box-node-sdk 1.9.0 → 1.12.0

package/lib/token-manager.js

@@ -18,6 +18,13 @@
  *                         server requesting the tokens.
  */
 
+/**
+ * Parameters for creating an actor token via token exchange
+ * @typedef {Object} ActorParams
+ * @property {string} id The external identifier for the actor
+ * @property {string} name The display name of the actor
+ */
+
 /**
  * An object representing all token information for a single Box user.
  *
@@ -73,8 +80,11 @@ var tokenPaths = {
 };
 
 // The XFF header label - Used to give the API better information for uploads, rate-limiting, etc.
-var HEADER_XFF = 'X-Forwarded-For';
-var ACCESS_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
+const HEADER_XFF = 'X-Forwarded-For';
+const ACCESS_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:access_token';
+const ACTOR_TOKEN_TYPE = 'urn:ietf:params:oauth:token-type:id_token';
+const BOX_JWT_AUDIENCE = 'https://api.box.com/oauth2/token';
+
 
 // ------------------------------------------------------------------------------
 // Private
@@ -133,7 +143,6 @@ function isValidTokenResponse(grantType, responseBody) {
 	return true;
 }
 
-
 // ------------------------------------------------------------------------------
 // Public
 // ------------------------------------------------------------------------------
@@ -297,14 +306,12 @@ TokenManager.prototype = {
 		};
 		var jwtOptions = {
 			algorithm: this.config.appAuth.algorithm,
-			audience: 'https://api.box.com/oauth2/token',
+			audience: BOX_JWT_AUDIENCE,
 			subject: id,
 			issuer: this.config.clientID,
 			jwtid: uuid.v4(),
 			noTimestamp: !this.config.appAuth.verifyTimestamp,
-			headers: {
-				kid: this.config.appAuth.keyID
-			}
+			keyid: this.config.appAuth.keyID
 		};
 		var keyParams = {
 			key: this.config.appAuth.privateKey,
@@ -354,7 +361,9 @@ TokenManager.prototype = {
 	 * @param {string} accessToken - The valid access token to exchange
 	 * @param {string|string[]} scopes - The scope(s) of the new access token
 	 * @param {string} [resource] - The absolute URL of an API resource to restrict the new token to
-	 * @param {TokenRequestOptions} [options] - Sets optional behavior for the token grant
+	 * @param {Object} [options] - Optional parameters
+	 * @param {TokenRequestOptions} [options.tokenRequestOptions] - Sets optional behavior for the token grant
+	 * @param {ActorParams} [options.actor] - Optional actor parameters for creating annotator tokens
 	 * @returns {Promise<TokenInfo>} Promise resolving to the new token info
 	 */
 	exchangeToken: function(accessToken, scopes, resource, options) {
@@ -362,14 +371,42 @@ TokenManager.prototype = {
 			grant_type: grantTypes.TOKEN_EXCHANGE,
 			subject_token_type: ACCESS_TOKEN_TYPE,
 			subject_token: accessToken,
-			scope: (typeof scopes === 'string' ? scopes : scopes.join(','))
+			scope: (typeof scopes === 'string' ? scopes : scopes.join(' '))
 		};
 
 		if (resource) {
 			params.resource = resource;
 		}
 
-		return this.getTokens(params, options);
+		if (options && options.actor) {
+
+			var payload = {
+				iss: this.config.clientID,
+				sub: options.actor.id,
+				aud: BOX_JWT_AUDIENCE,
+				jti: uuid.v4(),
+				box_sub_type: 'external',
+				name: options.actor.name
+			};
+
+			var jwtOptions = {
+				algorithm: 'none',
+				expiresIn: '1m',
+				noTimestamp: true
+			};
+
+			var token;
+			try {
+				token = jwt.sign(payload, 'UNUSED', jwtOptions);
+			} catch (jwtError) {
+				return Promise.reject(jwtError);
+			}
+
+			params.actor_token = token;
+			params.actor_token_type = ACTOR_TOKEN_TYPE;
+		}
+
+		return this.getTokens(params, options && options.tokenRequestOptions ? options.tokenRequestOptions : null);
 	},
 
 	/**

package/lib/util/paging-iterator.js

@@ -72,6 +72,7 @@ class PagingIterator {
 			throw new Error('Cannot create paging iterator for non-paged response!');
 		}
 
+
 		var data = response.body;
 
 		if (Number.isSafeInteger(data.offset)) {
@@ -81,7 +82,10 @@ class PagingIterator {
 			this.nextField = PAGING_MODES.MARKER;
 			this.nextValue = data.next_marker;
 		} else {
-			throw new Error('Unable to determine paging strategy for response!');
+			// Default to a finished marker collection when there's no field present,
+			// since some endpoints indicate completed paging this way
+			this.nextField = PAGING_MODES.MARKER;
+			this.nextValue = null;
 		}
 
 		this.limit = data.limit || data.entries.length;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "box-node-sdk",
   "author": "Box <oss@box.com>",
-  "version": "1.9.0",
+  "version": "1.12.0",
   "description": "Official Box SDK for Node.js",
   "license": "Apache-2.0",
   "repository": {
@@ -25,7 +25,7 @@
   "dependencies": {
     "bluebird": "^3.5.0",
     "http-status": "^0.2.2",
-    "jsonwebtoken": "^5.7.0",
+    "jsonwebtoken": "^8.1.0",
     "merge-options": "0.0.64",
     "promise-queue": "^2.2.3",
     "request": "^2.74.0",
@@ -34,13 +34,15 @@
   "devDependencies": {
     "chai": "^4.1.1",
     "eslint": "^2.8.0",
-    "istanbul": "^0.4.3",
-    "jsdoc": "^3.4.0",
+    "jsdoc": "^3.5.5",
     "jsonlint": "~1.6.2",
-    "leche": "^2.1.1",
-    "mocha": "^2.4.5",
+    "leche": "^2.2.2",
+    "mocha": "^4.0.1",
     "mockery": "^1.4.1",
     "nock": "^9.0.13",
+    "nsp": "^3.1.0",
+    "nyc": "^11.3.0",
+    "semver": "^5.4.1",
     "shelljs": "^0.3.0",
     "shelljs-nodecli": "^0.1.1",
     "sinon": "^1.17.3"

package/.npmignore

@@ -1,4 +0,0 @@
-/tests/
-/docs/
-/examples/
-/coverage/