RubyGems - zuora_connect - Versions diffs - 3.1.0.pre.e → 3.1.1.pre.a - Mend

zuora_connect 3.1.0.pre.e → 3.1.1.pre.a

Files changed (11) hide show

checksums.yaml +4 -4
data/app/controllers/zuora_connect/application_controller.rb +5 -3
data/app/models/zuora_connect/app_instance_base.rb +130 -38
data/app/views/zuora_connect/application/ldap_login.html.erb +3 -2
data/config/initializers/redis.rb +9 -0
data/db/migrate/20190520232224_add_environment_fields.rb +3 -0
data/lib/tasks/zuora_connect_tasks.rake +9 -17
data/lib/zuora_connect/configuration.rb +3 -1
data/lib/zuora_connect/controllers/helpers.rb +10 -25
data/lib/zuora_connect/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5214f01edfd6d5be196318459c718b0b654ddf9d94b658860fd5595f834ff59a
-  data.tar.gz: 0a718fed463c71a7723897f673dd40c2facc742a205b2851f6ede90e20e796da
+  metadata.gz: 575850a90d1e2c6aaca6a638ce4c353f337c617d3ff1460731b48a208d8942c1
+  data.tar.gz: 5e2a26d1ff920f57243bca6cd1de689158d0c996bb31b6c3793c9d004572d248
 SHA512:
-  metadata.gz: 3a51ece01655985f0e699eaf0550b0f87f6af2f43dc3ae015982aa6674113e77216d68fc21f98811d6b13ec930e9db01d4e8ab28814be04f2210e11df91c3183
-  data.tar.gz: 91500dc84ef5cd15efd160cbb885eb022b3861677e66e28f276a37e0a025d27fdbbb4615bff4f1bf8378e2413935fe7ba418b72a9f806b7167f7876e3b6ec470
+  metadata.gz: e5592409632f985f3db6c42c2cc4c28e86ad7daed2f359ef08e4cb503efdef0095388a62f48832a1498f9ce7d7f8bdccc0155af1a4d68dc32412ae061dec45c4
+  data.tar.gz: 12c7cdb0591645a712ee19ead68473d8a67763c8b88dcb02e9b2195112577b898636079c681a164ea6e3bbd1d03a37c0af5c7941caa93946ef391fbf7ba69ef1

data/app/controllers/zuora_connect/application_controller.rb CHANGED Viewed

@@ -12,7 +12,9 @@ module ZuoraConnect
       begin
         if ZuoraConnect::LDAP::Adapter.valid_credentials?(username, password)
-          session['ldapAdmin'] = true
+          id = ZuoraConnect::AppInstance.first.id
+          session["appInstance"] = ZuoraConnect::AppInstance.first.id
+          session["#{id}::admin"] = true
           respond_to do |format|
             format.html { redirect_to '/admin/app_instances' }
           end
@@ -20,13 +22,13 @@ module ZuoraConnect
           render 'zuora_connect/application/ldap_login', locals: {
             title: 'LDAP Authentication Failed',
             message: 'Invalid username or password'
-          }
+          }, :layout => false
         end
       rescue Net::LDAP::Error
         render 'zuora_connect/application/ldap_login', locals: {
           title: 'LDAP Authentication Net Error',
           message: 'Failed to connect to server while authenticating the LDAP credentials. Please retry later.'
-        }
+        }, :layout => false
       end
     end
   end

