cburnette / boxr Goto Github PK

Specifically, https://github.com/cburnette/boxr/blob/master/lib/boxr.rb#L57 means that the BOX_CLIENT can't use the webmock proxy.

Could this be moved to Boxr::Client.new?

See: bblimke/webmock#608

Problem - unsupported feature

When making a call to obtain an access token using the "client_credentials" grant_type, the required information is not registered by Boxr::get_tokens

Boxr::get_tokens(grant_type: 'client_credentials', box_subject_type: 'enterprise', box_subject_id: '123455678')
*** ArgumentError Exception: unknown keywords: box_subject_type, box_subject_id

Solution

Allow keywords box_subject_type and box_subject_id which are required for Client Credentials

Hi,

This is duplicated post with here, because I got no comments.

Anybody has any comments?

I'm building my simple app associated with Box API. It is built on Ruby and Rails and Boxr as Ruby client library for Box Content API. https://github.com/cburnette/boxr
It works pefect on my Mac, but it happens weird behavior on Windows server.
On Windows server, when I call get_user_token method, then it make me wait about 10 seconds and it returns 400 error with message "Current date/time MUST be before the expiration date/time listed in the 'exp' claim", however I try to call it again, works fine.
Server time is synchronized with NTP server.
Whant happen on Box? How can I fix this?

Ruby 2.3.1
Rails 5.0.0.1
Boxr 1.2.0

PS C:\Users\foo\baz\foo\current> bundle exec rails console
Loading production environment (Rails 5.0.0.1)
irb(main):001:0>   def private_key
irb(main):002:1>     OpenSSL::PKey::RSA.new(Settings.box.private_key,
irb(main):003:2*                            Settings.box.private_key_pass_phrase)
irb(main):004:1>   end
=> :private_key
irb(main):005:0>
irb(main):006:0*   def user_token
irb(main):007:1>     Boxr.get_user_token(Settings.box.app_user_id.to_s,
irb(main):008:2*                         private_key: private_key,
irb(main):009:2*                         private_key_password: Settings.box.private_key_pass_phrase,
irb(main):010:2*                         public_key_id: Settings.box.public_key_id,
irb(main):011:2*                         client_id: Settings.box.client_id,
irb(main):012:2*                         client_secret: Settings.box.client_secret)
irb(main):013:1>   end
=> :user_token
irb(main):014:0> tok = user_token
Boxr::BoxrError: 400: {"error":"invalid_grant","error_description":"Current date\/time MUST be before the expiration date\/time listed in the 'exp' claim"}
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/boxr-1.2.0/lib/boxr/auth.rb:90:in `auth_post'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/boxr-1.2.0/lib/boxr/auth.rb:24:in `get_tokens'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/boxr-1.2.0/lib/boxr/auth.rb:39:in `get_user_token'
        from (irb):7:in `user_token'
        from (irb):14
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/railties-5.0.0.1/lib/rails/commands/console.rb:65:in `start'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/railties-5.0.0.1/lib/rails/commands/console_helper.rb:9:in `start'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:78:in `console'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/railties-5.0.0.1/lib/rails/commands/commands_tasks.rb:49:in `run_command
!'
        from C:/Users/foo/baz/foo/shared/vendor/bundle/ruby/2.3.0/gems/railties-5.0.0.1/lib/rails/commands.rb:18:in `<top (required)>'
        from bin/rails:9:in `require'
        from bin/rails:9:in `<main>'
irb(main):015:0> tok = user_token
=> #<BoxrMash access_token="xxxxxxxxxxxxxxxxx" expires_in=4199 restricted_to=#<Hashie::Array []> token_type="bearer">

irb(main):019:0> client.folder_from_id(id)

W, [2017-02-21T13:25:35.192110 #97315] WARN -- : You are setting a key that conflicts with a built-in method BoxrMash#size defined at /Users/username/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/boxr-1.2.0/lib/Boxr.rb:45. This can cause unexpected behavior when accessing the key via as a property. You can still access the key via the #[] method.

how to configure boxr with paperclip and use it with existing model of rails

https://github.com/cburnette/boxr/blob/master/lib/boxr/files.rb#L96
the 'until file' will always stop, because 'file' is a parameter of the method, which is not nil.
So it seems that this method won't work upon 202.

