Refactor CustomerToken model for improved token management; streamline token generation and expiration handling, and enhance association with issues

Addressed the Bullet (the N+1 query detector) warning to include customers

app/controllers/customers_controller.rb

@@ -30,8 +30,6 @@ class CustomersController < ApplicationController
   before_action :view_customer, except: [:new, :view]
   skip_before_action :verify_authenticity_token, :check_if_login_required, only: [:view]
 
-  default_search_scope :names
-
   autocomplete :customer, :name, full: true, extra_data: [:id]
 
   def allowed_params
@@ -53,7 +51,7 @@ class CustomersController < ApplicationController
   # display a list of all customers
   def index
     if params[:search]
-      @customers = Customer.search(params[:search]).paginate(page: params[:page])
+      @customers = Customer.search(params[:search]).order(:name).paginate(page: params[:page])
       if only_one_non_zero?(@customers)
         redirect_to @customers.first
       end
@@ -136,60 +134,60 @@ class CustomersController < ApplicationController
 
   # creates new customer view tokens, removes expired tokens & redirects to newly created customer view with new token.
   def share
+    issue = Issue.find(params[:id])
 
-    Thread.new do
+    token = issue.share_token
-      logger.info "Removing expired customer tokens"
+    redirect_to view_path(token.token)
-      CustomerToken.remove_expired_tokens
-      ActiveRecord::Base.connection.close
-    end
 
-    begin
+  rescue ActiveRecord::RecordNotFound
-      issue = Issue.find_by_id(params[:id])
+    flash[:error] = t(:notice_issue_not_found)
-      redirect_to view_path issue.share_token.token
+    render_404
-    rescue
-      flash[:error] = t :notice_issue_not_found
-      render_404
-    end
   end
   
   # displays an issue for a customer with a provided security CustomerToken
   def view
+    User.current = User.anonymous
 
-    User.current = User.find_by lastname: 'Anonymous'
+    # Load only active, non-expired token
+    @token = CustomerToken.active.find_by(token: params[:token])
+    return render_403 unless @token
 
-    @token = CustomerToken.find_by token: params[:token]
+    # Load associated issue
-    begin
+    @issue = @token.issue
-      @token.destroy if @token.expired?
+    return render_403 unless @issue
-      raise "Token Expired" if @token.destroyed
-      
-      session[:token] = @token.token
-      @issue = Issue.find @token.issue_id
-      @journals = @issue.journals.
-        preload(:details).
-        preload(user: :email_address).
-        reorder(:created_on, :id).to_a
-      @journals.each_with_index {|j,i| j.indice = i+1}
-      @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
-      Journal.preload_journals_details_custom_fields(@journals)
-      @journals.select! {|journal| journal.notes? || journal.visible_details.any?}
-      @journals.reverse! if User.current.wants_comments_in_reverse_order?
 
-      @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
+    # Optional: enforce token belongs to the issue's customer
-      @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+    return render_403 unless @issue.customer_id == @token.issue.customer_id
 
-      @relations = @issue.relations.select {|r| r.other_issue(@issue) && r.other_issue(@issue).visible? }
+    # Store token in session for subsequent requests if needed
-      @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    session[:token] = @token.token
-      @priorities = IssuePriority.active
+
-      @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
+    load_issue_data
-      @relation = IssueRelation.new
+  rescue ActiveRecord::RecordNotFound
-    rescue
+    render_403
-      flash[:error] = t :notice_forbidden
-      render_403
-    end
   end
 
   private
 
+  def load_issue_data
+    @journals = @issue.journals.preload(:details).preload(user: :email_address).reorder(:created_on, :id).to_a
+
+    @journals.each_with_index { |j, i| j.indice = i + 1 }
+    @journals.reject!(&:private_notes?) unless User.current.allowed_to?(:view_private_notes, @issue.project)
+    Journal.preload_journals_details_custom_fields(@journals)
+    @journals.select! { |journal| journal.notes? || journal.visible_details.any? }
+    @journals.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @changesets = @issue.changesets.visible.preload(:repository, :user).to_a
+    @changesets.reverse! if User.current.wants_comments_in_reverse_order?
+
+    @relations = @issue.relations.select { |r| r.other_issue(@issue)&.visible? }
+    @allowed_statuses = @issue.new_statuses_allowed_to(User.current)
+    @priorities = IssuePriority.active
+    @time_entry = TimeEntry.new(issue: @issue, project: @issue.project)
+    @relation   = IssueRelation.new
+  end
+
   # redmine permission - add customers
   def add_customer
     global_check_permission(:add_customers)

app/controllers/estimate_controller.rb

@@ -15,18 +15,31 @@ class EstimateController < ApplicationController
   skip_before_action :verify_authenticity_token, :check_if_login_required, unless: proc {|c| session[:token].nil? }
 
   def get_estimate
+
+    e = Estimate.find_by_doc_number(params[:search]) if params[:search]
+    e = Estimate.find_by_id(params[:id]) if params[:id]
+
     # Force sync for estimate by doc number if not found
-    if  Estimate.find_by_doc_number(params[:search]).nil?
+    if  e.nil? && params[:search]
       begin
-        Estimate.sync_by_doc_number(params[:search]) if params[:search]
+        Estimate.sync_by_doc_number(params[:search])
+        e = Estimate.find_by_doc_number(params[:search])
       rescue
         logger.info "Estimate.find_by_doc_number failed"
       end
     end
 
