RubyGems - facebook_client - Versions diffs - 0.0.2 → 0.0.3 - Mend

facebook_client 0.0.2 → 0.0.3

Files changed (6) hide show

data/lib/auth.rb CHANGED Viewed

@@ -18,7 +18,6 @@ module FacebookClient
       params = params.stringify_keys
       params['client_id'] = @fb.app_id
       params.require_keys('redirect_uri', 'client_id')
-      params.assert_valid_keys('redirect_uri', 'client_id', 'scope')
       connection.build_url('/oauth/authorize', params).to_s
     end

data/lib/cookie_session.rb ADDED Viewed

@@ -0,0 +1,47 @@
+module FacebookClient
+  require 'rack'
+  require 'digest'
+  class CookieSession
+    def self.create_and_secure(fb, cookies)
+      cookie_session = new(fb, cookies)
+      cookie_session.secure? ? cookie_session : nil
+    end
+    def initialize(fb, cookies)
+      @fb=fb
+      @data=parse_fbs!(cookies["fbs_#{fb.app_id}"])
+    end
+    def parse_fbs!(fbs)
+      @data = fbs &&
+        check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
+    end
+    def secure?
+      @data.is_a?(Hash) and @data.has_key?('uid')
+    end
+    def uid
+      @data['uid']
+    end
+    private
+    def check_sig_and_return_data(cookies)
+      cookies if calculate_sig(cookies) == cookies['sig']
+    end
+    def calculate_sig(cookies)
+      args = cookies.reject{ |(k, v)| k == 'sig' }.sort.
+        map{ |a| a.join('=') }.join
+      Digest::MD5.hexdigest(args + @fb.secret)
+    end
+  end
+end

data/lib/facebook_client.rb CHANGED Viewed

@@ -3,6 +3,10 @@ require File.dirname(__FILE__)+'/ext'
 require File.dirname(__FILE__)+'/graph'
 require File.dirname(__FILE__)+'/auth'
 require File.dirname(__FILE__)+'/rest_api'
+require File.dirname(__FILE__)+'/cookie_session'
+require File.dirname(__FILE__)+'/iframe_session'
+require File.dirname(__FILE__)+'/legacy_session'
 module FacebookClient

data/lib/iframe_session.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module FacebookClient
+  require 'digest'
+  require 'yajl'
+  class IframeSession
+    def self.create_and_secure(fb, params)
+      iframe_session = new(fb, params)
+      iframe_session.secure? ? iframe_session : nil
+    end
+    def initialize(fb, params)
+      @fb=fb
+      @data=parse_fbs!(params["session"])
+    end
+    def parse_fbs!(fbs)
+      @data = fbs &&
+        check_sig_and_return_data(Yajl::Parser.parse(fbs))
+    end
+    def secure?
+      @data.is_a?(Hash) and @data.has_key?('uid')
+    end
+    def uid
+      @data['uid']
+    end
+    # private
+    def check_sig_and_return_data(params)
+      params if calculate_sig(params) == params['sig']
+    end
+    def calculate_sig(params)
+      args = params.reject{ |(k, v)| k == 'sig' }.sort.
+        map{ |a| a.join('=') }.join
+      Digest::MD5.hexdigest(args + @fb.secret)
+    end
+  end
+end

data/lib/legacy_session.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module FacebookClient
+  require 'digest'
+  class LegacySession
+    def self.create_and_secure(fb, params)
+      legacy_session = new(fb, params)
+      legacy_session.secure? ? legacy_session : nil
+    end
+    def initialize(fb, params)
+      @fb=fb
+      @params=verfiy_params_and_return(params)
+    end
+    def secure?
+      @params.is_a?(Hash) and @params.has_key?('user')
+    end
+    def uid
+      @params['user']
+    end
+    def verfiy_params_and_return(params)
+      if params['fb_sig'].nil? or !params['fb_sig'].is_a?(String)
+        log 'missing fb_sig'
+        return nil
+      end
+      facebook_sig_params = params.inject({}) do |collection, pair|
+        collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
+        collection
+      end
+      if params['fb_sig']==calculate_sig(facebook_sig_params)
+        log "secured for #{facebook_sig_params['user']}"
+        return facebook_sig_params
+      else
+        log "sig #{params['fb_sig']} invalid, should be #{calculate_sig(facebook_sig_params)}"
+        return nil
+      end
+    end
+    def calculate_sig(facebook_sig_params)
+      raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
+      Digest::MD5.hexdigest([raw_string, @fb.secret].join)
+    end
+    def log(msg)
+      # puts("legacy_session/#{@fb.app_id} #{msg}")
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: facebook_client
 version: !ruby/object:Gem::Version
-  hash: 27
+  hash: 25
   prerelease: false
   segments:
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors:
 - David Crockett
@@ -76,9 +76,12 @@ extra_rdoc_files: []
 files:
 - lib/auth.rb
+- lib/cookie_session.rb
 - lib/ext.rb
 - lib/facebook_client.rb
 - lib/graph.rb
+- lib/iframe_session.rb
+- lib/legacy_session.rb
 - lib/rest_api.rb
 has_rdoc: true
 homepage: