RubyGems - zuora_connect - Versions diffs - 2.0.31 → 2.0.32 - Mend

zuora_connect 2.0.31 → 2.0.32

Files changed (5) hide show

checksums.yaml +4 -4
data/app/models/zuora_connect/app_instance_base.rb +68 -68
data/lib/zuora_connect/controllers/helpers.rb +299 -267
data/lib/zuora_connect/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f4c353323b9470a1ddfa8b1a59c7a2ecc16ccaba034a04afc3a4debc3c33a012
-  data.tar.gz: 9f24e15e3da5bd757a7ae5f9bb61b5e6d5a817e3e0ec23d2c7de129ff283ed21
+  metadata.gz: 935b69f5db037f12613d00742bdbff89ebe6b2e412a15144abe9df3a5523a86b
+  data.tar.gz: 584df5dda94a7b1401fae7f7928edfad7787aad46bef34a16a649919b9a9d151
 SHA512:
-  metadata.gz: be6512b18a580dcc897598062fd12e7104f31f8cb611cc3a9c9c7fbc252ff867ea4f58de5e645679e711a7746ed4e9baae5e2254f0efb608d3028fbc233b73fe
-  data.tar.gz: 0d3f8a0af8cb7c0aaf863f2641b59c6d7f252262fab6fc9812da525a64bb7dd248adff8230c203fa2990d2a164c68ac24d7194f2b8b3b2d9bf26957b39e1a322
+  metadata.gz: 4d0bb0a6e44d720c8e835a71c54cd74e03c282504088c7672a71ca868a82185d0aac5adf658a049d97040621225cd8def662d712a84ea28f802728184eaab7ba
+  data.tar.gz: 149ceb2eb52f955054e54c4ffe4ef6cd81e0026eab0bc9da5780072675c739640f604c36fe3fa9a75d27a8a181758ef0fe0f70994ddc89d1970cbb7c7a5f235e

data/app/models/zuora_connect/app_instance_base.rb CHANGED Viewed

@@ -256,75 +256,73 @@ module ZuoraConnect
       end
     end
-    def refresh(session: {}, session_fallback: false)
+    def refresh(session: {})
       refresh_count ||= 0
       skip_connect ||= false
-      #Check how app was deployed
-      if self.id < 25000000 && !skip_connect
-        start = Time.now
-        response = HTTParty.get(ZuoraConnect.configuration.url + "/api/#{self.api_version}/tools/tasks/#{self.id}.json",:body => {:access_token => self.access_token})
-        response_time = Time.now - start
-        ZuoraConnect.logger.debug("REFRESH TASK - Connect Task Info Request Time #{response_time.round(2).to_s}", self.default_ougai_items)
-        if response.code == 200
-          begin
-            parsed_json = JSON.parse(response.body)
-          rescue JSON::ParserError => ex
-            raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("JSON parse error", response.body, response.code)
-          end
-          self.build_task(task_data: parsed_json, session: session)
-          if self.kms_key.present?
+      begin
+        #Check how app was deployed
+        if self.id < 25000000 && !skip_connect
+          self.check_oauth_state
+          start = Time.now
+          response = HTTParty.get(ZuoraConnect.configuration.url + "/api/#{self.api_version}/tools/tasks/#{self.id}.json",:body => {:access_token => self.access_token})
+          response_time = Time.now - start
+          ZuoraConnect.logger.debug("REFRESH TASK - Connect Task Info Request Time #{response_time.round(2).to_s}", self.default_ougai_items)
+          if response.code == 200
             begin
-              parsed_json.delete('applications')
-              parsed_json.delete('tokens')
-              self.zuora_logins = parsed_json
-              self.save(:validate => false)
-            rescue Aws::KMS::Errors::ValidationException, *AWS_AUTH_ERRORS => ex
-              Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
-            rescue => ex
-              Rails.logger.error(AWS_AUTH_ERRORS_MSG, ex)
+              parsed_json = JSON.parse(response.body)
+            rescue JSON::ParserError => ex
+              raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("JSON parse error", response.body, response.code)
             end
-          end
+            self.build_task(task_data: parsed_json, session: session)
+            if self.kms_key.present?