-    estimate = Estimate.find_by_id(params[:id]) if params[:id]
+    # Force sync for estimate by id if not found
-    estimate = Estimate.find_by_doc_number(params[:search]) if params[:search]
+    if  e.nil? && params[:id]
-    return estimate
+      begin
+        Estimate.sync_by_id(params[:id])
+        e = Estimate.find_by_id(params[:id])
+      rescue
+        logger.info "Estimate.find_by_id failed"
+      end
+    end
+
+    return e
   end
   
   #

app/controllers/qbo_controller.rb

@@ -62,75 +62,29 @@ class QboController < ApplicationController
   
   # Manual Billing
   def bill
-    i = Issue.find_by_id params[:id]
+    issue = Issue.find_by(id: params[:id])
-    if i.customer
+    return render_404 unless issue
-      i.bill_time
-      redirect_to i, flash: { notice: I18n.t(:label_billed_success) + i.customer.name }
-    else
-      redirect_to i, flash: { error: I18n.t(:label_billing_error) }
-    end
-  end
-  
-  # Quickbooks Webhook Callback
-  def webhook
 
-    logger.info "Quickbooks is calling webhook"
+    unless issue.customer
-    
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_customer) }
-    # check the payload
+      return
-    signature = request.headers['intuit-signature']
-    key = Setting.plugin_redmine_qbo['settingsWebhookToken']
-    data = request.body.read
-    hash = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, data)).strip()
-    
-    # proceed if the request is good
-    if hash.eql? signature
-      Thread.new do
-        if request.headers['content-type'] == 'application/json'
-          data = JSON.parse(data)
-        else
-          # application/x-www-form-urlencoded
-          data = params.as_json
-        end
-        # Process the information
-        entities = data['eventNotifications'][0]['dataChangeEvent']['entities']
-        entities.each do |entity|
-          id = entity['id'].to_i
-          name = entity['name']
-        
-          logger.info "Casting #{name.constantize} to obj"
-
-          # Magicly initialize the correct class
-          obj = name.constantize
-
-          # for merge events
-          obj.destroy(entity['deletedId']) if entity['deletedId']
-          
-          #Check to see if we are deleting a record
-          if entity['operation'].eql? "Delete"
-            obj.destroy(id)
-          #if not then update!
-          else
-            begin
-              obj.sync_by_id(id)
-            rescue => e
-              logger.error "Failed to call sync_by_id on obj"
-              logger.error e.message
-              logger.error e.backtrace.join("\n")
-            end
-          end
-        end
-        
-        # Record that last time we updated
-        Qbo.update_time_stamp
-        ActiveRecord::Base.connection.close
-      end
-      # The webhook doesn't require a response but let's make sure we don't send anything
-      render nothing: true, status: 200
-    else
-      render nothing: true, status: 400
     end
 
-    logger.info "Quickbooks webhook complete"
+    unless issue.assigned_to&.employee_id.present?
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_employee) }
+      return
+    end
+
+    unless Qbo.first
+      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_qbo) }
+      return
+    end
+
+    BillIssueTimeJob.perform_later(issue.id)
+
+    redirect_to issue, flash: {
+      notice: I18n.t(:label_billing_enqueued) + " #{issue.customer.name}"
+    }
   end
 
   #
@@ -154,4 +108,33 @@ class QboController < ApplicationController
 
     redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
   end
+
+  # QuickBooks Webhook Callback
+  def webhook
+    logger.info "QBO: Webhook received"
+
+    signature = request.headers['intuit-signature']
+    key       = Setting.plugin_redmine_qbo['settingsWebhookToken']
+    body      = request.raw_post
+
+    digest = OpenSSL::Digest.new('sha256')
+    computed = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, key, body))
+
+    unless secure_compare(computed, signature)
+      logger.warn "QBO: Invalid webhook signature"
+      head :unauthorized
+      return
+    end
+
+    WebhookProcessJob.perform_later(body)
+
+    head :ok
+  end
+
+  private
+
+  def secure_compare(a, b)
+    return false if a.blank? || b.blank?
+    ActiveSupport::SecurityUtils.secure_compare(a, b)
+  end
 end

