Salesforce Spring ’21 Highlights / KeyPoints / Non-Lightning

Protect Users from Insecure Downloads in Chrome

Broken Images, error results, error in attachments that are being hosted on a non-secure HTTP page.

We need to make sure that all the connections to and from Salesforce are HTTPS.

Build Customer Trust with the Error Handler System Dialog (Chat Bot)

This feature will be helpful in handling the errors that are occurred after initiated ChatBot. A more detailed description of errors for handling as required.

Refer the security URL in static resources

To maintain security, maintain the URLs in the Static Resources and refer in code.

View All, Modify All, Edit, and Delete Object Permissions Removed for Guest Users

 Need to check if the Guest User profile has the Permissions to Create, Read, Update Permissions on the related Objects

Obsolete Permissions from Guest User Profiles Were Removed

Permissions which are not tied to any App are removed from the Guest user Profile.

Guest Users can only have Create and Read only object permissions

Mixed Content Downloads Blocked in Google Chrome

An example of a mixed content download is placing a link to an HTTP site on a Salesforce HTTPS page. This is related to Insecure downloads in Chrome.

Convert the Read Only Standard Profile to a Custom Profile (Update in Summer ‘21)

 This update converts the Read Only standard profile to a custom profile. After the update is enforced, you can edit permissions in this profile as your business needs require.

The Read Only Profile Is No Longer Available in New Salesforce Orgs

Salesforce orgs created in Spring ’21 and later don’t have the Read Only standard profile.

Enable HTTPS on Your Domains

Needs to redirect the public site HTTP URLs to HTTPS

Make sure to check all the sites and Sessions settings – The checkbox Require secure connections (HTTPS) for all third-party domains should be checked.

Chandra V – 01/11/2021

How to resolve? This page has an error: Sorry to Interrupt

This page has an error. You might just need to refresh it. AuraClientService.postProcess: error in processing [Maximum call stack size exceeded].

As per the document, it is recommended to use different names for the client side and server side methods/actions.

Use unique names for client-side and server-side actions in a component. A JavaScript function (client-side action) with the same name as a server-side action (Apex method) can lead to hard-to-debug issues.

So all you need to do here is, change your client-side controller’s method getAccountRecords to something like getAccountRecordsData.

Yeshas K.

Reset Password from Developer Console

There are instances where Reset Password option gives trouble and we do not receive the Email Link to reset the password.

Here is the best solution to directly reset the password from Developer Console itself..

Open Execute Anonymous Window and run the below command:

System.setPassword(UserInfo.getUserId(), ‘YourNewPassword’);

This should help in resetting the password instantly.

Chandra V[09-10-2019]

Determine whether the Lightning component is in Lightning Console Or Normal App And Adding Icon and label to Tab

<cmp>
<aura:component >
    <!-- Console Api Library -->
     <lightning:workspaceAPI aura:id="workspace" />
    <aura:attribute name="Isconsole" type="Boolean" default="false" />
    
   <aura:handler name="init" value="{!this}" action="{!c.doInit}" />
</aura:component>

Javascript:-
({
	doInit : function(component, event, helper) {
        var workspaceAPI = component.find("workspace");
            workspaceAPI.isConsoleNavigation().then(function(response) {
              console.log('Isconsole'+response);
                component.set("v.Isconsole",response);
                if(response){
                     workspaceAPI.getFocusedTabInfo().then(function(response) {
                        var focusedTabId = response.tabId;
                        workspaceAPI.setTabLabel({
                            tabId: focusedTabId,
                            label: "Edit"
                        });
                        workspaceAPI.setTabIcon({
                                    tabId: focusedTabId,
                                    icon: "utility:edit",
                                    iconAlt: "Edit Tab"
                        });
                    })
                    .catch(function(error) {
                        console.log(error);
                    });
                }
             })
	}
})

Use the Isconsole attribute and Do the Navigations accordingly .

Resource: https://developer.salesforce.com/docs/atlas.en-us.api_console.meta/api_console/sforce_api_console_methods_lightning.htm

Apex Crypto And Decrypto Class

public class EncryptAndDecryptHelper {
    
    public static String encriptString(Blob key, String data){
        try{
            Blob bdata = Blob.valueOf(data);
            Blob encrypted = Crypto.encryptWithManagedIV('AES128', key, bdata);
            return  EncodingUtil.base64Encode(encrypted); 
        }catch(Exception e){
            system.debug('exception'+e.getMessage());
            return '';
        }
        
    }
    public static String decryptString(Blob key, String decryptString){
        try{
            Blob DecodedEncryptedBlob = EncodingUtil.base64Decode(decryptString);
            Blob decryptedB = Crypto.decryptWithManagedIV('AES128',key, DecodedEncryptedBlob);
            return decryptedB.toString();   
        }catch(Exception e){
            system.debug('exception'+e.getMessage());
            return '';
        }
         
    }
    
}

What is the Apex Crypto Class?

As per the Crypto Class documentation in the Apex Developer’s Guide, the Apex Crypto class provides a number of cryptographic functions for creating digests, message authentication codes, and signatures, as well as functions for encrypting and decrypting information. These functions allow you to protect the confidentiality of data as well as allow external systems to verify the integrity of messages and authenticity of the sender.

