facebook-signed-request 0.2.5 → 0.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -20,7 +20,12 @@ module Facebook
|
|
|
20
20
|
attr_reader :errors, :signature, :data, :encoded_data
|
|
21
21
|
|
|
22
22
|
def initialize( request_data, options = {} )
|
|
23
|
-
|
|
23
|
+
if request_data.respond_to?(:split)
|
|
24
|
+
@encoded_signature, @encoded_data = request_data.split(".", 2)
|
|
25
|
+
else
|
|
26
|
+
@encoded_signature, @encoded_data = nil
|
|
27
|
+
end
|
|
28
|
+
|
|
24
29
|
@secret = options[:secret] || SignedRequest.secret
|
|
25
30
|
@errors = []
|
|
26
31
|
|
|
@@ -40,25 +45,31 @@ module Facebook
|
|
|
40
45
|
@errors.empty?
|
|
41
46
|
end
|
|
42
47
|
|
|
48
|
+
def invalid?
|
|
49
|
+
!valid?
|
|
50
|
+
end
|
|
51
|
+
|
|
43
52
|
private
|
|
44
53
|
|
|
45
54
|
def check_for_invalid_arguments
|
|
46
55
|
if @encoded_signature.nil? || @encoded_data.nil?
|
|
47
|
-
|
|
56
|
+
@errors << "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/"
|
|
48
57
|
end
|
|
49
58
|
|
|
50
59
|
if @secret.nil?
|
|
51
|
-
|
|
60
|
+
@errors << "No secret provided. Use SignedRequest.secret= or the options hash"
|
|
52
61
|
end
|
|
53
62
|
|
|
54
63
|
unless @secret.is_a?( String )
|
|
55
|
-
|
|
64
|
+
@errors << "Secret should be a String"
|
|
56
65
|
end
|
|
57
66
|
end
|
|
58
67
|
|
|
59
68
|
def base64_url_decode( encoded_string )
|
|
60
69
|
encoded_string << '=' until ( encoded_string.length % 4 == 0 )
|
|
61
70
|
Base64.urlsafe_decode64(encoded_string)
|
|
71
|
+
rescue
|
|
72
|
+
nil
|
|
62
73
|
end
|
|
63
74
|
|
|
64
75
|
def extract_request_signature
|
|
@@ -99,6 +110,8 @@ module Facebook
|
|
|
99
110
|
computed_signature = OpenSSL::HMAC.digest(
|
|
100
111
|
digestor, @secret, @encoded_data
|
|
101
112
|
)
|
|
113
|
+
rescue
|
|
114
|
+
nil
|
|
102
115
|
end
|
|
103
116
|
|
|
104
117
|
def validate_signature
|
data/test/signed_request_test.rb
CHANGED
|
@@ -31,45 +31,29 @@ class SignedRequestTest < Test::Unit::TestCase
|
|
|
31
31
|
test "parsing a request with invalid signature" do
|
|
32
32
|
request = Facebook::SignedRequest.new( @invalid_request_1 )
|
|
33
33
|
assert_equal false, request.valid?
|
|
34
|
-
assert_equal
|
|
34
|
+
assert_equal 1, request.errors.length
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
test "parsing a request with invalid payload" do
|
|
38
38
|
request = Facebook::SignedRequest.new( @invalid_request_2 )
|
|
39
39
|
assert_equal false, request.valid?
|
|
40
|
-
assert_equal
|
|
40
|
+
assert_equal 3, request.errors.length
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
test "new request with invalid secret" do
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
end
|
|
47
|
-
|
|
48
|
-
expected = "Secret should be a String"
|
|
49
|
-
|
|
50
|
-
assert_equal expected, exception.message
|
|
44
|
+
request = Facebook::SignedRequest.new( "foo.bar", :secret => 2 )
|
|
45
|
+
assert request.invalid?
|
|
51
46
|
end
|
|
52
47
|
|
|
53
48
|
test "new request with missing secret" do
|
|
54
49
|
Facebook::SignedRequest.secret = nil
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
request = Facebook::SignedRequest.new( "foo.bar" )
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
expected = "No secret provided. Use SignedRequest.secret= or the options hash"
|
|
61
|
-
|
|
62
|
-
assert_equal expected, exception.message
|
|
50
|
+
request = Facebook::SignedRequest.new( "foo.bar" )
|
|
51
|
+
assert request.invalid?
|
|
63
52
|
end
|
|
64
53
|
|
|
65
54
|
test "new request with invalid parameters" do
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
expected = "Invalid Format. See http://developers.facebook.com/docs/authentication/signed_request/"
|
|
71
|
-
|
|
72
|
-
assert_equal expected, exception.message
|
|
55
|
+
request = Facebook::SignedRequest.new( "foobar" )
|
|
56
|
+
assert request.invalid?
|
|
73
57
|
end
|
|
74
58
|
|
|
75
59
|
test "request with :strict => true fails for expired oauth token" do
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: facebook-signed-request
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.6
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2011-07-
|
|
12
|
+
date: 2011-07-04 00:00:00.000000000 +02:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
description: Parses and validates Facebook signed requests
|