2026.3.0

app/controllers/customers_controller.rb

@@ -120,18 +120,6 @@ class CustomersController < ApplicationController
     end
   end
 
-  # delete a customer
-  def destroy
-    begin
-      Customer.find_by_id(params[:id]).destroy
-      flash[:notice] = t :notice_customer_deleted
-      redirect_to action: :index
-    rescue 
-      flash[:error] = t :notice_customer_not_deleted
-      render_404
-    end
-  end
-
   # creates new customer view tokens, removes expired tokens & redirects to newly created customer view with new token.
   def share
     issue = Issue.find(params[:id])
@@ -212,17 +200,26 @@ class CustomersController < ApplicationController
   end
 
   # format a quickbooks address to a human readable string
-  def address_to_s (address)
+  def address_to_s(address)
     return if address.nil?
-    string = address.line1 if address.line1
-    string << "\n" + address.line2 if address.line2
-    string << "\n" + address.line3 if address.line3
-    string << "\n" + address.line4 if address.line4
-    string << "\n" + address.line5 if address.line5
-    string << " " + address.city if address.city
-    string << ", " + address.country_sub_division_code if address.country_sub_division_code
-    string << " " + address.postal_code if address.postal_code
-    return string
+
+    lines = [
+      address.line1,
+      address.line2,
+      address.line3,
+      address.line4,
+      address.line5
+    ].compact_blank
+
+    city_line = [
+      address.city,
+      address.country_sub_division_code,
+      address.postal_code
+    ].compact_blank.join(" ")
+
+    lines << city_line unless city_line.blank?
+
+    lines.join("\n")
   end
 
   def log(msg)

app/controllers/estimate_controller.rb

@@ -65,7 +65,7 @@ class EstimateController < ApplicationController
 
   # Renders the estimate PDF or redirects with an error if rendering fails.
   def render_pdf(estimate)
-    pdf, ref = EstimatePdfService.new(qbo: Qbo.first).fetch_pdf(doc_ids: [estimate.id])
+    pdf, ref = EstimatePdfService.new(qbo: QboConnectionService.current!).fetch_pdf(doc_ids: [estimate.id])
     send_data( pdf, filename: "estimate #{ref}.pdf", disposition: :inline, type: "application/pdf" )
   rescue StandardError => e
     log "PDF render failed for Estimate #{estimate&.id}: #{e.message}"

app/controllers/invoice_controller.rb

@@ -18,7 +18,7 @@ class InvoiceController < ApplicationController
     log "Processing request for #{request.original_url}"
 
     invoice_ids = Array(params[:invoice_ids] || params[:id])
-    pdf, ref = InvoicePdfService.new(qbo: Qbo.first).fetch_pdf(doc_ids: invoice_ids)
+    pdf, ref = InvoicePdfService.new(qbo: QboConnectionService.current!).fetch_pdf(doc_ids: invoice_ids)
 
     send_data pdf, filename: "invoice #{ref}.pdf", disposition: :inline, type: "application/pdf"
 

app/controllers/qbo_controller.rb

@@ -9,129 +9,68 @@
 #THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 class QboController < ApplicationController
-  
-  require 'openssl'
-  
   include AuthHelper
-  
+
   before_action :require_user, except: :webhook
-  skip_before_action :verify_authenticity_token, :check_if_login_required, only: [:webhook]
+  skip_before_action :verify_authenticity_token, :check_if_login_required, only: :webhook
 
