facebook-signed-request 0.0.2 → 0.1.0

data/{README.markdown → README.md}

@@ -1,4 +1,6 @@
-## Usage
+Usage
+=====
+
 
 ```ruby
 require 'facebook-signed-request'
@@ -30,6 +32,4 @@ request.data
 #      },
 #      "user_id"=>"100000656666199"
 #    }
-
-
 ```

data/facebook-signed-request.gemspec

@@ -4,7 +4,7 @@ require "facebook-signed-request/version"
 
 Gem::Specification.new do |s|
   s.name        = "facebook-signed-request"
-  s.version     = Facebook::Signed::Request::VERSION
+  s.version     = Facebook::SignedRequest::VERSION
   s.authors     = ["hukl"]
   s.email       = ["contact@smyck.org"]
   s.homepage    = ""

data/lib/facebook-signed-request/signed_request.rb

@@ -1,16 +1,29 @@
 module Facebook
   class SignedRequest
+
+    class << self
+      attr_accessor :secret
+    end
+
     attr_reader :errors, :signature, :data
 
-    def initialize( request_data, secret )
+    def initialize( request_data, options = {} )
       @encoded_signature, @encoded_data = request_data.split(".", 2)
+      @secret = options[:secret] || SignedRequest.secret
+      @errors = []
+
 
       if @encoded_signature.nil? || @encoded_data.nil?
         raise ArgumentError, "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/"
       end
 
-      @errors           = []
-      @secret           = secret
+      if @secret.nil?
+        raise ArgumentError, "No secret provided. Use SignedRequest.secret= or the options hash"
+      end
+
+      unless @secret.is_a?( String )
+        raise ArgumentError, "Secret should be a String"
+      end
 
       @signature        = extract_request_signature
       @payload          = extract_request_payload
@@ -18,8 +31,19 @@ module Facebook
 
       validate_algorithm
       validate_signature
+      validate_timestamp if options[:strict] == true
+    end
+
+    def base64_url_decode( encoded_string )
+      encoded_string << '=' until ( encoded_string.length % 4 == 0 )
+      Base64.strict_decode64(encoded_string.gsub("-", "+").gsub("_", "/"))
     end
 
+    def valid?
+      @errors.empty?
+    end
+
+    private
 
     def extract_request_signature
       begin
@@ -44,12 +68,12 @@ module Facebook
         return JSON.parse( @payload )
       rescue
         @errors << "Invalid JSON object"
-        return nil
+        return {}
       end
     end
 
     def validate_algorithm
-      if @data.nil? || @data['algorithm'] != "HMAC-SHA256"
+      if @data['algorithm'] != "HMAC-SHA256"
         @errors << "Invalid Algorithm. Expected: HMAC-SHA256"
       end
     end
@@ -66,13 +90,12 @@ module Facebook
       end
     end
 
-    def base64_url_decode( encoded_string )
-      encoded_string << '=' until ( encoded_string.length % 4 == 0 )
-      Base64.strict_decode64(encoded_string.gsub("-", "+").gsub("_", "/"))
-    end
+    def validate_timestamp
+      timestamp = @data['expires']
 
-    def valid?
-      @errors.empty?
+      if timestamp && Time.at( timestamp ) <= Time.now
+        raise ArgumentError, "OAuth Token has expired: #{Time.at( timestamp )}"
+      end
     end
 
   end

data/lib/facebook-signed-request/version.rb

@@ -1,7 +1,5 @@
 module Facebook
-  module Signed
-    module Request
-      VERSION = "0.0.2"
-    end
+  class SignedRequest
+    VERSION = "0.1.0"
   end
 end

data/test/signed_request_test.rb

@@ -5,7 +5,9 @@ require 'test_helper'
 class SignedRequestTest < Test::Unit::TestCase
 