Any plans to support Box's View API?

https://box-view.readme.io/reference

I want to use boxr via proxy server

https://github.com/cburnette/boxr/blob/master/lib/boxr.rb#L68
Would you like to be able to specify a proxy server here

https://www.rubydoc.info/gems/httpclient/HTTPClient

  BOX_CLIENT = HTTPClient.new('http://myproxy:8080')

Thanks for the helpful project :)

How can a large file be transferred from S3 to Box with Boxr without the use of a tmp file? Which methods should be called?

This code maxes out server memory so it doesn't seem like the transfer is being done in chunks.

filename = "video.mp4"
box_folder_id = "0"

s3_response = s3_client.get_object(bucket: "videos", key: filename)

box_file = box_client.upload_file_from_io(                                                        
  s3_response.body,
  box_folder_id,
  name: filename,
  preflight_check: false,
  send_content_md5: false
)

https://discuss.rubyonrails.org/t/transferring-files-from-s3-to-box-in-chunks-without-a-tmp-file/78841

Is there a way to extend the functionality of this to allow uploading files without needing a temporary file on disk to send (since that would be the only way that I know of to get a File object)? Heroku doesn't allow dynamic file (temp or permanent) storage on their servers.

Thanks!

can anyone help to show me examples of how to access data from search results?
i'm a bit lost on how to access data from Hashie::Array

Describe the bug
When chunked_upload_commit_from_io is called, it calls post in the client.

According to Box docs, it is possible to be returned a 202.

When Box returns a 202, since post only has success_codes: [201] defined, it will end up going into check_response_status and it will raise BoxrError.

Expected behavior
202 is a successful call and should be handled properly instead of raising an error

Is your feature request related to a problem? Please describe.
I want to be able to upload files to Box without first writing them to Disk. For example data uploaded to a Rails App.

Describe the solution you'd like
The current upload_file method always expects a filename, I would instead just provide the data.

Describe alternatives you've considered
I don't really know an alternative except writing the file to disk first.

Additional context
Thanks for the Ruby Gem 🙇

https://developer.box.com/v2.0/reference#add-a-collaboration

Hey there!

I wonder, could we somehow to download huge file from box.com, without spending all available RAM?
I mean downloading it by chunks.

When creating a shared link, I would like to be able to create a link with no expiration. This requires me to set the 'unshared_at' value that gets sent to box, to 'null'

Passing no value or a 'nil' value simply doesn't set the value to anything, which appears to then create a default 'unshared_at' date about 3 months in the future.

Is there an implementation of the /users/{USER_ID}/folders/{FOLDER_ID} functionality to move items in a users folder to another user?
https://box-content.readme.io/reference#move-folder-into-another-users-folder

Looking at your documentation there are a few move functions, but it's not clear if those are just to move files/folders within the current users file structure. If the above function is implemented, can you confirm whether the "as_user:" functionality needs to be enabled on our API key to do this?

Thx
~Calder

when the notify option is used, add_collaboration sends the API the :notify symbol when the API is expecting a boolean

https://github.com/cburnette/boxr/blob/v1.4.0/lib/boxr/collaborations.rb#L16

Describe the bug
Box is changing the headers it returns to be case insensitive. This will break this Gem. Deadline is May 10th, 2021.

The email Box sent out:

Hello Box Custom App Owner,

As previously communicated, we're reaching out to notify you of a change that may affect your Box application(s). If you've already taken corrective actions for your applications based on previous communication, please ignore this message.

On May 10th, 2021, as part of our continued infrastructure upgrade, Box's API response headers will standardize to return in a case insensitive manner, in line with industry best practices and our API documentation. Applications that are using these headers, such as "location" and "retry-after", will need to verify that their applications are checking for these headers in a case-insensitive fashion. Over the past 12 months Box has been upgrading its networking and observability infrastructure. These upgrades aim to improve reliability and availability of Box's products for our customers. This specific change allows Box to deploy an updated service proxy, enabling Box to more easily monitor service traffic, quickly find problem areas, and tune application performance.

How to verify whether your application(s) will be impacted
Verifying whether your application(s) will be impacted will require a review of your code. If you are solely using one of the official Box SDKs to connect to Box APIs, you will not be impacted as the SDKs handle response headers in a case-insensitive manner.

