1

在 Salesforce 审查托管包的过程中,它已被标记为敏感数据的不安全存储,他们突出显示以下 xml。

<?xml version="1.0" encoding="UTF-8"?>
<CustomObject xmlns="http://soap.sforce.com/2006/04/metadata">
    <customSettingsType>List</customSettingsType>
    <enableFeeds>false</enableFeeds>
    <fields>
        <fullName>Client_Id__c</fullName>
        <deprecated>false</deprecated>
        <externalId>false</externalId>
        <label>Client Id</label>
        <length>100</length>
        <required>false</required>
        <trackTrending>false</trackTrending>
        <type>Text</type>
        <unique>false</unique>
    </fields>
    <fields>
        <fullName>Client_Secret__c</fullName>
        <deprecated>false</deprecated>
        <externalId>false</externalId>
        <label>Client Secret</label>
        <required>false</required>
        <trackTrending>false</trackTrending>
        <type>TextArea</type>
    </fields>
    <label>ConnectedApp</label>
    **<visibility>Public</visibility>**
</CustomObject>

注意 api 调用中使用的 Client_Id__c 和 Client_Secret__c 等敏感数据应存储在受保护的自定义设置或命名凭据中。

相关代码

public class CRMA_AuthenticationCheck {
    ...
    @AuraEnabled
    public static ResponseWrapper authorizeCRMA(String session_id, String userId, String consumerSecret){
        ResponseWrapper rw = new ResponseWrapper();
        string successMsg;
        string crmaUrl;
        ConnectedApp__c conApp;
        try{
            Boolean isStaging = [SELECT Id, IsSandbox FROM Organization LIMIT 1].IsSandbox;
            if(isStaging){
                crmaUrl = 'https://salesforcestaging.mydummysite.com/index.php/logincb/';
            }else{
                crmaUrl = 'https://salesforce.mydummysite.com/index.php/logincb/';
            }
            conApp = ConnectedAppCreator.createConnectedApp(crmaUrl+userId);
            Boolean isSuccess = false;
            if(String.isBlank(consumerSecret)){
                consumerSecret = conApp.Client_Secret__c;
            }
            if(String.isBlank(consumerSecret)){
                rw.StatusCode = 120;
                rw.ResponseMessage = 'Please Enter the Consumer Secret from Connected App with name Foo Connected App' ;
                rw.toastType = 'dismissable';
                return rw;
            }else {
                conApp.Client_Secret__c = consumerSecret;
            }
            if(conApp != null && String.isNotBlank(conApp.Client_Id__c)){
                successMsg = ConnectedAppDetailsToCRMA.connectedAppDetails(conApp.Client_Id__c, consumerSecret,UserInfo.getOrganizationName(), userId, session_id);
                
                if(successMsg == 'SUCCESSFUL'){
                    isSuccess = true;
                }
            }
            ...
        }
        ...
        return rw;
    }
    ...
}

鉴于生成了托管包并且我们没有专门定义 ConnectedApp,因此看不到我们如何将字段可见性修改为私有或受保护。任何链接或相关样本表示赞赏。谢谢 !

4

0 回答 0