app/jobs/bill_issue_time_job.rb

@@ -0,0 +1,108 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class BillIssueTimeJob < ActiveJob::Base
+  queue_as :default
+
+  def perform(issue_id)
+    issue = Issue.find(issue_id)
+
+    Rails.logger.debug "QBO: Starting billing for issue ##{issue.id}"
+
+    issue.with_lock do
+      unbilled_entries = issue.time_entries.where(billed: [false, nil]).lock
+
+      return if unbilled_entries.blank?
+
+      totals = aggregate_hours(unbilled_entries)
+      return if totals.blank?
+
+      qbo = Qbo.first
+      raise "No QBO configuration found" unless qbo
+
+      qbo.perform_authenticated_request do |access_token|
+        create_time_activities(issue, totals, access_token, qbo)
+      end
+
+      # Only mark billed AFTER successful QBO creation
+      unbilled_entries.update_all(billed: true)
+    end
+
+    Rails.logger.debug "QBO: Completed billing for issue ##{issue.id}"
+  rescue => e
+    Rails.logger.error "QBO: Billing failed for issue ##{issue_id} - #{e.message}"
+    raise e
+  end
+
+  private
+
+  def aggregate_hours(entries)
+    entries.includes(:activity)
+           .group_by { |e| e.activity&.name }
+           .transform_values { |rows| rows.sum(&:hours) }
+           .compact
+  end
+
+  def create_time_activities(issue, totals, access_token, qbo)
+    time_service = Quickbooks::Service::TimeActivity.new(
+      company_id: qbo.realm_id,
+      access_token: access_token
+    )
+
+    item_service = Quickbooks::Service::Item.new(
+      company_id: qbo.realm_id,
+      access_token: access_token
+    )
+
+    totals.each do |activity_name, hours_float|
+      next if activity_name.blank?
+      next if hours_float.to_f <= 0
+
+      item = find_item(item_service, activity_name)
+      next unless item
+
+      hours, minutes = convert_hours(hours_float)
+
+      time_entry = Quickbooks::Model::TimeActivity.new
+      time_entry.description     = build_description(issue)
+      time_entry.employee_id     = issue.assigned_to.employee_id
+      time_entry.customer_id     = issue.customer_id
+      time_entry.billable_status = "Billable"
+      time_entry.hours           = hours
+      time_entry.minutes         = minutes
+      time_entry.name_of         = "Employee"
+      time_entry.txn_date        = Date.today
+      time_entry.hourly_rate     = item.unit_price
+      time_entry.item_id         = item.id
+
+      Rails.logger.debug "QBO: Creating TimeActivity for #{activity_name} (#{hours}h #{minutes}m)"
+
+      time_service.create(time_entry)
+    end
+  end
+
+  def convert_hours(hours_float)
+    total_minutes = (hours_float.to_f * 60).round
+    hours = total_minutes / 60
+    minutes = total_minutes % 60
+    [hours, minutes]
+  end
+
+  def build_description(issue)
+    base = "#{issue.tracker} ##{issue.id}: #{issue.subject}"
+    return base if issue.closed?
+    "#{base} (Partial @ #{issue.done_ratio}%)"
+  end
+
+  def find_item(item_service, name)
+    safe = name.gsub("'", "\\\\'")
+    item_service.query("SELECT * FROM Item WHERE Name = '#{safe}'").first
+  end
+end

app/jobs/webhook_process_job.rb

@@ -0,0 +1,59 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class WebhookProcessJob < ActiveJob::Base
+  queue_as :default
+
+  ALLOWED_ENTITIES = %w[
+    Customer
+    Invoice
+    Estimate
+  ].freeze
+
+  def perform(raw_body)
+    data = JSON.parse(raw_body)
+
+    data.fetch('eventNotifications', []).each do |notification|
+      entities = notification.dig('dataChangeEvent', 'entities') || []
+
+      entities.each do |entity|
+        process_entity(entity)
+      end
+    end
+
+    Qbo.update_time_stamp
+  end
+
+  private
+
+  def process_entity(entity)
+    name = entity['name']
+    id   = entity['id']&.to_i
+
+    return unless ALLOWED_ENTITIES.include?(name)
+
+    model = name.safe_constantize
+    return unless model
+
+    if entity['deletedId']
+      model.destroy(entity['deletedId'])
+      return
+    end
+
+    if entity['operation'] == "Delete"
+      model.destroy(id)
+    else
+      model.sync_by_id(id)
+    end
+  rescue => e
+    Rails.logger.error "QBO Webhook entity processing failed"
+    Rails.logger.error e.message
+  end
+end

app/models/customer.rb

@@ -9,6 +9,9 @@
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 class Customer < ActiveRecord::Base
+
+  include Redmine::Acts::Searchable
+  include Redmine::Acts::Event
   
   has_many :issues
   has_many :invoices
@@ -17,11 +20,16 @@ class Customer < ActiveRecord::Base
   validates_presence_of :id, :name
   
   self.primary_key = :id
-  
+
-  # returns a human readable string
+  acts_as_searchable columns: %w[name phone_number mobile_phone_number ],
-  def to_s
+                     scope: ->(_context) { left_joins(:project) },
-    return "#{self[:name]} - #{phone_number.split(//).last(4).join unless phone_number.nil?}"
+                     date_column: :updated_at
-  end
+
+  acts_as_event :title => Proc.new {|o| "#{o}"},
+                :url => Proc.new {|o| { :controller => 'customers', :action => 'show', :id => o.id} },
+                :type => :to_s,
+                :description => Proc.new {|o| "#{I18n.t :label_primary_phone}: #{o.phone_number} #{I18n.t:label_mobile_phone}: #{o.mobile_phone_number}"},
+                :datetime => Proc.new {|o| o.updated_at || o.created_at}
   
