boxr 1.8.0 → 1.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06a2fa3c34dacf915b7bb788e854bc9235d2eb0cd92c7ca59e480737553146c4
-  data.tar.gz: 7413454a658067aabe3ff90625e30a029335166ed50f7e05569cd2fe4e583e84
+  metadata.gz: 81bc808dde71fc65c270c2a145ee55c5dd6ac48ef964e9156512dbc04bb6ddf7
+  data.tar.gz: cc3d5e5140ef46fc95ff138d1fa79534e0bae12dc14e04bc54d212236cfc0ab9
 SHA512:
-  metadata.gz: 74d6a804d79c88de453c3d348a69950b9a08f85da70ae258ad689daf50c3318dd7eb776763c371f600981a1a2ad2c10652811d2a031a6059b1426abb8fdb61ed
-  data.tar.gz: 3b525fa9e91ee3417247128fb733e6feecaaf328916bcb1cca51ded9f0a2ef9d288f7d33a8f6cabf54580c6505d4e4e9a914f495c115bd17b43a1785ba36d57b
+  metadata.gz: 8f9bbc5f449301705e0919f122f9d55819ea7be821f2e081ee5d5f913db4d4cddf31d50f98cb831f4a9bbb2b59687a39ccbbecd71ac5d489d33d81760ea43b2e
+  data.tar.gz: 2181831ee3b4732c7ad4152aad85b51ef8f7dd951f25ab1cc6059b031f8653e6554961e3159585fe1ef1d72f125f0afe2d916f1acf4f0c26b7d69aaf2b5c0701

data/.env.example

@@ -1,4 +1,4 @@
-#1. go to https://developers.box.com, 
+#1. go to https://developers.box.com,
 #2. find or create your Box Content API app for testing
 #3. click 'Edit Application'
 #4. check the boxes for 'Read and write all files and folders' and 'Manage an enterprise'
@@ -11,5 +11,5 @@ BOX_DEVELOPER_TOKEN={a valid developer token for your Box app}
 BOX_CLIENT_ID={client id of your Box app}
 BOX_CLIENT_SECRET={client secret of your Box app}
 BOX_ENTERPRISE_ID={box enterprise id}
-JWT_SECRET_KEY_PATH={path to your JWT private key}
-JWT_SECRET_KEY_PASSWORD={JWT private key password}
+JWT_PRIVATE_KEY_PATH={path to your JWT private key}
+JWT_PRIVATE_KEY_PASSWORD={JWT private key password}

data/.gitignore

@@ -14,6 +14,7 @@
 /tmp/
 *.gem
 *.bundle
+*.pem
 *.so
 *.o
 *.a

data/README.md

@@ -1,4 +1,7 @@
 # Boxr
+
+[![Gem Version](https://badge.fury.io/rb/boxr.svg)](https://badge.fury.io/rb/boxr)
+
 Boxr is a Ruby client library for the Box V2 Content API.  Box employees affectionately refer to one another as Boxers, hence the name of this gem.
 
 The purpose of this gem is to provide a clear, efficient, and intentional method of interacting with the Box Content API. As with any SDK that wraps a REST API, it is important to fully understand the Box Content API at the REST endpoint level.  You are strongly encouraged to read through the Box documentation located [here](https://box-content.readme.io/).
@@ -392,9 +395,11 @@ update_folder_metadata(folder, updates, scope, template)
 delete_metadata(file, scope: :global, template: :properties)
 delete_folder_metadata(folder, scope, template)
 
-enterprise_metadata
+get_enterprise_templates
+get_metadata_template_by_name(scope, template_key)
 
-metadata_schema(scope, template_key)
+create_metadata_template(display_name, template_key: nil, fields: [], hidden: nil)
+delete_metadata_template(scope, template_key)
 ```
 
 #### [Watermarking](https://box-content.readme.io/reference#watermarking)

data/lib/boxr/auth.rb

@@ -1,6 +1,8 @@
 module Boxr
 
   JWT_GRANT_TYPE="urn:ietf:params:oauth:grant-type:jwt-bearer"
+  TOKEN_EXCHANGE_TOKEN_TYPE="urn:ietf:params:oauth:token-type:access_token"
+  TOKEN_EXCHANGE_GRANT_TYPE="urn:ietf:params:oauth:grant-type:token-exchange"
 
   def self.oauth_url(state, host: "app.box.com", response_type: "code", scope: nil, folder_id: nil, client_id: ENV['BOX_CLIENT_ID'])
     template = Addressable::Template.new("https://{host}/api/oauth2/authorize{?query*}")
@@ -8,13 +10,13 @@ module Boxr
     query = {"response_type" => "#{response_type}", "state" => "#{state}", "client_id" => "#{client_id}"}
     query["scope"] = "#{scope}" unless scope.nil?
