zuora_connect 3.1.5 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/zuora_connect/static_controller.rb +6 -1
- data/app/models/zuora_connect/app_instance_base.rb +5 -2
- data/app/models/zuora_connect/zuora_user.rb +1 -1
- data/lib/zuora_connect/configuration.rb +2 -1
- data/lib/zuora_connect/controllers/helpers.rb +102 -1
- data/lib/zuora_connect/exceptions.rb +14 -0
- data/lib/zuora_connect/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d04a0fdede87007e236c944ed42bfc822846276fce78a310d22bb89961ed6bee
|
|
4
|
+
data.tar.gz: fe5e370e36988531ff42f08e493a39118a9e0de078e3334df9c1a3c79ad3460f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c8836d2516b37c25dce916ed9f976a5bff9456254378301d7a2d5ca457b6d6fc778eb28a7d73d0c16f27f1adc683c12610f8f5b60461a962abae682a7e8d4a7c
|
|
7
|
+
data.tar.gz: e8f4bff78c8fd8160f5a681743cdefe108d0b9a8a3e4e1e6c96fc72b9990e13c27800d91e8dc3b23db008425d23d5d7d3c53f1473300f5d817dda38e48998332
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
module ZuoraConnect
|
|
2
|
+
require "resolv"
|
|
2
3
|
class StaticController < ApplicationController
|
|
3
4
|
before_action :authenticate_connect_app_request, :except => [:health, :initialize_app, :provision, :instance_user, :instance_drop]
|
|
4
5
|
before_action :clear_connect_app_session, :only => [:health, :initialize_app, :provision, :instance_user, :instance_drop]
|
|
@@ -51,6 +52,10 @@ module ZuoraConnect
|
|
|
51
52
|
end
|
|
52
53
|
|
|
53
54
|
def provision
|
|
55
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
56
|
+
render(json: { status: 403, message: 'Provisioning is suspended' }, status: 403) && return
|
|
57
|
+
end
|
|
58
|
+
|
|
54
59
|
create_new_instance
|
|
55
60
|
unless performed?
|
|
56
61
|
render json: {
|
|
@@ -120,7 +125,7 @@ module ZuoraConnect
|
|
|
120
125
|
|
|
121
126
|
def instance_drop
|
|
122
127
|
host = request.headers.fetch("HOST", nil)
|
|
123
|
-
if host.present? && ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(host)
|
|
128
|
+
if host.present? && (ZuoraConnect::AppInstance::INTERNAL_HOSTS.include?(host) || host =~ Resolv::IPv4::Regex)
|
|
124
129
|
ZuoraConnect::AppInstance.read_master_db do
|
|
125
130
|
instance_id = params[:id]
|
|
126
131
|
@appinstance = ZuoraConnect::AppInstance.find(instance_id)
|
|
@@ -516,8 +516,11 @@ module ZuoraConnect
|
|
|
516
516
|
else
|
|
517
517
|
ZuoraConnect::Exceptions::Error.new("Invalid encryption method '#{encryption_type}'.")
|
|
518
518
|
end
|
|
519
|
-
rescue ArgumentError => ex
|
|
520
|
-
if
|
|
519
|
+
rescue ArgumentError, OpenSSL::Cipher::CipherError => ex
|
|
520
|
+
if (
|
|
521
|
+
ex.is_a?(ArgumentError) && ['invalid base64', 'data must not be empty'].include?(ex.message) ||
|
|
522
|
+
ex.is_a?(OpenSSL::Cipher::CipherError) && ['wrong final block length', 'bad decrypt'].include?(ex.message)
|
|
523
|
+
) && encryption_type == :envelope && (kms_tries += 1) < 3
|
|
521
524
|
ZuoraConnect.logger.warn("Fallback to encryption 'direct', from '#{encryption_type}'", ex, self.default_ougai_items)
|
|
522
525
|
encryption_type = :direct
|
|
523
526
|
retry
|
|
@@ -3,7 +3,7 @@ module ZuoraConnect
|
|
|
3
3
|
self.table_name = "zuora_users"
|
|
4
4
|
attr_accessor :session
|
|
5
5
|
|
|
6
|
-
cattr_accessor :current_user_id
|
|
6
|
+
cattr_accessor :current_user_id, :current_org_id, :current_org_child_org_ids
|
|
7
7
|
|
|
8
8
|
# zuora_user_id/zuora_entity_id both come from cookie or headers
|
|
9
9
|
# zuora_current_identity comes from session
|
|
@@ -7,7 +7,7 @@ module ZuoraConnect
|
|
|
7
7
|
|
|
8
8
|
attr_accessor :oauth_client_id, :oauth_client_secret, :oauth_client_redirect_uri
|
|
9
9
|
|
|
10
|
-
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data
|
|
10
|
+
attr_accessor :dev_mode_logins, :dev_mode_options, :dev_mode_mode, :dev_mode_appinstance, :dev_mode_user, :dev_mode_pass, :dev_mode_admin, :dev_mode_secret_access_key,:dev_mode_access_key_id,:aws_region, :s3_bucket_name, :s3_folder_name, :insert_migrations, :skip_connect, :encryption_type, :local_task_data, :disable_provisioning
|
|
11
11
|
|
|
12
12
|
def initialize
|
|
13
13
|
@default_locale = :en
|
|
@@ -23,6 +23,7 @@ module ZuoraConnect
|
|
|
23
23
|
@skip_connect = false
|
|
24
24
|
@encryption_type = :direct
|
|
25
25
|
@local_task_data = false
|
|
26
|
+
@disable_provisioning = false
|
|
26
27
|
|
|
27
28
|
# Setting the app name for telegraf write
|
|
28
29
|
@enable_metrics = false
|
|
@@ -227,6 +227,39 @@ module ZuoraConnect
|
|
|
227
227
|
return (request.headers['ZuoraCurrentEntity'].present? || cookies['ZuoraCurrentEntity'].present?)
