Skip to content

[19.0][MIG] account_statement_import_online_ramp: Migration to 19.0#1

Open
dnplkndll wants to merge 3 commits into
19.0from
19.0-mig-account_statement_import_online_ramp
Open

[19.0][MIG] account_statement_import_online_ramp: Migration to 19.0#1
dnplkndll wants to merge 3 commits into
19.0from
19.0-mig-account_statement_import_online_ramp

Conversation

@dnplkndll

Copy link
Copy Markdown

Port of account_statement_import_online_ramp from 18.0 to 19.0 (migration guide).

Depends on account_statement_import_online (already on OCA 19.0).

Non-mechanical adaptations worth flagging

  • Lazy translation: _("…%(x)s") % {…}self.env._("…%(x)s", x=…) across the 11 error strings (matches the sibling 19.0 mercury/plaid providers). No other 19.0 breakers — views already use invisible=, no _sql_constraints/osv.expression/<tree>.

New OCA online-statement provider that imports Ramp corporate-card
transactions via the Ramp Developer API.

A Ramp organization has one credit line shared across all cards,
billed as a single monthly statement and paid via one ACH transfer.
The module follows that accounting reality: one Ramp credit line maps
to one Odoo bank-type journal, regardless of how many cards are issued
under it.

Key features
============

* OAuth2 client_credentials auth — the module mints and caches a
  short-lived bearer keyed on the provider record. Refreshes
  transparently on expiry or HTTP 401.
* Concurrent-safe token refresh — SELECT ... FOR UPDATE on the
  provider row plus a post-lock cache re-check ensures two parallel
  cron runs on the same provider can't mint two separate bearers.
* Transient-failure retry — urllib3 Retry adapter mounted on
  https://: 3 tries with exponential backoff on 502/503/504. Applied
  to both the token mint and the data-fetch session.
* SSRF / bearer-leak guard on pagination — Ramp's `page.next` URL is
  validated to be HTTPS on the configured Ramp host (hostname
  comparison, port- and case-tolerant) before being followed, so a
  tampered response cannot redirect the bearer.
* Bounded pagination — fetch loop caps at 1000 pages with an explicit
  UserError if Ramp's cursor never terminates.
* State filter — transactions in DECLINED, PENDING_INITIATION, or
  ERROR are skipped before producing statement lines.
* Sign convention — Ramp returns positive amounts on spend; the module
  flips the sign so spend lands as a negative line on the credit-line
  liability journal (standard Odoo bank-statement convention).
* raw_data preservation — the full Ramp transaction payload including
  card_id, user_id, sk_category_name, accounting_categories is stored
  on each statement line for downstream automation.

35 mocked-HTTP tests covering: service registration, single/multi-
page cursor pagination (and max-pages safeguard), mapping, sign flip,
state filtering, OAuth2 token cache hit/miss/refresh, missing-token
and missing-expires_in edge cases, 401 → refresh → retry, network
errors, missing-credentials guard, SSRF cursor guard (cross-env,
port-tolerant, case-insensitive, user-authority bypass).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant