RubyGems - cbaclig-facebooker - Versions diffs - 1.0.67.2 → 1.0.67.3 - Mend

cbaclig-facebooker 1.0.67.2 → 1.0.67.3

Files changed (8) hide show

data/README.rdoc +7 -113
data/facebooker.gemspec +1 -1
data/lib/facebooker.rb +2 -2
data/lib/facebooker/adapters/facebook_adapter.rb +4 -0
data/lib/facebooker/rails/controller.rb +59 -33
data/test/facebooker/rails/controller_test.rb +6 -7
data/test/facebooker/rails_integration_test.rb +21 -0
metadata +2 -2

data/README.rdoc CHANGED

@@ -1,119 +1,13 @@
 = Facebooker
-* http://facebooker.rubyforge.org
+* This is a fork to start implementing new Facebook API changes in Facebooker.
+* For the original project and better documentation, see http://github.com/mmangino/facebooker.
-== DESCRIPTION:
+== Implemented Features
-Facebooker is a Ruby wrapper over the Facebook[http://facebook.com] {REST API}[http://wiki.developers.facebook.com/index.php/API].  Its goals are:
+* Handles cookies set by the new Javascript SDK to recognize logged-in Facebooker users on the server
+* Exposes app_id in Facebooker module, like api_key and secret_key
-* Idiomatic Ruby
-* No dependencies outside of the Ruby standard library (This is true with Rails 2.1. Previous Rails versions require the JSON gem)
-* Concrete classes and methods modeling the Facebook data, so it's easy for a Rubyist to understand what's available
-* Well tested
+== Wish List
-== FEATURES/PROBLEMS:
-* Idiomatic Ruby
-* No dependencies outside of the Ruby standard library
-* Concrete classes and methods modeling the Facebook data, so it's easy for a Rubyist to understand what's available
-* Well tested
-== SYNOPSIS:
-View David Clements' {excellent tutorial}[http://apps.facebook.com/facebooker_tutorial] at {http://apps.facebook.com/facebooker_tutorial/}[http://apps.facebook.com/facebooker_tutorial] or check out {Developing Facebook Platform Applications with Rails}[http://www.pragprog.com/titles/mmfacer].
-{Join the Mailing List}:[groups.google.com/group/facebooker]
-== REQUIREMENTS:
-None
-== INSTALL:
-=== Non Rails
-The best way is:
-  gem install facebooker
-If, for some reason, you can't/won't use RubyGems, you can do:
-  (sudo) ruby setup.rb
-=== Rails
-Facebooker can be installed as a Rails plugin by:
-  script/plugin install git://github.com/mmangino/facebooker.git
-If you don't have git, the plugin can be downloaded from http://github.com/mmangino/facebooker/tarball/master
-=== Using Gem in Rails
-The rake task would not be added automatically, so to use it in rails you would have to add the following towards the end of your Rakefile:
-  require 'tasks/facebooker'
-Once the plugin is installed, you will need to configure your Facebook app in config/facebooker.yml.
-Your application users will need to have added the application in facebook to access all of facebooker's features. You enforce this by adding
-  ensure_application_is_installed_by_facebook_user
-to your application controller.
-To prevent a violation of Facebook Terms of Service while reducing log bloat, you should also add
-  filter_parameter_logging :fb_sig_friends
-to your application controller.
-== using MemCache session
-Facebook uses some non alphanum characters in the session identifier which interfere with memcache stored sessions. If you want to use MemCache for storing sessions, you can override the valid session id method on memcache by placing the following code in an initializer:
-# add - as an okay key
-class CGI
-  class Session
-    class MemCacheStore
-      def check_id(id) #:nodoc:#
-        /[^0-9a-zA-Z\-\._]+/ =~ id.to_s ? false : true
-      end
-    end
-  end
-end
-== Other versions
- A facebooker port for Sinatra is available at http://github.com/jsmestad/frankie/tree/master
-== LICENSE:
-(The MIT License)
-Copyright (c) 2008-2009:
-* Chad Fowler
-* Patrick Ewing
-* Mike Mangino
-* Shane Vitarana
-* Corey Innis
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+* ...