   # Convenience Method
   # returns the customer's email
@@ -40,7 +48,7 @@ class Customer < ActiveRecord::Base
     pull unless @details
     @details.email_address = s
   end
-  
+
   # Convenience Method
   # returns the customer's primary phone
   def primary_phone
@@ -62,7 +70,13 @@ class Customer < ActiveRecord::Base
     #update our locally stored number too
     update_phone_number
   end
-  
+
+  # Customers are not bound by a project
+  # but we need to implement this method for the Redmine::Acts::Searchable interface
+  def project
+    nil
+  end
+
   # Convenience Method
   # returns the customer's mobile phone
   def mobile_phone
@@ -166,11 +180,25 @@ class Customer < ActiveRecord::Base
       end
     end
   end
-  
+
-  # Searchs the database for a customer by name or phone number with out special chars
+  # Seach for customers by name or phone number
   def self.search(search)
-    customers = where("name LIKE ? OR phone_number LIKE ? OR mobile_phone_number LIKE ?", "%#{search}%", "%#{search}%", "%#{search}%")
+    search = sanitize_sql_like(search)
-    return customers.order(:name)
+    where("name LIKE ? OR phone_number LIKE ? OR mobile_phone_number LIKE ?", "%#{search}%", "%#{search}%", "%#{search}%")
+  end
+
+  # Override the defult redmine seach method to rank results by id
+  def self.search_result_ranks_and_ids(tokens, user, project = nil, options = {})
+    return {} if tokens.blank?
+
+    scope = self.all
+
+    tokens.each do |token|
+      scope = scope.search(token)
+    end
+
+    ids = scope.distinct.limit(options[:limit] || 100).pluck(:id)
+    ids.index_with { |id| id }
   end
   
   # proforms a bruteforce sync operation
@@ -200,22 +228,32 @@ class Customer < ActiveRecord::Base
     end
   end
   
+  # returns a human readable string
+  def to_s
+    return "#{self[:name]} - #{phone_number.split(//).last(4).join unless phone_number.nil?}"
+  end
+
   # Push the updates
   def save_with_push
     begin
       qbo = Qbo.first
       @details = qbo.perform_authenticated_request do |access_token|
-        service = Quickbooks::Service::Customer.new(company_id: qbo.realm_id, access_token: access_token)
+        service = Quickbooks::Service::Customer.new(
+          company_id: qbo.realm_id,
+          access_token: access_token
+        )
         service.update(@details)
       end
-      #raise "QBO Fault" if @details.fault?
+
       self.id = @details.id
-    rescue Exception => e
+    rescue => e
-      errors.add(e.message)
+      errors.add(:base, e.message)
+      return false
     end
+
     save_without_push
   end
-  
+
   alias_method :save_without_push, :save
   alias_method :save, :save_with_push
   

app/models/customer_token.rb

@@ -8,54 +8,44 @@
 #
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-class CustomerToken < ActiveRecord::Base
+class CustomerToken < ApplicationRecord
-  
+  belongs_to :issue
-  has_many :issues
-  validates_presence_of :issue_id
-  before_create :generate_token, :generate_expire_date
-  attr_accessor :destroyed
-  after_destroy :mark_as_destroyed
 
-  OAUTH_CONSUMER_SECRET = Setting.plugin_redmine_qbo['settingsOAuthConsumerSecret'] || 'CONFIGURE__' + SecureRandom.uuid
+  validates :issue_id, presence: true
-  
+  validates :token, presence: true, uniqueness: true
-  # generates a random token using the plugin setting settingsOAuthConsumerSecret for salt
-  def generate_token
-    self.token = SecureRandom.base64(15).tr('+/=lIO0', OAUTH_CONSUMER_SECRET)
-  end
 
-  # generates an expiring date
+  before_validation :generate_token, on: :create
-  def generate_expire_date
+  before_validation :generate_expire_date, on: :create
-    self.expires_at = Time.now + 1.month
-  end
 
-  # set destroyed flag
+  scope :active, -> { where("expires_at > ?", Time.current) }
-  def mark_as_destroyed
+
-    self.destroyed = true
+  TOKEN_EXPIRATION = 1.month
-  end
 
-  # purge expired tokens
-  def self.remove_expired_tokens
-    where("expires_at < ?", Time.now).destroy_all
-  end
-  
-  # has the token expired?
   def expired?
-    self.expires_at < Time.now
+    expires_at.present? && expires_at <= Time.current
+  end
+
+  def self.remove_expired_tokens
+    where("expires_at <= ?", Time.current).delete_all
   end
 
-  # Getter convenience method for tokens
   def self.get_token(issue)
-    
+    return unless issue
-    # check to see if token exists & if it is expired
+    return unless User.current.allowed_to?(:view_issues, issue.project)
-    token = find_by_issue_id issue.id
-    unless token.nil?
-      return token unless token.expired?
-      # remove expired tokens
-      token.destroy
-    end
 
