Merge branch 'redmine-5'

.gitignore

@@ -1,3 +1,5 @@
 .bundle
 .config
+.dockerrc
+.vscode
 Gemfile.lock

Gemfile

@@ -1,7 +1,7 @@
 source 'https://rubygems.org'
 
 gem 'quickbooks-ruby'
-gem 'oauth2', '1.4.7'
+gem 'oauth2'
 gem 'roxml'
 gem 'nhtsa_vin'
 gem 'will_paginate'

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016 - 2022 Rick Barrette
+Copyright (c) 2016 - 2023 Rick Barrette
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -8,7 +8,10 @@ The goal of this project is to allow Redmine to connect with Quickbooks Online t
 
 Note: Although the core functionality is complete, this project is still under development & the master branch may be unstable. Tags should be stable and are recommended
 
-Use tags Version 1.0.0+ for Redmine 4+ and Version 0.8.1 for Redine 3
+Use tags for the following Redmine Versions
+* Version 2.0.0+ for Redmine 5+
+* Version 1.0.0+ for Redmine 4+ 
+* Version 0.8.1 for Redine 3
 
 #### Features
 * Issues can be assigned to a Customer via drop down in the edit Issue form
@@ -36,10 +39,12 @@ Use tags Version 1.0.0+ for Redmine 4+ and Version 0.8.1 for Redine 3
 
 ## The Install
 
-1. To install, clone this repo into your plugin folder
+1. To install, clone this repo into your plugin folder & checkout a tagged version
 
   `git clone git@github.com:rickbarrette/redmine_qbo.git` 
+  
   then
+  
   `git checkout <tag>`
   
 2. Migrate your database
@@ -59,11 +64,8 @@ Use tags Version 1.0.0+ for Redmine 4+ and Version 0.8.1 for Redine 3
 Note: After the inital synchronization, this plugin will recieve push notifications via Intuit's webhook service.
 
 ## TODO
-  * Customer link option to allow for temporary sharing of an issue
   * Add Setting for Sandbox Mode
   * Seperate Vehicles into a seperate plugin (I use redmine for my automotive shop management 😉)
-  * Make HTML Pretty (It's ugly right now but it works)
-  * Intergrate Customer Search into Redmine Search
   * MORE Stuff as I make it up...
 
 ## License

app/controllers/customers_controller.rb

@@ -36,7 +36,7 @@ class CustomersController < ApplicationController
   autocomplete :customer, :name, :full => true, :extra_data => [:id]
 
   def allowed_params
-    params.require(:customer).permit(:name, :email, :primary_phone, :mobile_phone, :phone_number)
+    params.require(:customer).permit(:name, :email, :primary_phone, :mobile_phone, :phone_number, :notes)
   end
 
   # getter method for a customer's vehicles
@@ -93,6 +93,10 @@ class CustomersController < ApplicationController
       @billing_address = address_to_s(@customer.billing_address)
       @shipping_address = address_to_s(@customer.shipping_address)
       @closed_issues = (@issues - @issues.open)
+      @hours = 0
+      @closed_hours = 0
+      @issues.open.each { |i| @hours+= i.total_spent_hours }
+      @closed_issues.each { |i| @closed_hours+= i.total_spent_hours }
     rescue 
       render_404
     end
@@ -111,7 +115,7 @@ class CustomersController < ApplicationController
   def update
     begin
       @customer = Customer.find_by_id(params[:id])
-      if @customer.update_attributes(allowed_params)
+      if @customer.update(allowed_params)
         flash[:notice] = "Customer updated"
         redirect_to @customer
       else
@@ -156,9 +160,11 @@ class CustomersController < ApplicationController
 
     User.current = User.find_by lastname: 'Anonymous'
 
-    @token = CustomerToken.where("token = ? and expires_at > ?", params[:token], Time.now)
-    @token = @token.first
-    if @token
+    @token = CustomerToken.find_by token: params[:token]
+    begin
+      @token.destroy if @token.expired?
+      raise "Token Expired" if @token.destroyed
+      
       session[:token] = @token.token
       @issue = Issue.find @token.issue_id
       @journals = @issue.journals.
@@ -179,7 +185,7 @@ class CustomersController < ApplicationController
       @priorities = IssuePriority.active
       @time_entry = TimeEntry.new(:issue => @issue, :project => @issue.project)
       @relation = IssueRelation.new
-    else
+    rescue
       render_403
     end
   end
@@ -212,14 +218,14 @@ class CustomersController < ApplicationController
   # format a quickbooks address to a human readable string
   def address_to_s (address)
     return if address.nil?
-    string = address.line1
+    string = address.line1 if address.line1
     string << "\n" + address.line2 if address.line2
     string << "\n" + address.line3 if address.line3
     string << "\n" + address.line4 if address.line4
     string << "\n" + address.line5 if address.line5
-    string << " " + address.city
-    string << ", " + address.country_sub_division_code
-    string << " " + address.postal_code
+    string << " " + address.city if address.city
+    string << ", " + address.country_sub_division_code if address.country_sub_division_code
+    string << " " + address.postal_code if address.postal_code
     return string
   end
 

app/controllers/estimate_controller.rb

@@ -12,17 +12,23 @@ class EstimateController < ApplicationController
   
   include AuthHelper
   
-  before_action :require_user
+  before_action :require_user, :unless => proc {|c| session[:token].nil? }
+  skip_before_action :verify_authenticity_token, :check_if_login_required, :unless => proc {|c| session[:token].nil? }
+
+  def get_estimate
+    estimate = Estimate.find_by_id(params[:id]) if params[:id]
+    estimate = Estimate.find_by_doc_number(params[:search]) if params[:search]
+    return estimate
+  end
   
