current_session"] = login.client(entity_key).current_session if login.client.respond_to?(:current_session)
|
799
|
-
session["#{self.id}::#{key}::#{entity_key}:bearer_token"] = login.client(entity_key).bearer_token if login.client.respond_to?(:bearer_token)
|
800
|
-
session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"] = login.client(entity_key).oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at)
|
887
|
+
session["#{self.id}::#{key}::#{entity_key}:current_session"] = login.client(entity_key).current_session if login.client.respond_to?(:current_session) && login.client(entity_key).current_session.present?
|
888
|
+
session["#{self.id}::#{key}::#{entity_key}:bearer_token"] = login.client(entity_key).bearer_token if login.client.respond_to?(:bearer_token) && login.client(entity_key).bearer_token.present?
|
889
|
+
session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"] = login.client(entity_key).oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at) && login.client(entity_key).oauth_session_expires_at.present?
|
801
890
|
end
|
802
891
|
else
|
803
|
-
session["#{self.id}::#{key}:current_session"] = login.client.current_session if login.client.respond_to?(:current_session)
|
804
|
-
session["#{self.id}::#{key}:bearer_token"] = login.client.bearer_token if login.client.respond_to?(:bearer_token)
|
805
|
-
session["#{self.id}::#{key}:oauth_session_expires_at"] = login.client.oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at)
|
892
|
+
session["#{self.id}::#{key}:current_session"] = login.client.current_session if login.client.respond_to?(:current_session) && login.client.current_session.present?
|
893
|
+
session["#{self.id}::#{key}:bearer_token"] = login.client.bearer_token if login.client.respond_to?(:bearer_token) && login.client.bearer_token.present?
|
894
|
+
session["#{self.id}::#{key}:oauth_session_expires_at"] = login.client.oauth_session_expires_at if login.client.respond_to?(:oauth_session_expires_at) && login.client.oauth_session_expires_at.present?
|
806
895
|
end
|
807
896
|
end
|
808
897
|
end
|
809
898
|
|
810
|
-
session["#{self.id}::task_data"] = self.task_data
|
899
|
+
session["#{self.id}::task_data"] = self.task_data if !ZuoraConnect.configuration.local_task_data
|
811
900
|
|
812
901
|
#Redis is not defined strip out old data
|
813
902
|
if !defined?(Redis.current)
|
@@ -847,6 +936,9 @@ module ZuoraConnect
|
|
847
936
|
else
|
848
937
|
begin
|
849
938
|
return JSON.parse(encryptor.decrypt_and_verify(CGI::unescape(data)))
|
939
|
+
rescue ActiveSupport::MessageEncryptor::InvalidMessage => ex
|
940
|
+
Rails.logger.error('Error Decrypting', ex, self.default_ougai_items) if log_fatal && !Rails.env.test?
|
941
|
+
return JSON.parse(encryptor.decrypt_and_verify(data))
|
850
942
|
rescue ActiveSupport::MessageVerifier::InvalidSignature => ex
|
851
943
|
ZuoraConnect.logger.error("Error Decrypting", ex, self.default_ougai_items) if log_fatal
|
852
944
|
return rescue_return
|
@@ -11,6 +11,15 @@ class RedisFlash
|
|
11
11
|
end
|
12
12
|
end
|
13
13
|
|
14
|
+
class Redis
|
15
|
+
def self.current
|
16
|
+
@current ||= Redis.new()
|
17
|
+
end
|
18
|
+
def self.current=(redis)
|
19
|
+
@current = redis
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
14
23
|
if defined?(Redis.current)
|
15
24
|
Redis.current = Redis.new(:id => "#{ZuoraObservability::Env.full_process_name(process_name: 'Redis')}", :url => redis_url, :timeout => 6, :reconnect_attempts => 2)
|
16
25
|
browser_urls['Redis'] = { "url" => redis_url }
|
@@ -9,5 +9,8 @@ class AddEnvironmentFields < ActiveRecord::Migration[5.0]
|
|
9
9
|
if column_exists? :zuora_connect_app_instances, :organizations
|
10
10
|
change_column :zuora_connect_app_instances, :organizations, :jsonb, default: []
|
11
11
|
end
|
12
|
+
unless column_exists? :zuora_connect_app_instances, :zuora_global_tenant_id
|
13
|
+
add_column :zuora_connect_app_instances, :zuora_global_tenant_id, :text, default: ""
|
14
|
+
end
|
12
15
|
end
|
13
16
|
end
|
@@ -1,24 +1,16 @@
|
|
1
|
-
# desc "Explaining what the task does"
|
2
|
-
# task :connect do
|
3
|
-
# # Task goes here
|
4
|
-
# end
|
5
|
-
|
6
1
|
namespace :db do
|
7
2
|
desc 'Also create shared_extensions Schema'
|
8
3
|
task :extensions => :environment do
|
9
4
|
# Create Schema
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
5
|
+
at_exit {
|
6
|
+
ActiveRecord::Base.connection.execute 'CREATE SCHEMA IF NOT EXISTS shared_extensions;'
|
7
|
+
# Enable Hstore
|
8
|
+
ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS HSTORE SCHEMA shared_extensions;'
|
9
|
+
# Enable UUID-OSSP
|
10
|
+
ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp" SCHEMA shared_extensions;'
|
11
|
+
}
|
15
12
|
end
|
16
13
|
end
|
17
