Skip to content

Commit

Permalink
PLATINT-2697: auth split POC (#1180)
Browse files Browse the repository at this point in the history
  • Loading branch information
jmather-c authored Nov 14, 2023
1 parent e0fed7e commit 7445789
Show file tree
Hide file tree
Showing 95 changed files with 32,557 additions and 4,415 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ IlluminatedCloud

# Ignore bundler config.
/.bundle
/bin/*

# Ignore the default SQLite database.
/db/*.sqlite3
Expand Down
66 changes: 66 additions & 0 deletions LocalDev-Testing.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# How to test locally

1. Follow normal setup routine.
2. Run ruby locally... what works for me is: `dotenv bundle exec puma`
2. Make the local instance internet accessible. You can use ngrok, or my custom localtunnel server if you like. Details below.
3. Add a Remote Site Config for this url to enable Salesforce to call it.
(Setup -> Remote Site Settings), /lightning/setup/SecurityRemoteProxy/home
4. Edit the Default Setup_Connection_Data__mdt record, turn on "Local Authorization
Target" and set "Platform Target" to the URL from step 2. /lightning/setup/CustomMetadata/home
5. If something seems wonky, set OAuth_State_Signing_Key__c to `98ae2216688a8b879c25f17ed793bfa7bb11201ddda97ad01b2d282a06aa191a` in Salesforce, but it should default to it even if not set.
6. Test!

## making localdev accessible

We can (and do!) use http://localhost:3100 for some local testing, but in order for Salesforce to be able
to call it, we need to expose it somewhere that Salesforce can call it.

The simplest way to do this is with some sort of local tunnel system.

### ngrok

#### Installation

Be sure to install from NPM, not the website.

```
npm install -g ngrok
```

#### Setup

Create an account with [ngrok](https://ngrok.com/), and configure your authtoken.

```
ngrok authtoken <your_token>
```

#### Running

To run ngrok, execute:

```
ngrok http 3100
```

### My secure localtunnel server

I run a dedicated localtunnel server for just such purposes as well.

It keeps no logs or anything, and just does what it says on the box to provide public HTTPS transit.

For ease of use, I have added [bin/expose-for-salesforce.sh](bin/expose-for-salesforce.sh) to the repo.

Simply run `./bin/expose-for-salesforce.sh`, and it will give you a URL to use.

```
st-jmather-c1:stripe-salesforce jmather-c$ ./bin/expose-for-salesforce.sh
your url is: https://jmather-c.lt.jmather.com
```

Please note: this is for developer use only. It is not a production service, and I make no guarantees about it.

For use with CI, or other purposes, Stripe should set up their own localtunnel secure server using
[my localtunnel-server fork](https://github.com/jmather/localtunnel-secure-server).

Thanks!
20 changes: 12 additions & 8 deletions app/controllers/controller_helpers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -22,16 +22,20 @@ module ControllerHelpers
end
end

sig { params(user: StripeForce::User, raw_namespace: T.nilable(String)).returns(String) }
protected def build_postmessage_domain(user, raw_namespace)
salesforce_namespace = subdomain_namespace_from_param(raw_namespace)
iframe_domain = iframe_domain_from_user(user)
"https://#{user.sf_subdomain}--#{salesforce_namespace}.#{iframe_domain}"
sig { params(state: StateEncryptionAlgo::StripeOAuthState).returns(String) }
protected def build_postmessage_domain_from_state(state)
namespace = subdomain_namespace_from_param(state.salesforce_namespace)
subdomain = state.salesforce_instance_subdomain
iframe_domain = iframe_domain_from_user(state)
"https://#{subdomain}--#{namespace}.#{iframe_domain}"
end

sig { params(user: StripeForce::User).returns(String) }
protected def iframe_domain_from_user(user)
if user.scratch_org?
sig { params(state: StateEncryptionAlgo::StripeOAuthState).returns(String) }
protected def iframe_domain_from_user(state)
scratch_org_type = StripeForce::Constants::SFInstanceTypes::SCRATCH_ORG.serialize
is_scratch_org = state.salesforce_instance_type == scratch_org_type

if is_scratch_org
"scratch.vf.force.com"
else
"visualforce.com"
Expand Down
Loading

0 comments on commit 7445789

Please sign in to comment.