data/app/models/zuora_connect/app_instance_base.rb CHANGED Viewed

@@ -187,7 +187,7 @@ module ZuoraConnect
           raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
           self.refresh(session: session)
-        elsif session["#{self.id}::task_data"].blank?
+        elsif session["#{self.id}::task_data"].blank? && !ZuoraConnect.configuration.local_task_data
           self.new_session_message = "REFRESHING - Task Data Blank"
           ZuoraConnect.logger.debug(self.new_session_message)
           raise ZuoraConnect::Exceptions::HoldingPattern if holding_pattern && !self.mark_for_refresh
@@ -264,6 +264,7 @@ module ZuoraConnect
           end
         end
+        tenants = (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['entityId']}.uniq if tenants.blank?
         params = {
           name: self.task_data.dig('name'),
           zuora_entity_ids: (self.task_data.dig(LOGIN_TENANT_DESTINATION,'entities') || []).select {|entity| !entity['skip'].to_bool}.map{|e| e['id']}.uniq,
@@ -353,7 +354,8 @@ module ZuoraConnect
     def fetch_connect_data(session: {})
       self.check_oauth_state
-      response = HTTParty.get(ZuoraConnect.configuration.url + "/api/#{self.api_version}/tools/tasks/#{self.id}.json",:body => {:access_token => self.access_token})
+      request_url = ZuoraConnect.configuration.url + "/api/#{self.api_version}/tools/tasks/#{self.id}.json"
+      response = HTTParty.get(request_url,:body => {:access_token => self.access_token})
       if response.code == 200
         begin
@@ -366,7 +368,7 @@ module ZuoraConnect
         self.set_backup_creds
         self.save(validate: false) if self.changed?
       else
-        raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error Communicating with Connect", response.body, response.code)
+        raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error communicating with Connect for '#{request_url}' with #{response.code}", response.body, response.code)
       end
     end
@@ -415,10 +417,6 @@ module ZuoraConnect
       raise
     end
-    def aws_secrets
-      (Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
-    end
     #### START KMS ENCRYPTION Methods ####
       def set_backup_creds
         if self.kms_key.present? && self.kms_key.match(/^arn:aws:.*/) && self.task_data.present?
@@ -434,14 +432,105 @@ module ZuoraConnect
       def zuora_logins
         raise  ZuoraConnect::Exceptions::ConnectCommunicationError.new("Zuora Logins is blank, cannot decrypt.") if super.blank?
-        return JSON.parse(kms_decrypt(super))
+        return JSON.parse(kms_decrypt(super, field_name: :zuora_logins))
+      end
+      def kms_client
+        @kms_client ||= Aws::KMS::Client.new({region: aws_secrets['AWS_REGION'], credentials: self.aws_auth_client}.delete_if { |k, v| v.blank? })
+        return @kms_client
+      end
+      def decrypted_data_key
+        $cleartextkey ||= kms_client.decrypt(ciphertext_blob: Base64.strict_decode64(encrypted_data_key)).plaintext
+        return $cleartextkey
+      end
+      def aws_secrets
+        (Rails.application.secrets.aws || {}).transform_keys { |key| key.to_s }
+      end
+      def connect_secrets
+        (Rails.application.secrets.connect || {}).transform_keys { |key| key.to_s }
+      end
+      def kms_key(raise_on_blank: false)
+        kms_value = ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
+        raise ZuoraConnect::Exceptions::Error.new("Missing KMS key") if raise_on_blank && kms_value.blank?
+        return kms_value
+      end
+      def iv_key
+        iv_key_value = ENV['IV_KEY'] || connect_secrets['IV_KEY']
+        #Create new one 'Base64.strict_encode64(OpenSSL::Cipher.new('AES-256-CBC').random_iv)'
+        raise ZuoraConnect::Exceptions::Error.new("Missing IV cipher key") if iv_key_value.blank?
+        return iv_key_value
+      end
+      def encrypted_data_key
+        #Base64.strict_encode64(kms_client.generate_data_key(key_id: kms_key, key_spec: 'AES_256').ciphertext_blob)
+        encrypted_data_key_value = ENV['ENCRYPTED_DATA_KEY'] || connect_secrets['ENCRYPTED_DATA_KEY']
+        raise ZuoraConnect::Exceptions::Error.new("Missing encrypted data key 'ENCRYPTED_DATA_KEY'.") if encrypted_data_key_value.blank?
+        return encrypted_data_key_value
+      end
+      def aws_auth_client
+        if Rails.env.to_s == 'development'
+          return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
+        else
+          return nil
+        end
+      end
+      def fetch_cipher(type)
