facebook-signed-request 0.2.6 → 0.2.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/.travis.yml +4 -0
  2. data/Gemfile +2 -0
  3. data/README.md +1 -1
  4. data/Rakefile +6 -6
  5. data/lib/base64_backport.rb +27 -0
  6. data/lib/facebook-signed-request.rb +3 -1
  7. data/lib/facebook-signed-request/signed_request.rb +4 -6
  8. data/lib/facebook-signed-request/version.rb +1 -1
  9. data/test/{signed_request_test.rb → unit/test_signed_request.rb} +21 -10
  10. metadata +7 -7
data/.travis.yml ADDED
@@ -0,0 +1,4 @@
1
+ rvm:
2
+ - 1.9.2
3
+ - 1.8.7
4
+ - ree
data/Gemfile CHANGED
@@ -2,3 +2,5 @@ source "http://rubygems.org"
2
2
 
3
3
  # Specify your gem's dependencies in facebook-signed-request.gemspec
4
4
  gemspec
5
+ gem 'rake'
6
+ gem 'json'
data/README.md CHANGED
@@ -22,7 +22,7 @@ Usage
22
22
  # "Invalid Base64 Encoding for data",
23
23
  # "Invalid JSON object",
24
24
  # "Invalid Algorithm. Expected: HMAC-SHA256",
25
- # "Signatures do not match. #{expected} but was #{computed}"
25
+ # "Signatures do not match.
26
26
  #]
27
27
 
28
28
  request.data
data/Rakefile CHANGED
@@ -1,12 +1,12 @@
1
1
  require 'bundler/gem_tasks'
2
2
  require 'rake/testtask'
3
3
 
4
- namespace :test do
5
- Rake::TestTask.new(:units) do |t|
6
- t.libs << "test"
7
- t.test_files = FileList['test/*_test.rb']
4
+ task :default => [:test]
8
5
 
9
- t.verbose = true
10
- end
6
+ Rake::TestTask.new do |t|
7
+ t.libs << "test"
8
+ t.test_files = FileList['test/unit/test_*.rb']
9
+
10
+ t.verbose = true
11
11
  end
12
12
 
data/lib/base64_backport.rb ADDED
@@ -0,0 +1,27 @@
1
+ module Base64
2
+ module_function
3
+
4
+ def encode64(bin)
5
+ [bin].pack("m")
6
+ end
7
+
8
+ def decode64(str)
9
+ str.unpack("m").first
10
+ end
11
+
12
+ def strict_encode64(bin)
13
+ encode64(bin).gsub(/\n/, "")
14
+ end
15
+
16
+ def strict_decode64(str)
17
+ decode64( str.gsub(/\n/, "") ).first
18
+ end
19
+
20
+ def urlsafe_encode64(bin)
21
+ strict_encode64(bin).tr("+/", "-_")
22
+ end
23
+
24
+ def urlsafe_decode64(str)
25
+ strict_decode64(str.tr("-_", "+/"))
26
+ end
27
+ end
data/lib/facebook-signed-request.rb CHANGED
@@ -1,8 +1,10 @@
1
1
  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), 'facebook-signed-request'))
2
2
 
3
- require "facebook-signed-request/version"
3
+ require 'rubygems'
4
+ require 'facebook-signed-request/version'
4
5
  require 'openssl'
5
6
  require 'base64'
7
+ require 'base64_backport' if RUBY_VERSION < "1.9.0"
6
8
  require 'json'
7
9
  require 'signed_request'
8
10
 
data/lib/facebook-signed-request/signed_request.rb CHANGED
@@ -4,13 +4,13 @@ module Facebook
4
4
  class << self
5
5
  attr_accessor :secret
6
6
 
7
- # Creates a signed_request with correctly padded Base64 encoding.
7
+ # Creates a signed_request without padding, just like facebook.
8
8
  # Mostly useful for testing.
9
9
  def encode_and_sign options
10
10
  encoded_data = Base64.urlsafe_encode64( options.to_json ).tr('=', '')
11
11
  digestor = OpenSSL::Digest::Digest.new('sha256')
12
12
  signature = OpenSSL::HMAC.digest( digestor, @secret, encoded_data )
13
- encoded_signature = Base64.urlsafe_encode64( signature )
13
+ encoded_signature = Base64.strict_encode64( signature ).tr("+/", "-_")
14
14
  encoded_signature = encoded_signature.tr('=', '')
15
15
 
16
16
  "#{encoded_signature}.#{encoded_data}"
@@ -67,7 +67,7 @@ module Facebook
67
67
 