   #
   # Downloads and forwards the estimate pdf
   #
   def show
-    e = Estimate.find_by_id(params[:id]) if params[:id]
-    e = Estimate.find_by_doc_number(params[:search]) if params[:search]
+    estimate = get_estimate
 
     begin
-      send_data e.pdf, filename: "estimate #{e.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
+      send_data estimate.pdf, filename: "estimate #{estimate.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
     rescue
       redirect_to :back, :flash => { :error => "Estimate not found" }
     end
@@ -32,11 +38,10 @@ class EstimateController < ApplicationController
   # Downloads estimate by document number
   #
   def doc
-    e = Estimate.find_by_doc_number(params[:id]) if params[:id]
-    e = Estimate.find_by_doc_number(params[:search]) if params[:search]
+    estimate = get_estimate
     
     begin
-      send_data e.pdf, filename: "estimate #{e.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
+      send_data estimate.pdf, filename: "estimate #{estimate.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
     rescue
       redirect_to :back, :flash => { :error => "Estimate not found" }
     end

app/controllers/invoice_controller.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -20,10 +20,13 @@ class InvoiceController < ApplicationController
   #
   def show
     begin
-      base = Invoice.get_base
-      invoice = base.fetch_by_id(params[:id])
-      @pdf = base.pdf(invoice)
-      send_data @pdf, filename: "invoice #{invoice.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
+      qbo = Qbo.first
+        qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+        invoice = service.fetch_by_id(params[:id])
+        @pdf = service.pdf(invoice)
+        send_data @pdf, filename: "invoice #{invoice.doc_number}.pdf", :disposition => 'inline', :type => "application/pdf"
+      end
     rescue
       redirect_to :back, :flash => { :error => "Invoice not found" }
     end

app/controllers/qbo_controller.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -26,7 +26,7 @@ class QboController < ApplicationController
   # Called when the user requests that Redmine to connect to QBO
   #
   def authenticate
-    oauth2_client = Qbo.get_client
+    oauth2_client = Qbo.construct_oauth2_client
     callback = Setting.host_name + "/qbo/oauth_callback/" 
     grant_url = oauth2_client.auth_code.authorize_url(redirect_uri: callback, response_type: "code", state: SecureRandom.hex(12), scope: "com.intuit.quickbooks.accounting")
     redirect_to grant_url
@@ -37,7 +37,7 @@ class QboController < ApplicationController
   #
   def oauth_callback
     if params[:state].present?
-      oauth2_client = Qbo.get_client
+      oauth2_client = Qbo.construct_oauth2_client
       # use the state value to retrieve from your backend any information you need to identify the customer in your system
       redirect_uri = Setting.host_name + "/qbo/oauth_callback/"
       if resp = oauth2_client.auth_code.get_token(params[:code], redirect_uri: redirect_uri)
@@ -47,15 +47,11 @@ class QboController < ApplicationController
         
         # Save the authentication information 
         qbo = Qbo.new
-        qbo.company_id = params[:realmId]
-        
-        # Generate Access Token & Serialize it into the database
-        access_token = OAuth2::AccessToken.new(oauth2_client, resp.token, refresh_token: resp.refresh_token)
-        qbo.token = access_token.to_hash
-        qbo.expire = 1.hour.from_now.utc
+        qbo.update(oauth2_access_token: resp.token, oauth2_refresh_token: resp.refresh_token, realm_id: params[:realmId])
+        qbo.refresh_token!
         
         if qbo.save!
-          redirect_to sync_path, :flash => { :notice => "Successfully connected to Quickbooks" }
+          redirect_to qbo_sync_path, :flash => { :notice => "Successfully connected to Quickbooks" }
         else
           redirect_to plugin_settings_path(:redmine_qbo), :flash => { :error => "Error" }
         end
@@ -145,7 +141,6 @@ class QboController < ApplicationController
       if Qbo.exists?
         Customer.sync
         Invoice.sync
-        QboItem.sync
         Employee.sync
         Estimate.sync
         
@@ -155,6 +150,6 @@ class QboController < ApplicationController
       ActiveRecord::Base.connection.close
     end
 
-    redirect_to :home, :flash => { :notice => "Successfully synced to Quickbooks" }
+    redirect_to :home, :flash => { :notice => "Syncing Quickbooks" }
   end
 end

app/helpers/auth_helper.rb

@@ -13,7 +13,7 @@ module AuthHelper
   def require_user
     return unless session[:token].nil?
     if !User.current.logged?
-      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true
+      render_403
     end
   end
   
@@ -27,14 +27,14 @@ module AuthHelper
   
   def check_permission(permission)
     if !allowed_to?(permission)
-      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true 
+      render_403
     end
   end
   
   
   def global_check_permission(permission)
     if !globaly_allowed_to?(permission)
-      render :file => "public/401.html.erb", :status => :unauthorized, :layout =>true 
+      render_403
     end
   end
   

