From baca8f8c54d7822381647ff2b5c5199b59e65825 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Mon, 18 Nov 2024 16:05:03 -0500 Subject: [PATCH 1/5] update adobe campaign gem to use new auth method --- Gemfile.lock | 141 +++++++++++++++++++++++++-------------------------- 1 file changed, 70 insertions(+), 71 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3d9e8da..306923c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -15,47 +15,47 @@ GEM GEM remote: https://rubygems.org/ specs: - actioncable (7.0.8.4) - actionpack (= 7.0.8.4) - activesupport (= 7.0.8.4) + actioncable (7.0.8.6) + actionpack (= 7.0.8.6) + activesupport (= 7.0.8.6) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.8.4) - actionpack (= 7.0.8.4) - activejob (= 7.0.8.4) - activerecord (= 7.0.8.4) - activestorage (= 7.0.8.4) - activesupport (= 7.0.8.4) + actionmailbox (7.0.8.6) + actionpack (= 7.0.8.6) + activejob (= 7.0.8.6) + activerecord (= 7.0.8.6) + activestorage (= 7.0.8.6) + activesupport (= 7.0.8.6) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.8.4) - actionpack (= 7.0.8.4) - actionview (= 7.0.8.4) - activejob (= 7.0.8.4) - activesupport (= 7.0.8.4) + actionmailer (7.0.8.6) + actionpack (= 7.0.8.6) + actionview (= 7.0.8.6) + activejob (= 7.0.8.6) + activesupport (= 7.0.8.6) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.0) - actionpack (7.0.8.4) - actionview (= 7.0.8.4) - activesupport (= 7.0.8.4) + actionpack (7.0.8.6) + actionview (= 7.0.8.6) + activesupport (= 7.0.8.6) rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.8.4) - actionpack (= 7.0.8.4) - activerecord (= 7.0.8.4) - activestorage (= 7.0.8.4) - activesupport (= 7.0.8.4) + actiontext (7.0.8.6) + actionpack (= 7.0.8.6) + activerecord (= 7.0.8.6) + activestorage (= 7.0.8.6) + activesupport (= 7.0.8.6) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.8.4) - activesupport (= 7.0.8.4) + actionview (7.0.8.6) + activesupport (= 7.0.8.6) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) @@ -79,31 +79,31 @@ GEM sassc sassc-rails xdan-datetimepicker-rails (~> 2.5.1) - activejob (7.0.8.4) - activesupport (= 7.0.8.4) + activejob (7.0.8.6) + activesupport (= 7.0.8.6) globalid (>= 0.3.6) - activemodel (7.0.8.4) - activesupport (= 7.0.8.4) - activerecord (7.0.8.4) - activemodel (= 7.0.8.4) - activesupport (= 7.0.8.4) - activestorage (7.0.8.4) - actionpack (= 7.0.8.4) - activejob (= 7.0.8.4) - activerecord (= 7.0.8.4) - activesupport (= 7.0.8.4) + activemodel (7.0.8.6) + activesupport (= 7.0.8.6) + activerecord (7.0.8.6) + activemodel (= 7.0.8.6) + activesupport (= 7.0.8.6) + activestorage (7.0.8.6) + actionpack (= 7.0.8.6) + activejob (= 7.0.8.6) + activerecord (= 7.0.8.6) + activesupport (= 7.0.8.6) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (7.0.8.4) + activesupport (7.0.8.6) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) - adobe-campaign (0.3.2) + adobe-campaign (0.4.3) activesupport (>= 3.1.0) - jwt (~> 1.0) + jwt (>= 1.0, < 3.0) rails (>= 3.1) rest-client (>= 1.6.0) arbre (1.7.0) @@ -151,7 +151,7 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) - date (3.3.4) + date (3.4.0) ddtrace (1.4.2) debase-ruby_core_source (= 0.10.16) libdatadog (~> 0.7.0.1.1) @@ -170,8 +170,7 @@ GEM diff-lcs (1.4.4) docile (1.4.0) dogstatsd-ruby (5.5.0) - domain_name (0.5.20190701) - unf (>= 0.0.5, < 1.0.0) + domain_name (0.6.20240107) dotenv (2.7.6) dotenv-rails (2.7.6) dotenv (= 2.7.6) @@ -210,7 +209,7 @@ GEM hashdiff (0.3.7) hashie (5.0.0) http-accept (1.7.0) - http-cookie (1.0.3) + http-cookie (1.0.7) domain_name (~> 0.5) i18n (1.14.6) concurrent-ruby (~> 1.0) @@ -233,7 +232,8 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.7.1) - jwt (1.5.6) + jwt (2.9.3) + base64 kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) @@ -251,12 +251,13 @@ GEM libddwaf (1.3.0.2.0) ffi (~> 1.0) lint_roller (1.1.0) + logger (1.6.1) lograge (0.11.1) actionpack (>= 4) activesupport (>= 4) railties (>= 4) request_store (~> 1.0) - loofah (2.22.0) + loofah (2.23.1) crass (~> 1.0.2) nokogiri (>= 1.12.0) mail (2.8.1) @@ -267,15 +268,16 @@ GEM marcel (1.0.4) matrix (0.4.2) method_source (1.1.0) - mime-types (3.3.1) + mime-types (3.6.0) + logger mime-types-data (~> 3.2015) - mime-types-data (3.2019.1009) + mime-types-data (3.2024.1105) mini_mime (1.1.5) - mini_portile2 (2.8.7) + mini_portile2 (2.8.8) minitest (5.25.1) msgpack (1.5.6) multi_xml (0.6.0) - net-imap (0.4.16) + net-imap (0.5.1) date net-protocol net-pop (0.1.2) @@ -285,7 +287,7 @@ GEM net-smtp (0.5.0) net-protocol netrc (0.11.0) - nio4r (2.7.3) + nio4r (2.7.4) nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) @@ -321,27 +323,27 @@ GEM puma (5.6.8) nio4r (~> 2.0) racc (1.8.1) - rack (2.2.9) + rack (2.2.10) rack-cors (1.1.1) rack (>= 2.0.0) rack-protection (3.1.0) rack (~> 2.2, >= 2.2.4) rack-test (2.1.0) rack (>= 1.3) - rails (7.0.8.4) - actioncable (= 7.0.8.4) - actionmailbox (= 7.0.8.4) - actionmailer (= 7.0.8.4) - actionpack (= 7.0.8.4) - actiontext (= 7.0.8.4) - actionview (= 7.0.8.4) - activejob (= 7.0.8.4) - activemodel (= 7.0.8.4) - activerecord (= 7.0.8.4) - activestorage (= 7.0.8.4) - activesupport (= 7.0.8.4) + rails (7.0.8.6) + actioncable (= 7.0.8.6) + actionmailbox (= 7.0.8.6) + actionmailer (= 7.0.8.6) + actionpack (= 7.0.8.6) + actiontext (= 7.0.8.6) + actionview (= 7.0.8.6) + activejob (= 7.0.8.6) + activemodel (= 7.0.8.6) + activerecord (= 7.0.8.6) + activestorage (= 7.0.8.6) + activesupport (= 7.0.8.6) bundler (>= 1.15.0) - railties (= 7.0.8.4) + railties (= 7.0.8.6) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -349,9 +351,9 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (7.0.8.4) - actionpack (= 7.0.8.4) - activesupport (= 7.0.8.4) + railties (7.0.8.6) + actionpack (= 7.0.8.6) + activesupport (= 7.0.8.6) method_source rake (>= 12.2) thor (~> 1.0) @@ -491,16 +493,13 @@ GEM activemodel (>= 3.0, < 8.0) thor (1.3.2) tilt (2.2.0) - timeout (0.4.1) + timeout (0.4.2) turbo-rails (1.4.0) actionpack (>= 6.0.0) activejob (>= 6.0.0) railties (>= 6.0.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.7) unicode-display_width (2.5.0) unicode_utils (1.4.0) version_gem (1.1.3) From 5409e7a0c88c6e3c690dcd2bf484a54431a13dd1 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Tue, 19 Nov 2024 12:50:13 -0500 Subject: [PATCH 2/5] update tests --- spec/models/service_spec.rb | 5 +++-- spec/workers/adobe_campaign_worker_spec.rb | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/spec/models/service_spec.rb b/spec/models/service_spec.rb index 