+        raise "Type must be set to 'encrypt' or 'decrypt'" if !['decrypt','encrypt'].include?(type)
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.send(type)
+        cipher.key = self.decrypted_data_key
+        cipher.iv = Base64.strict_decode64(self.iv_key)
+        return cipher
       end
-      def kms_decrypt(value)
+      def kms_decrypt(value, field_name: nil, encryption_type: ZuoraConnect.configuration.encryption_type)
         kms_tries ||= 0
-        kms_client = Aws::KMS::Client.new({region: aws_secrets['AWS_REGION'], credentials: self.aws_auth_client}.delete_if { |k, v| v.blank? })
-        resp = kms_client.decrypt({ciphertext_blob: [value].pack("H*") })
-        return resp.plaintext
+        original_encryption_type ||= encryption_type.dup
+        case encryption_type
+        when :direct
+          result = kms_client.decrypt(ciphertext_blob: [value].pack("H*") ).plaintext
+          #Update original encryption
+          if original_encryption_type != encryption_type && field_name.present?
+            ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
+            self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
+          end
+          return result
+        when :envelope
+          cipher = fetch_cipher('decrypt')
+          result = cipher.update(Base64.strict_decode64(value)) + cipher.final
+          #Update original encryption
+          if original_encryption_type != encryption_type && field_name.present?
+            ZuoraConnect.logger.debug("Updating encryption to '#{original_encryption_type}', from '#{encryption_type}' for field '#{field_name}'", self.default_ougai_items)
+            self.update_column(field_name, self.kms_encrypt(result, encryption_type: original_encryption_type))
+          end
+          return result
+        else
+          ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
+        end
+      rescue ArgumentError => ex
+        if ex.message == 'invalid base64' && encryption_type == :envelope && (kms_tries += 1) < 3
+          ZuoraConnect.logger.warn("Fallback to encryption 'direct', from '#{encryption_type}'", ex, self.default_ougai_items)
+          encryption_type = :direct
+          retry
+        end
+        raise#Add protection when decrypting
+      rescue Aws::KMS::Errors::InvalidCiphertextException => ex
+        if encryption_type == :direct && (kms_tries += 1) < 3
+          ZuoraConnect.logger.warn("Fallback to encryption 'envelope', from '#{encryption_type}'", ex, self.default_ougai_items)
+          encryption_type = :envelope
+          retry
+        end
+        raise
       rescue *AWS_AUTH_ERRORS => ex
         if (kms_tries += 1) < 3
           Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
@@ -452,12 +541,20 @@ module ZuoraConnect
         end
       end
-      def kms_encrypt(value)
+      def kms_encrypt(value, encryption_type: ZuoraConnect.configuration.encryption_type)
         kms_tries ||= 0
-        kms_client = Aws::KMS::Client.new({region: aws_secrets['AWS_REGION'], credentials: self.aws_auth_client}.delete_if {|k,v| v.blank? })
-        resp = kms_client.encrypt({key_id: kms_key, plaintext: value})
-        return resp.ciphertext_blob.unpack('H*').first
+        case encryption_type
+        when :direct
+          resp = kms_client.encrypt({key_id: kms_key(raise_on_blank: true), plaintext: value})
+          return resp.ciphertext_blob.unpack('H*').first
+        when :envelope
+          cipher = fetch_cipher('encrypt')
+          value = cipher.update(value.to_s)
+          value << cipher.final
+          return Base64.strict_encode64(value)
+        else
+          ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
+        end
       rescue *AWS_AUTH_ERRORS => ex
         if (kms_tries += 1) < 3
           Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
@@ -467,18 +564,6 @@ module ZuoraConnect
           raise
         end
       end
-      def kms_key
-        return ENV['AWS_KMS_ARN'] || aws_secrets['AWS_KMS_ARN']
-      end
-      def aws_auth_client
-        if Rails.env.to_s == 'development'
-          return Aws::Credentials.new(aws_secrets['AWS_ACCESS_KEY_ID'], aws_secrets['AWS_SECRET_ACCESS_KEY'])
-        else
-          return nil
-        end
-      end
     #### END KMS ENCRYPTION Methods ####
     #### START Metrics Methods ####
@@ -504,9 +589,13 @@ module ZuoraConnect
       def build_task(task_data: {}, session: {})
         session = {} if session.blank?
         self.task_data = task_data
+        if self.task_data.blank? &&  ZuoraConnect.configuration.local_task_data
