Correct OAuth2 url config

The configuration was using an out-of-date url for OAuth2,
possibly from an deprecated version of the Box API.

Use the correct (according to the official documentation at
<https://developers.box.com/docs/>) urls for OAuth2.

Author: jmoldow

boxsdk/auth/oauth2.py

@@ -99,8 +99,8 @@ def get_authorization_url(self, redirect_url):
             (`unicode`, `unicode`)
         """
         csrf_token = self._get_state_csrf_token()
-        return '{0}/authorize?state={1}&response_type=code&client_id={2}&redirect_uri={3}'.format(
-            API.OAUTH2_URL,
+        return '{0}?state={1}&response_type=code&client_id={2}&redirect_uri={3}'.format(
+            API.OAUTH2_AUTHORIZE_URL,
             csrf_token,
             self._client_id,
             redirect_url,
@@ -201,7 +201,7 @@ def send_token_request(self, data, access_token):
         :rtype:
             (`unicode`, `unicode`)
         """
-        url = '{base_auth_url}/token'.format(base_auth_url=API.OAUTH2_URL)
+        url = '{base_auth_url}/token'.format(base_auth_url=API.OAUTH2_API_URL)
         headers = {'content-type': 'application/x-www-form-urlencoded'}
         network_response = self._network_layer.request(
             'POST',

boxsdk/config.py

@@ -7,4 +7,5 @@ class API(object):
     """Configuration object containing the URLs for the Box API."""
     BASE_API_URL = 'https://api.box.com/2.0'
     UPLOAD_URL = 'https://upload.box.com/api/2.0'
-    OAUTH2_URL = 'https://www.box.com/api/oauth2'
+    OAUTH2_API_URL = 'https://api.box.com/oauth2'  # <https://developers.box.com/docs/#oauth-2>
+    OAUTH2_AUTHORIZE_URL = 'https://app.box.com/api/oauth2/authorize'  # <https://developers.box.com/docs/#oauth-2-authorize>

test/functional/conftest.py

@@ -50,7 +50,8 @@ def mock_box(mock_box_server, monkeypatch, client_id, client_secret, user_name,
     mock_box_server.reset_filesystem([(user_name, user_login)], [(client_id, client_secret, 0)])
     monkeypatch.setattr(API, 'BASE_API_URL', 'http://localhost:{0}'.format(Box.API_PORT))
     monkeypatch.setattr(API, 'UPLOAD_URL', 'http://localhost:{0}'.format(Box.UPLOAD_PORT))
-    monkeypatch.setattr(API, 'OAUTH2_URL', 'http://localhost:{0}'.format(Box.OAUTH_PORT))
+    monkeypatch.setattr(API, 'OAUTH2_API_URL', 'http://localhost:{0}'.format(Box.OAUTH_API_PORT))
+    monkeypatch.setattr(API, 'OAUTH2_AUTHORIZE_URL', 'http://localhost:{0}'.format(Box.OAUTH_AUTHORIZE_PORT))
     return mock_box_server
 
 

test/functional/mock_box/box.py

@@ -48,8 +48,9 @@ class Box(object):
     """
     API_PORT = 8086
     UPLOAD_PORT = 8087
-    OAUTH_PORT = 8088
+    OAUTH_API_PORT = 8088
     EVENT_PORT = 8089
+    OAUTH_AUTHORIZE_PORT = 8090
     RATE_LIMIT_THRESHOLD = 100
     RATE_LIMIT_REQUEST_PER_SECOND = 4
 