     query["folder_id"] = "#{folder_id}" unless folder_id.nil?
-    
+
     uri = template.expand({"host" => "#{host}", "query" => query})
     uri
   end
 
   def self.get_tokens(code=nil, grant_type: "authorization_code", assertion: nil, scope: nil, username: nil, client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'])
-    uri = "https://api.box.com/oauth2/token"
+    uri = Boxr::Client::AUTH_URI
     body = "grant_type=#{grant_type}&client_id=#{client_id}&client_secret=#{client_secret}"
     body = body + "&code=#{code}" unless code.nil?
     body = body + "&scope=#{scope}" unless scope.nil?
@@ -25,7 +27,7 @@ module Boxr
   end
 
   def self.get_enterprise_token(private_key: ENV['JWT_PRIVATE_KEY'], private_key_password: ENV['JWT_PRIVATE_KEY_PASSWORD'],
-                                public_key_id: ENV['JWT_PUBLIC_KEY_ID'], enterprise_id: ENV['BOX_ENTERPRISE_ID'], 
+                                public_key_id: ENV['JWT_PUBLIC_KEY_ID'], enterprise_id: ENV['BOX_ENTERPRISE_ID'],
                                 client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'])
     unlocked_private_key = unlock_key(private_key, private_key_password)
     assertion = jwt_assertion(unlocked_private_key, client_id, enterprise_id, "enterprise", public_key_id)
@@ -40,19 +42,31 @@ module Boxr
   end
 
   def self.refresh_tokens(refresh_token, client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'])
-    uri = "https://api.box.com/oauth2/token"
+    uri = Boxr::Client::AUTH_URI
     body = "grant_type=refresh_token&refresh_token=#{refresh_token}&client_id=#{client_id}&client_secret=#{client_secret}"
 
     auth_post(uri, body)
   end
 
   def self.revoke_tokens(token, client_id: ENV['BOX_CLIENT_ID'], client_secret: ENV['BOX_CLIENT_SECRET'])
-    uri = "https://api.box.com/oauth2/revoke"
+    uri = Boxr::Client::REVOKE_AUTH_URI
     body = "client_id=#{client_id}&client_secret=#{client_secret}&token=#{token}"
 
     auth_post(uri, body)
   end
 
+  # Exchange an existing token for a lesser-scoped token
+  def self.exchange_token(subject_token, scope, resource_id: nil, resource_type: :file)
+    uri = Boxr::Client::AUTH_URI
+    resouce_uri = resource_type == :file ? Boxr::Client::FILES_URI : Boxr::Client::FOLDERS_URI
+    resource_url = "#{resouce_uri}/#{resource_id}"
+
+    body = "subject_token=#{subject_token}&subject_token_type=#{TOKEN_EXCHANGE_TOKEN_TYPE}&scope=#{scope}&grant_type=#{TOKEN_EXCHANGE_GRANT_TYPE}"
+    body = body + "&resource=#{resource_url}" unless resource_id.nil?
+
+    auth_post(uri, body)
+  end
+
   class << self
     alias :get_token :get_tokens
     alias :refresh_token :refresh_tokens
@@ -67,14 +81,14 @@ module Boxr
       iss: iss,
       sub: sub,
       box_sub_type: box_sub_type,
-      aud: "https://api.box.com/oauth2/token",
+      aud: Boxr::Client::AUTH_URI,
       jti: SecureRandom.hex(64),
       exp: (Time.now.utc + 10).to_i
     }
 
     additional_headers = {}
     additional_headers['kid'] = public_key_id unless public_key_id.nil?
