Feat/dropbox oauth encryption

[jeffrey-martinez]

PR Summary: [feat/dropbox-oauth-encryption] Move Dropbox OAuth to Shared Encryption Framework and Fix Lints

Description:

Migrates the Dropbox action to fully utilize the shared actions-wide encryption framework for OAuth state, standardizing its security footprint alongside Google Ads, Facebook, and Airtable.

Summary of Changes:

src/actions/dropbox/dropbox.ts: Replaced legacy implementation with oauthExtractTokensFromStateJson and oauthMaybeEncryptTokens wrappers. Updated dropboxClientFromRequest to be async to support token extraction and updated its callers.

src/actions/dropbox/test_dropbox.ts: Fixed lint errors:
Marked functions that return promises as async to satisfy promise-function-async.
Replaced await chai.expect(action.execute(request)).to.be.fulfilled with direct await action.execute(request) to solve Invalid await of a non-Promise value constraints (typing mismatches in chai-as-promised).

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the security and consistency of the Dropbox integration by adopting a standardized, shared encryption framework for OAuth tokens. This change streamlines the handling of sensitive authentication data, making the Dropbox action more robust and maintainable, while also improving the overall code quality through targeted lint fixes and updated test practices.

Highlights

• OAuth Encryption Framework Integration: The Dropbox action has been migrated to utilize a shared, actions-wide encryption framework for OAuth state, aligning its security practices with other integrations like Google Ads, Facebook, and Airtable. This involves using oauthExtractTokensFromStateJson for decryption and oauthMaybeEncryptTokens for encryption.
• Asynchronous Client Initialization: The dropboxClientFromRequest method, responsible for initializing the Dropbox client, has been updated to be asynchronous. This change propagates through its callers (execute, form, oauthCheck), ensuring proper handling of token extraction and client setup.
• Linting and Test Improvements: Lint errors in test files were addressed by marking promise-returning functions as async and replacing chai-as-promised assertions with direct await calls, resolving typing mismatches. New tests were also added to specifically verify the functionality of the new OAuth encryption methods.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully migrates the Dropbox action to use the shared OAuth encryption framework, which is a great step for security and standardization. The changes correctly replace direct JSON parsing with the new oauthExtractTokensFromStateJson and oauthMaybeEncryptTokens helpers. The tests have also been updated accordingly. I've found a couple of areas for improvement in error handling: one critical issue where a null check is missing, which could lead to a runtime error, and another medium-severity issue with a misleading log message in a catch block. Applying these suggestions will make the code more robust.