+              begin
+                self.zuora_logins = self.strip_cache_data(object: parsed_json.dup, keys: ['applications', 'tokens', 'user_settings'])
+                self.save(:validate => false)
+              rescue Aws::KMS::Errors::ValidationException, *AWS_AUTH_ERRORS => ex
+                Rails.logger.warn(AWS_AUTH_ERRORS_MSG, ex)
+              rescue => ex
+                Rails.logger.error(AWS_AUTH_ERRORS_MSG, ex)
+              end
+            end
+          else
+            raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error Communicating with Connect", response.body, response.code)
+          end
         else
-          raise ZuoraConnect::Exceptions::ConnectCommunicationError.new("Error Communicating with Connect", response.body, response.code)
+          self.build_task(task_data: self.zuora_logins, session: session)
         end
-      else
-        self.build_task(task_data: self.zuora_logins, session: session)
-      end
-      self.last_refresh = Time.now.to_i
-      self.cache_app_instance
-      self.reset_mark_for_refresh
-    rescue *(ZuoraAPI::Login::CONNECTION_EXCEPTIONS + ZuoraAPI::Login::CONNECTION_READ_EXCEPTIONS) => ex
-      refresh_count += 1
-      if refresh_count < 3
-        sleep(10)
-        ZuoraConnect.logger.debug("REFRESH TASK - Connection Failure Retrying(#{refresh_count})", ex, self.default_ougai_items)
-        retry
-      elsif refresh_count < 4 && self['zuora_logins'].present?
-        ZuoraConnect.logger.warn("REFRESH TASK - Fallback to local encrypted store", ex, self.default_ougai_items)
-        skip_connect = true
-        retry
-      else
-        ZuoraConnect.logger.fatal("REFRESH TASK - Connection Failed", ex, self.default_ougai_items)
-        raise
-      end
-    rescue ZuoraConnect::Exceptions::ConnectCommunicationError => ex
-      refresh_count += 1
-      if refresh_count < 3
-        ZuoraConnect.logger.debug("REFRESH TASK - Communication Failure Retrying(#{refresh_count})", ex, self.default_ougai_items)
-        if ex.code == 401
-          self.refresh_oauth
+        self.last_refresh = Time.now.to_i
+        self.cache_app_instance
+        self.reset_mark_for_refresh
+      rescue *(ZuoraAPI::Login::CONNECTION_EXCEPTIONS + ZuoraAPI::Login::CONNECTION_READ_EXCEPTIONS) => ex
+        refresh_count += 1
+        if refresh_count < 3
+          sleep(10)
+          ZuoraConnect.logger.debug("REFRESH TASK - Connection Failure Retrying(#{refresh_count})", ex, self.default_ougai_items)
+          retry
+        else
+          ZuoraConnect.logger.fatal("REFRESH TASK - Connection Failed", ex, self.default_ougai_items)
+          raise
         end
-        retry
-      elsif refresh_count < 4 && self['zuora_logins'].present?
+      rescue ZuoraConnect::Exceptions::ConnectCommunicationError => ex
+        refresh_count += 1
+        if refresh_count < 3
+          ZuoraConnect.logger.debug("REFRESH TASK - Communication Failure Retrying(#{refresh_count})", ex, self.default_ougai_items)
+          self.refresh_oauth if ex.code == 401
+          retry
+        else
+          ZuoraConnect.logger.fatal("REFRESH TASK - Communication Failed #{ex.code}", ex, self.default_ougai_items)
+          raise
+        end
+      end
+    rescue => ex
+      if self['zuora_logins'].present?
         ZuoraConnect.logger.warn("REFRESH TASK - Fallback to local encrypted store", ex, self.default_ougai_items)
         skip_connect = true
         retry
-      else
-        ZuoraConnect.logger.fatal("REFRESH TASK - Communication Failed #{ex.code}", ex, self.default_ougai_items)
-        raise
       end
+      raise
     end
     #### START KMS ENCRYPTION Methods ####
@@ -510,7 +508,7 @@ module ZuoraConnect
       rescue ZuoraConnect::Exceptions::InvalidCredentialSet => ex
         raise
       rescue => ex
-        ZuoraConnect.logger.error(ex)
+        ZuoraConnect.logger.error("Build Task Error", ex)
         ZuoraConnect.logger.error("Task Data: #{task_data}") if task_data.present?
         if session.present?
           ZuoraConnect.logger.error("Task Session: #{session.to_h}")  if session.methods.include?(:to_h)
@@ -588,7 +586,7 @@ module ZuoraConnect
     #### END Task Methods ####
     #### START Connect OAUTH Methods ####
-      def check_oauth_state(method)
+      def check_oauth_state(method=nil)
         #Refresh token if already expired
         if self.oauth_expired?