app/models/concerns/quickbooks_oauth.rb

@@ -0,0 +1,80 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2023 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module QuickbooksOauth
+  extend ActiveSupport::Concern
+
+  OAUTH_CONSUMER_KEY = Setting.plugin_redmine_qbo['settingsOAuthConsumerKey']
+  OAUTH_CONSUMER_SECRET = Setting.plugin_redmine_qbo['settingsOAuthConsumerSecret']
+
+  #== Instance Methods
+
+  def perform_authenticated_request(&block)
+    attempts = 0
+    begin
+      yield oauth_access_token
+    rescue OAuth2::Error, Quickbooks::AuthorizationFailure => ex
+      Rails.logger.info("QuickbooksOauth.perform: #{ex.message}")
+
+      # to prevent an infinite loop here keep a counter and bail out after N times...
+      attempts += 1
+
+      raise "QuickbooksOauth:ExceededAuthAttempts" if attempts >= 3
+
+      # check if its an invalid_grant first, but assume it is for now
+      refresh_token!
+
+      retry
+    end
+  end
+
+  def refresh_token!
+    t = oauth_access_token
+    refreshed = t.refresh!
+
+    if refreshed.params['x_refresh_token_expires_in'].to_i > 0
+      oauth2_refresh_token_expires_at = Time.now + refreshed.params['x_refresh_token_expires_in'].to_i.seconds
+    else
+      oauth2_refresh_token_expires_at = 100.days.from_now
+    end
+
+    update!(
+      oauth2_access_token: refreshed.token,
+      oauth2_access_token_expires_at: Time.at(refreshed.expires_at),
+      oauth2_refresh_token: refreshed.refresh_token,
+      oauth2_refresh_token_expires_at: oauth2_refresh_token_expires_at
+    )
+  end
+
+  def oauth_client
+    self.class.construct_oauth2_client
+  end
+
+  def oauth_access_token
+    OAuth2::AccessToken.new(oauth_client, oauth2_access_token, refresh_token: oauth2_refresh_token)
+  end
+
+  def consumer
+    oauth_access_token
+  end
+
+  module ClassMethods
+
+    def construct_oauth2_client
+      options = {
+        site: "https://appcenter.intuit.com/connect/oauth2",
+        authorize_url: "https://appcenter.intuit.com/connect/oauth2",
+        token_url: "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer"
+      }
+      OAuth2::Client.new(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, options)
+    end
+
+  end
+end

app/models/customer.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -23,7 +23,7 @@ class Customer < ActiveRecord::Base
   
   # returns a human readable string
   def to_s
-    return name
+    return "#{self[:name]} - #{phone_number.split(//).last(4).join unless phone_number.nil?}"
   end
   
   # Convenience Method
@@ -88,6 +88,13 @@ class Customer < ActiveRecord::Base
     update_mobile_phone_number
   end
 
+  # Convenience Method
+  # Sets the notes
+  def notes=(s)
+    pull unless @details
+    @details.notes = s
+  end
+  
   # update the localy stored phone number as a plain string with no special chars
   def update_phone_number
     begin
@@ -135,28 +142,26 @@ class Customer < ActiveRecord::Base
   # proforms a bruteforce sync operation
   # This needs to be simplified
   def self.sync 
-    service = Qbo.get_base(:customer)
-
     # Sync ALL customers if the database is empty
-    #if count == 0
-      customers = service.all
-    #else
-    #  last = Qbo.first.last_sync
-    #  query = "Select Id, DisplayName From Customer"
-    #  query << " Where Metadata.LastUpdatedTime >= '#{last.iso8601}' " if last
-    #  customers = service.query(query)
-    #end
+    qbo = Qbo.first
+    customers = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Customer.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.all
+    end
     
-    customers.each do |customer|
-      customer = Customer.find_or_create_by(id: customer.id)
-      if customer.active?
-        if not customer.name.eql? customer.display_name
-          customer.name = customer.display_name
-          customer.id = customer.id
+    return unless customers
+    
+    customers.each do |c|
+      logger.info "Processing customer #{c.id}"
+      customer = Customer.find_or_create_by(id: c.id)
+      if c.active?
+        if not customer.name.eql? c.display_name
+          customer.name = c.display_name
+          customer.id = c.id
           customer.save_without_push
         end
       else
-        if not customer.new_record?
+        if not c.new_record?
           customer.delete
         end
       end
@@ -172,9 +177,14 @@ class Customer < ActiveRecord::Base
   # proforms a bruteforce sync operation
   # This needs to be simplified
   def self.sync_by_id(id) 
-    service = Qbo.get_base(:customer)
+    qbo = Qbo.first
+    customer = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Customer.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.fetch_by_id(id)
+    end
+
+    return unless customer
 
-    customer = service.fetch_by_id(id)
     customer = Customer.find_or_create_by(id: customer.id)
     if customer.active?
       if not customer.name.eql? customer.display_name
@@ -192,7 +202,11 @@ class Customer < ActiveRecord::Base
   # Push the updates
   def save_with_push
     begin
-      @details = Qbo.get_base(:customer).update(@details)
+      qbo = Qbo.first
+      @details = qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Customer.new(:company_id => qbo.realm_id, :access_token => access_token)
+        serivce.update(@details)
+      end
       #raise "QBO Fault" if @details.fault?
       self.id = @details.id
     rescue Exception => e
@@ -210,7 +224,11 @@ class Customer < ActiveRecord::Base
   def pull
     begin
       raise Exception unless self.id
-      @details = Qbo.get_base(:customer).fetch_by_id(self.id)
+      qbo = Qbo.first
+      @details = qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Customer.new(:company_id => qbo.realm_id, :access_token => access_token)
+        service.fetch_by_id(self.id)
+      end
     rescue Exception => e
       @details = Quickbooks::Model::Customer.new
     end

app/models/customer_token.rb

@@ -11,17 +11,51 @@
 class CustomerToken < ActiveRecord::Base
   unloadable
   has_many :issues
-  validates_presence_of :expires_at, :issue_id
-  before_create :generate_token
+  validates_presence_of :issue_id
+  before_create :generate_token, :generate_expire_date
+  attr_accessor :destroyed
+  after_destroy :mark_as_destroyed
 
   OAUTH_CONSUMER_SECRET = Setting.plugin_redmine_qbo['settingsOAuthConsumerSecret'] || 'CONFIGURE__' + SecureRandom.uuid
   
+  # generates a random token using the plugin setting settingsOAuthConsumerSecret for salt
   def generate_token
     self.token = SecureRandom.base64(15).tr('+/=lIO0', OAUTH_CONSUMER_SECRET)
   end
 
-  def remove_expired_tokens
-    CustomerToken.where("expires_at < ?", Time.now).destroy_all
+  # generates an expiring date
+  def generate_expire_date
+    self.expires_at = Time.now + 1.month
+  end
+
+  # set destroyed flag
+  def mark_as_destroyed
+    self.destroyed = true
+  end
+
+  # purge expired tokens
+  def self.remove_expired_tokens
+    where("expires_at < ?", Time.now).destroy_all
+  end
+  
+  # has the token expired?
+  def expired?
+    self.expires_at < Time.now
+  end
+
+  # Getter convenience method for tokens
+  def self.get_token(issue)
+    
+    # check to see if token exists & if it is expired
+    token = find_by_issue_id issue.id
+    unless token.nil?
+      return token unless token.expired?
+      # remove expired tokens
+      token.destroy
+    end
+
+    # only create new token if we have an issue to attach it to
+    return create(:issue_id => issue.id) if User.current.logged?
   end
 
 end

app/models/employee.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -13,26 +13,35 @@ class Employee < ActiveRecord::Base
   has_many :users
   validates_presence_of :id, :name
   
-  def self.get_base
-    Qbo.get_base(:employee)
-  end
-  
   def self.sync 
-    employees = get_base.all
+    qbo = Qbo.first
+    employees = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Employee.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.all
+    end
+
+    return unless employees
     
     transaction do
       # Update the item table
-      employees.each { |employee|
-        employee = 	find_or_create_by(id: employee.id)
-        employee.name = employee.display_name
-        employee.id = employee.id
+      employees.each { |e|
+        logger.info "Processing employee #{e.id}"
+        employee = 	find_or_create_by(id: e.id)
+        employee.name = e.display_name
+        employee.id = e.id
         employee.save!
       }
     end
   end
 
   def self.sync_by_id(id)
-    employee = get_base.fetch_by_id(id)
+    qbo = Qbo.first
+    employee = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Employee.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.fetch_by_id(id)
+    end
+
+    return unless employee
     employee = find_or_create_by(id: employee.id)
     employee.name = employee.display_name
     employee.id = employee.id

app/models/estimate.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -16,15 +16,17 @@ class Estimate < ActiveRecord::Base
   validates_presence_of :doc_number, :id
   self.primary_key = :id
   
-  # return the QBO Estimate service
-  def self.get_base
-    Qbo.get_base(:estimate)
-  end
-  
   # sync all estimates
   def self.sync
     logger.debug "Syncing ALL estimates"
-    estimates = get_base.all
+    qbo = Qbo.first
+    estimates = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Estimate.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.all
+    end
+
+    return unless estimates
+
     estimates.each { |estimate|
       process_estimate(estimate)
     }
@@ -36,35 +38,49 @@ class Estimate < ActiveRecord::Base
   # sync only one estimate
   def self.sync_by_id(id)
     logger.debug "Syncing estimate #{id}"
-    process_estimate(get_base.fetch_by_id(id))
+    qbo = Qbo.first
+    qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Estimate.new(:company_id => qbo.realm_id, :access_token => access_token)
+      process_estimate(service.fetch_by_id(id))
+    end
   end
   
   # update an estimate
   def self.update(id)
     # Update the item table
-    estimate = get_base.fetch_by_id(id)
-    estimate = find_or_create_by(id: id)
-    estimate.doc_number = estimate.doc_number
-    estimate.txn_date = estimate.txn_date
-    estimate.save!
+    qbo = Qbo.first
+    estimate = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Estimate.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.fetch_by_id(id)
+    end
+
+    return unless estimate
+
+    e = find_or_create_by(id: id)
+    e.doc_number = estimate.doc_number
+    e.txn_date = estimate.txn_date
+    e.save!
   end
   
   # process an estimate into the database
-  def self.process_estimate(estimate)
-    logger.info "Processing estimate #{estimate.id}"
-    estimate = find_or_create_by(id: estimate.id)
-    estimate.doc_number = estimate.doc_number
-    estimate.customer_id = estimate.customer_ref.value
-    estimate.id = estimate.id
-    estimate.txn_date = estimate.txn_date
+  def self.process_estimate(qbo_estimate)
+    logger.info "Processing estimate #{qbo_estimate.id}"
+    estimate = find_or_create_by(id: qbo_estimate.id)
+    estimate.doc_number = qbo_estimate.doc_number
+    estimate.customer_id = qbo_estimate.customer_ref.value
+    estimate.id = qbo_estimate.id
+    estimate.txn_date = qbo_estimate.txn_date
     estimate.save!
   end
 
   # download the pdf from quickbooks
   def pdf
-    base = Estimate.get_base
-    estimate = base.fetch_by_id(id)
-    return base.pdf(estimate)
+    qbo = Qbo.first
+    qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Estimate.new(:company_id => qbo.realm_id, :access_token => access_token)
+      estimate = service.fetch_by_id(id)
+      service.pdf(estimate)
+    end
   end
 