|
|
228
228
|
end
|
|
229
229
|
|
|
230
|
+
def org_relation_mapping(root_org_relation)
|
|
231
|
+
relation = {}
|
|
232
|
+
|
|
233
|
+
return relation if root_org_relation.blank?
|
|
234
|
+
|
|
235
|
+
root_org_id = root_org_relation.dig(0, 'rootOrgId')
|
|
236
|
+
relation[root_org_id] = []
|
|
237
|
+
|
|
238
|
+
root_org_relation.each do |child_org|
|
|
239
|
+
relation[child_org['id']] = []
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
root_org_relation.each do |child_org|
|
|
243
|
+
parent_org_id = child_org['parentOrgId']
|
|
244
|
+
relation[parent_org_id].push(child_org['id'])
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
relation
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
def get_child_orgs_from_relation_mapping(relation_mapping, org_id)
|
|
251
|
+
if relation_mapping.blank? || org_id.blank? || relation_mapping[org_id].blank?
|
|
252
|
+
return []
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
child_orgs = relation_mapping[org_id].dup
|
|
256
|
+
relation_mapping[org_id].each do |child_org_id|
|
|
257
|
+
child_orgs += get_child_orgs_from_relation_mapping(relation_mapping, child_org_id)
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
child_orgs
|
|
261
|
+
end
|
|
262
|
+
|
|
230
263
|
def create_new_instance
|
|
231
264
|
ZuoraConnect::AppInstance.read_master_db do
|
|
232
265
|
Thread.current[:appinstance] = nil
|
|
@@ -446,6 +479,10 @@ module ZuoraConnect
|
|
|
446
479
|
|
|
447
480
|
#We have no deployed instance for this tenant
|
|
448
481
|
else
|
|
482
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
483
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("Provisioning is suspended")
|
|
484
|
+
end
|
|
485
|
+
|
|
449
486
|
#Ensure user can access oauth creation API
|
|
450
487
|
if !session["ZuoraCurrentUserInfo"]['permissions'].include?("permission.userManagement")
|
|
451
488
|
Thread.current[:appinstance] = nil
|
|
@@ -553,6 +590,58 @@ module ZuoraConnect
|
|
|
553
590
|
session["appInstance"] = @appinstance.id
|
|
554
591
|
end
|
|
555
592
|
|
|
593
|
+
zuora_org_id = cookies['Zuora-Org-Id'] || request.headers['Zuora-Org-Id']
|
|
594
|
+
zuora_return_nested_orgs_data =
|
|
595
|
+
cookies['Zuora-Return-Nested-Orgs-Data'].to_bool ||
|
|
596
|
+
request.headers['Zuora-Return-Nested-Orgs-Data'].to_bool
|
|
597
|
+
ZuoraConnect::ZuoraUser.current_org_id = zuora_org_id
|
|
598
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids = []
|
|
599
|
+
|
|
600
|
+
if zuora_org_id.present? && zuora_return_nested_orgs_data
|
|
601
|
+
cached_org_relationship = Redis.current.get("MultiOrgRelationship:#{@appinstance.id}")
|
|
602
|
+
|
|
603
|
+
if cached_org_relationship.present?
|
|
604
|
+
cached_org_relationship = JSON.parse(cached_org_relationship)
|
|
605
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids =
|
|
606
|
+
get_child_orgs_from_relation_mapping(cached_org_relationship, ZuoraConnect::ZuoraUser.current_org_id)
|
|
607
|
+
else
|
|
608
|
+
child_org_list, _ =
|
|
609
|
+
zuora_client.rest_call(
|
|
610
|
+
url: zuora_client.