           ZuoraConnect.logger.debug("Before '#{method}' method, Oauth expired", self.default_ougai_items)
@@ -738,13 +736,7 @@ module ZuoraConnect
         #Redis is not defined strip out old data
         if !defined?(Redis.current)
-          session["#{self.id}::task_data"].delete('applications')
-          session["#{self.id}::task_data"].delete('tokens')
-          session["#{self.id}::task_data"].delete('tenant_ids')
-          session["#{self.id}::task_data"].delete('organizations')
-          session["#{self.id}::task_data"].select {|k,v| k.include?('login') && v['tenant_type'] == 'Zuora'}.each do |login_key, login_data|
-            session["#{self.id}::task_data"][login_key]['entities'] = (login_data.dig('entities') || []).map {|entity| entity.slice('id', 'tenantId')}
-          end
+          strip_cache_data(object: session["#{self.id}::task_data"])
         end
         session["#{self.id}::last_refresh"] = self.last_refresh
@@ -752,6 +744,14 @@ module ZuoraConnect
         return session
       end
+      def strip_cache_data(object: {}, keys: ['applications', 'tokens','tenant_ids', 'organizations','user_settings'] )
+        keys.each {|key| object.delete(key) }
+        object.select {|k,v| k.include?('login') && v['tenant_type'] == 'Zuora'}.each do |login_key, login_data|
+          object[login_key]['entities'] = login_data.fetch('entities',[]).map {|entity| entity.slice('id', 'tenantId', 'entityId')}
+        end
+        return object
+      end
       def encryptor
         # Default values for Rails 4 apps
         key_iter_num, key_size, salt, signed_salt = [1000, 64, "encrypted cookie", "signed encrypted cookie"]
@@ -1148,7 +1148,7 @@ module ZuoraConnect
       super
     end
-    method_hook :refresh, :updateOption, :update_logins, :before => :check_oauth_state
+    method_hook :updateOption, :update_logins, :before => :check_oauth_state
     method_hook :new_session, :refresh, :build_task, :after => :apartment_switch
   end
 end

data/lib/zuora_connect/controllers/helpers.rb CHANGED Viewed

@@ -96,239 +96,7 @@ module ZuoraConnect
         start_time = Time.now
         if ZuoraConnect.configuration.mode == "Production"
-          zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
-          if zuora_entity_id.present?
-            zuora_tenant_id = cookies['Zuora-Tenant-Id']
-            zuora_user_id = cookies['Zuora-User-Id']
-            zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
-            zuora_details = {'host' => zuora_host, 'user_id' => zuora_user_id, 'tenant_id' => zuora_tenant_id, 'entity_id' => zuora_entity_id}
-            #Do we need to refresh session identity
-            if request.headers["Zuora-Auth-Token"].present?
-              zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
-            elsif cookies['ZSession'].present?
-              zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
-            else
-              render "zuora_connect/static/error_handled", :locals => {
-                :title => "Missing Authorization Token",
-                :message => "Zuora 'Zuora-Auth-Token' header and 'ZSession' cookie not present."
-              }, :layout => false
-              return
-            end
-            begin
-              zuora_instance_id = params[:sidebar_launch].to_s.to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
-              #Identity blank or current entity different
-              different_zsession = session["ZSession"] != cookies['ZSession']
-              missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
-              missing_identity = session["ZuoraCurrentIdentity"].blank?
-              if (missing_identity || missmatched_entity || different_zsession)
-                zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
-                identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
-                session["ZuoraCurrentIdentity"] = identity
-                session["ZuoraCurrentEntity"] = identity['entityId']
-                session["ZSession"] = cookies['ZSession']
-                zuora_instance_id = nil
-                zuora_details["identity"]["entityId"] = identity['entityId']
-                client_describe, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-                session["ZuoraCurrentUserInfo"] = client_describe
-                raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") if zuora_entity_id != identity['entityId']
-              end
-              #Find matching app instances.
-              if zuora_instance_id.present?
-                appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id.to_i).pluck(:id, :name)
-              else
-                #if app_instance_ids is present then permissions still controlled by connect
-                if params[:app_instance_ids].present?
-                  navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
-                  urls = navbar['menus'].map {|x| x['url']}
-                  app_env = ENV["DEIS_APP"] || "xyz123"
-                  url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
-                  begin
-                    task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
-                  rescue URI::InvalidURIError => ex
-                    raise ZuoraConnect::Exceptions::APIError.new(message: "Failure in parsing the navbar urls.", response: response)
-                  end
-                  appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
-                else
-                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
-                end
-              end
-              zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
-              #One deployed instance
-              if appinstances.size == 1
-                ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
-                @appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
-                #Add user/update
-                begin
-                  @zuora_user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
-                rescue ActiveRecord::StatementInvalid => ex
-                  if ex.message.include?("PG::UndefinedTable") && ex.message.include?("zuora_users")
-                    self.apartment_switch(nil,true)
-                    retry
-                  else
-                    raise
-                  end
-                end
-                if @zuora_user.present?
-                  ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
-                  if @zuora_user.updated_at < Time.now - 1.day
-                    @zuora_user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
-                    @zuora_user.save!