   # Magic Method
@@ -91,7 +107,11 @@ class Estimate < ActiveRecord::Base
   def pull
     begin
       raise Exception unless self.id
-      @details = Qbo.get_base(:estimate).fetch_by_id(self.id)
+      qbo = Qbo.first
+      @details = qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Estimate.new(:company_id => qbo.realm_id, :access_token => access_token)
+        service(:estimate).fetch_by_id(self.id)
+      end
     rescue Exception => e
       @details = Quickbooks::Model::Estimate.new
     end

app/models/invoice.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -15,11 +15,6 @@ class Invoice < ActiveRecord::Base
   validates_presence_of :doc_number, :id, :customer_id, :txn_date
   self.primary_key = :id
   
-  # Get the quickbooks-ruby base for invoice
-  def self.get_base
-    Qbo.get_base(:invoice)
-  end
-  
   # sync ALL the invoices
   def self.sync
     logger.debug "Syncing all invoices"
@@ -30,12 +25,14 @@ class Invoice < ActiveRecord::Base
   
     # TODO actually do something with the above query
     # .all() is never called since count is never initialized
-    if count == 0
-      invoices = get_base.all 
-    else
-      invoices = get_base.query()
+    qbo = Qbo.first
+    invoices = qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+      service.all 
     end
 
+    return unless invoices
+     
     invoices.each { | invoice | 
       process_invoice invoice
     }
@@ -44,8 +41,12 @@ class Invoice < ActiveRecord::Base
   #sync by invoice ID
   def self.sync_by_id(id)
     logger.debug "Syncing invoice #{id}"
-    invoice = get_base.fetch_by_id(id) 
-    process_invoice invoice
+    qbo = Qbo.first
+    qbo.perform_authenticated_request do |access_token|
+      service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+      invoice = service.fetch_by_id(id) 
+      process_invoice invoice
+    end
   end
   
   private
@@ -70,26 +71,26 @@ class Invoice < ActiveRecord::Base
   end
   
   # processes the invoice into the database
-  def self.process_invoice(invoice)
-    logger.info "Processing invoice #{invoice.id}"
+  def self.process_invoice(i)
+    logger.info "Processing invoice #{i.id}"
 
     # Load the invoice into the database
-    invoice = Invoice.find_or_create_by(id: invoice.id)
-    invoice.doc_number = invoice.doc_number 
-    invoice.id = invoice.id
-    invoice.customer_id = invoice.customer_ref
-    invoice.txn_date = invoice.txn_date
+    invoice = Invoice.find_or_create_by(id: i.id)
+    invoice.doc_number = i.doc_number 
+    invoice.id = i.id
+    invoice.customer_id = i.customer_ref
+    invoice.txn_date = i.txn_date
     invoice.save!
 
     # Scan the private notes for hashtags and attach to the applicable issues
-    if not invoice.private_note.nil?
-      invoice.private_note.scan(/#(\w+)/).flatten.each { |issue|
+    if not i.private_note.nil?
+      i.private_note.scan(/#(\w+)/).flatten.each { |issue|
         attach_to_issue(Issue.find_by_id(issue.to_i), invoice)
       }
     end
     
     # Scan the line items for hashtags and attach to the applicable issues
-    invoice.line_items.each { |line|
+    i.line_items.each { |line|
       if line.description
         line.description.scan(/#(\w+)/).flatten.each { |issue|
           attach_to_issue(Issue.find_by_id(issue.to_i), invoice)
@@ -155,7 +156,11 @@ class Invoice < ActiveRecord::Base
     # Push updates
     begin
       logger.debug "Trying to update invoice"
-      get_base.update(invoice) if is_changed
+      qbo = Qbo.first
+      qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+        service.update(invoice) if is_changed
+      end
     rescue
       # Do nothing, probaly custome field sync confict on the invoice. 
       # This is a problem with how it's billed
@@ -187,7 +192,11 @@ class Invoice < ActiveRecord::Base
   def pull
     begin
       raise Exception unless self.id
-      @details = Qbo.get_base(:invoice).fetch_by_id(self.id)
+      qbo = Qbo.first
+      @details = qbo.perform_authenticated_request do |access_token|
+        service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+        service.fetch_by_id(self.id)
+      end
     rescue Exception => e
       @details = Quickbooks::Model::Invoice.new
     end

app/models/qbo.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -10,85 +10,15 @@
 
 class Qbo < ActiveRecord::Base
   unloadable
-  validates_presence_of :token, :company_id, :expire
-  serialize :token
     