68
68
  def base64_url_decode( encoded_string )
69
69
  encoded_string << '=' until ( encoded_string.length % 4 == 0 )
70
- Base64.urlsafe_decode64(encoded_string)
70
+ Base64.strict_decode64(encoded_string.tr("-_", "+/"))
71
71
  rescue
72
72
  nil
73
73
  end
@@ -116,9 +116,7 @@ module Facebook
116
116
 
117
117
  def validate_signature
118
118
  if @signature != @computed_signature
119
- message = "Signatures do not match. " \
120
- "Computed: #{@computed_signature} but was #{@signature}"
121
-
119
+ message = "Signatures do not match."
122
120
  @errors << message
123
121
  end
124
122
  end
data/lib/facebook-signed-request/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Facebook
2
2
  class SignedRequest
3
- VERSION = "0.2.6"
3
+ VERSION = "0.2.7"
4
4
  end
5
5
  end
data/test/{signed_request_test.rb → unit/test_signed_request.rb} RENAMED
@@ -69,21 +69,32 @@ class SignedRequestTest < Test::Unit::TestCase
69
69
  end
70
70
 
71
71
  test "encode and sign request params" do
72
- request_1 = Facebook::SignedRequest.new( @valid_request )
73
72
 
74
- reencoded_request = Facebook::SignedRequest.encode_and_sign(request_1.data)
73
+ request_params = {
74
+ :expires => 1308988800,
75
+ :algorithm => "HMAC-SHA256",
76
+ :user_id => "111111111111111",
77
+ :oauth_token => "111111111111111|2.AQBAttR11|T49w3BqoZUegypru1Gra70hED8",
78
+ :user => {
79
+ :country => "de",
80
+ :locale => "en_US",
81
+ :age => { :min => 21 }
82
+ },
83
+ :issued_at => 1308985018
84
+ }
75
85
 
76
- sig_1, data_1 = @valid_request.split(".", 2)
77
- sig_2, data_2 = reencoded_request.split(".", 2)
86
+ request_json = request_params.to_json
87
+ encoded_json = Base64.urlsafe_encode64( request_json )
78
88
 
79
- # Simulate invalid raw Base64 from Facebook by removing padding
80
- assert_equal sig_1, sig_2
81
- assert_equal data_1, data_2
89
+ reencoded_request = Facebook::SignedRequest.encode_and_sign( request_params )
82
90
 
83
- request_2 = Facebook::SignedRequest.new( reencoded_request )
91
+ signature, payload = reencoded_request.split(".", 2)
84
92
 
85
- assert_equal request_1.signature, request_2.signature
86
- assert_equal request_1.data, request_2.data
93
+ assert_equal encoded_json, payload
94
+
95
+ new_request = Facebook::SignedRequest.new( reencoded_request )
96
+
97
+ assert_equal new_request.data, request_params
87
98
  end
88
99
 
89
100
  test "ring encoding request with invalid base64 signature and payload" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: facebook-signed-request
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.6
4
+ version: 0.2.7
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,8 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2011-07-04 00:00:00.000000000 +02:00
13
- default_executable:
12
+ date: 2011-10-14 00:00:00.000000000Z
14
13
  dependencies: []
15
14
  description: Parses and validates Facebook signed requests
16
15
  email:
@@ -20,16 +19,17 @@ extensions: []
20
19
  extra_rdoc_files: []
21
20
  files:
22
21
  - .gitignore
22
+ - .travis.yml
23
23
  - Gemfile
24
24
  - README.md
25
25
  - Rakefile
26
26
  - facebook-signed-request.gemspec
27
+ - lib/base64_backport.rb
27
28
  - lib/facebook-signed-request.rb
28
29
  - lib/facebook-signed-request/signed_request.rb
29
30
  - lib/facebook-signed-request/version.rb
30
- - test/signed_request_test.rb
31
31
  - test/test_helper.rb
32
- has_rdoc: true
32
+ - test/unit/test_signed_request.rb
33
33
  homepage: ''
34
34
  licenses: []
35
35
  post_install_message:
@@ -50,10 +50,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
50
50
  version: '0'
51
51
  requirements: []
52
52
  rubyforge_project: facebook-signed-request
53
- rubygems_version: 1.6.2
53
+ rubygems_version: 1.8.6
54
54
  signing_key:
55
55
  specification_version: 3
56
56
  summary: Parses and validates Facebook signed requests
57
57
  test_files:
58
- - test/signed_request_test.rb
59
58
  - test/test_helper.rb
59
+ - test/unit/test_signed_request.rb