-    
+
     JWT.encode(payload, private_key, "RS256", additional_headers)
   end
 
@@ -98,5 +112,4 @@ module Boxr
       OpenSSL::PKey::RSA.new(private_key, private_key_password)
     end
   end
-
-end
+end

data/lib/boxr/client.rb

@@ -8,6 +8,8 @@ module Boxr
     #UPLOAD_URI = "https://upload.wcheng.inside-box.net/api/2.0"
 
     API_URI = "https://api.box.com/2.0"
+    AUTH_URI = "https://api.box.com/oauth2/token"
+    REVOKE_AUTH_URI = "https://api.box.com/oauth2/revoke"
     UPLOAD_URI = "https://upload.box.com/api/2.0"
     FILES_URI = "#{API_URI}/files"
     FILES_UPLOAD_URI = "#{UPLOAD_URI}/files/content"

data/lib/boxr/files.rb

@@ -75,6 +75,7 @@ module Boxr
 
     def download_file(file, version: nil, follow_redirect: true)
       file_id = ensure_id(file)
+
       begin
         uri = "#{FILES_URI}/#{file_id}/content"
         query = {}
@@ -85,7 +86,8 @@ module Boxr
           location = response.header['Location'][0]
 
           if(follow_redirect)
-            file, response = get(location, process_response: false)
+            file_content, response = get(location, process_response: false)
+            return file_content
           else
             return location #simply return the url
           end
@@ -93,9 +95,7 @@ module Boxr
           retry_after_seconds = response.header['Retry-After'][0]
           sleep retry_after_seconds.to_i
         end
-      end until file
-
-      file
+      end until file_content
     end
 
     def download_url(file, version: nil)
@@ -104,27 +104,31 @@ module Boxr
 
     def upload_file(path_to_file, parent, name: nil, content_created_at: nil, content_modified_at: nil,
                     preflight_check: true, send_content_md5: true)
-
-      parent_id = ensure_id(parent)
-
       filename = name ? name : File.basename(path_to_file)
-      preflight_check(path_to_file, filename, parent_id) if preflight_check
-
-      file_info = nil
-      response = nil
 
       File.open(path_to_file) do |file|
-        content_md5 = send_content_md5 ? Digest::SHA1.file(file).hexdigest : nil
+        upload_file_from_io(file, parent, name: filename, content_created_at: content_created_at, content_modified_at: content_modified_at, preflight_check: preflight_check, send_content_md5: send_content_md5)
+      end
+    end
 
-        attributes = {name: filename, parent: {id: parent_id}}
-        attributes[:content_created_at] = content_created_at.to_datetime.rfc3339 unless content_created_at.nil?
-        attributes[:content_modified_at] = content_modified_at.to_datetime.rfc3339 unless content_modified_at.nil?
+    def upload_file_from_io(io, parent, name:, content_created_at: nil, content_modified_at: nil, preflight_check: true, send_content_md5: true)
+      parent_id = ensure_id(parent)
 
-        body = {attributes: JSON.dump(attributes), file: file}
+      preflight_check(io, name, parent_id) if preflight_check
 
-        file_info, response = post(FILES_UPLOAD_URI, body, process_body: false, content_md5: content_md5)
+      if send_content_md5
+        content_md5 = Digest::SHA1.hexdigest(io.read)
+        io.rewind
       end
 
+      attributes = {name: name, parent: {id: parent_id}}
+      attributes[:content_created_at] = content_created_at.to_datetime.rfc3339 unless content_created_at.nil?
+      attributes[:content_modified_at] = content_modified_at.to_datetime.rfc3339 unless content_modified_at.nil?