You may verify whether you are impacted with the following steps:
Locate the code in your application which handles the responses from Box API requests. If you are not extracting the response headers from these responses, you are not impacted.
If you are extracting those response headers, you may be impacted if you are expecting those headers in a case-sensitive fashion.

For instance, if you are expecting the "Location" header to be returned with a starting capital "L", a direct string comparison with a specific case, then your code will need to be altered to prevent it from breaking after the change is made.

How to make the change
To update the impacted application(s), ensure that you are checking these response headers in a case-insensitive manner. Specifically, your code should be built in a defensive way to ensure that if a header, such as "Location", is sent with an initial capital "L" or a lowercase "l", it'll be handled in the same way. For example, forcing all headers to lowercase before checking, or using a case-insensitive regex string check, are two viable methods for handling this process.

Additional dates to be aware of
In addition to the date that this change will take effect, May 10th, 2021, we will be running two tests to ensure that we can identify and support applications that may be impacted. During these tests, if your application is impacted, you may see an increase in error rates when checking for those headers. The current dates of these tests, which may shift, are:
March 15th, 2021
April 22nd, 2021

If you see an increase in failure rates during these periods, your application(s) will be impacted on May 10th, 2021 and will need to be adjusted using the above steps.

Where to get support
Should you have any issues or need further guidance, please file a ticket with our support team or post a request to our developer forum for any help needed.

We appreciate your partnership as we continue to enhance our services to best meet your business needs.

Thank you,
The Box Developer Team

See

Folder/file names are case-insensitive in box.

Please update your README with correct url for User as User.

This url is outdated and takes you to the Docs main "Overview" page.

• https://developers.box.com/docs/#users-as-user

.../gems/boxr-1.2.0/lib/boxr/client.rb:274: warning: constant ::Fixnum is deprecated

Describe the bug
*** Boxr::BoxrError Exception: 404: Not Found

To Reproduce
Steps to reproduce the behavior:

1. Install gem boxr in project using ruby 3.1.0 and rails 7.0.4
2. get_tokens
   token = Boxr.get_tokens(client_id: client_id, client_secret: client_secret, grant_type: 'client_credentials')
3. create client:
   client = Boxr::Client.new(token.access_token)
4. create_folder with client
   client.create_folder(folder_name, parent_folder_id)
5. raise exp:
   lib/boxr/client.rb:250:in 'check_response_status': 404: Not Found (Boxr::BoxrError)

Expected behavior
Folder created successfully

Screenshots

client = Boxr::Client.new(token.access_token)
client.create_folder(folder_name, parent_folder_id)

["/home/name_device/.rbenv/versions/3.1.0/lib/ruby/gems/3.1.0/gems/boxr-1.19.0/lib/boxr/client.rb:250:in `check_response_status'", 
"/home/name_device/.rbenv/versions/3.1.0/lib/ruby/gems/3.1.0/gems/boxr-1.19.0/lib/boxr/client.rb:160:in `post'", 
"/home/name_device/.rbenv/versions/3.1.0/lib/ruby/gems/3.1.0/gems/boxr-1.19.0/lib/boxr/folders.rb:54:in `create_folder'

Desktop:

• OS: Linux Ubuntu 22.04.1 LTS
• Ruby version: 3.1.0
• Rails version: 7.0.4
• boxr gem: https://github.com/cburnette/boxr

Please help me if you know the answer to this. Thank you so much!!!

Is your feature request related to a problem? Please describe.
The most recently released version of this gem (1.18.0) produces an error with the pinned hashie version, as seen in #41. This has been fixed in #112, but is not yet included in any released version. This has caused a huge amount of log spam that my applications must filter or suppress.

Describe the solution you'd like
A new version release that includes work completed in #112.

Describe alternatives you've considered
Currently, my workaround is to pin this gem's version via ref, like gem 'boxr', github: 'cburnette/boxr', ref: '140f0d'. However, I would prefer to rely on an official version.

Additional context
I would be happy to submit a PR to bump the version to 1.19.0, but did not see any documentation on whether that would meet the requirements for a version release. Please let me know if a PR would be welcome, or if there are other requirements that must be met before boxr can have a new version release.

client.search('2015', scope: nil, file_extensions: [], created_at_range_from_date: Date.parse('2015/01/01').rfc3339)

ArgumentError: unknown keyword: created_at_range_from_date

Using Standard OAuth 2.0 (User Authentication) to create box folder from one of my client app. Recently, we have implemented box webhook callback to upload file from box to AWS.

