When scrubbing box urls of access token parameters, only return
the processed URL if the access token was removed. If it was not
removed, return the original URL string. This prevents issues with
local file URLs being parsed and replaced with invalid paths.
Fixes: #12340#12350#12320
Replace the `VAGRANT_ALLOW_PARAM_AUTH_TOKEN` environment variable
with `VAGRANT_SERVER_ACCESS_TOKEN_BY_URL` and update the behavior
when the environment variable is set to add the access token as
a query parameter and disable the addition of the authentication
header.
Fixes#12080
When uploading box file, check if the size is greater than
5GB. If the size is larger and the direct to storage option
is enabled, disable the option due to current 5GB restriction
on direct uploads.
Some client setup locations where not using the custom helper
method for the vagrant server URL value so they have been
updated. The api path is also appended if it is not set for
custom server URLs
This sets the `authenticate_box_url` hook as deprecated and also
disables the cloud auth middleware from adding an access token
as a URL parameter by default. An environment variable has been
added which can be used for re-enabling the access token URL
parameter behavior if required for some legacy system which does
not support the authorization header.
This PR is dependent on the 2.1.0 release of the vagrant_cloud
library. It updates the `cloud` command to use the new interface
for interacting with the Vagrant Cloud API. It also adds support
for direct to backend storage uploads, and defaults to this
method.
Also included is a bit of cleanup refactoring, addition of method
documentation, and fixing up some small issues around custom username
usage within the internal client for authentication.
