From 11e4985e1e59a3aeead3d06a3eb144670c40bfa0 Mon Sep 17 00:00:00 2001 From: Toan Nguyen Date: Mon, 15 Jun 2020 12:53:32 +1000 Subject: [PATCH 1/4] Update Zendesk API Token and Provision Token --- .../community/Zendesk/Zendesk/Helper/Data.php | 58 +++++++++---------- .../Zendesk/controllers/ApiController.php | 4 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php index ea80849f..1a96f32f 100644 --- a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php +++ b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php @@ -26,7 +26,7 @@ public function getUrl($object = '', $id = null, $format = 'old') $base = $protocol . $domain . $root; $hc = $protocol . $domain . '/hc'; - + switch($object) { case '': return $base; @@ -43,7 +43,7 @@ public function getUrl($object = '', $id = null, $format = 'old') case 'raw': return $protocol . $domain . '/' . $id; break; - + case 'request': return $hc . '/requests/' . $id; break; @@ -60,8 +60,8 @@ public function getZendeskDomain() { return Mage::getStoreConfig('zendesk/general/domain'); } - - + + /** * Returns if SSO is enabled for EndUsers * @return integer @@ -131,11 +131,11 @@ public function getZendeskUnauthUrl() return $protocol . $domain . $route; } - + public function getApiToken($generate = true) { // Grab any existing token from the admin scope - $token = Mage::getStoreConfig('zendesk/api/token', 0); + $token = Mage::getStoreConfig('zendesk/api/token_v2', 0); if( (!$token || strlen(trim($token)) == 0) && $generate) { $token = $this->setApiToken(); @@ -147,9 +147,9 @@ public function getApiToken($generate = true) public function setApiToken($token = null) { if(!$token) { - $token = md5(time()); + $token = hash('sha256', rand()); } - Mage::getModel('core/config')->saveConfig('zendesk/api/token', $token, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/api/token_v2', $token, 'default'); return $token; } @@ -173,7 +173,7 @@ public function getProvisionUrl() public function getProvisionToken($generate = false) { - $token = Mage::getStoreConfig('zendesk/hidden/provision_token', 0); + $token = Mage::getStoreConfig('zendesk/hidden/provision_token_v2', 0); if( (!$token || strlen(trim($token)) == 0) && $generate) { $token = $this->setProvisionToken(); @@ -185,10 +185,10 @@ public function getProvisionToken($generate = false) public function setProvisionToken($token = null) { if(!$token) { - $token = md5(time()); + $token = hash('sha256', rand()); } - Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', $token, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token_v2', $token, 'default'); Mage::getConfig()->removeCache(); return $token; @@ -292,19 +292,19 @@ public function getTicketUrl($row, $link = false) } else { $path = '*/sso/login'; $object = 'request'; - } + } $path = Mage::getSingleton('admin/session')->getUser() ? 'adminhtml/zendesk/login' : '*/sso/login'; - + $url = Mage::helper('adminhtml')->getUrl($path, array("return_url" => Mage::helper('core')->urlEncode(Mage::helper('zendesk')->getUrl($object, $row['id'])))); - + if ($link) return $url; - + $subject = $row['subject'] ? $row['subject'] : $this->__('No Subject'); return '' . Mage::helper('core')->escapeHtml($subject) . ''; } - + public function getStatusMap() { return array( @@ -316,8 +316,8 @@ public function getStatusMap() 'hold' => 'Hold' ); } - - + + public function getPriorityMap() { return array( @@ -327,7 +327,7 @@ public function getPriorityMap() 'urgent' => 'Urgent' ); } - + public function getTypeMap() { return array( @@ -337,26 +337,26 @@ public function getTypeMap() 'task' => 'Task' ); } - + public function getChosenViews() { $list = trim(trim(Mage::getStoreConfig('zendesk/backend_features/show_views')), ','); return explode(',', $list); } - + public function getFormatedDataForAPI($dateToFormat) { $myDateTime = DateTime::createFromFormat('d/m/Y', $dateToFormat); return $myDateTime->format('Y-m-d'); } - + public function isValidDate($date) { if(is_string($date)) { $d = DateTime::createFromFormat('d/m/Y', $date); return $d && $d->format('d/m/Y') == $date; } - + return false; } - + public function getFormatedDateTime($dateToFormat) { return Mage::helper('core')->formatDate($dateToFormat, 'medium', true); } @@ -388,17 +388,17 @@ public function getConnectionStatus($domain = null, $username = null, $password $error = Mage::helper('zendesk')->__('Connection to Zendesk API failed') . '
' . Mage::helper('zendesk')->__("Click 'Save Config' and try again. If the issue persist, check if the entered Agent Email Address and Agent Token combination is correct."); - + return array( 'success' => false, 'msg' => $error, ); - + } catch (Exception $ex) { $error = Mage::helper('zendesk')->__('Connection to Zendesk API failed') . '
' . $ex->getCode() . ': ' . $ex->getMessage() . '