Currently, required to update the token manually in every hour as any of the ways mentioned below are not working now but way 2 were working before after implementing webhook I think.

• Token refresh callback as suggested in readme

• Called a method in every initialisation which perform following

 unless (Time.now.to_i >= Setting.box_token_expires_in.to_i - 300)
    token                        = Boxr::refresh_tokens(Setting.box_refresh_token, client_id: Setting.box_client_id, client_secret: Setting.box_client_secret)
    Setting.box_access_token     = token.access_token
    Setting.box_refresh_token    = token.refresh_token
    Setting.box_token_expires_in = Time.now.to_i + token.expires_in.to_i
end

• Used scheduler which execute above code snippet

Can anyone have any suggestion/solution in this regards?

Shouldn't the below evaluate AND instead of OR ?
if offset.nil? || limit.nil? users = get_all_with_pagination(uri, query: query, offset: 0, limit: DEFAULT_LIMIT) else

Also instead of passing in 'nil' to limit and offset, how about passing offset:0, limit:100 ?
This is the default vaule as stated in the dev docs
https://developer.box.com/reference#get-all-users-in-an-enterprise

def all_users(filter_term: nil, fields: [], offset: 0, limit: 100)

tokens = Boxr::get_enterprise_token(private_key: config['appAuth']['privateKey'])

client = Boxr::Client.new(tokens.access_token)

client.create_user("BoxUserAPI")

So that's my code. Creating the client succeeds. I can scan files and folders, stuff like that, but creating a user causes this error: check_response_status': 400: Bad Request (Boxr::BoxrError)

I'm setting up my web app on aws but then I get this error getting an enterprise token.
It works on my local machine. I've already included the private keys for my local machine and server.

Almost all environment variables are the same, except for the private key path and public key.
Enterprise ID is the same for both.

client.all_users(fields: [user_type: "managed"])
only returns user_id and type of the user.

It should return more information for each user

Add instructions for the chunked IO transfer methods added in #82, #83, #87.

Resolves #109.

Hello,
I'm unable to add the newest version of OJ to my rails app because boxr is a dependency, and it relies on an abysmally old version of OJ (v2.11.0, from 2014)

Describe the solution you'd like
I'd like for y'all to update your OJ version to the latest.

Describe alternatives you've considered
Use JSON instead for your gem, to reduce the number of dependencies.

I have to implement a capability where the pdf file should default open in the browser when a user tries to download a pdf file.

This gem provide a method download_url which returns a URL and when User clicks on the return URL, it forces the browser to download file instead of open in the browser.

I am using Rails and Boxr to create a mini Box.com for learning purposes. When I try to upload a file I have it saved in the public folder. I can get at the file in this folder easily by accessing the URL for it at: mydomain.com/uploads/example.txt (so I know I am providing a correct URL). I either get a 404 error or No such file or directory error from Boxr or Rails. I think what I am having the most trouble with is understanding what the path that I am supposed to give Boxr is. I have looked in the docs, examples and tests but I am unable to get the path correct to upload my files. I'd appreciate any help you can give.

Edit: I get a 404 error when trying to upload to root folder in Box. Other uploads seems to be working now, I figured out the path_to_file.

Edit: I don't know why but after writing this issue all my issues were solved. Probably just my misunderstanding of the documentation.
Closing issue.

Below code working fine for me with version 0.29.0

client = Boxr::Client.new(user.box_access_token)
box_files = client.search(file_extensions: 'pptx')

It was returning me files for the user, but some how created_at_range parameter not working for me.

box_files = client.search(file_extensions: 'pptx',created_at_range: "2014-05-15T13:35:01,2015-11-17T13:35:01")

It was always returning same set of files irrespective of what ever created_at_range I set .

So I upgraded the gem to current version, thinking it will solve my problem, But now the search not at all working.