-                  end
-                else
-                  ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
-                  @zuora_user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
-                end
-                @zuora_user.session = session
-                session["#{@appinstance.id}::user::localUserId"] = @zuora_user.id
-                session["#{@appinstance.id}::user::email"] = session['ZuoraCurrentIdentity']["username"]
-                session["#{@appinstance.id}::user::timezone"] = session['ZuoraCurrentIdentity']["timeZone"]
-                session["#{@appinstance.id}::user::locale"] = session['ZuoraCurrentIdentity']["language"]
-                session["appInstance"] = @appinstance.id
-              #We have multiple, user must pick
-              elsif appinstances.size > 1
-                ZuoraConnect.logger.debug("User must select instance. #{@names}")
-                render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}, :layout => false
-                return
-              #We have no deployed instance for this tenant
-              else
-                #Ensure user can access oauth creation API
-                if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN'
-                  Thread.current[:appinstance] = nil
-                  session["appInstance"] = nil
-                  render "zuora_connect/static/error_handled", :locals => {
-                    :title => "Application can only complete its initial setup via platform administrator",
-                    :message => "Please contact admin of tenant and have them click on link again to launch application."
-                  }, :layout => false
-                  return
-                end
-                Apartment::Tenant.switch!("public")
-                ActiveRecord::Base.transaction do
-                  ActiveRecord::Base.connection.execute('LOCK public.zuora_users IN ACCESS EXCLUSIVE MODE')
-                  appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
-                  if appinstances.size > 0
-                    redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
-                    return
-                  end
-                  next_id = (ZuoraConnect::AppInstance.all.where('id > 24999999').order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
-                  user = (ENV['DEIS_APP'] || "Application").split('-').map(&:capitalize).join(' ')
-                  body = {
-                    'userId' => zuora_user_id,
-                    'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')],
-                    'customAuthorities' => [],
-                    'additionalInformation' => {
-                      'description' => "This user is for #{user} application.",
-                      'name' => "#{user} API User #{next_id}"
-                    }
-                  }
-                  oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
-                  new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
-                  if session["ZuoraCurrentUserInfo"].blank?
-                    client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
-                  else
-                    client_describe = session["ZuoraCurrentUserInfo"]
-                  end
-                  available_entities = client_describe["accessibleEntities"].select {|entity| entity['id'] == zuora_entity_id}
-                  task_data = {
-                    "id": next_id,
-                    "name": client_describe["tenantName"],
-                    "mode": "Collections",
-                    "status": "Running",
-                    ZuoraConnect::AppInstance::LOGIN_TENANT_DESTINATION => {
-                      "tenant_type": "Zuora",
-                      "username": session["ZuoraCurrentIdentity"]["username"],
-                      "url": new_zuora_client.url,
-                      "status": "Active",
-                      "oauth_client_id": oauth_response['clientId'],
-                      "oauth_secret": oauth_response['clientSecret'],
-                      "authentication_type": "OAUTH",
-                      "entities": available_entities.map {|e| e.merge({'displayName' => client_describe["tenantName"]})}
-                    },
-                    "tenant_ids": available_entities.map{|e| e['entityId']}.uniq,
-                  }
-                  mapped_values = {:id => next_id, :api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36), :zuora_logins => task_data, :oauth_expires_at => Time.now + 1000.years, :zuora_domain => zuora_client.rest_domain, :zuora_entity_ids => [zuora_entity_id]}
-                  @appinstance = ZuoraConnect::AppInstance.new(mapped_values)
-                  retry_count = 0
-                  begin
-                    @appinstance.save(:validate => false)
-                  rescue ActiveRecord::RecordNotUnique => ex
-                    if (retry_count += 1) < 3
-                      @appinstance.assign_attributes({:api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36)})
-                      retry
-                    else
-                      Thread.current[:appinstance] = nil
-                      session["appInstance"] = nil
-                      render "zuora_connect/static/error_handled", :locals => {
-                        :title => "Application could not create unique tokens.",
-                        :message => "Please contact support or retry launching application."
-                      }, :layout => false
-                      return
-                    end
-                  end
-                end
-                Apartment::Tenant.switch!("public")
-                begin
-                  Apartment::Tenant.create(@appinstance.id.to_s)
-                rescue Apartment::TenantExists => ex
-                  ZuoraConnect.logger.debug("Tenant Already Exists")
-                end
-                @appinstance.refresh
-                session["appInstance"] = @appinstance.id
-              end
-            rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
-              output_xml, input_xml, response = zuora_client.soap_call(errors: [], z_session: false) do |xml|
-                xml['api'].getUserInfo
-              end
-              final_error = output_xml.xpath('//fns:FaultCode', 'fns' =>'http://fault.api.zuora.com/').text
-              session.clear
-              if final_error.blank?
-                ZuoraConnect.logger.warn("UI Authorization Error", ex, zuora: zuora_details.merge({:error => response.body}))
-              elsif final_error != "INVALID_SESSION"
-                ZuoraConnect.logger.warn("UI Authorization Error", ex, zuora: zuora_details.merge({:error => final_error}))
-              end
-              redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
-              return
-            rescue => ex
-              if defined?(ex.response) && ex.response.present? && defined?(ex.response.body)
-                zuora_details.merge!({:error => ex.response.body})
-              end
-              ZuoraConnect.logger.error("UI Authorization Error", ex, zuora: zuora_details)
-              render "zuora_connect/static/error_unhandled", :locals => {:exception => ex}, :layout => false
-              return
-            end
-          elsif request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
-            setup_instance_via_data
-          else
-            if session["appInstance"].present?