-  def allowed_params
-    params.permit(:code, :state, :realmId, :id)
-  end
-
-  #
-  # Called when the user requests that Redmine to connect to QBO
-  #
+  # Initiates the OAuth authentication process by redirecting the user to the QuickBooks authorization URL. The callback URL is generated based on the application's settings and routes.
   def authenticate
-    redirect_uri = "#{Setting.protocol}://#{Setting.host_name + qbo_oauth_callback_path}"
-    log "redirect_uri: #{redirect_uri}"
-    oauth2_client = Qbo.construct_oauth2_client
-    grant_url = oauth2_client.auth_code.authorize_url(redirect_uri: redirect_uri, response_type: "code", state: SecureRandom.hex(12), scope: "com.intuit.quickbooks.accounting")
-    redirect_to grant_url
+    redirect_to QboOauthService.authorization_url(callback_url: callback_url)
   end
-  
-  #
-  # Called by QBO after authentication has been processed
-  #
+
+  # Handles the OAuth callback from QuickBooks. Exchanges the authorization code for access and refresh tokens, saves the connection details, and redirects to the sync page with a success notice. If any error occurs during the process, logs the error and redirects back to the plugin settings page with an error message.
   def oauth_callback
-    if params[:state].present?
-      oauth2_client = Qbo.construct_oauth2_client
-      # use the state value to retrieve from your backend any information you need to identify the customer in your system
-      redirect_uri = "#{Setting.protocol}://#{Setting.host_name + qbo_oauth_callback_path}"
-      if resp = oauth2_client.auth_code.get_token(params[:code], redirect_uri: redirect_uri)
-        
-        # Remove the last authentication information
-        Qbo.delete_all
-        
-        # Save the authentication information 
-        qbo = Qbo.new
-        qbo.update(oauth2_access_token: resp.token, oauth2_refresh_token: resp.refresh_token, realm_id: params[:realmId])
-        qbo.refresh_token!
-        
-        if qbo.save!
-          redirect_to qbo_sync_path, flash: { notice: I18n.t(:label_connected) }
-        else
-          redirect_to plugin_settings_path(:redmine_qbo), flash: { error: I18n.t(:label_error) }
-        end
-        
-      end
-    end
+    QboOauthService.exchange!(code: params[:code], callback_url: callback_url, realm_id: params[:realmId])
+
+    redirect_to qbo_sync_path, flash: { notice: I18n.t(:label_connected) }
+
+  rescue StandardError => e
+    log "OAuth failure: #{e.message}"
+    redirect_to plugin_settings_path(:redmine_qbo), flash: { error: I18n.t(:label_error) }
   end
-  
-  # Manual Billing
+
+  # Manual billing endpoint to trigger the billing process for a specific issue. Validates the issue and its associations, enqueues a job to bill the issue's time entries, and redirects back to the issue with a notice. If validation fails, redirects back with an error message.
   def bill
     issue = Issue.find_by(id: params[:id])
-    return render_404 unless issue
-
-    unless issue.customer
-      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_customer) }
-      return
-    end
-
-    unless issue.assigned_to&.employee_id.present?
-      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_employee) }
-      return
-    end
-
-    unless Qbo.first
-      redirect_to issue, flash: { error: I18n.t(:label_billing_error_no_qbo) }
-      return
-    end
+    raise I18n.t(:notice_error_issue_not_found) unless issue
+    raise I18n.t(:notice_billing_error_no_customer) unless issue.customer
+    raise I18n.t(:notice_billing_error_no_employee) unless issue.assigned_to&.employee_id.present?
+    raise I18n.t(:notice_billing_error_no_qbo) unless Qbo.exists?
 
     BillIssueTimeJob.perform_later(issue.id)
 
-    redirect_to issue, flash: {
-      notice: I18n.t(:label_billing_enqueued) + " #{issue.customer.name}"
-    }
+    redirect_to issue, flash: { notice: "#{I18n.t(:label_billing_enqueued)} #{issue.customer.name}"}
+
+  rescue StandardError => e
+    redirect_to issue || root_path, flash: { error: e.message }
   end
 
-  #
-  # Synchronizes the QboCustomer table with QBO
-  #
+  # Manual sync endpoint to trigger a full synchronization of QuickBooks entities with the local database. Enqueues all relevant sync jobs and redirects to the home page with a notice that syncing has started.
   def sync
-    log "Syncing EVERYTHING"
-
-    CustomerSyncJob.perform_later(full_sync: true)
-    EstimateSyncJob.perform_later(full_sync: true)
-    InvoiceSyncJob.perform_later(full_sync: true)
-    EmployeeSyncJob.perform_later(full_sync: true)
-
+    QboSyncDispatcher.full_sync!
     redirect_to :home, flash: { notice: I18n.t(:label_syncing) }
   end
 