data/facebooker.gemspec CHANGED

@@ -2,7 +2,7 @@
 Gem::Specification.new do |s|
   s.name = %q{cbaclig-facebooker}
-  s.version = "1.0.67.2"
+  s.version = "1.0.67.3"
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Chad Fowler", "Patrick Ewing", "Mike Mangino", "Shane Vitarana", "Corey Innis", "Mike Mangino"]

data/lib/facebooker.rb CHANGED

@@ -48,7 +48,7 @@ module Facebooker
       end
       Thread.current[:fb_api_config] = @raw_facebooker_configuration unless Thread.current[:fb_api_config]
       apply_configuration(@raw_facebooker_configuration)
-    end
+    end
     # Sets the Facebook environment based on a hash of options.
     # By default the hash passed in is loaded from facebooker.yml, but it can also be passed in
@@ -170,7 +170,7 @@ module Facebooker
       @timeout
     end
-    [:api_key,:secret_key, :www_server_base_url,:login_url_base,:install_url_base,:permission_url_base,:connect_permission_url_base,:api_rest_path,:api_server_base,:api_server_base_url,:canvas_server_base, :video_server_base].each do |delegated_method|
+    [:app_id, :api_key,:secret_key, :www_server_base_url,:login_url_base,:install_url_base,:permission_url_base,:connect_permission_url_base,:api_rest_path,:api_server_base,:api_server_base_url,:canvas_server_base, :video_server_base].each do |delegated_method|
       define_method(delegated_method){ return current_adapter.send(delegated_method)}
     end

data/lib/facebooker/adapters/facebook_adapter.rb CHANGED

@@ -23,6 +23,10 @@ module Facebooker
       "/restserver.php"
     end
+    def app_id
+      ENV['FACEBOOK_APP_ID'] || super
+    end
     def api_key
       ENV['FACEBOOK_API_KEY'] || super
     end

data/lib/facebooker/rails/controller.rb CHANGED

@@ -38,7 +38,8 @@ module Facebooker
       def set_facebook_session
         # first, see if we already have a session
-        session_set = session_already_secured?
+        session_set = session_already_secured? && session_for_current_user?
         # if not, see if we can load it from the environment
         unless session_set
           session_set = create_facebook_session
@@ -91,6 +92,13 @@ module Facebooker
         (@facebook_session = session[:facebook_session]) && session[:facebook_session].secured? if valid_session_key_in_session?
       end
+      def session_for_current_user?
+        return true if new_fb_cookies.empty? and old_fb_cookies.empty?
+        current_uid = new_fb_cookies['uid'] || old_fb_cookies['user']
+        @facebook_session = session[:facebook_session] && @facebook_session.user.uid == current_uid
+      end
       def user_has_deauthorized_application?
         # if we're inside the facebook session and there is no session key,
         # that means the user revoked our access
@@ -130,46 +138,64 @@ module Facebooker
       end
       def secure_with_cookies!
-	  secure_with_old_style_cookies! || secure_with_new_style_cookies!
+	      secure_with_old_style_cookies! || secure_with_new_style_cookies!
       end
-	def secure_with_old_style_cookies!
-          parsed = {}
-          fb_cookie_names.each { |key| parsed[key[fb_cookie_prefix.size,key.size]] = cookies[key] }
-          #returning gracefully if the cookies aren't set or have expired
-          return unless parsed['session_key'] && parsed['user'] && parsed['expires'] && parsed['ss']
-          return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
-          #if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
-          verify_signature(parsed,cookies[Facebooker.api_key], true)
-          @facebook_session = new_facebook_session
-          @facebook_session.secure_with!(parsed['session_key'],parsed['user'],parsed['expires'],parsed['ss'])
-          @facebook_session
+      def old_fb_cookies
+        @old_fb_cookies ||= parse_old_fb_cookies
       end
- 	def secure_with_new_style_cookies!
-	  parsed = {}
-        return unless app_id = ENV['FACEBOOK_APP_ID']
-        return unless fb_cookie_new = cookies["fbs_#{app_id}"]
-	  fb_cookie_new = fb_cookie_new[1, fb_cookie_new.length-2]
-	  fb_cookie_new.split('&').each do |str|
-	    key, val = str.split('=')
-	    parsed[key] = val
-	  end
-	  return unless parsed['session_key'] && parsed['uid'] && parsed['expires'] && parsed['secret'] && parsed['sig']
-	  return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
-	  #if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
+      def parse_old_fb_cookies
+        parsed = {}
+        fb_cookie_names.each { |key| parsed[key[fb_cookie_prefix.size,key.size]] = cookies[key] }
+        parsed
+      end
+	    def secure_with_old_style_cookies!
+        parsed = old_fb_cookies
+        #returning gracefully if the cookies aren't set or have expired
+        return unless parsed['session_key'] && parsed['user'] && parsed['expires'] && parsed['ss']
+        return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
+        #if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
+        verify_signature(parsed,cookies[Facebooker.api_key], true)
+        @facebook_session = new_facebook_session
+        @facebook_session.secure_with!(parsed['session_key'],parsed['user'],parsed['expires'],parsed['ss'])
+        @facebook_session
+      end
+      def new_fb_cookies
+        @new_fb_cookies ||= parse_new_fb_cookies
+      end
+      def parse_new_fb_cookies
+        parsed = {}
+        return parsed unless Facebooker.app_id and fb_cookie_new = cookies["fbs_#{Facebooker.app_id}"]
+        fb_cookie_new = fb_cookie_new[1, fb_cookie_new.length-2]
+        fb_cookie_new.split('&').each do |str|
+          key, val = str.split('=')
+          parsed[key] = val
+        end
+        parsed
+      end
+      def secure_with_new_style_cookies!
+    	  parsed = new_fb_cookies
+    	  return unless parsed['session_key'] && parsed['uid'] && parsed['expires'] && parsed['secret'] && parsed['sig']
+    	  return unless (Time.at(parsed['expires'].to_s.to_f) > Time.now) || (parsed['expires'] == "0")
+    	  #if we have the unexpired cookies, we'll throw an exception if the sig doesn't verify
         verify_signature(parsed, parsed.delete('sig'), true)
         @facebook_session = new_facebook_session
         @facebook_session.secure_with!(parsed['session_key'],parsed['uid'],parsed['expires'],parsed['secret'])
         @facebook_session
-	end
+    	end
       def secure_with_token!
         if params['auth_token']