Scenarios for Using the Apex Crypto Class

The cryptographic capabilities of the Crypto class is normally used in the following scenarios:

  • Confidentiality – the protection of data either at rest or in transit from unauthorized parties
  • Integrity – the data is complete and correct
  • Authenticity – proof of the authenticity of the sender or receiver of the message

Encryption and Decryption

Consists of functions to encrypt and decrypt information using AES128, AES192 and AES256 algorithms. Currently, only symmetric private key encryption using the AES algorithm is supported. Whilst encryption provides for data protection, it does not authenticate the sender (non-repudiation) and nor does it guarantee message integrity.

Creating Hash Digests

In this scenario, the input message of any length is converted using a one-way cryptographic hash function into a compact unique “digest” of fixed length. As the digest is unique, it can then be used by the receiver to ensure integrity of the message by comparing the transmitted digest with a digest calculated from the received message using the same algorithm. Its compact nature also allows for performance and efficient transmission.

The Crypto.generateDigest() function generates a one-way hash digest for this purpose and supports algorithms such as MD5, SHA1, SHA256 and SHA512. As hash digests are one way, compact representations of the original data, the resulting digest cannot be “decrypted” back to its original form.

Hash Based Message Authentication Codes (MAC)

Hash-based MAC functions generate a compact one-way digest using a cryptographic hash function and then uses a private key to encrypt the resulting digest. The combination of the an encrypted hash digest ensures non-repudiation of the message and its sender.

Compared to a hash digests, HMAC functions use a private key that the sender uses to encrypt the MAC and receiver to decrypt the MAC. The unencrypted digest can then verify the message integrity. As the receiver has to decrypt the MAC using the shared private key, you can verify the authenticity of the message sender.

The Crypto.generateMac() method supports the HMACMD5, HMACSHA1, HMACSHA256 and HMAC512 algorithms.

Creating a Digital Signature

Digital signatures guarantee both integrity and authenticity of the message using an asymmetric key. The sender generates a message digest (e.g. using SHA1) and encrypts it using a private key. The receiver then decrypts using a public key and compares the message digest with a digest generated from the received message.

The Crypto.sign() function generates a digital signature using the SHA1 algorithm to create the digest, which is then subsequently encrypted using the RSA algorithm with a PKCS8 formatted private key.

Supported Standards

The following are the various supported standards for each of the Crypto class methods.

Method Supported Standards
Encrypt()
EncryptWithManagedIv()
Decrypt()
DecryptWithManagedIv()
AES128, AES192, AES256 for encryption. 
PCKS#5 padding and Cipher Block Chaining.
generateDigest()
generateMac()
MD5, SHA1, SHA256, SHA512
sign() SHA1 with RSA

Discussion and Sample Code

Encryption

The Crypto class provides the following functions to encrypt and decrypt using the AES algorithm:

  • encrypt()
  • decrypt()
  • encryptWithManagedIV()
  • decryptWithManagedIV()

The following considerations should be noted:

  • The AES128, AES192 and AES256 algorithms are supported
  • A private key can either be generated externally or via the Crypto.generateAESKey(Integer size) method. The length of the private key must match to the specified algorithm.
  • The private key should not be hardcoded in the Apex code. Instead, it should be placed in a protected custom setting.
  • The standard AES algorithm is used with a Cipher Mode of Cipher Block Chaining (CBC) and PKCS#5 padding. Ensure that any applications that you interact with use the same parameters.(Note that PKCS#5 and PKCS#7 are compatible.)
  • The algorithm requires an initialization vector of 16 bytes (128 bits). Use the encryptWithManagedIV() function to have Salesforce generate the IV for you in the first 16 bytes of the cipher text.Third party systems that receive the cipher should extract the IV from the first 16 bits. If third party systems send the IV in the first 16 bytes of the cipher, then use the decryptWithManagedIV() method to decrypt.
  • If you intend to generate your own initialization vector, then use the encrypt() and/or decrypt() methods, in which the IV is sent as a separate argument. Note that the cipher text passed to the decrypt() method should not contain the IV in the first 16 bytes and neither does the encrypt() function place the IV in the first 16 bytes of the generated cipher.

Ranjith T [03/09/2019]

Algorithm to generate the unique id in salesforce using Apex

There might be scenarios where we as a developer needs to generate random unique ID’s to be used for external integrations in Apex.

Here is a simple method which generates the unique code everytime.


public static String getUUID()
{
        Blob b = Crypto.GenerateAESKey(128);
        String h = EncodingUtil.ConvertTohex(b);
        String guid = h.SubString(0,8)+ '-' + h.SubString(8,12) + '-' + h.SubString(12,16) + '-' + h.SubString(16,20) + '-' + h.substring(20);
        system.debug(guid);
        return guid;
    }

Sumanth A [03/08/2019]

Steps to Enable Event Monitoring dashboards in PROD/Sandbox

Hello!!

I am going to produce the steps to Enable Event Monitoring dashboards in Salesforce Sandbox /Production Environment….

Pre-Requisite: >> Enable Analytics >> Setup >> Analytics >> enable Analytics (This is a major step without this you won’t see analytics studio app)

  1. Setup >> Event Monitoring >> Enable Login Forensics and Event Log File Integration with Event Monitoring Analytics App
  • Open Analytics studio app >> Click on that and a new tab will open (FYI., pop up from browser might block this so set it to allow)
  • Create >> Click on it
  • Follow the below screen steps
  • You will see steps 1 to 5 don’t change anything except the no. of days to 30
  • Name the App “Event Monitoring App”
  • The app will run and you will see the below screenshot and an email will be sent once its ready.

Hope you got all the details!

Anil B [03/03/2019]