-  # QuickBooks Webhook Callback
+  # Endpoint to receive QuickBooks webhook notifications. Validates the request and processes the payload to sync relevant data to Redmine. Responds with appropriate HTTP status codes based on success or failure of processing.
   def webhook
-    log "Webhook received"
-
-    signature = request.headers['intuit-signature']
-    key       = Setting.plugin_redmine_qbo['settingsWebhookToken']
-    body      = request.raw_post
-
-    digest = OpenSSL::Digest.new('sha256')
-    computed = Base64.strict_encode64(OpenSSL::HMAC.digest(digest, key, body))
-
-    unless secure_compare(computed, signature)
-      log "Invalid webhook signature"
-      head :unauthorized
-      return
-    end
-
-    WebhookProcessJob.perform_later(body)
-
+    QboWebhookProcessor.process!(request: request)
     head :ok
+
+  rescue StandardError => e
+    log "Webhook failure: #{e.message}"
+    head :unauthorized
   end
 
   private
 
-  # Securely compare two strings to prevent timing attacks. Returns false if either string is blank or if they do not match.
-  def secure_compare(a, b)
-    return false if a.blank? || b.blank?
-    ActiveSupport::SecurityUtils.secure_compare(a, b)
+  # Constructs the OAuth callback URL based on the application's settings and routes. This URL is used during the OAuth flow to redirect users back to the application after authentication with QuickBooks.
+  def callback_url
+    "#{Setting.protocol}://#{Setting.host_name}#{qbo_oauth_callback_path}"
   end
 
+  # Logs messages with a consistent prefix for easier debugging and monitoring.
   def log(msg)
     Rails.logger.info "[QboController] #{msg}"
   end
-end
+end

app/jobs/bill_issue_time_job.rb

@@ -27,7 +27,7 @@ class BillIssueTimeJob < ActiveJob::Base
       return if totals.blank?
       log "Aggregated hours for billing: #{totals.inspect}"
 
-      qbo = Qbo.first
+      qbo = QboConnectionService.current!
       raise "No QBO configuration found" unless qbo
 
       qbo.perform_authenticated_request do |access_token|
@@ -58,16 +58,10 @@ class BillIssueTimeJob < ActiveJob::Base
   # Create TimeActivity records in QBO for each activity type with the appropriate hours and link them to the issue's assigned employee and customer
   def create_time_activities(issue, totals, access_token, qbo)
     log "Creating TimeActivity records in QBO for issue ##{issue.id}"
-    time_service = Quickbooks::Service::TimeActivity.new(
-      company_id: qbo.realm_id,
-      access_token: access_token
-    )
-
-    item_service = Quickbooks::Service::Item.new(
-      company_id: qbo.realm_id,
-      access_token: access_token
-    )
-
+   
+    time_service = Quickbooks::Service::TimeActivity.new( company_id: qbo.realm_id,  access_token: access_token)
+    item_service = Quickbooks::Service::Item.new( company_id: qbo.realm_id, access_token: access_token )
+    
     totals.each do |activity_name, hours_float|
       next if activity_name.blank?
       next if hours_float.to_f <= 0

app/jobs/customer_sync_job.rb

@@ -14,7 +14,7 @@ class CustomerSyncJob < ApplicationJob
 
   # Perform a full sync of all customers, or an incremental sync of only those updated since the last sync
   def perform(full_sync: false, id: nil)
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
     raise "No QBO configuration found" unless qbo
 
     log "Starting #{full_sync ? 'full' : 'incremental'} sync for customer ##{id || 'all'}..."

app/jobs/employee_sync_job.rb

@@ -14,7 +14,7 @@ class EmployeeSyncJob < ApplicationJob
 
   # Performs a sync of employees from QuickBooks Online.
   def perform(full_sync: false, id: nil)
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
     raise "No QBO configuration found" unless qbo
 
     log "Starting #{full_sync ? 'full' : 'incremental'} sync for employee ##{id || 'all'}..."

app/jobs/estimate_sync_job.rb

@@ -14,7 +14,7 @@ class EstimateSyncJob < ApplicationJob
 
   # Performs a sync of estimates from QuickBooks Online.
   def perform(full_sync: false, id: nil, doc_number: nil)
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
     raise "No QBO configuration found" unless qbo
 
     log "Starting #{full_sync ? 'full' : 'incremental'} sync for estimate ##{id || doc_number || 'all'}..."

app/jobs/invoice_sync_job.rb

@@ -14,7 +14,7 @@ class InvoiceSyncJob < ApplicationJob
 
   # Performs a sync of invoices from QuickBooks Online.
   def perform(full_sync: false, id: nil)
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
     raise "No QBO configuration found" unless qbo
 
     log "Starting #{full_sync ? 'full' : 'incremental'} sync for invoice ##{id || 'all'}..."

app/jobs/qbo_sync_dispatcher.rb

@@ -0,0 +1,24 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboSyncDispatcher
+
+  SYNC_JOBS = [
+    CustomerSyncJob,
+    EstimateSyncJob,
+    InvoiceSyncJob,
+    EmployeeSyncJob
+  ].freeze
+
+  # Dispatches all synchronization jobs to perform a full sync of QuickBooks entities with the local database. Each job is enqueued with the `full_sync` flag set to true.
+  def self.full_sync!
+    SYNC_JOBS.each { |job| job.perform_later(full_sync: true) }
+  end
+end

app/jobs/qbo_webhook_processor.rb

@@ -0,0 +1,42 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboWebhookProcessor
+
+  # Processes the incoming QuickBooks webhook request by validating the signature and enqueuing a background job to handle the webhook payload. Raises an error if the signature is invalid.
+  def self.process!(request:)
+    body = request.raw_post
+    signature = request.headers['intuit-signature']
+    secret = Setting.plugin_redmine_qbo['settingsWebhookToken']
+
+    raise "Invalid signature" unless valid_signature?(body, signature, secret)
+
+    WebhookProcessJob.perform_later(body)
+  end
+
+  private
+
+  # Validates the QuickBooks webhook request by computing the HMAC signature and comparing it to the provided signature. Returns false if either the signature or secret is blank, or if the computed signature does not match the provided signature.
+  def self.valid_signature?(body, signature, secret)
+    return false if signature.blank? || secret.blank?
+    log "Validating signature"
+
+    digest = OpenSSL::Digest.new('sha256')
+    computed = Base64.strict_encode64(
+      OpenSSL::HMAC.digest(digest, secret, body)
+    )
+
+    ActiveSupport::SecurityUtils.secure_compare(computed, signature)
+  end
+
+  def self.log(msg)
+    Rails.logger.info "[QboWebhookProcessor] #{msg}"
+  end
+end

app/models/customer.rb

@@ -215,7 +215,7 @@ class Customer < ActiveRecord::Base
   def pull
     begin
       raise Exception unless self.id
-      qbo = Qbo.first
+      qbo = QboConnectionService.current!
       @details = qbo.perform_authenticated_request do |access_token|
         service = Quickbooks::Service::Customer.new(company_id: qbo.realm_id, access_token: access_token)
         service.fetch_by_id(self.id)

app/models/estimate.rb

@@ -60,7 +60,7 @@ class Estimate < ActiveRecord::Base
     log "Pulling details for estimate ##{self.id}..."
     begin
       raise Exception unless self.id
-      qbo = Qbo.first
+      qbo = QboConnectionService.current!
       @details = qbo.perform_authenticated_request do |access_token|
         service = Quickbooks::Service::Estimate.new(company_id: qbo.realm_id, access_token: access_token)
         service(:estimate).fetch_by_id(self.id)

app/models/qbo.rb

@@ -12,24 +12,35 @@ class Qbo < ActiveRecord::Base
     
   include QuickbooksOauth
   include Redmine::I18n
+
+  validate :single_record_only, on: :create
   
   # Updates last sync time stamp
   def self.update_time_stamp
     date = DateTime.now
     log "Updating QBO timestamp to #{date}"
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
     qbo.last_sync = date
     qbo.save
   end
   
+  # Returns the last sync time formatted for display. If no sync has occurred, returns a default message.
   def self.last_sync
-    format_time(Qbo.first.last_sync)
+    qbo = QboConnectionService.current!
+    return I18n.t(:label_qbo_never_synced) unless qbo&.last_sync
+    format_time(qbo.last_sync)
   end
 
   private
 
+  # Logs a message with a QBO-specific prefix for easier identification in the logs.
   def self.log(msg)
     logger.info "[QBO] #{msg}"
   end
 
+  # Validates that only one QBO connection record exists in the database. Adds an error if a record already exists.
+  def single_record_only
+    errors.add(:base, "Only one QBO connection allowed") if Qbo.exists?
+  end
+
 end

app/services/invoice_push_service.rb

@@ -22,7 +22,7 @@ class InvoicePushService
 
     @invoice.update_column(:qbo_sync_locked, true)
 
-    qbo = Qbo.first
+    qbo = QboConnectionService.current!
 
     qbo.perform_authenticated_request do |access_token|
       service = Quickbooks::Service::Invoice.new( company_id: qbo.realm_id, access_token: access_token)

app/services/pdf_service_base.rb

@@ -28,7 +28,7 @@ class PdfServiceBase
     @qbo.perform_authenticated_request do |access_token|
       service_class = "Quickbooks::Service::#{@entity.name}".constantize
       service = service_class.new(company_id: @qbo.realm_id, access_token: access_token)
-
+      
       return single_pdf(service, doc_ids.first) if doc_ids.size == 1
 
       combined_pdf(service, doc_ids)

app/services/qbo_connection_service.rb

@@ -0,0 +1,32 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboConnectionService
+
+  # Replaces the existing QBO connection with new credentials. Deletes all existing records and creates a new one with the provided token, refresh token, and realm ID. Refreshes the token immediately after creation.
+  def self.replace!(token:, refresh_token:, realm_id:)
+    Qbo.transaction do
+      Qbo.destroy_all
+      qbo = Qbo.create!(
+        oauth2_access_token: token,
+        oauth2_refresh_token: refresh_token,
+        realm_id: realm_id
+      )
+      qbo.refresh_token!
+      qbo
+    end
+  end
+
+  # Returns the current QBO connection record. Raises an error if no connection exists.
+  def self.current!
+    Qbo.first || raise("QBO not connected")
+  end
+
+end

app/services/qbo_oauth_service.rb

@@ -0,0 +1,33 @@
+#The MIT License (MIT)
+#
+#Copyright (c) 2016 - 2026 rick barrette
+#
+#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class QboOauthService
+
+  # Generates the QuickBooks OAuth authorization URL with the specified callback URL. The URL includes necessary parameters such as response type, state, and scope.
+  def self.authorization_url(callback_url:)
+    client.auth_code.authorize_url(
+      redirect_uri: callback_url,
+      response_type: "code",
+      state: SecureRandom.hex(12),
+      scope: "com.intuit.quickbooks.accounting"
+    )
+  end
+
+  # Exchanges the authorization code for access and refresh tokens. Creates or replaces the QBO connection record with the new credentials and refreshes the token immediately after creation.
+  def self.exchange!(code:, callback_url:, realm_id:)
+    resp = client.auth_code.get_token(code, redirect_uri: callback_url)
+    QboConnectionService.replace!( token: resp.token, refresh_token: resp.refresh_token, realm_id: realm_id )
+  end
+
+  # Constructs and returns an OAuth2 client instance configured with the application's credentials and settings.
+  def self.client
+    Qbo.construct_oauth2_client
+  end
+end

app/services/sync_service_base.rb

@@ -29,7 +29,7 @@ class SyncServiceBase
     @qbo.perform_authenticated_request do |access_token|
       service_class = "Quickbooks::Service::#{@entity.name}".constantize
       service = service_class.new(company_id: @qbo.realm_id, access_token: access_token)
-
+      
       page = 1
       loop do
         collection = fetch_page(service, page, full_sync)
@@ -109,10 +109,10 @@ class SyncServiceBase
     if local.changed?
       local.save!
       log "Updated #{@entity.name} #{remote.id}"
-    end
 
-    # Handle attaching documents if applicable to invoices
-    attach_documents(local, remote)
+      # Handle attaching documents if applicable to invoices
+      attach_documents(local, remote) 
+    end
 
   rescue => e
       log "Failed to sync #{@entity.name} #{remote.id}: #{e.message}"

app/views/customers/_details.html.erb

@@ -23,12 +23,12 @@
     
      <tr>
         <th><%=t(:label_billing_address)%></th>
-        <td><%= @billing_address %></td>
+        <td><pre><%= @billing_address %></pre></td>
     </tr>
     
      <tr>
         <th><%=t(:label_shipping_address)%></th>
-        <td><%= @shipping_address %></td>
+        <td><pre><%= @shipping_address %></pre></td>
     </tr>
     
     <tr>

app/views/qbo/_settings.html.erb

@@ -66,12 +66,12 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI
 
      <tr>
         <th><%=t(:label_oauth_expires)%></th>
-        <td><%= if Qbo.exists? then Qbo.first.oauth2_access_token_expires_at end %>
+        <td><%= if Qbo.exists? then QboConnectionService.current!.oauth2_access_token_expires_at end %>
       </tr>
       