-              @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
-            else
-              render "zuora_connect/static/error_handled", :locals => {
-                :title => "Application state could not be verified",
-                :message => "Please relaunch application."
-              }, :layout => false
-              return
-            end
-          end
+          setup_instance_via_prod_mode
         else
           setup_instance_via_dev_mode
         end
@@ -376,6 +144,24 @@ module ZuoraConnect
           deployment and create new with Zuora Basic or OAuth credentials."
         }, :layout => false
         return
+      rescue ZuoraConnect::Exceptions::AccessDenied => ex
+        respond_to do |format|
+          format.html {
+            render "zuora_connect/static/error_handled", :locals => {
+                :title => "Application State Error",
+                :message => ex.message
+              }, status: 401
+          }
+          format.js {
+            render "zuora_connect/static/error_handled", :locals => {
+                :title => "Application State Error",
+                :message => ex.message
+              }, status: 401
+          }
+          format.json { render json: {'errors' => ex.message}, status: 401 }
+          format.all { render json: ex.message, status: 401 }
+        end
+        return
       rescue => ex
         ZuoraConnect.logger.error("UI Authorization Error", ex)
         respond_to do |format|
@@ -395,8 +181,28 @@ module ZuoraConnect
         end
       end
-      def check_connect_admin!
-        raise ZuoraConnect::Exceptions::AccessDenied.new("User is not an authorized admin for this application") if !session["#{@appinstance.id}::admin"]
+      def check_connect_admin!(raise_error: false)
+        if !session["#{@appinstance.id}::admin"]
+          raise ZuoraConnect::Exceptions::AccessDenied.new("User is not an authorized admin for this application") if raise_error
+          respond_to do |format|
+            format.html {
+              render "zuora_connect/static/error_handled", :locals => {
+                  :title => "Unauthorized",
+                  :message => "User is not an authorized admin for this application"
+                }, status: 401
+            }
+            format.js {
+              render "zuora_connect/static/error_handled", :locals => {
+                  :title => "Unauthorized",
+                  :message => "User is not an authorized admin for this application"
+                }, status: 401
+            }
+            format.json { render json: {'errors' => ex.message}, status: 401 }
+            format.all { render json: ex.message, status: 401 }
+          end
+          return
+        end
       end
       def check_connect_admin
@@ -412,46 +218,272 @@ module ZuoraConnect
       end
     private
-      def setup_instance_via_data
-        session.clear
-        values = JSON.parse(ZuoraConnect::AppInstance.decrypt_response(Base64.urlsafe_decode64(request["data"])))
-        if values["param_data"]
-          values["param_data"].each do |k ,v|
-            params[k] = v
-          end
-        end
-        session["#{values["appInstance"]}::destroy"] = values["destroy"]
-        session["appInstance"] = values["appInstance"]
-        if values["current_user"]
-          session["#{values["appInstance"]}::admin"] = values["current_user"]["admin"] ? values["current_user"]["admin"] : false
-          session["#{values["appInstance"]}::user::timezone"] = values["current_user"]["timezone"]
-          session["#{values["appInstance"]}::user::locale"] = values["current_user"]["locale"]
-          session["#{values["appInstance"]}::user::email"] = values["current_user"]["email"]
-        end
+      def setup_instance_via_prod_mode
+        zuora_entity_id = request.headers['ZuoraCurrentEntity'] || cookies['ZuoraCurrentEntity']
-        ZuoraConnect.logger.debug({msg: 'Setup values', connect: values}) if Rails.env != "production"
+        if zuora_entity_id.present?
+          zuora_tenant_id = cookies['Zuora-Tenant-Id']
+          zuora_user_id = cookies['Zuora-User-Id']
+          zuora_host = request.headers["HTTP_X_FORWARDED_HOST"] || "apisandbox.zuora.com"
-        @appinstance = ZuoraConnect::AppInstance.where(:id => values["appInstance"].to_i).first
+          zuora_details = {'host' => zuora_host, 'user_id' => zuora_user_id, 'tenant_id' => zuora_tenant_id, 'entity_id' => zuora_entity_id}
+          #Do we need to refresh session identity
+          if request.headers["Zuora-Auth-Token"].present?
+            zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", bearer_token: request.headers["Zuora-Auth-Token"], oauth_session_expires_at: Time.now + 5.minutes )
+          elsif cookies['ZSession'].present?
+            zuora_client = ZuoraAPI::Basic.new(url: "https://#{zuora_host}", session: cookies['ZSession'])
+          else
+            render "zuora_connect/static/error_handled", :locals => {
+              :title => "Missing Authorization Token",
+              :message => "Zuora 'Zuora-Auth-Token' header and 'ZSession' cookie not present."
