[Auth] update multiauth logic to support refresh only calls using use… (#857)

* [Auth] update multiauth logic to support refresh only calls using user auth

Author: rogebrd

package.json

@@ -1,6 +1,6 @@
 {
     "name": "dropbox",
-    "version": "10.19.0",
+    "version": "10.20.0",
     "registry": "npm",
     "description": "The Dropbox JavaScript SDK is a lightweight, promise based interface to the Dropbox v2 API that works in both nodejs and browser environments.",
     "main": "cjs/index.js",

src/dropbox.js

@@ -77,20 +77,6 @@ export default class Dropbox {
   }
 
   request(path, args, auth, host, style) {
-    // checks for multiauth and assigns auth based on priority to create header in switch case
-    if (auth.split(',').length > 1) {
-      const authTypes = auth.replace(' ', '').split(',');
-      if (authTypes.includes(USER_AUTH) && this.auth.getAccessToken()) {
-        auth = USER_AUTH;
-      } else if (authTypes.includes(TEAM_AUTH) && this.auth.getAccessToken()) {
-        auth = TEAM_AUTH;
-      } else if (authTypes.includes(APP_AUTH)) {
-        auth = APP_AUTH;
-      } else {
-        auth = USER_AUTH; // Default to user auth
-      }
-    }
-
     switch (style) {
       case RPC:
         return this.rpcRequest(path, args, auth, host);
@@ -178,6 +164,18 @@ export default class Dropbox {
   }
 
   setAuthHeaders(auth, fetchOptions) {
+    // checks for multiauth and assigns auth based on priority to create header in switch case
+    if (auth.split(',').length > 1) {
+      const authTypes = auth.replace(' ', '').split(',');
+      if (authTypes.includes(USER_AUTH) && this.auth.getAccessToken()) {
+        auth = USER_AUTH;
+      } else if (authTypes.includes(TEAM_AUTH) && this.auth.getAccessToken()) {
+        auth = TEAM_AUTH;
+      } else if (authTypes.includes(APP_AUTH)) {
+        auth = APP_AUTH;
+      }
+    }
+
     switch (auth) {
       case APP_AUTH:
         if (this.auth.clientId && this.auth.clientSecret) {

test/unit/dropbox.js

@@ -96,51 +96,6 @@ describe('Dropbox', () => {
       chai.assert.deepEqual({}, dbx.rpcRequest.getCall(0).args[1]);
     });
 
-    it('completes a multiauth RPC request with user auth when supplied with an accessToken', () => {
-      const dbxAuth = new DropboxAuth({ accessToken: 'foo' });
-      const dbx = new Dropbox({ auth: dbxAuth });
-      const rpcSpy = sinon.spy(dbx, 'rpcRequest');
-      dbx.request('path', {}, 'user, app', 'api', RPC)
-        .catch((error) => {
-          fail(error);
-        });
-      chai.assert.isTrue(rpcSpy.calledOnce);
-      chai.assert.equal('path', dbx.rpcRequest.getCall(0).args[0]);
-      chai.assert.deepEqual({}, dbx.rpcRequest.getCall(0).args[1]);
-      chai.assert.equal(USER_AUTH, dbx.rpcRequest.getCall(0).args[2]);
-    });
-
-    it('completes a multiauth RPC request with team auth when supplied with an accessToken', () => {
-      const dbxAuth = new DropboxAuth({ accessToken: 'foo' });
-      const dbx = new Dropbox({ auth: dbxAuth });
-      const rpcSpy = sinon.spy(dbx, 'rpcRequest');
-      dbx.request('path', {}, 'team, app', 'api', RPC)
-        .catch((error) => {
-          fail(error);
-        });
-      chai.assert.isTrue(rpcSpy.calledOnce);
-      chai.assert.equal('path', dbx.rpcRequest.getCall(0).args[0]);
-      chai.assert.deepEqual({}, dbx.rpcRequest.getCall(0).args[1]);
-      chai.assert.equal(TEAM_AUTH, dbx.rpcRequest.getCall(0).args[2]);
-    });
-
-    it('completes a multiauth RPC request with app auth when not supplied with an accessToken', () => {
-      const dbxAuth = new DropboxAuth({
-        clientID: 'foo',
-        clientSecret: 'bar',
-      });
-      const dbx = new Dropbox({ auth: dbxAuth });
-      const rpcSpy = sinon.spy(dbx, 'rpcRequest');
-      dbx.request('path', {}, 'user, app', 'api', RPC)
-        .catch((error) => {
-          fail(error);
-        });
-      chai.assert.isTrue(rpcSpy.calledOnce);
-      chai.assert.equal('path', dbx.rpcRequest.getCall(0).args[0]);
-      chai.assert.deepEqual({}, dbx.rpcRequest.getCall(0).args[1]);
-      chai.assert.equal(APP_AUTH, dbx.rpcRequest.getCall(0).args[2]);
-    });
-
     it('completes a cookie auth RPC request', () => {
       const dbxAuth = new DropboxAuth();
       const dbx = new Dropbox({ auth: dbxAuth });
@@ -248,4 +203,52 @@ describe('Dropbox', () => {
       chai.assert.equal(headers.cookie, 'hash');
     });
   });
+
+  describe('setAuthHeaders', () => {
+    const authTypes = ['user', 'app', 'team', 'noauth', 'user, app', 'team, app', 'cookie'];
+    for (const auth of authTypes) {
+      for (const hasAccessToken of [true, false]) {
+        for (const hasAppKeys of [true, false]) {
+          it(`correctly sets auth headers given '${auth}' auth and ${hasAccessToken ? 'has' : 'does not have'} an access token`, () => {
+            const dbx = new Dropbox({
+              accessToken: hasAccessToken ? 'token' : undefined,
+              clientId: hasAppKeys ? 'app_key' : undefined,
+              clientSecret: hasAppKeys ? 'app_secret' : undefined,
+            });
+
+            const fetchOptions = {
+              headers: {},
+            };
+
+            const isExpectedToHaveTokenHeader = hasAccessToken && (auth.includes('user') || auth.includes('team'));
+            const isExpectedToHaveAppHeader = ((auth === 'app') || (auth.includes('app') && !hasAccessToken)) && hasAppKeys;
+
+            dbx.setAuthHeaders(auth, fetchOptions);
+
+            const { headers } = fetchOptions;
+            if (isExpectedToHaveAppHeader) {
+              chai.assert.isTrue(headers.Authorization.includes('Basic'));
+            } else if (isExpectedToHaveTokenHeader) {
+              chai.assert.isTrue(headers.Authorization.includes('Bearer'));
+            } else {
+              chai.assert.deepEqual(headers, {});
+            }
+          });
+        }
+      }
+    }
+
+    it('throws an error on an invalid auth type', () => {
+      const dbx = new Dropbox();
+
+      const fetchOptions = {
+        headers: {},
+      };
+
+      chai.assert.throws(
+        Dropbox.prototype.setAuthHeaders.bind(Dropbox, 'bad auth type', fetchOptions),
+        Error,
+      );
+    });
+  });
 });