-  OAUTH_CONSUMER_KEY = Setting.plugin_redmine_qbo['settingsOAuthConsumerKey']
-  OAUTH_CONSUMER_SECRET = Setting.plugin_redmine_qbo['settingsOAuthConsumerSecret']
-  
-  #
-  # Getter for quickbooks OAuth2 client
-  #
-  def self.get_client
-    oauth_params = {
-     site: "https://appcenter.intuit.com/connect/oauth2",
-     authorize_url: "https://appcenter.intuit.com/connect/oauth2",
-     token_url: "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer"
-    }
-    return OAuth2::Client.new(OAUTH_CONSUMER_KEY, OAUTH_CONSUMER_SECRET, oauth_params)
-  end
-  
-  #
-  # Getter for oauth consumer
-  #
-  def self.get_oauth_consumer
-    # Quickbooks Config Info
-    return $qb_oauth_consumer
-  end
-
-  # 
-  # Get a quickbooks base service object for type
-  # @params type of base
-  #
-  def self.get_base(type)
-    # lets getnourbold access token from the database
-    oauth2_client = get_client
-    qbo = self.first
-    access_token = OAuth2::AccessToken.from_hash(oauth2_client, qbo.token)
-
-    # check to see if we need to refresh the acesstoken
-    if qbo.expire.to_time.utc.past?
-      puts "Updating access token"
-      new_access_token_object = access_token.refresh!
-      qbo.token = new_access_token_object.to_hash
-      qbo.expire = 1.hour.from_now.utc
-      qbo.save!
-      access_token = new_access_token_object
-    else
-      puts "Using current token"
-    end
-    
-    # build the reqiested service
-    case type
-      when :item
-        return Quickbooks::Service::Item.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :time_activity
-       return Quickbooks::Service::TimeActivity.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :customer
-        return Quickbooks::Service::Customer.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :invoice
-        return Quickbooks::Service::Invoice.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :estimate
-        return Quickbooks::Service::Estimate.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :account
-        return Quickbooks::Service::Account.new(:company_id => qbo.company_id, :access_token => access_token)
-      when :employee
-        return Quickbooks::Service::Employee.new(:company_id => qbo.company_id, :access_token => access_token)
-    else
-      return access_token
-    end
-   
-  end
-   
-   # Get the QBO account
-  def self.get_account
-    first
-  end
+  include QuickbooksOauth
   
   # Updates last sync time stamp
   def self.update_time_stamp
+    date = DateTime.now
+    logger.info "Updating QBO timestamp to #{date}"
     qbo = Qbo.first
-    qbo.last_sync = DateTime.now
+    qbo.last_sync = date
     qbo.save
   end
   

app/views/customers/show.html.erb

@@ -35,8 +35,8 @@
   </div>
 
 <br/>
-<h3><%=@issues.open.count%> <%=t(:label_open_issues)%>:</h3>
+<h3><%=@issues.open.count%> <%=t(:label_open_issues)%> - <%=@hours.round(1)%> <%=t(:label_hours)%></h3>
 <%= render :partial => 'issues/list_simple', locals: {issues: @issues.open} %>
 
-<h3><%=@closed_issues.count%> <%=t(:label_closed_issues)%>:</h3>
+<h3><%=@closed_issues.count%> <%=t(:label_closed_issues)%> - <%= @closed_hours.round(1)%> <%=t(:label_hours)%></h3>
 <%= render :partial => 'issues/list_simple', locals: {issues: @closed_issues} %>

app/views/customers/view.html.erb

@@ -1,3 +1,5 @@
+<p style="float: right;"> <%= copy_object_url_link(request.url) %> </p>
+
 <h2><%= issue_heading(@issue) %></h2>
 
 <div class="<%= @issue.css_classes %> details">
@@ -20,13 +22,13 @@
   rows.left l(:field_status), @issue.status.name, :class => 'status'
   rows.left l(:field_priority), @issue.priority.name, :class => 'priority'
   unless @issue.disabled_core_fields.include?('assigned_to_id')
-    rows.left l(:field_assigned_to), avatar(@issue.assigned_to, :size => "14").to_s.html_safe + (@issue.assigned_to ? link_to_user(@issue.assigned_to) : "-"), :class => 'assigned-to'
+    rows.left l(:field_assigned_to), avatar(@issue.assigned_to, :size => "14").to_s.html_safe + (@issue.assigned_to ? @issue.assigned_to : "-"), :class => 'assigned-to'
   end
   unless @issue.disabled_core_fields.include?('category_id') || (@issue.category.nil? && @issue.project.issue_categories.none?)
     rows.left l(:field_category), (@issue.category ? @issue.category.name : "-"), :class => 'category'
   end
   unless @issue.disabled_core_fields.include?('fixed_version_id') || (@issue.fixed_version.nil? && @issue.assignable_versions.none?)
-    rows.left l(:field_fixed_version), (@issue.fixed_version ? link_to_version(@issue.fixed_version) : "-"), :class => 'fixed-version'
+    rows.left l(:field_fixed_version), (@issue.fixed_version ? @issue.fixed_version : "-"), :class => 'fixed-version'
   end
   unless @issue.disabled_core_fields.include?('start_date')
     rows.right l(:field_start_date), format_date(@issue.start_date), :class => 'start-date'

app/views/estimates/_search.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag("/qbo/estimate/doc", :method => "get", id: "est-search-form") do %>
+<%= form_tag(estimate_doc_path, :method => "get") do %>
     <%= text_field_tag :search, params[:search], placeholder: t(:label_search_estimates), :autocomplete => "off" %>
     <%= submit_tag t(:label_search), :formtarget => "_blank" %>
 <% end %>

app/views/public/401.html.erb

@@ -1 +0,0 @@
-<%= flash.now[:error] = t(:label_401) %>

app/views/qbo/_settings.html.erb

@@ -58,8 +58,13 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
     </tr>
 
      <tr>
-       <th><%=t(:label_oauth_expires)%></th>
-       <td><%= if Qbo.exists? then Qbo.first.expire end %>
+        <th><%=t(:label_oauth_expires)%></th>
+        <td><%= if Qbo.exists? then Qbo.first.oauth2_access_token_expires_at end %>
+      </tr>
+      
+      <tr>
+        <th><%=t(:label_oauth2_refresh_token_expires_at)%></th>
+        <td><%= if Qbo.exists? then Qbo.first.oauth2_refresh_token_expires_at end %>
      </tr>
 