This is the output on my rails console with version 1.0.0

2.2.1 :005 > client = Boxr::Client.new(user.box_access_token,
refresh_token: user.box_refresh_token,
client_id: Rails.application.secrets.box["client_id"],
client_secret: Rails.application.secrets.box["client_secret"])

** client returned successfully as below

Boxr::Client:0xb46c3ae0 @access_token="0U3TYhMldlgLBWArgDeuzVUeApdY7NRR", @refresh_token="DFo63AY73G8ASSmDgvEeojKK2x2mbGWdkgz2XM8841iBhNGqtJiqDwo1gn3koWR4", @client_id="w5w10iyui36h0wvi5j5e258rk0lqq7uh", @client_secret="c6RTxIqpncT6fZNsMadiziuwTohtKSVh", @enterprise_id=nil, @jwt_private_key=nil, @jwt_private_key_password=nil, @jwt_public_key_id=nil, @Identifier=nil, @as_user_id=nil, @token_refresh_listener=nil

2.2.1 :008 > box_files = client.search(file_extensions: 'pptx')

** searching on client return below error

Boxr::BoxrError: 400: Bad Request
from /home/arun/.rvm/gems/ruby-2.2.1@respond/gems/boxr-1.0.0/lib/boxr/client.rb:238:in check_response_status' from /home/arun/.rvm/gems/ruby-2.2.1@respond/gems/boxr-1.0.0/lib/boxr/client.rb:103:inget'
from /home/arun/.rvm/gems/ruby-2.2.1@respond/gems/boxr-1.0.0/lib/boxr/search.rb:48:in `search'

Can you please help me with what I am doing wrong here.

Since boxr depends on OJ, it can't be used with JRuby because OJ requires native extensions, and JRuby does not support native extensions. https://github.com/jruby/jruby/wiki/C-Extension-Alternatives

So I wrote an app a while ago to poll events and we noticed this week it had stop working. In reviewing the implementation, I found that it's essentially identical to the enterprise_events example.

The problem I'm seeing is that the actual client.enterprise_events_stream is returning a error of 400: nextStreamPosition value is malformed.

Any direction on what might this be causing?

Hello,

I got the below email from Box.

"We're reaching out to notify you of a change that may affect your Box application(s). On May 10th, 2021, as part of our continued infrastructure upgrade, Box's API response headers will standardize to always return as lowercase, in line with industry best practices and our API documentation. Applications that are using these headers, such as "location" and "retry-after", will need to verify that their applications are checking for these headers in a case-insensitive fashion. Over the past 12 months Box has been upgrading its networking and observability infrastructure. These upgrades aim to improve reliability and availability of Box's products for our customers. This specific change allows Box to deploy an updated service proxy, enabling Box to more easily monitor service traffic, quickly find problem areas, and tune application performance.

How to verify whether your application(s) will be impacted
Verifying whether your application(s) will be impacted will require a review of your code. If you are solely using one of the official Box SDKs to connect to Box APIs, you will not be impacted as the SDKs handle response headers in a case-insensitive manner.

You may verify whether you are impacted with the following steps:
· Locate the code in your application which handles the responses from Box API requests. If you are not extracting the response headers from these responses, you are not impacted.
· If you are extracting those response headers, you may be impacted if you are expecting those headers in a case-sensitive fashion.

For instance, if you are expecting the "Location" header to be returned with a starting capital "L", a direct string comparison with a specific case, then your code will need to be altered to prevent it from breaking after the change is made.

How to make the change
To update the impacted application(s), ensure that you are checking these response headers in a case-insensitive manner. Specifically, your code should be built in a defensive way to ensure that if a header, such as "Location", is sent with an initial capital "L" or a lowercase "l", it'll be handled in the same way. For example, forcing all headers to lowercase before checking, or using a case-insensitive regex string check, are two viable methods for handling this process.

Additional dates to be aware of
In addition to the date that this change will take effect, May 10th, 2021, we will be running two tests to ensure that we can identify and support applications that may be impacted. During these tests, if your application is impacted, you may see an increase in error rates when checking for those headers. The current dates of these tests, which may shift, are:
· March 15th, 2021
· April 22nd, 2021

When I check the code in boxr, there are couple places like header['WWW-Authenticate'], header['Location'], header['Retry-After'], headers['If-Match'], headers["Content-Type"].
Do you have a plan to deal this soon?

I got the following url {"field"=>"69028222", "value"=>"https://app.box.com/shared/static/qdvhm7lq9e23548w9XXXXXXXXXXXX.jpg"}. Currently, Boxr only supports downloading a file by providing the file id. Is there any work around about downloading a file based on the url using client?

Something like, client.download_file_by_url("https://app.box.com/shared/static/XXXXXXXXXXXX.jpg")

Describe the bug
all_users is returning all users without regard for arguments given.