+          self.task_data = self.zuora_logins
+        end
         self.mode = self.task_data["mode"]
-        if task_data['id'].to_s != self.id.to_s
+        if self.task_data['id'].to_s != self.id.to_s
           raise ZuoraConnect::Exceptions::MissMatch.new("Wrong Instance Identifier/Lookup")
         end
@@ -544,7 +633,7 @@ module ZuoraConnect
         raise
       rescue => ex
         ZuoraConnect.logger.error("Build Task Error", ex)
-        ZuoraConnect.logger.error("Task Data: #{task_data}") if task_data.present?
+        ZuoraConnect.logger.error("Task Data: #{self.task_data}") if self.task_data.present?
         if session.present?
           ZuoraConnect.logger.error("Task Session: #{session.to_h}")  if session.methods.include?(:to_h)
           ZuoraConnect.logger.error("Task Session: #{session.to_hash}") if session.methods.include?(:to_hash)
@@ -795,19 +884,19 @@ module ZuoraConnect
           if login.tenant_type == "Zuora"
             if login.available_entities.size > 1 && Rails.application.config.session_store != ActionDispatch::Session::CookieStore
               login.available_entities.each do |entity_key|
-                session["#{self.id}::#{key}::#{entity_key}:current_session"]            = login.client(entity_key).current_session            if login.client.respond_to?(:current_session)
-                session["#{self.id}::#{key}::#{entity_key}:bearer_token"]               = login.client(entity_key).bearer_token               if login.client.respond_to?(:bearer_token)
-                session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"]   = login.client(entity_key).oauth_session_expires_at   if login.client.respond_to?(:oauth_session_expires_at)
+                session["#{self.id}::#{key}::#{entity_key}:current_session"]            = login.client(entity_key).current_session            if login.client.respond_to?(:current_session) && login.client(entity_key).current_session.present?
+                session["#{self.id}::#{key}::#{entity_key}:bearer_token"]               = login.client(entity_key).bearer_token               if login.client.respond_to?(:bearer_token) && login.client(entity_key).bearer_token.present?
+                session["#{self.id}::#{key}::#{entity_key}:oauth_session_expires_at"]   = login.client(entity_key).oauth_session_expires_at   if login.client.respond_to?(:oauth_session_expires_at) && login.client(entity_key).oauth_session_expires_at.present?
               end
             else
-              session["#{self.id}::#{key}:current_session"]             = login.client.current_session            if login.client.respond_to?(:current_session)
-              session["#{self.id}::#{key}:bearer_token"]                = login.client.bearer_token               if login.client.respond_to?(:bearer_token)
-              session["#{self.id}::#{key}:oauth_session_expires_at"]    = login.client.oauth_session_expires_at   if login.client.respond_to?(:oauth_session_expires_at)
+              session["#{self.id}::#{key}:current_session"]             = login.client.current_session            if login.client.respond_to?(:current_session) && login.client.current_session.present?
+              session["#{self.id}::#{key}:bearer_token"]                = login.client.bearer_token               if login.client.respond_to?(:bearer_token) && login.client.bearer_token.present?
+              session["#{self.id}::#{key}:oauth_session_expires_at"]    = login.client.oauth_session_expires_at   if login.client.respond_to?(:oauth_session_expires_at) && login.client.oauth_session_expires_at.present?
             end
           end
         end
-        session["#{self.id}::task_data"] = self.task_data
+        session["#{self.id}::task_data"] = self.task_data if !ZuoraConnect.configuration.local_task_data
         #Redis is not defined strip out old data
         if !defined?(Redis.current)
@@ -847,6 +936,9 @@ module ZuoraConnect
         else
           begin
             return JSON.parse(encryptor.decrypt_and_verify(CGI::unescape(data)))
+          rescue ActiveSupport::MessageEncryptor::InvalidMessage => ex
+            Rails.logger.error('Error Decrypting', ex, self.default_ougai_items) if log_fatal && !Rails.env.test?
+            return JSON.parse(encryptor.decrypt_and_verify(data))
           rescue ActiveSupport::MessageVerifier::InvalidSignature => ex
             ZuoraConnect.logger.error("Error Decrypting", ex, self.default_ougai_items) if log_fatal
             return rescue_return