-    # only create new token if we have an issue to attach it to
+    token = active.find_by(issue_id: issue.id)
-    return create(issue_id: issue.id) if User.current.logged?
+    return token if token
+
+    create!(issue: issue)
   end
 
-end
+  private
+
+  def generate_token
+    self.token ||= SecureRandom.urlsafe_base64(32)
+  end
+
+  def generate_expire_date
+    self.expires_at ||= Time.current + TOKEN_EXPIRATION
+  end
+end

app/views/customers/_search.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag(customers_path, method: "get", id: "search-form") do %>
+<%= form_tag(customers_path, method: "get", id: "customer-search-form") do %>
     <%= text_field_tag :search, params[:search], placeholder: t(:label_search_customers), autocomplete: "off" %>
     <%= submit_tag t(:label_search) %>
 <% end %>

app/views/estimates/_search.html.erb

@@ -1,4 +1,4 @@
-<%= form_tag(estimate_doc_path, method: "get") do %>
+<%= form_tag(estimate_doc_path, method: "get", id: "estimate-search-form") do %>
     <%= text_field_tag :search, params[:search], placeholder: t(:label_search_estimates), autocomplete: "off" %>
     <%= submit_tag t(:label_search), formtarget: "_blank" %>
 <% end %>

app/views/qbo/_footer.html.erb

@@ -1,3 +1,3 @@
-"<div id='footer' align='center'>
+<div id='footer' align='center'>
-    <b><%=I18n.translate(:label_last_sync)%>: </b> <%=Qbo.last_sync if Qbo.exists?%>
+     <%= render partial: 'qbo/last_sync' %>
-</div>"
+</div>

assets/javascripts/application.js

@@ -9,14 +9,12 @@ function getSelectedDocs() {
   const appointent_extras = document.querySelectorAll('.appointment');
 
   let output = '';
-for (const item of appointent_extras) {
+  for (const item of appointent_extras) {
     if (item.checked) {
       console.log(`Checked item: ${item.dataset.text} with URL: ${item.dataset.url}`);
       output += `%0A`+ encodeURIComponent(`<a href="${window.location.origin}${item.dataset.url}">${item.dataset.text}</a>`) +`%0A`;
     }
   }
   