   </tbody>

config/locales/en.yml

@@ -25,7 +25,6 @@ en:
   label_search_estimates: "Search Estimates"
   label_search: "Search"
   label_estimates: "Estimates"
-  label_401: "Not Authorized"
   warn_ru_sure: "You sure?"
   label_delete: "Delete"
   label_edit: "Edit"
@@ -87,4 +86,6 @@ en:
   label_billed_success: "Successfully Billed "
   label_billing_error: "Cannot bill without a customer assigned"
   label_qbo_sync_success: "Successfully synced to Quickbooks"
+  label_hours: "Hours"
+  label_oauth2_refresh_token_expires_at: "Refresh Token Expires At"
   

config/routes.rb

@@ -20,7 +20,7 @@ post 'qbo/webhook', :to => 'qbo#webhook'
 
 # Estimate & Invoice PDF
 get 'estimates/:id', :to => 'estimate#show', as: :estimate
-get 'estimates/doc/:id', :to => 'estimate#doc', as: :estimate_doc
+get 'estimates/doc/', :to => 'estimate#doc', as: :estimate_doc
 get 'invoices/:id', :to => 'invoice#show', as: :invoice
 
 #manual billing

db/migrate/032_add_txn_dates.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -26,7 +26,13 @@ class AddTxnDates < ActiveRecord::Migration[5.1]
 
         say "Sync Invoices"
 
-        invoices = QboInvoice.get_base.all
+        qbo = Qbo.first
+        invoices = qbo.perform_authenticated_request do |access_token|
+          service = Quickbooks::Service::Invoice.new(:company_id => qbo.realm_id, :access_token => access_token)
+          service.all
+        end
+
+        return unless invoices
 
         invoices.each { |invoice|
             # Load the invoice into the database

db/migrate/036_remove_qbo_time_entries.rb

@@ -0,0 +1,15 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2022 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class RemoveQboTimeEntries < ActiveRecord::Migration[5.1]
+  def change
+    rename_column :time_entries, :qbo_billed, :billed
+  end
+end

db/migrate/037_update_qbo_token.rb

@@ -0,0 +1,22 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2023 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class UpdateQboToken < ActiveRecord::Migration[5.1]
+  def change
+    add_column :qbos, :oauth2_access_token, :text
+    add_column :qbos, :oauth2_access_token_expires_at, :datetime
+    add_column :qbos, :oauth2_refresh_token, :text
+    add_column :qbos, :oauth2_refresh_token_expires_at, :datetime
+    add_column :qbos, :realm_id, :text
+    remove_column :qbos, :company_id
+    remove_column :qbos, :token
+    remove_column :qbos, :expire
+  end
+end

init.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -22,11 +22,11 @@ Redmine::Plugin.register :redmine_qbo do
   name 'Redmine Quickbooks Online plugin'
   author 'Rick Barrette'
   description 'This is a plugin for Redmine to intergrate with Quickbooks Online to allow for seamless intergration CRM and invoicing of completed issues'
-  version '1.1.3'
+  version '2.0.2'
   url 'https://github.com/rickbarrette/redmine_qbo'
-  author_url 'http://rickbarrette.org'
+  author_url 'https://barrettefabrication.com'
   settings :default => {'empty' => true}, :partial => 'qbo/settings'
-  requires_redmine :version_or_higher => '4.0.0'
+  requires_redmine :version_or_higher => '5.1.0'
   
   # Add safe attributes for core models
   Issue.safe_attributes 'customer_id'

lib/attachments_controller_patch.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2017 rick barrette
+#Copyright (c) 2022 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -12,26 +12,31 @@ require_dependency 'attachments_controller'
 
 module AttachmentsControllerPatch
 
-  def self.included(base) # :nodoc:
-    base.extend(ClassMethods)
+  def self.included(base)
 
-    base.send(:include, InstanceMethods)
-
-    # Same as typing in the class 
     base.class_eval do
       unloadable # Send unloadable so it will not be unloaded in development
 
-      skip_before_action :read_authorize
+      # check if login is globally required to access the application
+      def check_if_login_required
+        # no check needed if user is already logged in
+        return true if User.current.logged?
+        
+        # Pull up the attachmet, & verify if we have a valid token for the Issue
+        attachment = Attachment.find(params[:id])
+        token = CustomerToken.where("token = ? and expires_at > ?", session[:token], Time.now)
+        token = token.first
+        unless token.nil?
+          return true if token.issue_id == attachment.container_id
+        end
+        
+        require_login if Setting.login_required?
+      end
+      
     end
-  end
-      
-  module ClassMethods
 
   end
 
-  module InstanceMethods
-  
-  end
 end   
 
 # Add module to AttachmentsController

lib/issue_patch.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -52,46 +52,49 @@ module IssuePatch
       if spent_hours > 0 then
         
         # Prepare to create a new Time Activity
-        time_service = Qbo.get_base(:time_activity)
-        item_service = Qbo.get_base(:item)
-        time_entry = Quickbooks::Model::TimeActivity.new
+        qbo = Qbo.first
+        qbo.perform_authenticated_request do |access_token|
+          time_service = Quickbooks::Service::TimeActivity.new(:company_id => qbo.realm_id, :access_token => access_token)
+          item_service = Quickbooks::Service::Item.new(:company_id => qbo.realm_id, :access_token => access_token)
+          time_entry = Quickbooks::Model::TimeActivity.new
   
-        # Lets total up each activity before billing.
-        # This will simpify the invoicing with a single billable time entry per time activity
-        h = Hash.new(0)
-        spent_time.each do |entry|
-          h[entry.activity.name] += entry.hours
-          # update time entries billed status
-          entry.billed = true
-          entry.save
-        end
+          # Lets total up each activity before billing.
+          # This will simpify the invoicing with a single billable time entry per time activity
+          h = Hash.new(0)
+          spent_time.each do |entry|
+            h[entry.activity.name] += entry.hours
+            # update time entries billed status
+            entry.billed = true
+            entry.save
+          end
           