752ee2f..5f1d5dd 100644 --- a/spec/models/service_spec.rb +++ b/spec/models/service_spec.rb @@ -9,8 +9,9 @@ end it "fetches services with two requests" do # Prepare - stub_request(:post, "https://ims-na1.adobelogin.com/ims/exchange/jwt") - .with(body: {client_id: "asdf", client_secret: "asdf", jwt_token: "asdf"}) + stub_request(:post, "https://ims-na1.adobelogin.com/ims/token/v3") + .with(body: {"client_id" => "asdf", "client_secret" => "asdf", "grant_type" => "client_credentials", + "scope" => "campaign_sdk, openid, deliverability_service_general, campaign_config_server_general, AdobeID, additional_info.projectedProductContext"}) .to_return(status: 200, body: {access_token: @access_token}.to_json) services1 = [1, 2, 3] diff --git a/spec/workers/adobe_campaign_worker_spec.rb b/spec/workers/adobe_campaign_worker_spec.rb index 96fb581..d124647 100644 --- a/spec/workers/adobe_campaign_worker_spec.rb +++ b/spec/workers/adobe_campaign_worker_spec.rb @@ -5,8 +5,9 @@ RSpec.describe AdobeCampaignWorker do before(:each) do @access_token = SecureRandom.alphanumeric(30) - @stub = stub_request(:post, "https://ims-na1.adobelogin.com/ims/exchange/jwt") - .with(body: {client_id: "asdf", client_secret: "asdf", jwt_token: "asdf"}) + @stub = stub_request(:post, "https://ims-na1.adobelogin.com/ims/token/v3") + .with(body: {"client_id" => "asdf", "client_secret" => "asdf", "grant_type" => "client_credentials", + "scope" => "campaign_sdk, openid, deliverability_service_general, campaign_config_server_general, AdobeID, additional_info.projectedProductContext"}) .to_return(status: 200, body: {access_token: @access_token}.to_json) end From f94a8aaf1e1c50a569c1de461fd70d165eeade63 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Tue, 19 Nov 2024 13:01:49 -0500 Subject: [PATCH 3/5] update as per audit results --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 306923c..1897d37 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -320,7 +320,7 @@ GEM racc pg (1.2.3) public_suffix (4.0.6) - puma (5.6.8) + puma (5.6.9) nio4r (~> 2.0) racc (1.8.1) rack (2.2.10) @@ -390,7 +390,7 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) retryable-rb (1.1.0) - rexml (3.3.7) + rexml (3.3.9) rollbar (3.4.0) rspec-core (3.10.1) rspec-support (~> 3.10.0) From e7dbeceb1a6fa16fd5f5d7fab78399621cb781d3 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Tue, 19 Nov 2024 13:17:11 -0500 Subject: [PATCH 4/5] update brakeman --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1897d37..242d129 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -117,7 +117,7 @@ GEM bindex (0.8.1) bootsnap (1.13.0) msgpack (~> 1.2) - brakeman (6.2.1) + brakeman (6.2.2) racc brpoplpush-redis_script (0.1.3) concurrent-ruby (~> 1.0, >= 1.0.5) From 8ef31e9f14bad24212e29a56e3654652fdaf12c6 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Wed, 20 Nov 2024 15:37:45 -0500 Subject: [PATCH 5/5] update to latest adobe-campaign --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 242d129..65a2e23 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -101,7 +101,7 @@ GEM tzinfo (~> 2.0) addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) - adobe-campaign (0.4.3) + adobe-campaign (0.4.4) activesupport (>= 3.1.0) jwt (>= 1.0, < 3.0) rails (>= 3.1)