+            }, :layout => false
+            return
+          end
-        if @appinstance.blank?
-          Apartment::Tenant.switch!("public")
           begin
-            Apartment::Tenant.create(values["appInstance"].to_s)
-          rescue Apartment::TenantExists => ex
-            ZuoraConnect.logger.debug("Tenant Already Exists")
+            zuora_instance_id = params[:sidebar_launch].to_s.to_bool ? nil : (params[:app_instance_id] || session["appInstance"])
+            #Identity blank or current entity different
+            different_zsession = session["ZSession"] != cookies['ZSession']
+            missmatched_entity = session["ZuoraCurrentEntity"] != zuora_entity_id
+            missing_identity = session["ZuoraCurrentIdentity"].blank?
+            if (missing_identity || missmatched_entity || different_zsession)
+              zuora_details.merge!({'identity' => {'different_zsession' => different_zsession, 'missing_identity' => missing_identity, 'missmatched_entity' => missmatched_entity}})
+              identity, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("identity"))
+              session["ZuoraCurrentIdentity"] = identity
+              session["ZuoraCurrentEntity"] = identity['entityId']
+              session["ZSession"] = cookies['ZSession']
+              zuora_instance_id = nil
+              zuora_details["identity"]["entityId"] = identity['entityId']
+              client_describe, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
+              session["ZuoraCurrentUserInfo"] = client_describe
+              raise ZuoraConnect::Exceptions::Error.new("Header entity id does not match identity call entity id.") if zuora_entity_id != identity['entityId']
+            end
+            #Find matching app instances.
+            if zuora_instance_id.present?
+              appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host AND id = :id", entities: [zuora_entity_id], host: zuora_client.rest_domain, id: zuora_instance_id.to_i).pluck(:id, :name)
+            else
+              #if app_instance_ids is present then permissions still controlled by connect
+              if params[:app_instance_ids].present?
+                navbar, response = zuora_client.rest_call(url: zuora_client.rest_endpoint("navigation"))
+                urls = navbar['menus'].map {|x| x['url']}
+                app_env = ENV["DEIS_APP"] || "xyz123"
+                url = urls.compact.select {|url| File.basename(url).start_with?(app_env + '?')}.first
+                begin
+                  task_ids = JSON.parse(Base64.urlsafe_decode64(CGI.parse(URI.parse(url).query)["app_instance_ids"][0]))
+                rescue URI::InvalidURIError => ex
+                  raise ZuoraConnect::Exceptions::APIError.new(message: "Failure in parsing the navbar urls.", response: response)
+                end
+                appinstances = ZuoraConnect::AppInstance.where(:id => task_ids).pluck(:id, :name)
+              else
+                appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
+              end
+            end
+            zuora_user_id = cookies['Zuora-User-Id'] || session["ZuoraCurrentIdentity"]['userId']
+            #One deployed instance
+            if appinstances.size == 1
+              ZuoraConnect.logger.debug("Instance is #{appinstances.to_h.keys.first}")
+              @appinstance = ZuoraConnect::AppInstance.find(appinstances.to_h.keys.first)
+              #Add user/update
+              begin
+                @zuora_user = ZuoraConnect::ZuoraUser.where(:zuora_user_id => zuora_user_id).first
+              rescue ActiveRecord::StatementInvalid => ex
+                if ex.message.include?("PG::UndefinedTable") && ex.message.include?("zuora_users")
+                  @appinstance.apartment_switch(nil,true)
+                  retry
+                else
+                  raise
+                end
+              end
+              if @zuora_user.present?
+                ZuoraConnect.logger.debug("Current zuora user #{zuora_user_id}")
+                if @zuora_user.updated_at < Time.now - 1.day
+                  @zuora_user.zuora_identity_response[zuora_entity_id] = session["ZuoraCurrentIdentity"]
+                  @zuora_user.save!
+                end
+              else
+                ZuoraConnect.logger.debug("New zuora user object for #{zuora_user_id}")
+                @zuora_user = ZuoraConnect::ZuoraUser.create!(:zuora_user_id => zuora_user_id, :zuora_identity_response => {zuora_entity_id => session["ZuoraCurrentIdentity"]})
+              end
+              @zuora_user.session = session
+              session["#{@appinstance.id}::user::localUserId"] = @zuora_user.id
+              session["#{@appinstance.id}::user::email"] = session['ZuoraCurrentIdentity']["username"]
+              session["#{@appinstance.id}::user::timezone"] = session['ZuoraCurrentIdentity']["timeZone"]
+              session["#{@appinstance.id}::user::locale"] = session['ZuoraCurrentIdentity']["language"]
+              session["appInstance"] = @appinstance.id
+            #We have multiple, user must pick
+            elsif appinstances.size > 1
+              ZuoraConnect.logger.debug("User must select instance. #{@names}")
+              render "zuora_connect/static/launch", :locals => {:names => appinstances.to_h}, :layout => false
+              return
+            #We have no deployed instance for this tenant
+            else
+              #Ensure user can access oauth creation API
+              if session["ZuoraCurrentIdentity"]['platformRole'] != 'ADMIN'
+                Thread.current[:appinstance] = nil
+                session["appInstance"] = nil
+                render "zuora_connect/static/error_handled", :locals => {
+                  :title => "Application can only complete its initial setup via platform administrator",
+                  :message => "Please contact admin of tenant and have them click on link again to launch application."