-        # Now letes upload our totals for each activity as their own billable time entry
-        h.each do |key, val|
+          # Now letes upload our totals for each activity as their own billable time entry
+          h.each do |key, val|
             
-          # Convert float spent time to hours and minutes
-          hours = val.to_i
-          minutesDecimal = (( val - hours) * 60)
-          minutes = minutesDecimal.to_i
+            # Convert float spent time to hours and minutes
+            hours = val.to_i
+            minutesDecimal = (( val - hours) * 60)
+            minutes = minutesDecimal.to_i
 
-          # Lets match the activity to an qbo item
-          item = item_service.query("SELECT * FROM Item WHERE Name = '#{key}' ").first
-          next if item.nil?
+            # Lets match the activity to an qbo item
+            item = item_service.query("SELECT * FROM Item WHERE Name = '#{key}' ").first
+            next if item.nil?
             
-          # Create the new billable time entry and upload it
-          time_entry.description = "#{tracker} ##{id}: #{subject} #{"(Partial @ #{done_ratio}%)" if not closed?}"
-          time_entry.employee_id = assigned_to.employee_id 
-          time_entry.customer_id = customer_id
-          time_entry.billable_status = "Billable"
-          time_entry.hours = hours
-          time_entry.minutes = minutes
-          time_entry.name_of = "Employee"
-          time_entry.txn_date = Date.today
-          time_entry.hourly_rate = item.unit_price
-          time_entry.item_id = item.id 
-          time_entry.start_time = start_date
-          time_entry.end_time = Time.now
-          time_service.create(time_entry)
+            # Create the new billable time entry and upload it
+            time_entry.description = "#{tracker} ##{id}: #{subject} #{"(Partial @ #{done_ratio}%)" if not closed?}"
+            time_entry.employee_id = assigned_to.employee_id 
+            time_entry.customer_id = customer_id
+            time_entry.billable_status = "Billable"
+            time_entry.hours = hours
+            time_entry.minutes = minutes
+            time_entry.name_of = "Employee"
+            time_entry.txn_date = Date.today
+            time_entry.hourly_rate = item.unit_price
+            time_entry.item_id = item.id 
+            time_entry.start_time = start_date
+            time_entry.end_time = Time.now
+            time_service.create(time_entry)
+          end
         end
       end
     end
@@ -99,7 +102,7 @@ module IssuePatch
   
   # Create a shareable link for a customer
   def share_token
-    CustomerToken.create(:expires_at => Time.now + 1.month, :issue_id => id)
+    CustomerToken.get_token self
   end
   
 end  

lib/issues_controller_patch.rb

@@ -0,0 +1,35 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2022 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+require_dependency 'issues_controller'
+
+module IssuesControllerPatch
+
+  module Helper
+    def watcher_link(issue, user)
+      link = +''
+      link << link_to(I18n.t(:label_bill_time), bill_path( issue.id ), method: :get, class: 'icon icon-email-add') if user.admin?
+      link << link_to(I18n.t(:label_share), share_path( issue.id ), method: :get, target: :_blank, class: 'icon icon-shared') if user.logged?
+      link.html_safe + super
+    end
+  end
+
+  def self.included(base)
+
+    base.class_eval do
+      unloadable # Send unloadable so it will not be unloaded in development
+      helper Helper
+    end
+
+  end
+
+end   
+
+# Add module to IssuessController
+IssuesController.send(:include, IssuesControllerPatch)

lib/issues_save_hook_listener.rb

@@ -19,7 +19,11 @@ class IssuesSaveHookListener < Redmine::Hook::ViewListener
   # Called After Issue Saved
   def controller_issues_edit_after_save(context={})
     issue = context[:issue]
-    issue.bill_time if issue.status.is_closed?
+    begin
+      issue.bill_time if issue.status.is_closed?
+    rescue
+      # TODO flash[:error] = "Unable to bill, check QBO Auth"
+    end
   end
 
 end

lib/issues_show_hook_listener.rb

@@ -60,11 +60,4 @@ class IssuesShowHookListener < Redmine::Hook::ViewListener
       })
   end
   
-  # Display Buttons under the issue above subtasks
-  def view_issues_show_description_bottom(context={})
-    bill_button = button_to I18n.t(:label_bill_time), bill_path( context[:issue].id ), method: :get if User.current.admin?
-    share_button = button_to I18n.t(:label_share), share_path( context[:issue].id ), method: :get if User.current.logged?
-    return "<br/> #{bill_button} #{share_button}"
-  end
-  
 end

lib/pdf_patch.rb

@@ -1,6 +1,6 @@
 #The MIT License (MIT)
 #
-#Copyright (c) 2022 rick barrette
+#Copyright (c) 2023 rick barrette
 #
 #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 #
@@ -11,7 +11,7 @@
 require_dependency 'redmine/export/pdf'
 require_dependency 'redmine/export/pdf/issues_pdf_helper'
 
-module IssuesPdfHelperPatch
+module PdfPatch
 
   def self.included(base)
     base.send(:include, InstanceMethods)
@@ -256,4 +256,4 @@ module IssuesPdfHelperPatch
   end
 end
 
-Redmine::Export::PDF::IssuesPdfHelper.send(:include, IssuesPdfHelperPatch)
+Redmine::Export::PDF::IssuesPdfHelper.send(:include, PdfPatch)