       <tr>
         <th><%=t(:label_oauth2_refresh_token_expires_at)%></th>
-        <td><%= if Qbo.exists? then Qbo.first.oauth2_refresh_token_expires_at end %>
+        <td><%= if Qbo.exists? then QboConnectionService.current!.oauth2_refresh_token_expires_at end %>
      </tr>
 
   </tbody>

config/locales/en.yml

@@ -27,10 +27,6 @@ en:
   label_balance_with_jobs: "Balance With Jobs"
   label_bill_time: "Bill Time"
   label_billing_address: "Billing Address"
-  label_billing_error: "Customer could not be billed. Check for Customer or Assignee and try again."
-  label_billing_error_no_customer: "Cannot bill without an assigned customer."
-  label_billing_error_no_employee: "Cannot bill without an assigned employee."
-  label_billing_error_no_qbo: "Cannot bill without a QuickBooks connection. Please connect to QuickBooks and try again."
   label_billing_enqueued: "Billing has been enqueued for issue"
   label_billed_success: "Successfully billed "
   label_client_id: "Intuit QBO OAuth2 Client ID"
@@ -66,6 +62,7 @@ en:
   label_model: "Model"
   label_name: "Name"
   label_new_customer: "New Customer"
+  label_qbo_never_synced: "Never Synced"
   label_no_customers: "There are no customers matching the search term(s)."
   label_no_estimates: "No Estimates"
   label_no_invoices: "No Invoices"
@@ -90,11 +87,15 @@ en:
   label_webhook_token: "Intuit QBO Webhook Token"
   label_week: "Week"
   label_year: "Year"
+  notice_billing_error_no_customer: "Cannot bill without an assigned customer."
+  notice_billing_error_no_employee: "Cannot bill without an assigned employee."
+  notice_billing_error_no_qbo: "Cannot bill without a QuickBooks connection. Please connect to QuickBooks and try again."
   notice_customer_created: "Customer created in QuickBooks"
   notice_customer_deleted: "Customer deleted in QuickBooks"
   notice_customer_not_deleted: "Customer could not be deleted in QuickBooks"
   notice_customer_not_found: "Customer not found in QuickBooks"
   notice_customer_updated: "Customer updated in QuickBooks"
+  notice_error_issue_not_found: "The issue could not be found. Please check the issue and try again."
   notice_error_project_nil: "The issue's project is nil. Set project to:"
   notice_error_tracker_nil: "The issue's tracker is nil. Set tracker to:"
   notice_estimate_created: "Estimate created in QuickBooks"

db/migrate/032_add_txn_dates.rb

@@ -14,42 +14,6 @@ class AddTxnDates < ActiveRecord::Migration[5.1]
     begin
       add_column :qbo_invoices, :txn_date, :date
       add_column :qbo_estimates, :txn_date, :date
-
-      reversible do |direction|
-        direction.up {
-          break unless Qbo.first
-
-          QboEstimate.reset_column_information
-          QboInvoice.reset_column_information
-
-          say "Sync Estimates"
-
-          QboEstimate.sync
-
-          say "Sync Invoices"
-
-          qbo = Qbo.first
-          invoices = qbo.perform_authenticated_request do |access_token|
-            service = Quickbooks::Service::Invoice.new(company_id: qbo.realm_id, access_token: access_token)
-            service.all
-          end
-
-          return unless invoices
-
-          invoices.each { |invoice|
-              # Load the invoice into the database
-              qbo_invoice = QboInvoice.find_or_create_by(id: invoice.id)
-              qbo_invoice.doc_number = invoice.doc_number
-              qbo_invoice.id = invoice.id
-              qbo_invoice.customer_id = invoice.customer_ref
-              qbo_invoice.txn_date = invoice.txn_date
-              qbo_invoice.save!
-          }
-        }
-      end
-    rescue
-      logger.error "AddTxnDates Failed"
-    end
   end
 
 end

init.rb

@@ -14,7 +14,7 @@ Redmine::Plugin.register :redmine_qbo do
   name 'Redmine QBO plugin'
   author 'Rick Barrette'
   description 'A pluging for Redmine to connect with QuickBooks Online to create Time Activity Entries for billable hours logged when an Issue is closed'
-  version '2026.2.16'
+  version '2026.3.0'
   url 'https://github.com/rickbarrette/redmine_qbo'
   author_url 'https://barrettefabrication.com'
   settings default: {empty: true}, partial: 'qbo/settings'