+
+      body = {attributes: JSON.dump(attributes), file: io}
+
+      file_info, response = post(FILES_UPLOAD_URI, body, process_body: false, content_md5: content_md5)
+
       file_info.entries[0]
     end
 
@@ -254,8 +258,8 @@ module Boxr
 
     private
 
-    def preflight_check(path_to_file, filename, parent_id)
-      size = File.size(path_to_file)
+    def preflight_check(io, filename, parent_id)
+      size = File.size(io)
 
       #TODO: need to make sure that figuring out the filename from the path_to_file works for people using Windows
       attributes = {name: filename, parent: {id: "#{parent_id}"}, size: size}

data/lib/boxr/groups.rb

@@ -1,9 +1,9 @@
 module Boxr
   class Client
 
-    def groups(fields: [])
+    def groups(fields: [], offset: 0, limit: DEFAULT_LIMIT)
       query = build_fields_query(fields, GROUP_FIELDS_QUERY)
-      groups = get_all_with_pagination(GROUPS_URI, query: query, offset: 0, limit: DEFAULT_LIMIT)
+      groups = get_all_with_pagination(GROUPS_URI, query: query, offset: offset, limit: limit)
     end
 
     def group_from_id(group_id, fields: [])
@@ -39,21 +39,21 @@ module Boxr
       result
     end
 
-    def group_memberships(group)
+    def group_memberships(group, offset: 0, limit: DEFAULT_LIMIT)
       group_id = ensure_id(group)
       uri = "#{GROUPS_URI}/#{group_id}/memberships"
-      memberships = get_all_with_pagination(uri, offset: 0, limit: DEFAULT_LIMIT)
+      memberships = get_all_with_pagination(uri, offset: offset, limit: limit)
     end
 
-    def group_memberships_for_user(user)
+    def group_memberships_for_user(user, offset: 0, limit: DEFAULT_LIMIT)
       user_id = ensure_id(user)
       uri = "#{USERS_URI}/#{user_id}/memberships"
-      memberships = get_all_with_pagination(uri, offset: 0, limit: DEFAULT_LIMIT)
+      memberships = get_all_with_pagination(uri, offset: offset, limit: limit)
     end
 
-    def group_memberships_for_me
+    def group_memberships_for_me(offset: 0, limit: DEFAULT_LIMIT)
       uri = "#{USERS_URI}/me/memberships"
-      memberships = get_all_with_pagination(uri, offset: 0, limit: DEFAULT_LIMIT)
+      memberships = get_all_with_pagination(uri, offset: offset, limit: limit)
     end
 
     def group_membership_from_id(membership_id)
@@ -89,11 +89,11 @@ module Boxr
       result
     end
 
-    def group_collaborations(group)
+    def group_collaborations(group, offset: 0, limit: DEFAULT_LIMIT)
       group_id = ensure_id(group)
       uri = "#{GROUPS_URI}/#{group_id}/collaborations"
-      collaborations = get_all_with_pagination(uri, offset: 0, limit: DEFAULT_LIMIT)
+      collaborations = get_all_with_pagination(uri, offset: offset, limit: limit)
     end
 
   end
-end
+end

data/lib/boxr/metadata.rb

@@ -77,12 +77,33 @@ module Boxr
       ent_metadata, response = get(uri)
       ent_metadata
     end
+    alias :get_enterprise_templates :enterprise_metadata
 
     def metadata_schema(scope, template_key)
       uri = "#{METADATA_TEMPLATES_URI}/#{scope}/#{template_key}/schema"
       schema, response = get(uri)
       schema
     end
+    alias :get_metadata_template_by_name :metadata_schema
+
+    def create_metadata_template(display_name, template_key: nil, fields: [], hidden: nil)
+      uri = "#{METADATA_TEMPLATES_URI}/schema"
+      schema = {
+        scope: "enterprise",
+        displayName: display_name,
+      }
+      schema[:templateKey] = template_key unless template_key.nil?
+      schema[:hidden] = hidden unless hidden.nil?
+      schema[:fields] = fields unless fields.empty?