-
-  // You can return the array or use it as needed
   return output;
 }

config/locales/en.yml

@@ -11,94 +11,98 @@
 # English strings go here for Rails i18n
 # Usage I18n.t(:label)
 en:
-  field_customer: "Customer"
+  button_bulk_pdf: "Bulk PDF"
-  field_employee: "Employee"
+  customer_details: "Customer Details"
-  field_invoice: "Invoice"
-  field_estimate: "Estimate" 
-  field_notes: "Notes"
   field_billed: "Billed"
-  label_week: "Week"
+  field_customer: "Customer"
-  label_search_estimates: "Search Estimates"
+  field_customers: "Customers"
-  label_search: "Search"
+  field_employee: "Employee"
-  label_estimates: "Estimates"
+  field_estimate: "Estimate"
-  warn_ru_sure: "You sure?"
+  field_invoice: "Invoice"
-  label_delete: "Delete"
+  field_notes: "Notes"
-  label_edit: "Edit"
-  label_year: "Year"
-  label_make: " Make"
-  label_model: "Model"
-  label_no_customers: "There are no customers containing the term(s)"
-  label_matching: "Matching "
-  label_open_issues: "Open Issues"
-  label_closed_issues: "Closed Issues"
-  label_sync: "Sync"
-  label_new_customer: "New Customer"
-  label_search_customers: "Search Customers"
-  label_customers: "Customers"
-  label_edit_customer: "Edit Customer"
-  label_email: "Email"
-  label_primary_phone: "Primary Phone"
-  label_mobile_phone: "Mobile Phone"
-  label_billing_address: "Billing Address"
-  label_shipping_address: "Shipping Address"
   label_account_balance: "Account Balance"
-  label_balance_with_jobs: "Balance With Jobs"
+  label_actions: "Actions"
-  label_display_name: "Display Name"
-  label_details: "Details"
-  label_customer_link_expires: "This customer link expires in"
   label_amount: "Amount"
-  label_deposit_into: "Deposit to Account"
+  label_appointment: "Add Appointment"
-  label_last_sync: "Last Sync"
+  label_balance_with_jobs: "Balance With Jobs"
-  label_redmine_qbo: "Redmine Quickbooks"
+  label_bill_time: "Bill Time"
-  label_customer_count: "Customer Count"
+  label_billing_address: "Billing Address"
-  label_invoice_count: "Invoice Count"
+  label_billing_error: "Customer could not be billed. Check for Customer or Assignee and try again."
-  label_estimate_count: "Estimate Count"
+  label_billing_error_no_customer: "Cannot bill without an assigned customer."
-  label_employee_count: "Employee Count"
+  label_billing_error_no_employee: "Cannot bill without an assigned employee."
+  label_billing_error_no_qbo: "Cannot bill without a QuickBooks connection. Please connect to QuickBooks and try again."
+  label_billing_enqueued: "Billing has been enqueued for issue"
+  label_billed_success: "Successfully billed "
   label_client_id: "Intuit QBO OAuth2 Client ID"
   label_client_secret: "Intuit QBO OAuth2 Client Secret"
-  label_webhook_token: "Intuit QBO Webhook Token"
+  label_closed_issues: "Closed Issues"
-  label_oauth_expires: "OAuth2 Access Token Expires At"
+  label_connected: "Successfully connected to QuickBooks"
-  label_oauth_note: "Note: You need to authenticate with Quickbooks after saving your key and secret above"
+  label_create_estimate: "Create Estimate"
-  field_customers: "Customers"
+  label_customer_count: "Customer Count"
+  label_customer_link_expires: "This customer link expires in"
+  label_customers: "Customers"
+  label_delete: "Delete"
+  label_deposit_into: "Deposit to Account"
+  label_details: "Details"
+  label_display_name: "Display Name"
+  label_door: "Door"
+  label_edit: "Edit"
+  label_edit_customer: "Edit Customer"
+  label_email: "Email"
+  label_employee_count: "Employee Count"
+  label_error: "Error"
+  label_estimate_404: "Estimate not found"
+  label_estimate_count: "Estimate Count"
+  label_estimates: "Estimates"
+  label_hours: "Hours"
+  label_invoice_404: "Invoice not found"
+  label_invoice_count: "Invoice Count"
+  label_invoices: "Invoices"
+  label_last_sync: "Last Sync"
+  label_load_customer: "Load Customer"
+  label_make: "Make"
+  label_matching: "Matching"
+  label_mobile_phone: "Mobile Phone"
+  label_model: "Model"
+  label_name: "Name"
+  label_new_customer: "New Customer"
+  label_no_customers: "There are no customers matching the search term(s)."
   label_no_estimates: "No Estimates"
   label_no_invoices: "No Invoices"
-  label_invoices: "Invoices"
-  label_load_customer: "Load Customer"
-  label_door: "Door"
-  label_trim: "Trim"
-  label_bill_time: "Bill Time"
-  label_share: "Share"
-  label_sync_now: "Sync Now"
-  label_invoice_404: "Invoice not found"
-  label_estimate_404: "Estimate not found"
-  label_connected: "Successfully connected to Quickbooks"
-  label_error: "Error"
-  label_billed_success: "Successfully Billed "
-  label_billing_error: "Cannot bill without a customer assigned"
-  label_qbo_sync_success: "Successfully synced to Quickbooks"
-  label_hours: "Hours"
   label_oauth2_refresh_token_expires_at: "Refresh Token Expires At"
-  label_name: "Name"
+  label_oauth_expires: "OAuth2 Access Token Expires At"
-  label_appointment: "Add Appointment"
+  label_oauth_note: "Note: You need to authenticate with QuickBooks after saving your key and secret above."
-  label_actions: "Actions"
+  label_open_issues: "Open Issues"
-  label_create_estimate: "Create Estimate"
+  label_primary_phone: "Primary Phone"
-  label_syncing: "Syncing Quickbooks"
+  label_qbo_sync_success: "Successfully synced to QuickBooks"
+  label_redmine_qbo: "Redmine QuickBooks"
   label_sandbox: "Sandbox"
-  button_bulk_pdf: "Bulk PDF"
+  label_search: "Search"
+  label_search_customers: "Search Customers"
+  label_search_estimates: "Search Estimates"
   label_select_all: "Select All"
-  notice_customer_created: "Customer created in Quickbooks"
+  label_share: "Share"
-  notice_customer_updated: "Customer updated in Quickbooks"
+  label_shipping_address: "Shipping Address"
-  notice_customer_not_found: "Customer not found in Quickbooks"
+  label_sync: "Sync"
-  notice_customer_not_deleted: "Customer could not be deleted in Quickbooks"
+  label_sync_now: "Sync Now"
-  notice_customer_deleted: "Customer deleted in Quickbooks"
+  label_syncing: "Syncing QuickBooks"
-  notice_estimate_created: "Estimate created in Quickbooks"
+  label_trim: "Trim"
-  notice_estimate_updated: "Estimate updated in Quickbooks"
+  label_webhook_token: "Intuit QBO Webhook Token"
+  label_week: "Week"
+  label_year: "Year"
+  notice_customer_created: "Customer created in QuickBooks"
+  notice_customer_deleted: "Customer deleted in QuickBooks"
+  notice_customer_not_deleted: "Customer could not be deleted in QuickBooks"
+  notice_customer_not_found: "Customer not found in QuickBooks"
+  notice_customer_updated: "Customer updated in QuickBooks"
+  notice_error_project_nil: "The issue's project is nil. Set project to:"
+  notice_error_tracker_nil: "The issue's tracker is nil. Set tracker to:"
+  notice_estimate_created: "Estimate created in QuickBooks"
   notice_estimate_not_found: "Estimate not found"
-  notice_invoice_created: "Invoice created in Quickbooks"
+  notice_estimate_updated: "Estimate updated in QuickBooks"
-  notice_invoice_updated: "Invoice updated in Quickbooks"
+  notice_forbidden: "You do not have permission to access this resource."
+  notice_invoice_created: "Invoice created in QuickBooks"
   notice_invoice_not_found: "Invoice not found"
-  notice_forbidden: "You do not have permission to access this resource"
+  notice_invoice_updated: "Invoice updated in QuickBooks"
   notice_issue_not_found: "Issue not found"
-  customer_details: "Customer Details"
+  warn_ru_sure: "Are you sure?"
-  notice_error_project_nil: "The issue's project is nil, set project to: "
-  notice_error_tracker_nil: "The issue's tracker is nil, set tracker to: "