' . Mage::helper('zendesk')->__("Click 'Save Config' and try again. If the issue persist, check if the entered Agent Email Address and Agent Token combination is correct."); - + return array( 'success' => false, 'msg' => $error, @@ -424,12 +424,12 @@ public function storeDependenciesInCachedRegistry() { $groups = serialize( Mage::getModel('zendesk/api_groups')->all() ); $cache->save($groups, 'zendesk_groups', array('zendesk', 'zendesk_groups'), 1200); } - + $groups = unserialize( $cache->load('zendesk_groups') ); Mage::register('zendesk_groups', $groups); } } - + /** * Checks whether the user is in an admin page. * diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php b/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php index 0b32493e..c0e83c5c 100644 --- a/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php +++ b/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php @@ -32,7 +32,7 @@ public function _authorise() if(!$tokenString && isset($_SERVER['HTTP_AUTHORIZATION'])) { $tokenString = $_SERVER['HTTP_AUTHORIZATION']; } - + if (!$tokenString && isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { $tokenString = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; } @@ -382,7 +382,7 @@ public function finaliseAction() } // Clear the provisioning token so it can't be used any further - Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', null, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token_v2', null, 'default'); Mage::getConfig()->removeCache(); From 79a579cf8168e363411ef514714cbf94db445fb7 Mon Sep 17 00:00:00 2001 From: Toan Nguyen Date: Tue, 16 Jun 2020 17:27:24 +1000 Subject: [PATCH 2/4] Use existing token --- src/app/code/community/Zendesk/Zendesk/Helper/Data.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php index 1a96f32f..8c70c177 100644 --- a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php +++ b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php @@ -135,7 +135,7 @@ public function getZendeskUnauthUrl() public function getApiToken($generate = true) { // Grab any existing token from the admin scope - $token = Mage::getStoreConfig('zendesk/api/token_v2', 0); + $token = Mage::getStoreConfig('zendesk/api/token', 0); if( (!$token || strlen(trim($token)) == 0) && $generate) { $token = $this->setApiToken(); @@ -149,7 +149,7 @@ public function setApiToken($token = null) if(!$token) { $token = hash('sha256', rand()); } - Mage::getModel('core/config')->saveConfig('zendesk/api/token_v2', $token, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/api/token', $token, 'default'); return $token; } @@ -173,7 +173,7 @@ public function getProvisionUrl() public function getProvisionToken($generate = false) { - $token = Mage::getStoreConfig('zendesk/hidden/provision_token_v2', 0); + $token = Mage::getStoreConfig('zendesk/hidden/provision_token', 0); if( (!$token || strlen(trim($token)) == 0) && $generate) { $token = $this->setProvisionToken(); @@ -188,7 +188,7 @@ public function setProvisionToken($token = null) $token = hash('sha256', rand()); } - Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token_v2', $token, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', $token, 'default'); Mage::getConfig()->removeCache(); return $token; From 5e4e107f0e010b1f317672a31a23c8821a74a41c Mon Sep 17 00:00:00 2001 From: Toan Nguyen Date: Thu, 18 Jun 2020 17:22:48 +1000 Subject: [PATCH 3/4] Use a more secure random string generator --- src/app/code/community/Zendesk/Zendesk/Helper/Data.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php index 8c70c177..1587a929 100644 --- a/src/app/code/community/Zendesk/Zendesk/Helper/Data.php +++ b/src/app/code/community/Zendesk/Zendesk/Helper/Data.php @@ -147,7 +147,7 @@ public function getApiToken($generate = true) public function setApiToken($token = null) { if(!$token) { - $token = hash('sha256', rand()); + $token = hash('sha256', Mage::helper('oauth')->generateToken()); } Mage::getModel('core/config')->saveConfig('zendesk/api/token', $token, 'default'); @@ -185,7 +185,7 @@ public function getProvisionToken($generate = false) public function setProvisionToken($token = null) { if(!$token) { - $token = hash('sha256', rand()); + $token = hash('sha256', Mage::helper('oauth')->generateToken()); } Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', $token, 'default'); From bfe55ed19a1cfbb856262316f63abcbf643d8d51 Mon Sep 17 00:00:00 2001 From: Toan Nguyen Date: Tue, 23 Jun 2020 23:51:58 +1000 Subject: [PATCH 4/4] Remove references to v2 --- .../community/Zendesk/Zendesk/controllers/ApiController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php b/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php index c0e83c5c..726dfe92 100644 --- a/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php +++ b/src/app/code/community/Zendesk/Zendesk/controllers/ApiController.php @@ -382,7 +382,7 @@ public function finaliseAction() } // Clear the provisioning token so it can't be used any further - Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token_v2', null, 'default'); + Mage::getModel('core/config')->saveConfig('zendesk/hidden/provision_token', null, 'default'); Mage::getConfig()->removeCache();