facebook-signed-request 0.1.0 → 0.2.0

data/README.md

@@ -3,33 +3,38 @@ Usage
 
 
 ```ruby
-require 'facebook-signed-request'
-request = Facebook::SignedRequest.new( params[:signed_request], secret )
-
-request.valid?
-# => true / false
-
-request.errors
-# => [
-#  "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/",
-#  "Invalid Base64 encoding for signature",
-#  "Invalid Base64 Encoding for data",
-#  "Invalid JSON object",
-#  "Invalid Algorithm. Expected: HMAC-SHA256",
-#  "Signatures do not match. #{expected} but was #{computed}"
-#]
-
-request.data
-# => {
-#      "algorithm"=>"HMAC-SHA256",
-#      "expires"=>1308988800,
-#      "issued_at"=>1308985018,
-#      "oauth_token"=>"114998258593813|2.AQBAttRlLVnwqNPZ.3600.1308988800…",
-#      "user"=> {
-#        "country"=>"de",
-#        "locale"=>"en_US",
-#        "age"=>{"min"=>21}
-#      },
-#      "user_id"=>"100000656666199"
-#    }
+    require 'facebook-signed-request'
+    request = Facebook::SignedRequest.new( params[:signed_request], secret )
+
+    request.valid?
+    # => true / false
+
+    request.errors
+    # => [
+    #  "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/",
+    #  "Invalid Base64 encoding for signature",
+    #  "Invalid Base64 Encoding for data",
+    #  "Invalid JSON object",
+    #  "Invalid Algorithm. Expected: HMAC-SHA256",
+    #  "Signatures do not match. #{expected} but was #{computed}"
+    #]
+
+    request.data
+    # => {
+    #      "algorithm"=>"HMAC-SHA256",
+    #      "expires"=>1308988800,
+    #      "issued_at"=>1308985018,
+    #      "oauth_token"=>"114998258593813|2.AQBAttRlLVnwqNPZ.3600.1308988800…",
+    #      "user"=> {
+    #        "country"=>"de",
+    #        "locale"=>"en_US",
+    #        "age"=>{"min"=>21}
+    #      },
+    #      "user_id"=>"100000656666199"
+    #    }
+
+
+    Facebook::SignedRequest.encode_and_sign { :foo => bar }
+    # => g_eE3hoQDPKFusHcc_Tj7k2xxo3mCKsOEXKMViq0pAY=.eyJmb28iOiJiYXIifQ==
+
 ```

data/lib/facebook-signed-request/signed_request.rb

@@ -3,6 +3,19 @@ module Facebook
 
     class << self
       attr_accessor :secret
+
+      # Creates a signed_request with correctly padded Base64 encoding.
+      # Mostly useful for testing.
+      def encode_and_sign options
+        encoded_data      = Base64.strict_encode64( options.to_json )
+
+        digestor          = Digest::HMAC.new( @secret, Digest::SHA256 )
+        signature         = digestor.digest( encoded_data )
+        encoded_signature = Base64.strict_encode64( signature )
+        encoded_signature = encoded_signature.gsub('+','_').gsub('/', '_')
+
+        "#{encoded_signature}.#{encoded_data}"
+      end
     end
 
     attr_reader :errors, :signature, :data
@@ -12,7 +25,24 @@ module Facebook
       @secret = options[:secret] || SignedRequest.secret
       @errors = []
 
+      check_for_invalid_arguments
+
+      @signature        = extract_request_signature
+      @payload          = extract_request_payload
+      @data             = parse_request_playload
+
+      validate_algorithm
+      validate_signature
+      validate_timestamp if options[:strict] == true
+    end
+
+    def valid?
+      @errors.empty?
+    end
 
+    private
+
+    def check_for_invalid_arguments
       if @encoded_signature.nil? || @encoded_data.nil?
         raise ArgumentError, "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/"
       end
@@ -24,14 +54,6 @@ module Facebook
       unless @secret.is_a?( String )
         raise ArgumentError, "Secret should be a String"
       end
-
-      @signature        = extract_request_signature
-      @payload          = extract_request_payload
-      @data             = parse_request_playload
-
-      validate_algorithm
-      validate_signature
-      validate_timestamp if options[:strict] == true
     end
 
     def base64_url_decode( encoded_string )
@@ -39,15 +61,9 @@ module Facebook
       Base64.strict_decode64(encoded_string.gsub("-", "+").gsub("_", "/"))
     end
 
-    def valid?
-      @errors.empty?
-    end
-
-    private
-
     def extract_request_signature
       begin
-        return base64_url_decode(@encoded_signature).unpack('H*')[0]
+        return base64_url_decode(@encoded_signature)
       rescue ArgumentError
         @errors << "Invalid Base64 encoding for signature"
         return nil
@@ -80,7 +96,7 @@ module Facebook
 
     def validate_signature
       digestor = Digest::HMAC.new( @secret, Digest::SHA256 )
-      computed_signature = digestor.hexdigest( @encoded_data )
+      computed_signature = digestor.digest( @encoded_data )
 
       if @signature != computed_signature
         message = "Signatures do not match. " \

data/lib/facebook-signed-request/version.rb

@@ -1,5 +1,5 @@
 module Facebook
   class SignedRequest
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
   end
 end

data/test/signed_request_test.rb

@@ -77,4 +77,22 @@ class SignedRequestTest < Test::Unit::TestCase
     )
   end
 
+  test "encode and sign request params" do
+    request_1 = Facebook::SignedRequest.new( @valid_request )
+
+    reencoded_request = Facebook::SignedRequest.encode_and_sign(request_1.data)
+
+    sig_1, data_1 = @valid_request.split(".", 2)
+    sig_2, data_2 = reencoded_request.split(".", 2)
+
+    # Simulate invalid raw Base64 from Facebook by removing padding
+    assert_equal sig_1, sig_2.gsub(/=+$/, "")
+    assert_equal data_1, data_2.gsub(/=+$/, "")
+
+    request_2 = Facebook::SignedRequest.new( reencoded_request )
+
+    assert_equal request_1.signature, request_2.signature
+    assert_equal request_1.data,      request_2.data
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: facebook-signed-request
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors: