cbaclig-facebooker 1.0.67.2 → 1.0.67.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +7 -113
- data/facebooker.gemspec +1 -1
- data/lib/facebooker.rb +2 -2
- data/lib/facebooker/adapters/facebook_adapter.rb +4 -0
- data/lib/facebooker/rails/controller.rb +59 -33
- data/test/facebooker/rails/controller_test.rb +6 -7
- data/test/facebooker/rails_integration_test.rb +21 -0
- metadata +2 -2
data/README.rdoc
CHANGED
@@ -1,119 +1,13 @@
|
|
1
1
|
= Facebooker
|
2
2
|
|
3
|
-
*
|
3
|
+
* This is a fork to start implementing new Facebook API changes in Facebooker.
|
4
|
+
* For the original project and better documentation, see http://github.com/mmangino/facebooker.
|
4
5
|
|
5
|
-
==
|
6
|
+
== Implemented Features
|
6
7
|
|
7
|
-
|
8
|
+
* Handles cookies set by the new Javascript SDK to recognize logged-in Facebooker users on the server
|
9
|
+
* Exposes app_id in Facebooker module, like api_key and secret_key
|
8
10
|
|
9
|
-
|
10
|
-
* No dependencies outside of the Ruby standard library (This is true with Rails 2.1. Previous Rails versions require the JSON gem)
|
11
|
-
* Concrete classes and methods modeling the Facebook data, so it's easy for a Rubyist to understand what's available
|
12
|
-
* Well tested
|
11
|
+
== Wish List
|
13
12
|
|
14
|
-
|
15
|
-
== FEATURES/PROBLEMS:
|
16
|
-
|
17
|
-
* Idiomatic Ruby
|
18
|
-
* No dependencies outside of the Ruby standard library
|
19
|
-
* Concrete classes and methods modeling the Facebook data, so it's easy for a Rubyist to understand what's available
|
20
|
-
* Well tested
|
21
|
-
|
22
|
-
== SYNOPSIS:
|
23
|
-
|
24
|
-
View David Clements' {excellent tutorial}[http://apps.facebook.com/facebooker_tutorial] at {http://apps.facebook.com/facebooker_tutorial/}[http://apps.facebook.com/facebooker_tutorial] or check out {Developing Facebook Platform Applications with Rails}[http://www.pragprog.com/titles/mmfacer].
|
25
|
-
{Join the Mailing List}:[groups.google.com/group/facebooker]
|
26
|
-
|
27
|
-
== REQUIREMENTS:
|
28
|
-
|
29
|
-
None
|
30
|
-
|
31
|
-
== INSTALL:
|
32
|
-
|
33
|
-
=== Non Rails
|
34
|
-
|
35
|
-
The best way is:
|
36
|
-
|
37
|
-
gem install facebooker
|
38
|
-
|
39
|
-
If, for some reason, you can't/won't use RubyGems, you can do:
|
40
|
-
|
41
|
-
(sudo) ruby setup.rb
|
42
|
-
|
43
|
-
=== Rails
|
44
|
-
|
45
|
-
Facebooker can be installed as a Rails plugin by:
|
46
|
-
|
47
|
-
script/plugin install git://github.com/mmangino/facebooker.git
|
48
|
-
|
49
|
-
If you don't have git, the plugin can be downloaded from http://github.com/mmangino/facebooker/tarball/master
|
50
|
-
|
51
|
-
=== Using Gem in Rails
|
52
|
-
|
53
|
-
The rake task would not be added automatically, so to use it in rails you would have to add the following towards the end of your Rakefile:
|
54
|
-
|
55
|
-
require 'tasks/facebooker'
|
56
|
-
|
57
|
-
Once the plugin is installed, you will need to configure your Facebook app in config/facebooker.yml.
|
58
|
-
|
59
|
-
Your application users will need to have added the application in facebook to access all of facebooker's features. You enforce this by adding
|
60
|
-
|
61
|
-
ensure_application_is_installed_by_facebook_user
|
62
|
-
|
63
|
-
to your application controller.