14
|
|
18
|
-
Rake::Task["db:create"].enhance
|
19
|
-
|
20
|
-
end
|
21
|
-
|
22
|
-
Rake::Task["db:test:purge"].enhance do
|
23
|
-
Rake::Task["db:extensions"].invoke
|
24
|
-
end
|
15
|
+
Rake::Task["db:create"].enhance [:extensions]
|
16
|
+
Rake::Task["db:test:purge"].enhance [:extensions]
|
@@ -7,7 +7,7 @@ module ZuoraConnect
|
|
7
7
|
|
8
8
|
attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
|
9
9
|
|
10
|
-
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect
|
10
|
+
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data
|
11
11
|
|
12
12
|
def initialize
|
13
13
|
@default_locale = :en
|
@@ -21,6 +21,8 @@ module ZuoraConnect
|
|
21
21
|
@blpop_queue = false
|
22
22
|
@insert_migrations = true
|
23
23
|
@skip_connect = false
|
24
|
+
@encryption_type = :direct
|
25
|
+
@local_task_data = false
|
24
26
|
|
25
27
|
# Setting the app name for telegraf write
|
26
28
|
@enable_metrics = false
|
@@ -305,7 +305,7 @@ module ZuoraConnect
|
|
305
305
|
private
|
306
306
|
def setup_instance_via_prod_mode
|
307
307
|
zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
|
308
|
-
ZuoraConnect::ZuoraUser.current_user_id =
|
308
|
+
ZuoraConnect::ZuoraUser.current_user_id = '3'
|
309
309
|
|
310
310
|
if zuora_entity_id.present?
|
311
311
|
zuora_tenant_id = cookies['Zuora-Tenant-Id']
|
@@ -320,11 +320,6 @@ module ZuoraConnect
|
|
320
320
|
elsif cookies['ZSession'].present?
|
321
321
|
zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'], entity_id: zuora_entity_id)
|
322
322
|
auth_headers.merge!({'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
|
323
|
-
elsif session["ldapAdmin"]
|
324
|
-
ZuoraConnect::logger.debug("Admin session found")
|
325
|
-
elsif ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
|
326
|
-
render "zuora_connect/application/ldap_login"
|
327
|
-
return
|
328
323
|
else
|
329
324
|
render "zuora_connect/static/error_handled", :locals => {
|
330
325
|
:title => "Missing Authorization Token",
|
@@ -341,7 +336,7 @@ module ZuoraConnect
|
|
341
336
|
missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
|
342
337
|
missing_identity = session["ZuoraCurrentIdentity"].blank?
|
343
338
|
|
344
|
-
if (missing_identity || missmatched_entity || different_zsession)
|
339
|
+
if (missing_identity || missmatched_entity || different_zsession)
|
345
340
|
zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
|
346
341
|
identity, response = zuora_client.rest_call(
|
347
342
|
url: zuora_client.rest_endpoint("identity"),
|
@@ -382,10 +377,7 @@ module ZuoraConnect
|
|
382
377
|
end
|
383
378
|
end
|
384
379
|
|
385
|
-
if
|
386
|
-
appinstances = ZuoraConnect::AppInstance.pluck(:id, :name)
|
387
|
-
#Find matching app instances.
|
388
|
-
elsif zuora_instance_id.present?
|
380
|
+
if zuora_instance_id.present?
|
389
381
|
appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id.to_i).pluck(:id, :name)
|
390
382
|
else
|
391
383
|
#if app_instance_ids is present then permissions still controlled by connect
|
@@ -423,23 +415,11 @@ module ZuoraConnect
|
|
423
415
|
appinstances ||= ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
|
424
416
|
end
|
425
417
|
|
426
|
-
|
427
|
-
zuora_user_id = "3"
|
428
|
-
else
|
429
|
-
zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
|
430
|
-
end
|
418
|
+
zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
|
431
419
|
|
432
420
|
if appinstances.size == 1
|
433
421
|
ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
|
434
422
|
@appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
|
435
|
-
session["appInstance"] = @appinstance.id
|
436
|
-
ZuoraConnect::ZuoraUser.current_user_id = zuora_user_id
|
437
|
-
end
|
438
|
-
|
439
|
-
if session["ldapAdmin"]
|
440
|
-
# Maybe error. Should we return because of condition?
|
441
|
-
session["#{@appinstance.id}::admin"] = true
|
442
|
-
return
|
443
423
|
end
|
444
424
|
|
445
425
|
# One deployed instance with credentials
|
@@ -643,7 +623,12 @@ module ZuoraConnect
|
|
643
623
|
if session["appInstance"].present?
|
644
624
|
@appinstance = ZuoraConnect::AppInstance.find_by(:id => session["appInstance"])
|
645
625
|
else
|
646
|
-
|
626
|
+
if ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
|
627
|
+
render "zuora_connect/application/ldap_login", :layout => false
|
628
|
+
return
|
629
|
+
else
|
630
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("No application state or session found.")
|
631
|
+
end
|
647
632
|
end
|
648
633
|
end
|
649
634
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zuora_connect
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.1.pre.a
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Connect Team
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: apartment
|