To Reproduce
Steps to reproduce the behavior:

1. Create a Box client
2. Client.all_users(limit:1) returns all users.
3. Client.all_users(filter_term: "unique name") returns all users.

Expected behavior
Because the gem doesn't use the external_app_user_id as an available argument I need to create users where the name is the external id. Before creating a user I am attempting to verify that one hasn't been created already. all_users is returning all_users where I expect only users that match the name.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [iOS]

Additional context
I am solving this problem by manually filtering the response but this will not be sustainable as we're expected to reach xxx,xxx users in a year.

Perhaps I'm doing it wrong.

Hello,

I'm having problems understanding how to use this new SDK. Are their any example Rails applications on how to get started?

I previously came across this app:
https://github.com/atharvasystem/cloud-storage-app/blob/f719189f18370feaee0bfb3fafd02fa37b32b394/app/controllers/linked_accounts_controller.rb

Which showed me how to setup the redirect url, fetch an authorization token, and catch those errors with the old sdk.

I can't seem to find the right set of setting to use that makes boxr work properly

When I use it, I get this error

irb(main):130:0*         token = Boxr::get_enterprise_token(private_key: ENV['JWT_PRIVATE_KEY'],
irb(main):131:1*              private_key_password: ENV['JWT_PRIVATE_KEY_PASSWORD'],
irb(main):132:1*              public_key_id: ENV['JWT_PUBLIC_KEY_ID'],
irb(main):133:1*              enterprise_id: ENV['BOX_ENTERPRISE_ID'],
irb(main):134:1*              client_id: ENV['BOX_CLIENT_ID'],
irb(main):135:1*              client_secret: ENV['BOX_CLIENT_SECRET']);
irb(main):136:0*         box_client = Boxr::Client.new(token.access_token);
irb(main):137:0* box_client.folder_items(Boxr::ROOT)
Boxr::BoxrError: 403: Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."

I tried to configure the applications with the highest permissions that I was able to select

Any suggestions? Thanks!

Problem:
The boxr client is returning Boxr::BoxrError: 400: {"error":"invalid_client","error_description":"The client credentials are invalid"} with known good credentials.

Stats:
Rails: 5.0.0.rc1
Ruby: 2.3.0

Background:
I've got a rails app that is using the devise gem for omniauth support for authentication with the "omniauth-box-oauth2" for the box strategy.

I'm able to authenticate a user, begin using their token with the boxr gem to manage the user resources on their behalf. That part all worked fine. Then after an undetermined period, maybe an hour, the token is invalidated. I was expecting the boxr gem, because I passed the refresh_token during initialization, to auto refresh the token for me.

Here is my client initialization code:

token_refresh_listener = lambda { |access, refresh, identifier|
                          User.find(identifier).update_columns(
                            token: access,
                            refresh_token: refresh
                          )
                        }

client = Boxr::Client.new(
  @user.access_token,
  refresh_token: @user.refresh_token,
  client_id: ENV["BOX_CLIENT_ID"],
  client_secret:  ENV["BOX_CLIENT_SECRET"],
  identifier: @user.id,
  &token_refresh_listener
)

This however is not happening. I was confused so I just tired to use a native rest client to make the refresh call for a new token. Sure enough, it worked fine. I got a response new access and refresh tokens.

Still cautious I went to the database updated the corresponding user and tried to use boxr gem again. BOOM it magically started working. It was odd that the boxr gem didn't auto refresh but I though maybe I did something wrong?

Then an hour later it stopped again. After looking through the boxr code for a good bit I noticed that the refresh code here was looking for a 401 but the error I was getting was a 400 invalid_client. So it wasn't even getting a chance to try to refresh the token because it thinks the client is invalid

To make sure I wasn't crazy I tried to just use the boxr gem directly to refresh the token like so:

Boxr::refresh_tokens(User.first.refresh_token, client_id: ENV["BOX_CLIENT_ID"], client_secret: ENV["BOX_CLIENT_SECRET"])

This again returned:

Boxr::BoxrError: 400: {"error":"invalid_client","error_description":"The client credentials are invalid"}

confirming my suspicion that something wasn't right. The credentials aren't invalid though. They are the same creds I've been using the this time, and if I make a curl request or use some external request app to refresh the token and those creds it all works fine.

What am I missing?

Hi, folks!