+                }, :layout => false
+                return
+              end
+              Apartment::Tenant.switch!("public")
+              ActiveRecord::Base.transaction do
+                ActiveRecord::Base.connection.execute('LOCK public.zuora_users IN ACCESS EXCLUSIVE MODE')
+                appinstances = ZuoraConnect::AppInstance.where("zuora_entity_ids ?& array[:entities] = true AND zuora_domain = :host", entities: [zuora_entity_id], host: zuora_client.rest_domain).pluck(:id, :name)
+                if appinstances.size > 0
+                  redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
+                  return
+                end
+                next_id = (ZuoraConnect::AppInstance.all.where('id > 24999999').order(id: :desc).limit(1).pluck(:id).first || 24999999) + 1
+                user = (ENV['DEIS_APP'] || "Application").split('-').map(&:capitalize).join(' ')
+                body = {
+                  'userId' => zuora_user_id,
+                  'entityIds' => [zuora_entity_id.unpack("a8a4a4a4a12").join('-')],
+                  'customAuthorities' => [],
+                  'additionalInformation' => {
+                    'description' => "This user is for #{user} application.",
+                    'name' => "#{user} API User #{next_id}"
+                  }
+                }
+                oauth_response, response = zuora_client.rest_call(method: :post, body: body.to_json, url: zuora_client.rest_endpoint("genesis/clients").gsub('v1/', ''), session_type: zuora_client.class == ZuoraAPI::Oauth ? :bearer : :basic, headers: zuora_client.class == ZuoraAPI::Oauth ? {} : {'Authorization' => "ZSession-a3N2w #{zuora_client.get_session(prefix: false, auth_type: :basic)}"})
+                new_zuora_client = ZuoraAPI::Oauth.new(url: "https://#{zuora_host}", oauth_client_id: oauth_response["clientId"], oauth_secret: oauth_response["clientSecret"] )
+                if session["ZuoraCurrentUserInfo"].blank?
+                  client_describe, response = new_zuora_client.rest_call(url: zuora_client.rest_endpoint("genesis/user/info").gsub('v1/', ''), session_type: :bearer)
+                else
+                  client_describe = session["ZuoraCurrentUserInfo"]
+                end
+                available_entities = client_describe["accessibleEntities"].select {|entity| entity['id'] == zuora_entity_id}
+                task_data = {
+                  "id": next_id,
+                  "name": client_describe["tenantName"],
+                  "mode": "Collections",
+                  "status": "Running",
+                  ZuoraConnect::AppInstance::LOGIN_TENANT_DESTINATION => {
+                    "tenant_type": "Zuora",
+                    "username": session["ZuoraCurrentIdentity"]["username"],
+                    "url": new_zuora_client.url,
+                    "status": "Active",
+                    "oauth_client_id": oauth_response['clientId'],
+                    "oauth_secret": oauth_response['clientSecret'],
+                    "authentication_type": "OAUTH",
+                    "entities": available_entities.map {|e| e.merge({'displayName' => client_describe["tenantName"]})}
+                  },
+                  "tenant_ids": available_entities.map{|e| e['entityId']}.uniq,
+                }
+                mapped_values = {:id => next_id, :api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36), :zuora_logins => task_data, :oauth_expires_at => Time.now + 1000.years, :zuora_domain => zuora_client.rest_domain, :zuora_entity_ids => [zuora_entity_id]}
+                @appinstance = ZuoraConnect::AppInstance.new(mapped_values)
+                retry_count = 0
+                begin
+                  @appinstance.save(:validate => false)
+                rescue ActiveRecord::RecordNotUnique => ex
+                  if (retry_count += 1) < 3
+                    @appinstance.assign_attributes({:api_token => rand(36**64).to_s(36), :token => rand(36**64).to_s(36)})
+                    retry
+                  else
+                    Thread.current[:appinstance] = nil
+                    session["appInstance"] = nil
+                    render "zuora_connect/static/error_handled", :locals => {
+                      :title => "Application could not create unique tokens.",
+                      :message => "Please contact support or retry launching application."