db/migrate/038_add_customers_timestamp.rb

@@ -0,0 +1,15 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class AddCustomersTimestamp < ActiveRecord::Migration[5.1]
+  def change
+    add_timestamps(:customers, null: true)
+  end
+end

db/migrate/039_add_full_text_index_to_customers.rb

@@ -0,0 +1,16 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class AddFullTextIndexToCustomers < ActiveRecord::Migration[7.0]
+  def change
+    # This creates a combined index for name and phone fields
+    add_index :customers, [:name, :phone_number, :mobile_phone_number], type: :fulltext, name: 'ft_search_idx'
+  end
+end

init.rb

@@ -14,7 +14,7 @@ Redmine::Plugin.register :redmine_qbo do
   name 'Redmine QBO plugin'
   author 'Rick Barrette'
   description 'A pluging for Redmine to connect with QuickBooks Online to create Time Activity Entries for billable hours logged when an Issue is closed'
-  version '2026.2.5'
+  version '2026.2.15'
   url 'https://github.com/rickbarrette/redmine_qbo'
   author_url 'https://barrettefabrication.com'
   settings default: {empty: true}, partial: 'qbo/settings'
@@ -37,6 +37,10 @@ Redmine::Plugin.register :redmine_qbo do
   # Register top menu items
   menu :top_menu, :customers, { controller: :customers, action: :index }, caption: :label_customers, if: Proc.new {User.current.logged?}
     
+  Redmine::Search.map do |search|
+    search.register :customers
+  end
+
 end
 
 # Dynamically load all Hooks & Patches recursively

lib/redmine_qbo/hooks/view_hook_listener.rb

@@ -15,10 +15,11 @@ module RedmineQbo
 
       # Load the javascript to support the autocomplete forms
       def view_layouts_base_html_head(context = {})
-        js = javascript_include_tag 'application.js', plugin: :redmine_qbo
+        safe_join([
-        js += javascript_include_tag 'autocomplete-rails.js', plugin: :redmine_qbo
+          javascript_include_tag( 'application.js', plugin: :redmine_qbo),
-        js += javascript_include_tag 'checkbox_controller.js', plugin: :redmine_qbo
+          javascript_include_tag( 'autocomplete-rails.js', plugin: :redmine_qbo),
-        return js
+          javascript_include_tag( 'checkbox_controller.js', plugin: :redmine_qbo)
+        ])
       end
 
       render_on :view_layouts_base_sidebar, partial: "qbo/sidebar"

lib/redmine_qbo/patches/issue_patch.rb

@@ -12,123 +12,59 @@ require_dependency 'issue'
 
 module RedmineQbo
   module Patches
-
-    # Patches Redmine's Issues dynamically.
-    # Adds relationships for customers, estimates, invoices, customer_tokens
-    # Adds before and after save hooks
     module IssuePatch
 
-      def self.included(base) # :nodoc:
+      def self.included(base)
         base.extend(ClassMethods)
-
         base.send(:include, InstanceMethods)
 
-        # Same as typing in the class 
         base.class_eval do
-          belongs_to :customer, primary_key: :id
+          belongs_to :customer, class_name: 'Customer', foreign_key: :customer_id, optional: true
           belongs_to :customer_token, primary_key: :id
           belongs_to :estimate, primary_key: :id
           has_and_belongs_to_many :invoices
+
           before_save :titlize_subject
-          after_save :bill_time
+          after_commit :enqueue_billing, on: :update
         end
-        
       end
-        
+
       module ClassMethods
-        
+
       end
-      
+
       module InstanceMethods
-        
-        # Create billable time entries
-        def bill_time
-          logger.debug "QBO: Billing time for issue ##{id}"
-          return unless  status.is_closed?
-          return if assigned_to.nil?
-          return unless Qbo.first 
-          return unless customer 
 
