zuora_connect 3.1.5 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/zuora_connect/static_controller.rb +6 -1
- data/app/models/zuora_connect/app_instance_base.rb +5 -2
- data/app/models/zuora_connect/zuora_user.rb +1 -1
- data/lib/zuora_connect/configuration.rb +2 -1
- data/lib/zuora_connect/controllers/helpers.rb +102 -1
- data/lib/zuora_connect/exceptions.rb +14 -0
- data/lib/zuora_connect/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d04a0fdede87007e236c944ed42bfc822846276fce78a310d22bb89961ed6bee
|
|
4
|
+
data.tar.gz: fe5e370e36988531ff42f08e493a39118a9e0de078e3334df9c1a3c79ad3460f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8836d2516b37c25dce916ed9f976a5bff9456254378301d7a2d5ca457b6d6fc778eb28a7d73d0c16f27f1adc683c12610f8f5b60461a962abae682a7e8d4a7c
|
|
7
|
+
data.tar.gz: e8f4bff78c8fd8160f5a681743cdefe108d0b9a8a3e4e1e6c96fc72b9990e13c27800d91e8dc3b23db008425d23d5d7d3c53f1473300f5d817dda38e48998332
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
module ZuoraConnect
|
|
2
|
+
require "resolv"
|
|
2
3
|
class StaticController < ApplicationController
|
|
3
4
|
before_action :authenticate_connect_app_request, :except => [:health, :initialize_app, :provision, :instance_user, :instance_drop]
|
|
4
5
|
before_action :clear_connect_app_session, :only => [:health, :initialize_app, :provision, :instance_user, :instance_drop]
|
|
@@ -51,6 +52,10 @@ module ZuoraConnect
|
|
|
51
52
|
end
|
|
52
53
|
|
|
53
54
|
def provision
|
|
55
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
56
|
+
render(json: { status: 403, message: 'Provisioning is suspended' }, status: 403) && return
|
|
57
|
+
end
|
|
58
|
+
|
|
54
59
|
create_new_instance
|
|
55
60
|
unless performed?
|
|
56
61
|
render json: {
|
|
@@ -120,7 +125,7 @@ module ZuoraConnect
|
|
|
120
125
|
|
|
121
126
|
def instance_drop
|
|
122
127
|
host = request.headers.fetch("HOST", nil)
|
|
123
|
-
if host.present? && ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(host)
|
|
128
|
+
if host.present? && (ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(host) || host =~ Resolv::IPv4::Regex)
|
|
124
129
|
ZuoraConnect::AppInstance.read_master_db do
|
|
125
130
|
instance_id = params[:id]
|
|
126
131
|
@appinstance = ZuoraConnect::AppInstance.find(instance_id)
|
|
@@ -516,8 +516,11 @@ module ZuoraConnect
|
|
|
516
516
|
else
|
|
517
517
|
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
|
518
518
|
end
|
|
519
|
-
rescue ArgumentError => ex
|
|
520
|
-
if
|
|
519
|
+
rescue ArgumentError, OpenSSL::Cipher::CipherError => ex
|
|
520
|
+
if (
|
|
521
|
+
ex.is_a?(ArgumentError) && ['invalid base64', 'data must not be empty'].include?(ex.message) ||
|
|
522
|
+
ex.is_a?(OpenSSL::Cipher::CipherError) && ['wrong final block length', 'bad decrypt'].include?(ex.message)
|
|
523
|
+
) && encryption_type == :envelope && (kms_tries += 1) < 3
|
|
521
524
|
ZuoraConnect.logger.warn("Fallback to encryption 'direct', from '#{encryption_type}'", ex, self.default_ougai_items)
|
|
522
525
|
encryption_type = :direct
|
|
523
526
|
retry
|
|
@@ -3,7 +3,7 @@ module ZuoraConnect
|
|
|
3
3
|
self.table_name = "zuora_users"
|
|
4
4
|
attr_accessor :session
|
|
5
5
|
|
|
6
|
-
cattr_accessor :current_user_id
|
|
6
|
+
cattr_accessor :current_user_id, :current_org_id, :current_org_child_org_ids
|
|
7
7
|
|
|
8
8
|
# zuora_user_id/zuora_entity_id both come from cookie or headers
|
|
9
9
|
# zuora_current_identity comes from session
|
|
@@ -7,7 +7,7 @@ module ZuoraConnect
|
|
|
7
7
|
|
|
8
8
|
attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
|
|
9
9
|
|
|
10
|
-
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data
|
|
10
|
+
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data, :disable_provisioning
|
|
11
11
|
|
|
12
12
|
def initialize
|
|
13
13
|
@default_locale = :en
|
|
@@ -23,6 +23,7 @@ module ZuoraConnect
|
|
|
23
23
|
@skip_connect = false
|
|
24
24
|
@encryption_type = :direct
|
|
25
25
|
@local_task_data = false
|
|
26
|
+
@disable_provisioning = false
|
|
26
27
|
|
|
27
28
|
# Setting the app name for telegraf write
|
|
28
29
|
@enable_metrics = false
|
|
@@ -227,6 +227,39 @@ module ZuoraConnect
|
|
|
227
227
|
return (request.headers['ZuoraCurrentEntity'].present? || cookies['ZuoraCurrentEntity'].present?)