|
64
|
-
|
65
|
-
To prevent a violation of Facebook Terms of Service while reducing log bloat, you should also add
|
66
|
-
|
67
|
-
filter_parameter_logging :fb_sig_friends
|
68
|
-
|
69
|
-
to your application controller.
|
70
|
-
|
71
|
-
== using MemCache session
|
72
|
-
|
73
|
-
Facebook uses some non alphanum characters in the session identifier which interfere with memcache stored sessions. If you want to use MemCache for storing sessions, you can override the valid session id method on memcache by placing the following code in an initializer:
|
74
|
-
|
75
|
-
# add - as an okay key
|
76
|
-
class CGI
|
77
|
-
class Session
|
78
|
-
class MemCacheStore
|
79
|
-
def check_id(id) #:nodoc:#
|
80
|
-
/[^0-9a-zA-Z\-\._]+/ =~ id.to_s ? false : true
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
== Other versions
|
87
|
-
|
88
|
-
A facebooker port for Sinatra is available at http://github.com/jsmestad/frankie/tree/master
|
89
|
-
|
90
|
-
== LICENSE:
|
91
|
-
|
92
|
-
(The MIT License)
|
93
|
-
|
94
|
-
Copyright (c) 2008-2009:
|
95
|
-
|
96
|
-
* Chad Fowler
|
97
|
-
* Patrick Ewing
|
98
|
-
* Mike Mangino
|
99
|
-
* Shane Vitarana
|
100
|
-
* Corey Innis
|
101
|
-
|
102
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
103
|
-
a copy of this software and associated documentation files (the
|
104
|
-
'Software'), to deal in the Software without restriction, including
|
105
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
106
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
107
|
-
permit persons to whom the Software is furnished to do so, subject to
|
108
|
-
the following conditions:
|
109
|
-
|
110
|
-
The above copyright notice and this permission notice shall be
|
111
|
-
included in all copies or substantial portions of the Software.
|
112
|
-
|
113
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
114
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
115
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
116
|
-
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
117
|
-
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
118
|
-
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
119
|
-
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
13
|
+
* ...
|
data/facebooker.gemspec
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{cbaclig-facebooker}
|
5
|
-
s.version = "1.0.67.
|
5
|
+
s.version = "1.0.67.3"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Chad Fowler", "Patrick Ewing", "Mike Mangino", "Shane Vitarana", "Corey Innis", "Mike Mangino"]
|
data/lib/facebooker.rb
CHANGED
@@ -48,7 +48,7 @@ module Facebooker
|
|
48
48
|
end
|
49
49
|
Thread.current[:fb_api_config] = @raw_facebooker_configuration unless Thread.current[:fb_api_config]
|
50
50
|
apply_configuration(@raw_facebooker_configuration)
|
51
|
-
end
|
51
|
+
end
|
52
52
|
|
53
53
|
# Sets the Facebook environment based on a hash of options.
|
54
54
|
# By default the hash passed in is loaded from facebooker.yml, but it can also be passed in
|
@@ -170,7 +170,7 @@ module Facebooker
|
|
170
170
|
@timeout
|
171
171
|
end
|
172
172
|
|
173
|
-
[:api_key,:secret_key, :www_server_base_url,:login_url_base,:install_url_base,:permission_url_base,:connect_permission_url_base,:api_rest_path,:api_server_base,:api_server_base_url,:canvas_server_base, :video_server_base].each do |delegated_method|
|
173
|
+
[:app_id, :api_key,:secret_key, :www_server_base_url,:login_url_base,:install_url_base,:permission_url_base,:connect_permission_url_base,:api_rest_path,:api_server_base,:api_server_base_url,:canvas_server_base, :video_server_base].each do |delegated_method|
|
174
174
|
define_method(delegated_method){ return current_adapter.send(delegated_method)}
|
175
175
|
end
|
176
176
|
|
@@ -38,7 +38,8 @@ module Facebooker
|
|
38
38
|
|
39
39
|
def set_facebook_session
|
40
40
|
# first, see if we already have a session
|
41
|
-
session_set = session_already_secured?