data/test/facebooker/rails/controller_test.rb CHANGED

@@ -28,12 +28,12 @@ class FooControllerTest < ActionController::TestCase
     expected_base_domain = 'testing.com'
     cookie_params = {
-	:access_token => expected_access_token,
-	:base_domain => expected_base_domain,
-	:expires => expected_expires,
-	:secret => expected_secret,
-	:session_key => expected_session_key,
-	:uid => expected_uid
+    	:access_token => expected_access_token,
+    	:base_domain => expected_base_domain,
+    	:expires => expected_expires,
+    	:secret => expected_secret,
+    	:session_key => expected_session_key,
+    	:uid => expected_uid
     }
     raw_string = cookie_params.map{ |*args| args.join('=') }.sort.join
@@ -49,6 +49,5 @@ class FooControllerTest < ActionController::TestCase
     @request.cookies[key] = cookie
     get :index
   end
 end

data/test/facebooker/rails_integration_test.rb CHANGED

@@ -366,6 +366,27 @@ class RailsIntegrationTest < Test::Unit::TestCase
     assert_equal(10, @controller.facebook_session.user.id)
   end
+  def test_existing_secured_session_is_NOT_used_if_available_and_DOES_NOT_matches_any_fb_cookies
+    uid = 111
+    cookie_params = {
+      :access_token => 'n/a',
+      :base_domain => 'n/a',
+      :expires => '9999999999',
+      :secret => 'n/a',
+      :session_key => 'n/a',
+      :uid => (uid+1).to_s
+    }
+    cookie = %Q{"#{cookie_params.map{|args| args.join('=') }.join('&')}"}
+    key = "fbs_#{Facebooker.app_id}"
+    @request.cookies[key] = cookie
+    session = Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key)
+    session.secure_with!("session_key", uid.to_s, Time.now.to_i + 60)
+    @controller.expects(:secure_with_new_style_cookies!).returns(Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key))
+    get :index, {}, {:facebook_session => session}
+  end
   def test_existing_secured_session_is_used_if_available
     session = Facebooker::Session.create(Facebooker::Session.api_key, Facebooker::Session.secret_key)
     session.secure_with!("session_key", "111", Time.now.to_i + 60)

metadata CHANGED

@@ -6,8 +6,8 @@ version: !ruby/object:Gem::Version
   - 1
   - 0
   - 67
-  - 2
-  version: 1.0.67.2
+  - 3
+  version: 1.0.67.3
 platform: ruby
 authors:
 - Chad Fowler