+
+      metadata_template, response = post(uri, schema, content_type: "application/json")
+      metadata_template
+    end
 
+    def delete_metadata_template(scope, template_key)
+      uri = "#{METADATA_TEMPLATES_URI}/#{scope}/#{template_key}/schema"
+      result, response = delete(uri)
+      result
+    end
   end
-end
+end

data/lib/boxr/version.rb

@@ -1,3 +1,3 @@
 module Boxr
-  VERSION = "1.8.0"
+  VERSION = "1.11.1"
 end

data/spec/boxr/auth_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+#rake spec SPEC_OPTS="-e \"invokes auth operations"\"
+describe 'auth operations' do
+  it "invokes auth operations" do
+    private_key = OpenSSL::PKey::RSA.new(File.read(ENV['JWT_PRIVATE_KEY_PATH']), ENV['JWT_PRIVATE_KEY_PASSWORD'])
+
+    puts "get enterprise token"
+    enterprise_token = Boxr::get_enterprise_token(private_key: private_key)
+    expect(enterprise_token).to include('access_token', 'expires_in')
+
+    puts "downgrade token"
+    child_token = Boxr::exchange_token(enterprise_token['access_token'], 'root_readonly')
+    expect(child_token).to include('access_token','expires_in')
+
+    # Currently cannot test due to user requiring
+    puts "get user token"
+    second_test_user = BOX_CLIENT.create_user("Second Test User", login: "second_test_user@#{('a'..'z').to_a.shuffle[0,10].join}.com", role: 'user', is_platform_access_only: true)
+    user_token = Boxr::get_user_token(second_test_user.id, private_key: private_key)
+    expect(user_token).to include('access_token','expires_in')
+
+    puts "revoke user token"
+    user_client = Boxr::Client.new(user_token['access_token'])
+    expect(user_client.root_folder_items).to eq []
+    Boxr::revoke_token(user_token['access_token'])
+    expect{user_client.root_folder_items}.to raise_error{Boxr::BoxrError}
+
+    puts "cleanup data"
+    BOX_CLIENT.delete_user(second_test_user, force: true)
+  end
+end

data/spec/boxr/collaborations_spec.rb

@@ -32,6 +32,6 @@ describe 'collaborations operations' do
     expect(pending_collaborations).to eq([])
 
     puts "add invalid collaboration"
-    expect { BOX_CLIENT.add_collaboration(@test_folder, {id: @test_user.id, type: :user}, :invalid_role)}.to raise_error
+    expect { BOX_CLIENT.add_collaboration(@test_folder, {id: @test_user.id, type: :user}, :invalid_role)}.to raise_error{Boxr::BoxrError}
   end
 end

data/spec/boxr/files_spec.rb

@@ -12,6 +12,11 @@ describe "file operations" do
     new_file = BOX_CLIENT.upload_file("./spec/test_files/#{TEST_FILE_NAME}", @test_folder, name: TEST_FILE_NAME_CUSTOM)
     expect(new_file.name).to eq(TEST_FILE_NAME_CUSTOM)
 
+    puts "upload a file from IO"
+    io = File.open("./spec/test_files/#{TEST_FILE_NAME}")
+    new_file = BOX_CLIENT.upload_file_from_io(io, @test_folder, name: TEST_FILE_NAME_IO)
+    expect(new_file.name).to eq(TEST_FILE_NAME_IO)
+
     puts "get file using path"
     file = BOX_CLIENT.file_from_path("/#{TEST_FOLDER_NAME}/#{TEST_FILE_NAME}")
     expect(file.id).to eq(test_file.id)
@@ -50,13 +55,16 @@ describe "file operations" do
     expect(unlocked_file.lock).to be_nil
 
     puts "download file"
-    file = BOX_CLIENT.download_file(test_file)
+    file_content = BOX_CLIENT.download_file(test_file)
     f = File.open("./spec/test_files/#{DOWNLOADED_TEST_FILE_NAME}", 'w+')
-    f.write(file)
+    f.write(file_content)
     f.close
     expect(FileUtils.identical?("./spec/test_files/#{TEST_FILE_NAME}","./spec/test_files/#{DOWNLOADED_TEST_FILE_NAME}")).to eq(true)
     File.delete("./spec/test_files/#{DOWNLOADED_TEST_FILE_NAME}")
 
+    puts "download invalid file"
+    expect { BOX_CLIENT.download_file('INVALID_FILE_NAME.pdf') }.to raise_exception(Boxr::BoxrError)
+