-          Thread.new do
+        def enqueue_billing
-            spent_time = time_entries.where(billed: [false, nil])
+          Rails.logger.debug "QBO: Checking if issue needs to be billed for issue ##{id}"
-            spent_hours ||= spent_time.sum(:hours) || 0
+          #return unless saved_change_to_status_id?
-            
+          return unless closed?
-            if spent_hours > 0 then
+          return unless customer.present?
-              
+          return unless assigned_to&.employee_id.present?
-              # Prepare to create a new Time Activity
+          return unless Qbo.first
-              qbo = Qbo.first
-              qbo.perform_authenticated_request do |access_token|
-                time_service = Quickbooks::Service::TimeActivity.new(company_id: qbo.realm_id, access_token: access_token)
-                item_service = Quickbooks::Service::Item.new(company_id: qbo.realm_id, access_token: access_token)
-                time_entry = Quickbooks::Model::TimeActivity.new
-        
-                # Lets total up each activity before billing.
-                # This will simpify the invoicing with a single billable time entry per time activity
-                h = Hash.new(0)
-                spent_time.each do |entry|
-                  h[entry.activity.name] += entry.hours
-                  # update time entries billed status
-                  entry.billed = true
-                  entry.save
-                end
-                
-                # Now letes upload our totals for each activity as their own billable time entry
-                h.each do |key, val|
-                  
-                  # Convert float spent time to hours and minutes
-                  hours = val.to_i
-                  minutesDecimal = (( val - hours) * 60)
-                  minutes = minutesDecimal.to_i
 
-                  # Lets match the activity to an qbo item
+          Rails.logger.debug "QBO: Enqueuing billing for issue ##{id}"
-                  item = item_service.query("SELECT * FROM Item WHERE Name = '#{key}' ").first
+          BillIssueTimeJob.perform_later(id)
-                  next if item.nil?
+        end
-                  
+
-                  # Create the new billable time entry and upload it
+        def titlize_subject
-                  time_entry.description = "#{tracker} ##{id}: #{subject} #{"(Partial @ #{done_ratio}%)" if not closed?}"
+          Rails.logger.debug "QBO: Titlizing subject for issue ##{id}"
-                  time_entry.employee_id = assigned_to.employee_id 
+
-                  time_entry.customer_id = customer_id
+          self.subject = subject.split(/\s+/).map do |word|
-                  time_entry.billable_status = "Billable"
+            if word =~ /[A-Z]/ && word =~ /[0-9]/
-                  time_entry.hours = hours
+              word
-                  time_entry.minutes = minutes
+            else
-                  time_entry.name_of = "Employee"
+              word.capitalize
-                  time_entry.txn_date = Date.today
-                  time_entry.hourly_rate = item.unit_price
-                  time_entry.item_id = item.id 
-                  time_entry.start_time = start_date
-                  time_entry.end_time = Time.now
-                  time_service.create(time_entry)
-                end
-              end
             end
-          end
+          end.join(' ')
         end
       end
-      
+
-      # Create a shareable link for a customer
       def share_token
-        CustomerToken.get_token self
+        CustomerToken.get_token(self)
       end
-      
+    end
-      # Titleize the subject before save , but keep words containing numbers mixed with letters capitalized
-      def titlize_subject
-        logger.debug "QBO: Titlizing subject for issue ##{self.id}"
-        self.subject = self.subject.split(/\s+/).map do |word|
-          # If word is NOT purely alphanumeric (contains special chars),
-          # or is all upper/lower, we can handle it.
-          # excluding alphanumeric strings with mixed case and numbers (e.g., "ID555ABC") from being altered.
-          if word =~ /[A-Z]/ && word =~ /[0-9]/
-            word
-          else
-            word.downcase
-            word.capitalize
-          end
-        end.join(' ')
-      end
-    end  
 
-    # Add module to Issue
     Issue.send(:include, IssuePatch)
-
   end
 end

lib/redmine_qbo/patches/query_patch.rb

@@ -13,6 +13,20 @@ require_dependency 'issue_query'
 module RedmineQbo
   module Patches
     module QueryPatch
+
+      def base_scope
+        scope = super
+
+        if filters['customer_name'].present?
+          scope = scope.left_outer_joins(:customer)
+        end
+
+        if has_column?(:customer) || filters['customer_name'].present?
+          scope = scope.includes(:customer)
+        end
+
+        scope
+      end
       
       # Add qbo options to the aviable columns
       def available_columns
@@ -26,10 +40,27 @@ module RedmineQbo
       
       # Add customers to filters
       def initialize_available_filters
-        #add_available_filter "customer", type: :text
+        #add_available_filter "customer_id", type: :list, name: l(:field_customer), :values => lambda {Customer.pluck(:name, :id).map {|name, id| [name, id.to_s]}}
+        add_available_filter( 'customer_name', type: :text, name: l(:field_customer))
         super
       end
 
+      def sql_for_customer_name_field(field, operator, value)
+        pattern = "%#{value.first}%"
+
+        sql = case operator
+              when '~'
+                "#{Customer.table_name}.name LIKE ?"
+              when '!~'
+                "#{Customer.table_name}.name NOT LIKE ?"
+              else
+                return nil
+              end
+
+        Issue.joins(:customer).sanitize_sql_for_conditions([sql, pattern])
+      end
+
+
     end
 
     # Add module to Issue