|
41
|
+
session_set = session_already_secured? && session_for_current_user?
|
42
|
+
|
42
43
|
# if not, see if we can load it from the environment
|
43
44
|
unless session_set
|
44
45
|
session_set = create_facebook_session
|
@@ -91,6 +92,13 @@ module Facebooker
|
|
91
92
|
(@facebook_session = session[:facebook_session]) && session[:facebook_session].secured? if valid_session_key_in_session?
|
92
93
|
end
|
93
94
|
|
95
|
+
def session_for_current_user?
|
96
|
+
return true if new_fb_cookies.empty? and old_fb_cookies.empty?
|
97
|
+
|
98
|
+
current_uid = new_fb_cookies['uid'] || old_fb_cookies['user']
|
99
|
+
@facebook_session = session[:facebook_session] && @facebook_session.user.uid == current_uid
|
100
|
+
end
|
101
|
+
|
94
102
|
def user_has_deauthorized_application?
|
95
103
|
# if we're inside the facebook session and there is no session key,
|
96
104
|
# that means the user revoked our access
|
@@ -130,46 +138,64 @@ module Facebooker
|
|
130
138
|
end
|
131
139
|
|
132
140
|
def secure_with_cookies!
|
133
|
-
|
141
|
+
secure_with_old_style_cookies! || secure_with_new_style_cookies!
|
134
142
|
end
|
135
143
|
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
fb_cookie_names.each { |key| parsed[key[fb_cookie_prefix.size,key.size]] = cookies[key] }
|
140
|
-
|
141
|
-
#returning gracefully if the cookies aren't set or have expired
|
142
|
-
return unless parsed['session_key'] && parsed['user'] && parsed['expires'] && parsed['ss']
|
143
|
-
return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
|
144
|
-
#if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
|
145
|
-
verify_signature(parsed,cookies[Facebooker.api_key], true)
|
146
|
-
|
147
|
-
@facebook_session = new_facebook_session
|
148
|
-
@facebook_session.secure_with!(parsed['session_key'],parsed['user'],parsed['expires'],parsed['ss'])
|
149
|
-
@facebook_session
|
144
|
+
def old_fb_cookies
|
145
|
+
@old_fb_cookies ||= parse_old_fb_cookies
|
150
146
|
end
|
151
147
|
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
148
|
+
def parse_old_fb_cookies
|
149
|
+
parsed = {}
|
150
|
+
fb_cookie_names.each { |key| parsed[key[fb_cookie_prefix.size,key.size]] = cookies[key] }
|
151
|
+
parsed
|
152
|
+
end
|
153
|
+
|
154
|
+
def secure_with_old_style_cookies!
|
155
|
+
parsed = old_fb_cookies
|
156
|
+
|
157
|
+
#returning gracefully if the cookies aren't set or have expired
|
158
|
+
return unless parsed['session_key'] && parsed['user'] && parsed['expires'] && parsed['ss']
|
159
|
+
return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
|
160
|
+
#if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
|
161
|
+
verify_signature(parsed,cookies[Facebooker.api_key], true)
|
162
|
+
|
163
|
+
@facebook_session = new_facebook_session
|
164
|
+
@facebook_session.secure_with!(parsed['session_key'],parsed['user'],parsed['expires'],parsed['ss'])
|
165
|
+
@facebook_session
|
166
|
+
end
|
167
|
+
|
168
|
+
def new_fb_cookies
|
169
|
+
@new_fb_cookies ||= parse_new_fb_cookies
|
170
|
+
end
|
171
|
+
|
172
|
+
def parse_new_fb_cookies
|
173
|
+
parsed = {}
|
174
|
+
|
175
|
+
return parsed unless Facebooker.app_id and fb_cookie_new = cookies["fbs_#{Facebooker.app_id}"]
|
176
|
+
|
177
|
+
fb_cookie_new = fb_cookie_new[1, fb_cookie_new.length-2]
|
178
|
+
fb_cookie_new.split('&').each do |str|
|
179
|
+
key, val = str.split('=')
|
180
|
+
parsed[key] = val
|
181
|
+
end
|
182
|
+
|
183
|
+
parsed
|
184
|
+
end
|
185
|
+
|
186
|
+
def secure_with_new_style_cookies!