|
|
611
|
+
rest_endpoint("tenant-registry/listChildOrgsForOrg/#{ZuoraConnect::ZuoraUser.current_org_id}").
|
|
612
|
+
gsub('v1/', ''),
|
|
613
|
+
session_type: zuora_client.is_a?(ZuoraAPI::Oauth) ? :bearer : :basic,
|
|
614
|
+
headers: auth_headers,
|
|
615
|
+
zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id
|
|
616
|
+
)
|
|
617
|
+
|
|
618
|
+
root_org_id = (child_org_list || {}).dig(0, 'rootOrgId').to_s
|
|
619
|
+
if root_org_id.present?
|
|
620
|
+
root_child_org_list, _ =
|
|
621
|
+
zuora_client.rest_call(
|
|
622
|
+
url: zuora_client.
|
|
623
|
+
rest_endpoint("tenant-registry/listChildOrgsForOrg/#{root_org_id}").
|
|
624
|
+
gsub('v1/', ''),
|
|
625
|
+
session_type: zuora_client.is_a?(ZuoraAPI::Oauth) ? :bearer : :basic,
|
|
626
|
+
headers: auth_headers,
|
|
627
|
+
zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id
|
|
628
|
+
)
|
|
629
|
+
|
|
630
|
+
org_relationship = org_relation_mapping(root_child_org_list)
|
|
631
|
+
Redis.current.setex(
|
|
632
|
+
"MultiOrgRelationship:#{@appinstance.id}",
|
|
633
|
+
1.day,
|
|
634
|
+
org_relationship.to_json
|
|
635
|
+
)
|
|
636
|
+
|
|
637
|
+
ZuoraConnect::ZuoraUser.current_org_child_org_ids =
|
|
638
|
+
get_child_orgs_from_relation_mapping(org_relationship, ZuoraConnect::ZuoraUser.current_org_id)
|
|
639
|
+
else
|
|
640
|
+
ZuoraConnect.logger.info("Failed to get root org id for #{@appinstance.id}")
|
|
641
|
+
end
|
|
642
|
+
end
|
|
643
|
+
end
|
|
644
|
+
|
|
556
645
|
rescue ZuoraAPI::Exceptions::ZuoraAPIAuthenticationTypeError => ex
|
|
557
646
|
output_xml, input_xml, response = zuora_client.soap_call(errors: [], z_session: false, zuora_track_id: ZuoraConnect::RequestIdMiddleware.zuora_request_id) do |xml|
|
|
558
647
|
xml['api'].getUserInfo
|
|
@@ -579,7 +668,15 @@ module ZuoraConnect
|
|
|
579
668
|
zuora_details.merge!({:error => ex.response.body})
|
|
580
669
|
end
|
|
581
670
|
ZuoraConnect.logger.error("UI Authorization Error", ex, zuora: zuora_details)
|
|
582
|
-
|
|
671
|
+
|
|
672
|
+
respond_to do |format|
|
|
673
|
+
format.html {
|
|
674
|
+
render "zuora_connect/static/error_unhandled", locals: {exception: ex, skip_exception: true}, layout: false, status: 500
|
|
675
|
+
}
|
|
676
|
+
format.js {
|
|
677
|
+
render "zuora_connect/static/error_unhandled", locals: {exception: ex, skip_exception: true}, layout: false, status: 500
|
|
678
|
+
}
|
|
679
|
+
end
|
|
583
680
|
end
|
|
584
681
|
return
|
|
585
682
|
end
|
|
@@ -601,6 +698,10 @@ module ZuoraConnect
|
|
|
601
698
|
@appinstance = ZuoraConnect::AppInstance.find_by(:id => values["appInstance"].to_i)
|
|
602
699
|
|
|
603
700
|
if @appinstance.blank?
|
|
701
|
+
if ZuoraConnect.configuration.disable_provisioning
|
|
702
|
+
raise ZuoraConnect::Exceptions::AccessDenied.new("Provisioning is suspended")
|
|
703
|
+
end
|
|
704
|
+
|
|
604
705
|
Apartment::Tenant.switch!("public")
|
|
605
706
|
begin
|
|
606
707
|
Apartment::Tenant.create(values["appInstance"].to_s)
|
|
@@ -65,5 +65,19 @@ module ZuoraConnect
|
|
|
65
65
|
@message || @default_message
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
class OrganizationAccessForbidden < Error
|
|
71
|
+
attr_writer :default_message
|
|
72
|
+
|
|
73
|
+
def initialize(message = nil)
|
|
74
|
+
@message = message
|
|
75
|
+
@default_message = "You are not authorized to access with the current organization."
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def to_s
|
|
79
|
+
@message || @default_message
|
|
80
|
+
end
|
|
81
|
+
end
|
|
68
82
|
end
|
|
69
83
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zuora_connect
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Connect Team
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-12-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: apartment
|