   def setup
-    @secret             = "897a956a2f7eadcc5783a458fe3e7556"
+
+    Facebook::SignedRequest.secret = "897a956a2f7eadcc5783a458fe3e7556"
+
     @valid_request      = "vl0p_bGyDeVZ2I21cJvLd5C9CwpMkU2mcp1eUGWdvWs.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEzMDg5ODg4MDAsImlzc3VlZF9hdCI6MTMwODk4NTAxOCwib2F1dGhfdG9rZW4iOiIxMTQ5NTIyOTg1OTM4MTN8Mi5BUUJBdHRSbExWbndxTlBaLjM2MDAuMTMwODk4ODgwMC4xLTEwMDAwMDY1NDM0MzE5OXxUNDl3M0Jxb1pVZWd5cHJ1NTFHcmE3MGhFRDgiLCJ1c2VyIjp7ImNvdW50cnkiOiJkZSIsImxvY2FsZSI6ImVuX1VTIiwiYWdlIjp7Im1pbiI6MjF9fSwidXNlcl9pZCI6IjEwMDAwMDY1NDM0MzE5OSJ9"
     @invalid_request_1  = "l0p_bGyDeVZ2I21cJvLd5C9CwpMkU2mcp1eUGWdvWs.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEzMDg5ODg4MDAsImlzc3VlZF9hdCI6MTMwODk4NTAxOCwib2F1dGhfdG9rZW4iOiIxMTQ5NTIyOTg1OTM4MTN8Mi5BUUJBdHRSbExWbndxTlBaLjM2MDAuMTMwODk4ODgwMC4xLTEwMDAwMDY1NDM0MzE5OXxUNDl3M0Jxb1pVZWd5cHJ1NTFHcmE3MGhFRDgiLCJ1c2VyIjp7ImNvdW50cnkiOiJkZSIsImxvY2FsZSI6ImVuX1VTIiwiYWdlIjp7Im1pbiI6MjF9fSwidXNlcl9pZCI6IjEwMDAwMDY1NDM0MzE5OSJ9"
     @invalid_request_2  = "vl0p_bGyDeVZ2I21cJvLd5C9CwpMkU2mcp1eUGWdvWs.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEzMDg5ODg4MDAsImlzc3VlZF9hdCI6MTMwODk4NTAxOCwib2F1dGhfdG9rZW4iOiIxMTQ5NTIyOTg1OTM4MTN8Mi5BUUJBdHRSbExWbndxTlBaLjM2MDAuMTMwODk4ODgwMC4xLTEwMDAwMDY1NDM0MzE5OXxUNDl3M0Jxb1pVZWd5cHJ1NTFHcmE3MGhFRDgiLCJ1c2VyIjp7ImNvdW50cnkiOiJkZSIsImxvY2FsZSI6ImVuX1VTIiwiYWdlIjp7Im1pbiI6MjF9fSwidXNlcl9pZCI6IjEwMDAwMDY1NDM0MzE5OSJ"
@@ -14,28 +16,65 @@ class SignedRequestTest < Test::Unit::TestCase
   end
 
   test "parsing a valid request" do
-    request = Facebook::SignedRequest.new( @valid_request, @secret )
+    request = Facebook::SignedRequest.new( @valid_request )
     assert request.valid?,        "Request should be valid"
     assert request.errors == [],  "Request should contain no errors"
   end
 
   test "parsing a request with invalid signature" do
-    request = Facebook::SignedRequest.new( @invalid_request_1, @secret )
+    request = Facebook::SignedRequest.new( @invalid_request_1 )
     assert_equal false, request.valid?
     assert_equal 2, request.errors.length
   end
 
   test "parsing a request with invalid payload" do
-    request = Facebook::SignedRequest.new( @invalid_request_2, @secret )
+    request = Facebook::SignedRequest.new( @invalid_request_2 )
     assert_equal false, request.valid?
     assert_equal 4, request.errors.length
   end
 
-  test "re-encoding of payload" do
-    request = Facebook::SignedRequest.new( @foo, @secret )
+  test "new request with invalid secret" do
+    exception = assert_raise ArgumentError do
+      request = Facebook::SignedRequest.new( "foo.bar", :secret => 2 )
+    end
+
+    expected = "Secret should be a String"
+
+    assert_equal expected, exception.message
+  end
+
+  test "new request with missing secret" do
+    Facebook::SignedRequest.secret = nil
 
-    puts Base64.encode64 request.data.to_json.to_s
+    exception = assert_raise ArgumentError do
+      request = Facebook::SignedRequest.new( "foo.bar" )
+    end
 
+    expected = "No secret provided. Use SignedRequest.secret= or the options hash"
 
+    assert_equal expected, exception.message
   end
+
+  test "new request with invalid parameters" do
+    exception = assert_raise ArgumentError do
+      request = Facebook::SignedRequest.new( "foobar" )
+    end
+
+    expected = "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/"
+
+    assert_equal expected, exception.message
+  end
+
+  test "request with :strict => true fails for expired oauth token" do
+    exception = assert_raise ArgumentError do
+      request = Facebook::SignedRequest.new( @valid_request, :strict => true )
+    end
+
+
+    assert(
+      exception.message.match("OAuth Token has expired"),
+      "Wrong Exception message"
+    )
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: facebook-signed-request
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -21,7 +21,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - Gemfile
-- README.markdown
+- README.md
 - Rakefile
 - facebook-signed-request.gemspec
 - lib/facebook-signed-request.rb