     puts "upload new version of file"
     new_version = BOX_CLIENT.upload_new_version_of_file("./spec/test_files/#{TEST_FILE_NAME}", test_file)
     expect(new_version.id).to eq(test_file.id)

data/spec/boxr/metadata_spec.rb

@@ -29,6 +29,8 @@ describe 'file metadata operations' do
   #NOTE: this test will fail unless you create a metadata template called 'test' with two attributes: 'a' of type text, and 'b' of type text
   it "invokes folder metadata operations" do
     new_folder = BOX_CLIENT.create_folder(SUB_FOLDER_NAME, @test_folder)
+    fields = [{displayName: "a", type: "string"},{displayName: "b", type: "string"}]
+    metadata_template = BOX_CLIENT.create_metadata_template("test", fields: fields)
 
     puts "create folder metadata"
     meta = {"a" => "hello", "b" => "world"}
@@ -48,5 +50,24 @@ describe 'file metadata operations' do
     puts "delete folder metadata"
     result = BOX_CLIENT.delete_folder_metadata(new_folder, "enterprise", "test")
     expect(result).to eq({})
+
+    puts "cleanup metadata template"
+    template_key = metadata_template["templateKey"]
+    scope = metadata_template["scope"]
+    BOX_CLIENT.delete_metadata_template(scope, template_key)
+  end
+
+  #rake spec SPEC_OPTS="-e \"invokes metadata template operations"\"
+  it "invokes metadata template operations" do
+    puts "create metadata template"
+    metadata_template = BOX_CLIENT.create_metadata_template("Test Template")
+    expect(metadata_template["displayName"]).to eq("Test Template")
+
+    template_key = metadata_template["templateKey"]
+    scope = metadata_template["scope"]
+
+    puts "delete metadata template"
+    result = BOX_CLIENT.delete_metadata_template(scope, template_key)
+    expect(result).to eq({})
   end
 end

data/spec/boxr_spec.rb

@@ -10,7 +10,11 @@ describe Boxr::Client do
 
   #REQUIRED BOX SETTINGS
   # 1. The developer token used must have admin or co-admin priviledges
+  # 1.5 In the admin settings, advanced features must be enabled (perform as user and create user access tokens)
   # 2. Enterprise settings must allow Admin and Co-admins to permanently delete content in Trash
+  # 3. In Box Admin settings, you must authorize the app.
+  #   - Admin Console > Enterprise Settings > Apps > Custom Applications > Authorize New App. Insert you client ID (API key)
+  #   - You may need to re-authorize the app if you're running into issues with user tokens
 
   #follow the directions in .env.example to set up your BOX_DEVELOPER_TOKEN
   #keep in mind it is only valid for 60 minutes
@@ -25,6 +29,7 @@ describe Boxr::Client do
   SUB_FOLDER_DESCRIPTION = 'This was created by the Boxr test suite'
   TEST_FILE_NAME = 'test file.txt'
   TEST_FILE_NAME_CUSTOM = 'test file custom.txt'
+  TEST_FILE_NAME_IO = 'test file io.txt'
   DOWNLOADED_TEST_FILE_NAME = 'downloaded test file.txt'
   COMMENT_MESSAGE = 'this is a comment'
   REPLY_MESSAGE = 'this is a comment reply'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: boxr
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.11.1
 platform: ruby
 authors:
 - Chad Burnette
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-31 00:00:00.000000000 Z
+date: 2019-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -209,6 +209,7 @@ files:
 - lib/boxr/version.rb
 - lib/boxr/watermarking.rb
 - lib/boxr/web_links.rb
+- spec/boxr/auth_spec.rb
 - spec/boxr/collaborations_spec.rb
 - spec/boxr/comments_spec.rb
 - spec/boxr/files_spec.rb
@@ -247,6 +248,7 @@ signing_key:
 specification_version: 4
 summary: A Ruby client library for the Box V2 Content API.
 test_files:
+- spec/boxr/auth_spec.rb
 - spec/boxr/collaborations_spec.rb
 - spec/boxr/comments_spec.rb
 - spec/boxr/files_spec.rb