|
|
228
228
|
end
|
|
229
229
|
|
|
230
|
+
def org_relation_mapping(root_org_relation)
|
|
231
|
+
relation = {}
|
|
232
|
+
|
|
233
|
+
return relation if root_org_relation.blank?
|
|
234
|
+
|
|
235
|
+
root_org_id = root_org_relation.dig(0, 'rootOrgId')
|
|
236
|
+
relation[root_org_id] = []
|
|
237
|
+
|
|
238
|
+
root_org_relation.each do |child_org|
|
|
239
|
+
relation[child_org['id']] = []
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
root_org_relation.each do |child_org|
|
|
243
|
+
parent_org_id = child_org['parentOrgId']
|
|
244
|
+
relation[parent_org_id].push(child_org['id'])
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
relation
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
def get_child_orgs_from_relation_mapping(relation_mapping, org_id)
|
|
251
|
+
if relation_mapping.blank? || org_id.blank? || relation_mapping[org_id].blank?
|
|
252
|
+
return []
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
child_orgs = relation_mapping[org_id].dup
|
|
256
|
+
relation_mapping[org_id].each do |child_org_id|
|
|
257
|
+
child_orgs += get_child_orgs_from_relation_mapping(relation_mapping, child_org_id)
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
child_orgs
|
|
261
|
+
end
|
|
262
|
+
|
|
230
263
|
def create_new_instance
|
|
231
264
|
ZuoraConnect::AppInstance.read_master_db do
|
|
232
265
|
Thread.current[:appinstance] = nil
|
|
@@ -446,6 +479,10 @@ module ZuoraConnect
|
|
|
446
479
|
|
|
447
480
|
#We have no deployed instance for this tenant
|
|
448
481
|
else
|
|
482
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
483
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("Provisioning is suspended")
|
|
484
|
+
end
|
|
485
|
+
|
|
449
486
|
#Ensure user can access oauth creation API
|
|
450
487
|
if !session["ZuoraCurrentUserInfo"]['permissions'].include?("permission.userManagement")
|
|
451
488
|
Thread.current[:appinstance] = nil
|
|
@@ -553,6 +590,58 @@ module ZuoraConnect
|
|
|
553
590
|
session["appInstance"] = @appinstance.id
|
|
554
591
|
end
|
|
555
592
|
|
|
593
|
+
zuora_org_id = cookies['Zuora-Org-Id'] || request.headers['Zuora-Org-Id']
|
|
594
|
+
zuora_return_nested_orgs_data =
|
|
595
|
+
cookies['Zuora-Return-Nested-Orgs-Data'].to_bool ||
|
|
596
|
+
request.headers['Zuora-Return-Nested-Orgs-Data'].to_bool
|
|
597
|
+
ZuoraConnect::ZuoraUser.current_org_id = zuora_org_id
|
|
598
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids = []
|
|
599
|
+
|
|
600
|
+
if zuora_org_id.present? && zuora_return_nested_orgs_data
|
|
601
|
+
cached_org_relationship = Redis.current.get("MultiOrgRelationship:#{@appinstance.id}")
|
|
602
|
+
|
|
603
|
+
if cached_org_relationship.present?
|
|
604
|
+
cached_org_relationship = JSON.parse(cached_org_relationship)
|
|
605
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids =
|
|
606
|
+
get_child_orgs_from_relation_mapping(cached_org_relationship, ZuoraConnect::ZuoraUser.current_org_id)
|
|
607
|
+
else
|
|
608
|
+
child_org_list, _ =
|
|
609
|
+
zuora_client.rest_call(
|
|
610
|
+
url: zuora_client.