data/app/views/zuora_connect/application/ldap_login.html.erb CHANGED Viewed

@@ -147,8 +147,9 @@
         }
         .error{
-            color: #D8000C;
-            background-color: #FFBABA;
+            color: white;
+            margin: 20px;
+            margin-top: 130px;
         }
     </style>
   </head>

data/config/initializers/redis.rb CHANGED Viewed

@@ -11,6 +11,15 @@ class RedisFlash
   end
 end
+class Redis
+  def self.current
+    @current ||= Redis.new()
+  end
+  def self.current=(redis)
+    @current = redis
+  end
+end
 if defined?(Redis.current)
   Redis.current = Redis.new(:id => "#{ZuoraObservability::Env.full_process_name(process_name: 'Redis')}", :url => redis_url, :timeout => 6, :reconnect_attempts => 2)
   browser_urls['Redis'] = { "url" => redis_url }

data/db/migrate/20190520232224_add_environment_fields.rb CHANGED Viewed

@@ -9,5 +9,8 @@ class AddEnvironmentFields < ActiveRecord::Migration[5.0]
     if column_exists? :zuora_connect_app_instances, :organizations
       change_column :zuora_connect_app_instances, :organizations, :jsonb, default: []
     end
+    unless column_exists? :zuora_connect_app_instances, :zuora_global_tenant_id
+      add_column :zuora_connect_app_instances, :zuora_global_tenant_id, :text, default: ""
+    end
   end
 end

data/lib/tasks/zuora_connect_tasks.rake CHANGED Viewed

@@ -1,24 +1,16 @@
-# desc "Explaining what the task does"
-# task :connect do
-#   # Task goes here
-# end
 namespace :db do
   desc 'Also create shared_extensions Schema'
   task :extensions => :environment  do
     # Create Schema
-    ActiveRecord::Base.connection.execute 'CREATE SCHEMA IF NOT EXISTS shared_extensions;'
-    # Enable Hstore
-    ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS HSTORE SCHEMA shared_extensions;'
-    # Enable UUID-OSSP
-    ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp" SCHEMA shared_extensions;'
+    at_exit {
+      ActiveRecord::Base.connection.execute 'CREATE SCHEMA IF NOT EXISTS shared_extensions;'
+      # Enable Hstore
+      ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS HSTORE SCHEMA shared_extensions;'
+      # Enable UUID-OSSP
+      ActiveRecord::Base.connection.execute 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp" SCHEMA shared_extensions;'
+    }
   end
 end
-Rake::Task["db:create"].enhance do
-  Rake::Task["db:extensions"].invoke
-end
-Rake::Task["db:test:purge"].enhance do
-  Rake::Task["db:extensions"].invoke
-end
+Rake::Task["db:create"].enhance [:extensions]
+Rake::Task["db:test:purge"].enhance  [:extensions]

