[ANNOUNCEMENT] Dropbox node versie 2.1.0 (beta) - refresh token refactored

Hi folks,

We introduced in version 2.0.0 of the dropbox node the concept of refresh tokens, to allow this node to support the new stronger Dropbox security guidelines.

However our mechanism was based on OAauth2 redirect url's, which required the connection between Node-RED and the flow editor to be SSL with certificates signed by a trusted CA (e.g. LetsEncrypt). Normally it is bad practice to use plain HTTP, however when everything (flow editor, Node-RED, ...) is located in a secure LAN behind a firewall this should be possible.

Therefore I have completely refactored the code, and now the Oauth2 related code is completely moved to the frontend part of the Dropbox node. Now it allows both HTTP and HTTPS connections.
*CAUTION: it is highly disadvised to use plain HTTP outside your LAN!! And even within your LAN it is better to use HTTPS.
But of course that is a general guideline, and is not specific for this node. So I would like to not discuss that further here, and keep this discussion focussed on the Dropbox node...

The below diagram shows an overview of the entire refresh token request flow:

The pull request has been submitted:

It would be nice if some folks could test this change. Otherwise we will risc (again) to publish a version that is not widely usable by all users.

However I am not quite sure what is the easiest way to test this version, since the dropbox node is part of a suite of other nodes. Hopefully somebody can share here some tips about that.

Hopefully it now works for everybody...
Bart

I recall that @Colin has previously found a way to install direct from your repo (which I can't find now :thinking:)
Could you re-post pls Colin?

I think this is the installation procedure from @Colin that you were referring to.
So it would be nice if some people could test this, before I publish it for the big audience.
Thanks!

I have now turned my language in Dropbox from Dutch to English to show the screenshots in English:

I think this diagram should be added to the readme page of the dropbox node. Unlike in the previous version were my diagram explained the technical flow between the endpoints, this new diagram only explains which screens the user will get to see.

Such diagrams help me to see where I the process I am situated. Like e.g. when I am configuring my Google home node, I always get lost in what I am doing at the moment. Or whether it is normal if I see some screen at some time within the process....

Where do you store the beta? With Colin's directions I only get version 2.0.0

Hi @Frida,
Thanks for testing!
It is in my Github repository under the "dropbox-refresh-token-refactored" branch.
So I think that between the cd and npm install you need to do git checkout dropbox-refresh-token-refactored. That way git will get the files from that branch and store it in your directory...

Because your changes are in a branch, this is the revised process to test the new version;

cd ~
git clone --single-branch --branch dropbox-refresh-token-refactored https://github.com/bartbutenaers/node-red-web-nodes
cd node-red-web-nodes/dropbox
npm install
cd ~/.node-red
npm install ~/node-red-web-nodes/dropbox
node-red-stop;node-red-start

@BartButenaers - I've repeated the whole process 3 times this morning, and uploaded numerous sample files without issue. It was very quick & easy, and the instructions are very clear :tada:

The only suggestion I'd make would be to change the button label top right of node properties from 'Update' to 'Save', which may be a more natural process for users.

drop

Hey @Paul-Reed,
Thanks for testing!!
I assume you have tested only via https to Node-RED?
Will have a look tonight whether I can change that button label. Never had a look at it. Thought it was always looking the same for all nodes...

Yes, correct.

1 Like

It was just what was missing. First tried directly on an rpi locally. Then on another rpi from a mac.
Everything went according to plan.
Thanks for a good piece of advice.

1 Like

@Frida,
Did you use a http or a https connection for your flow editor while testing?

http://192.168.5.85:1880/#flow/xxx...xxx
It's http I can see.

2 Likes

@BartButenaers Just tried the new node, everything went fine until the OAuth2 pop-up. This worked but gave an error message

This app has reached its user limit. Contact the app developer and ask them to use the Dropbox API App Console to increase their app's user limit.

Edit: using HTTP from browser on PC with Node-RED on Ubuntu in a VM. Will try on a Pi

Tried on Pi and got

npm WARN dropbox@10.34.0 requires a peer of @types/node-fetch@^2.5.7 but none is installed. You must install peer dependencies yourself.

What have I missed?

Did you just try it once and got the error, or did you get it after several attempts?
I've had that same error (with the previous Dropbox version) after I had made a silly mistake in entering the credentials (my fault!). I tried a few times, then got the 'user limit' message.
I left it a few hours, corrected my error, and then everything worked OK.

Just the once.

Full log from npm install ~/node-red-web-nodes/dropbox

pi@PiVPN:~/.node-red $ npm install ~/node-red-web-nodes/dropbox
npm WARN dropbox@10.34.0 requires a peer of @types/node-fetch@^2.5.7 but none is installed. You must install peer dependencies yourself.

npm ERR! code ENOENT
npm ERR! syscall rename
npm ERR! path /home/pi/.node-red/node_modules/.staging/node-red-node-dropbox-83c3ac53/node_modules/balanced-match
npm ERR! dest /home/pi/.node-red/node_modules/.staging/balanced-match-cab3dc10
npm ERR! errno -2
npm ERR! enoent ENOENT: no such file or directory, rename '/home/pi/.node-red/node_modules/.staging/node-red-node-dropbox-83c3ac53/node_modules/balanced-match' -> '/home/pi/.node-red/node_modules/.staging/balanced-match-cab3dc10'
npm ERR! enoent This is related to npm not being able to find a file.
npm ERR! enoent

npm ERR! A complete log of this run can be found in:
npm ERR!     /home/pi/.npm/_logs/2023-01-07T20_41_40_043Z-debug.log

Is your OS up to date:
sudo apt update && sudo apt full-upgrade

Yes

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded

Pi running on Buster (If that makes any difference)

I had a similar issue last week when I used the dropbox app from @Paul-Reed to test. But then I switched to my own app and the issue hasn't occured anymore.

I am not using Dropbox myself so I am not a specialist. But read this somewhere:
If you have created your own Dropbox app, you can only connect to it from one domain and for 1 Dropbox account. However you can increase the number of accounts/domains without applying for production by clicking on 'Enable additional users' in the App Console (Login - Dropbox).

I suspect this was my problem: Paul had accessed his test dropbox account via domain A (e.g. https;//domain.from.paul) and I wanted to access the same dropbox account via domain B (e.g. https://domain.from.bart). Which seems not to be allowed. Did you do anything similar in your test?

The setting looks like this in my own Dropbox account, so I assume I can also use it only via one domain:

I have no clue. I haven't used node-fetch in my code. I see here that the dropbox (sdk) library uses @types/node-fetch as a peer dependency. But I haven't changed anything about that: the dropbox node was already using the dropbox javascript sdk library in the past.

I assume it now occurs for you because here it seems that the dropbox SDK uses node-fetch to refresh the access token (based on your refresh token).

But I don't use npm enough to troubleshoot this. Hopefully somebody else can give some tips...
Should I perhaps add the node-fetch library as a dependency to the dropbox node?

1 Like

Here you can find the official documentation. So it seems indeed - while your app is still in development mode- you can allow more clients to access your app, via that setting in your Dropbox account. I haven't tested it!

Tried that and it worked although I may have messed up somewhere else before (now shows 1 / 500). Thank you. Still no joy with the Pi.

One suggestion And set the required app permissions, it would probably be worth putting in that

files.content.write             Edit content of your Dropbox files and folders
files.content.read              View content of your Dropbox files and folders

should be ticked in the Permissions tab otherwise it doesn't work. May be obvious to some but I bet there are others like me who are not so sharp.