|
187
|
+
parsed = new_fb_cookies
|
188
|
+
|
189
|
+
return unless parsed['session_key'] && parsed['uid'] && parsed['expires'] && parsed['secret'] && parsed['sig']
|
190
|
+
return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
|
191
|
+
|
192
|
+
#if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
|
167
193
|
verify_signature(parsed, parsed.delete('sig'), true)
|
168
|
-
|
194
|
+
|
169
195
|
@facebook_session = new_facebook_session
|
170
196
|
@facebook_session.secure_with!(parsed['session_key'],parsed['uid'],parsed['expires'],parsed['secret'])
|
171
197
|
@facebook_session
|
172
|
-
|
198
|
+
end
|
173
199
|
|
174
200
|
def secure_with_token!
|
175
201
|
if params['auth_token']
|
@@ -28,12 +28,12 @@ class FooControllerTest < ActionController::TestCase
|
|
28
28
|
expected_base_domain = 'testing.com'
|
29
29
|
|
30
30
|
cookie_params = {
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
31
|
+
:access_token => expected_access_token,
|
32
|
+
:base_domain => expected_base_domain,
|
33
|
+
:expires => expected_expires,
|
34
|
+
:secret => expected_secret,
|
35
|
+
:session_key => expected_session_key,
|
36
|
+
:uid => expected_uid
|
37
37
|
}
|
38
38
|
|
39
39
|
raw_string = cookie_params.map{ |*args| args.join('=') }.sort.join
|
@@ -49,6 +49,5 @@ class FooControllerTest < ActionController::TestCase
|
|
49
49
|
@request.cookies[key] = cookie
|
50
50
|
get :index
|
51
51
|
end
|
52
|
-
|
53
52
|
end
|
54
53
|
|
@@ -366,6 +366,27 @@ class RailsIntegrationTest < Test::Unit::TestCase
|
|
366
366
|
assert_equal(10, @controller.facebook_session.user.id)
|
367
367
|
end
|
368
368
|
|
369
|
+
def test_existing_secured_session_is_NOT_used_if_available_and_DOES_NOT_matches_any_fb_cookies
|
370
|
+
uid = 111
|
371
|
+
cookie_params = {
|
372
|
+
:access_token => 'n/a',
|
373
|
+
:base_domain => 'n/a',
|
374
|
+
:expires => '9999999999',
|
375
|
+
:secret => 'n/a',
|
376
|
+
:session_key => 'n/a',
|
377
|
+
:uid => (uid+1).to_s
|
378
|
+
}
|
379
|
+
cookie = %Q{"#{cookie_params.map{|args| args.join('=') }.join('&')}"}
|
380
|
+
key = "fbs_#{Facebooker.app_id}"
|
381
|
+
@request.cookies[key] = cookie
|
382
|
+
|
383
|
+
session = Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key)
|
384
|
+
session.secure_with!("session_key", uid.to_s, Time.now.to_i + 60)
|
385
|
+
|
386
|
+
@controller.expects(:secure_with_new_style_cookies!).returns(Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key))
|
387
|
+
get :index, {}, {:facebook_session => session}
|
388
|
+
end
|
389
|
+
|
369
390
|
def test_existing_secured_session_is_used_if_available
|
370
391
|
session = Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key)
|
371
392
|
session.secure_with!("session_key", "111", Time.now.to_i + 60)
|