data/lib/zuora_connect/configuration.rb CHANGED Viewed

@@ -7,7 +7,7 @@ module ZuoraConnect
     attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
-    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect
+    attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data
     def initialize
       @default_locale = :en
@@ -21,6 +21,8 @@ module ZuoraConnect
       @blpop_queue = false
       @insert_migrations = true
       @skip_connect = false
+      @encryption_type = :direct
+      @local_task_data = false
       # Setting the app name for telegraf write
       @enable_metrics = false

data/lib/zuora_connect/controllers/helpers.rb CHANGED Viewed

@@ -305,7 +305,7 @@ module ZuoraConnect
     private
       def setup_instance_via_prod_mode
         zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
-        ZuoraConnect::ZuoraUser.current_user_id = nil
+        ZuoraConnect::ZuoraUser.current_user_id = '3'
         if zuora_entity_id.present?
           zuora_tenant_id = cookies['Zuora-Tenant-Id']
@@ -320,11 +320,6 @@ module ZuoraConnect
           elsif cookies['ZSession'].present?
             zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'], entity_id: zuora_entity_id)
             auth_headers.merge!({'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-          elsif session["ldapAdmin"]
-            ZuoraConnect::logger.debug("Admin session found")
-          elsif ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
-            render "zuora_connect/application/ldap_login"
-            return
           else
             render "zuora_connect/static/error_handled", :locals => {
               :title => "Missing Authorization Token",
@@ -341,7 +336,7 @@ module ZuoraConnect
             missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
             missing_identity = session["ZuoraCurrentIdentity"].blank?
-            if (missing_identity || missmatched_entity || different_zsession) && (!session["ldapAdmin"])
+            if (missing_identity || missmatched_entity || different_zsession)
               zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
               identity, response = zuora_client.rest_call(
                 url: zuora_client.rest_endpoint("identity"),
@@ -382,10 +377,7 @@ module ZuoraConnect
               end
             end
-            if session["ldapAdmin"]
-              appinstances = ZuoraConnect::AppInstance.pluck(:id, :name)
-            #Find matching app instances.
-            elsif zuora_instance_id.present?
+            if zuora_instance_id.present?
               appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id.to_i).pluck(:id, :name)
             else
               #if app_instance_ids is present then permissions still controlled by connect
@@ -423,23 +415,11 @@ module ZuoraConnect
               appinstances ||= ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
             end
-            if session["ldapAdmin"]
-              zuora_user_id = "3"
-            else
-              zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
-            end
+            zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId'] || request.headers["Zuora-User-Id"]
             if appinstances.size == 1
               ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
               @appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
-              session["appInstance"] = @appinstance.id
-              ZuoraConnect::ZuoraUser.current_user_id = zuora_user_id
-            end
-            if session["ldapAdmin"]
-              # Maybe error. Should we return because of condition?
-              session["#{@appinstance.id}::admin"] = true
-              return
             end
             # One deployed instance with credentials
@@ -643,7 +623,12 @@ module ZuoraConnect
           if session["appInstance"].present?
             @appinstance = ZuoraConnect::AppInstance.find_by(:id => session["appInstance"])
           else
-            raise ZuoraConnect::Exceptions::AccessDenied.new("No application state or session found.")
+            if ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(request.headers.fetch("HOST", nil))
+              render "zuora_connect/application/ldap_login", :layout => false
+              return
+            else
+              raise ZuoraConnect::Exceptions::AccessDenied.new("No application state or session found.")
+            end
           end
         end
       end

data/lib/zuora_connect/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ZuoraConnect
-  VERSION = "3.1.0-e"
+  VERSION = "3.1.1-a"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zuora_connect
 version: !ruby/object:Gem::Version
-  version: 3.1.0.pre.e
+  version: 3.1.1.pre.a
 platform: ruby
 authors:
 - Connect Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-06-13 00:00:00.000000000 Z
+date: 2022-07-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: apartment