+                    }, :layout => false
+                    return
+                  end
+                end
+              end
+              Apartment::Tenant.switch!("public")
+              begin
+                Apartment::Tenant.create(@appinstance.id.to_s)
+              rescue Apartment::TenantExists => ex
+                ZuoraConnect.logger.debug("Tenant Already Exists")
+              end
+              @appinstance.refresh
+              session["appInstance"] = @appinstance.id
+            end
+          rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
+            output_xml, input_xml, response = zuora_client.soap_call(errors: [], z_session: false) do |xml|
+              xml['api'].getUserInfo
+            end
+            final_error = output_xml.xpath('//fns:FaultCode', 'fns' =>'http://fault.api.zuora.com/').text
+            session.clear
+            if final_error.blank?
+              ZuoraConnect.logger.warn("UI Authorization Error", ex, zuora: zuora_details.merge({:error => response.body}))
+            elsif final_error != "INVALID_SESSION"
+              ZuoraConnect.logger.warn("UI Authorization Error", ex, zuora: zuora_details.merge({:error => final_error}))
+            end
+            redirect_to "https://#{zuora_host}/apps/newlogin.do?retURL=#{request.fullpath}"
+            return
+          rescue => ex
+            if defined?(ex.response) && ex.response.present? && defined?(ex.response.body)
+              zuora_details.merge!({:error => ex.response.body})
+            end
+            ZuoraConnect.logger.error("UI Authorization Error", ex, zuora: zuora_details)
+            render "zuora_connect/static/error_unhandled", :locals => {:exception => ex}, :layout => false
+            return
           end
-          mapped_values = {:api_token => values['api_token'], :token => values['api_token'], :access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
-          @appinstance = ZuoraConnect::AppInstance.new(mapped_values.merge({:id => values["appInstance"].to_i}))
-          @appinstance.save(:validate => false)
-        else
-          mapped_values = {:access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
-          @appinstance.assign_attributes(mapped_values)
-          if @appinstance.access_token_changed? && @appinstance.refresh_token_changed?
+        elsif request["data"] && /^([A-Za-z0-9+\/\-\_]{4})*([A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}==)$/.match(request["data"].to_s)
+          session.clear
+          values = JSON.parse(ZuoraConnect::AppInstance.decrypt_response(Base64.urlsafe_decode64(request["data"])))
+          values.fetch("param_data", {}).each do |k ,v|
+            params[k] = v
+          end
+          session["#{values["appInstance"]}::destroy"] = values["destroy"]
+          session["appInstance"] = values["appInstance"]
+          if values["current_user"]
+            session["#{values["appInstance"]}::admin"] = values["current_user"]["admin"] ? values["current_user"]["admin"] : false
+            session["#{values["appInstance"]}::user::timezone"] = values["current_user"]["timezone"]
+            session["#{values["appInstance"]}::user::locale"] = values["current_user"]["locale"]
+            session["#{values["appInstance"]}::user::email"] = values["current_user"]["email"]
+          end
+          ZuoraConnect.logger.debug({msg: 'Setup values', connect: values}) if Rails.env != "production"
+          @appinstance = ZuoraConnect::AppInstance.where(:id => values["appInstance"].to_i).first
+          if @appinstance.blank?
+            Apartment::Tenant.switch!("public")
+            begin
+              Apartment::Tenant.create(values["appInstance"].to_s)
+            rescue Apartment::TenantExists => ex
+              ZuoraConnect.logger.debug("Tenant Already Exists")
+            end
+            mapped_values = {:api_token => values['api_token'], :token => values['api_token'], :access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
+            @appinstance = ZuoraConnect::AppInstance.new(mapped_values.merge({:id => values["appInstance"].to_i}))
             @appinstance.save(:validate => false)
           else
-            raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mismatch. Possible tampering")
+            mapped_values = {:access_token => values["access_token"], :refresh_token => values["refresh_token"], :oauth_expires_at => values["expires"]}
+            @appinstance.assign_attributes(mapped_values)
+            if @appinstance.access_token_changed? && @appinstance.refresh_token_changed?
+              @appinstance.save(:validate => false)
+            else
+              raise ZuoraConnect::Exceptions::AccessDenied.new("Authorization mismatch. Possible tampering with session.")
+            end
+          end
+        else
+          if session["appInstance"].present?
+            @appinstance = ZuoraConnect::AppInstance.where(:id => session["appInstance"]).first
+          else
+            raise ZuoraConnect::Exceptions::AccessDenied.new("No application state or session found.")
           end
-        end
+        end
       end
       def setup_instance_via_dev_mode

data/lib/zuora_connect/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ZuoraConnect
-  VERSION = "2.0.31"
+  VERSION = "2.0.32"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zuora_connect
 version: !ruby/object:Gem::Version
-  version: 2.0.31
+  version: 2.0.32
 platform: ruby
 authors:
 - Connect Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-13 00:00:00.000000000 Z
+date: 2020-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: apartment