|
|
611
|
+
rest_endpoint("tenant-registry/listChildOrgsForOrg/#{ZuoraConnect::ZuoraUser.current_org_id}").
|
|
612
|
+
gsub('v1/', ''),
|
|
613
|
+
session_type: zuora_client.is_a?(ZuoraAPI::Oauth) ? :bearer : :basic,
|
|
614
|
+
headers: auth_headers,
|
|
615
|
+
zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id
|
|
616
|
+
)
|
|
617
|
+
|
|
618
|
+
root_org_id = (child_org_list || {}).dig(0, 'rootOrgId').to_s
|
|
619
|
+
if root_org_id.present?
|
|
620
|
+
root_child_org_list, _ =
|
|
621
|
+
zuora_client.rest_call(
|
|
622
|
+
url: zuora_client.
|
|
623
|
+
rest_endpoint("tenant-registry/listChildOrgsForOrg/#{root_org_id}").
|
|
624
|
+
gsub('v1/', ''),
|
|
625
|
+
session_type: zuora_client.is_a?(ZuoraAPI::Oauth) ? :bearer : :basic,
|
|
626
|
+
headers: auth_headers,
|
|
627
|
+
zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id
|
|
628
|
+
)
|
|
629
|
+
|
|
630
|
+
org_relationship = org_relation_mapping(root_child_org_list)
|
|
631
|
+
Redis.current.setex(
|
|
632
|
+
"MultiOrgRelationship:#{@appinstance.id}",
|
|
633
|
+
1.day,
|
|
634
|
+
org_relationship.to_json
|
|
635
|
+
)
|
|
636
|
+
|
|
637
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids =
|
|
638
|
+
get_child_orgs_from_relation_mapping(org_relationship, ZuoraConnect::ZuoraUser.current_org_id)
|
|
639
|
+
else
|
|
640
|
+
ZuoraConnect.logger.info("Failed to get root org id for #{@appinstance.id}")
|
|
641
|
+
end
|
|
642
|
+
end
|
|
643
|
+
end
|
|
644
|
+
|
|
556
645
|
rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
|
|
557
646
|
output_xml, input_xml, response = zuora_client.soap_call(errors: [], z_session: false, zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id) do |xml|
|
|
558
647
|
xml['api'].getUserInfo
|
|
@@ -579,7 +668,15 @@ module ZuoraConnect
|
|
|
579
668
|
zuora_details.merge!({:error => ex.response.body})
|
|
580
669
|
end
|
|
581
670
|
ZuoraConnect.logger.error("UI Authorization Error", ex, zuora: zuora_details)
|
|
582
|
-
|
|
671
|
+
|
|
672
|
+
respond_to do |format|
|
|
673
|
+
format.html {
|
|
674
|
+
render "zuora_connect/static/error_unhandled", locals: {exception: ex, skip_exception: true}, layout: false, status: 500
|
|
675
|
+
}
|
|
676
|
+
format.js {
|
|
677
|
+
render "zuora_connect/static/error_unhandled", locals: {exception: ex, skip_exception: true}, layout: false, status: 500
|
|
678
|
+
}
|
|
679
|
+
end
|
|
583
680
|
end
|
|
584
681
|
return
|
|
585
682
|
end
|
|
@@ -601,6 +698,10 @@ module ZuoraConnect
|
|
|
601
698
|
@appinstance = ZuoraConnect::AppInstance.find_by(:id => values["appInstance"].to_i)
|
|
602
699
|
|
|
603
700
|
if @appinstance.blank?
|
|
701
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
702
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("Provisioning is suspended")
|
|
703
|
+
end
|
|
704
|
+
|
|
604
705
|
Apartment::Tenant.switch!("public")
|
|
605
706
|
begin
|
|
606
707
|
Apartment::Tenant.create(values["appInstance"].to_s)
|
|
@@ -65,5 +65,19 @@ module ZuoraConnect
|
|
|
65
65
|
@message || @default_message
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
class OrganizationAccessForbidden < Error
|
|
71
|
+
attr_writer :default_message
|
|
72
|
+
|
|
73
|
+
def initialize(message = nil)
|
|
74
|
+
@message = message
|
|
75
|
+
@default_message = "You are not authorized to access with the current organization."
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def to_s
|
|
79
|
+
@message || @default_message
|
|
80
|
+
end
|
|
81
|
+
end
|
|
68
82
|
end
|
|
69
83
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zuora_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Connect Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: apartment
|