@@ -60,12 +61,13 @@ def __init__(self):
         self._db_session_maker = None
         self.reset_filesystem()
         # Mock Box consists of 3 webservers - one for the content API, one for the upload API, and one for OAuth2
-        api, upload, oauth, event = Bottle(), Bottle(), Bottle(), Bottle()
+        api, upload, oauth_api, event, oauth_authorize = Bottle(), Bottle(), Bottle(), Bottle(), Bottle()
         app_mapping = {
             self.API_PORT: api,
             self.EVENT_PORT: event,
-            self.OAUTH_PORT: oauth,
+            self.OAUTH_API_PORT: oauth_api,
             self.UPLOAD_PORT: upload,
+            self.OAUTH_AUTHORIZE_PORT: oauth_authorize,
         }
         # Since we don't instantiate the servers until Box is instantiated, we have to apply the routes now
         for routed_method in (getattr(self, m) for m in dir(self) if hasattr(getattr(self, m), 'route')):
@@ -77,8 +79,9 @@ def __init__(self):
                 app.error(code)(self.handle_error)
         self._api = StoppableWSGIRefServer(host='localhost', port=self.API_PORT).run(api)
         self._upload = StoppableWSGIRefServer(host='localhost', port=self.UPLOAD_PORT).run(upload)
-        self._oauth = StoppableWSGIRefServer(host='localhost', port=self.OAUTH_PORT).run(oauth)
+        self._oauth_api = StoppableWSGIRefServer(host='localhost', port=self.OAUTH_API_PORT).run(oauth_api)
         self._event = StoppableWSGIRefServer(host='localhost', port=self.EVENT_PORT).run(event)
+        self._oauth_authorize = StoppableWSGIRefServer(host='localhost', port=self.OAUTH_AUTHORIZE_PORT).run(oauth_authorize)
         self._rate_limit_bucket = (self.RATE_LIMIT_THRESHOLD, datetime.utcnow())
 
     @staticmethod
@@ -90,10 +93,12 @@ def shutdown(self):
         """Shutdown the webservers and wait for them to exit."""
         self._api.shutdown()
         self._upload.shutdown()
-        self._oauth.shutdown()
+        self._oauth_api.shutdown()
+        self._oauth_authorize.shutdown()
         self._api.wait()
         self._upload.wait()
-        self._oauth.wait()
+        self._oauth_api.wait()
+        self._oauth_authorize.wait()
 
     def reset_filesystem(self, users=(), applications=()):
         """
@@ -175,20 +180,20 @@ def append_to_request_log(self):
 
     @log_request
     @allow_chaos
-    @GET(OAUTH_PORT, '/authorize')
+    @GET(OAUTH_AUTHORIZE_PORT, '/')
     @view('oauth2')
     def oauth2_authorize(self):
         return self._oauth_behavior.oauth2_authorize()
 
     @log_request
     @allow_chaos
-    @POST(OAUTH_PORT, '/authorize')
+    @POST(OAUTH_AUTHORIZE_PORT, '/')
     def oauth2_finish_loop(self):
         return self._oauth_behavior.oauth2_finish_loop()
 
     @log_request
     @allow_chaos
-    @POST(OAUTH_PORT, '/token')
+    @POST(OAUTH_API_PORT, '/token')
     def oauth2_token(self):
         return self._oauth_behavior.oauth2_token()
 

test/integration/test_retry_and_refresh.py

@@ -27,7 +27,7 @@ def test_automatic_refresh(
         ),
         call(
             'POST',
-            '{0}/token'.format(API.OAUTH2_URL),
+            '{0}/token'.format(API.OAUTH2_API_URL),
             data=ANY,
             headers={'content-type': 'application/x-www-form-urlencoded'},
         ),

test/unit/auth/test_oauth2.py

@@ -22,8 +22,8 @@ def test_get_correct_authorization_url():
     )
     redirect_url = 'http://some.redirect.url.com'
     auth_url, csrf_token = oauth2.get_authorization_url(redirect_url)
-    assert auth_url == '{0}/authorize?state={1}&response_type=code&client_id={2}&redirect_uri={3}'.format(
-        API.OAUTH2_URL,
+    assert auth_url == '{0}?state={1}&response_type=code&client_id={2}&redirect_uri={3}'.format(
+        API.OAUTH2_AUTHORIZE_URL,
         csrf_token,
         fake_client_id,
         redirect_url,
@@ -55,7 +55,7 @@ def test_authenticate_send_post_request_with_correct_params(mock_network_layer,
 
     mock_network_layer.request.assert_called_once_with(
         'POST',
-        '{0}/token'.format(API.OAUTH2_URL),
+        '{0}/token'.format(API.OAUTH2_API_URL),
         data=data,
         headers={'content-type': 'application/x-www-form-urlencoded'},
         access_token=None,
@@ -106,7 +106,7 @@ def test_refresh_send_post_request_with_correct_params_and_handles_multiple_requ
     # and it was made with the correct params.
     mock_network_layer.request.assert_called_once_with(
         'POST',
-        '{0}/token'.format(API.OAUTH2_URL),
+        '{0}/token'.format(API.OAUTH2_API_URL),
         data=data,
         headers={'content-type': 'application/x-www-form-urlencoded'},
         access_token=fake_access_token,