I faced an issue with folder_from_path method.

When I have a deeply nested folders sequence, for example /1/2/3/4/5/6/7/8/9/10/.. and so on.
If I run folder_from_path, it runs an API request for each of these folders.

Such approach sometimes faces us with situation, when API calls limit is reached.
Another problem is that on 100 nested directories it takes too much time.

Maybe there is some workaround, or I could try to make PR with fix?

Is it possible to change the base url that the client uses to make requests, so that we can test if the application is in compliance with the Box's TLS 1.0 Deprecation?

It looks like there is an issue with httpclient's transparent_gzip_decompression
Using httpclient 2.8.3

client = Boxr::Client.new
client.root_folder_items
Zlib::GzipFile::Error: not in gzip format

Boxr.turn_on_debugging
client.root_folder_items
=> [#<BoxrMash ...>]

Using httpclient directly:

client = HTTPClient.new
client.transparent_gzip_decompression = true
client.get("https://api.box.com/2.0/folders/0", header: {Authorization: "Bearer #{ENV['BOX_DEVELOPER_TOKEN']}"})
Zlib::GzipFile::Error: not in gzip format

client.transparent_gzip_decompression = false
client.get("https://api.box.com/2.0/folders/0", header: {Authorization: "Bearer #{ENV['BOX_DEVELOPER_TOKEN']}"})
=> {"type":"folder", ...}

I've been trying to create an App User. To do this, I used Boxr::get_enterprise_token to create a client.
After creating the client, I tried calling create_user but I get this error:

Boxr::BoxrError: 403: Bearer realm="Service", error="insufficient_scope", error_description="The request requires higher privileges than provided by the access token."

Here's the code I wrote:

  def self.get_enterprise_token
    Boxr::get_enterprise_token(
      private_key: private_key,
      public_key_id: PUBLIC_KEY_ID,
      enterprise_id: BOX_ENTERPRISE_ID,
      client_id: BOX_CLIENT_ID,
      client_secret: BOX_CLIENT_SECRET)
  end

  def self.create_user(name, email)
    client = set_enterprise_client
    @app_user = client.create_user(name, login: email)
  end

  private

  def self.private_key
    OpenSSL::PKey::RSA.new(File.read("private_key.pem"), "mypassword")
  end

  def self.set_enterprise_client
    Boxr::Client.new(
      get_enterprise_token.access_token,
      client_id: BOX_CLIENT_ID,
      client_secret: BOX_CLIENT_SECRET,
      enterprise_id: BOX_ENTERPRISE_ID,
      jwt_private_key: private_key,
      jwt_public_key_id: PUBLIC_KEY_ID)

  end

It seems that Client#file_from_path doesn't return any of the codes/statuses that are return by the API (https://docs.box.com/docs/detailed-error-messages/)

begin
  file = box_client.file_from_path(box_path)
rescue Exception => e
  binding.pry
end
[1] pry(main)> e.code
=> nil
[2] pry(main)> e.status
=> nil

When trying to get tokens via JWT, I receive the following error:

Traceback (most recent call last):
lib/boxr/auth.rb:32:in `get_enterprise_token'
lib/boxr/auth.rb:24:in `get_tokens'
lib/boxr/auth.rb:92:in `auth_post': 400: {
  "error": "invalid_grant",
  "error_description": "Please check the 'exp' claim. The 'exp' value exceeds the maximum value of 60 seconds beyond the issue time."
} (Boxr::BoxrError)

The expiry time looks to be hardcoded as 10 seconds in the future, and it doesn't take even ~2 seconds to make this request after setting that expiry time. Why does this happen then?

For reference, I'm roughly following this guide. My environment variables are loaded from a typical .env, which looks like this:

BOX_CLIENT_ID="..."
BOX_CLIENT_SECRET="..."
BOX_ENTERPRISE_ID="..."
JWT_PUBLIC_KEY_ID="..."
JWT_PRIVATE_KEY="-----BEGIN ENCRYPTED PRIVATE KEY-----\n..."
JWT_PRIVATE_KEY_PASSWORD="..."

The code I'm running is as follows:

require 'dotenv/load'
require 'boxr'

tokens = Boxr::get_enterprise_token  # <-- error from underlying auth_post
box = Boxr::Client.new(tokens.access_token)

Am I using private keys incorrectly, or is there something else at play?