RubyGems - facebook_client - Versions diffs - 0.0.5.0 → 0.0.5.2 - Mend

facebook_client 0.0.5.0 → 0.0.5.2

Files changed (11) hide show

data/lib/facebook_client.rb +8 -5
data/lib/graph.rb +7 -9
data/lib/session/base.rb +17 -0
data/lib/session/cookie.rb +54 -0
data/lib/session/fb_sig_param.rb +64 -0
data/lib/session/session_param.rb +54 -0
data/lib/session/signed_request_param.rb +91 -0
metadata +8 -6
data/lib/cookie_session.rb +0 -52
data/lib/iframe_session.rb +0 -51
data/lib/legacy_session.rb +0 -60

data/lib/facebook_client.rb CHANGED Viewed

@@ -1,12 +1,15 @@
+require 'openssl'
 require File.dirname(__FILE__)+'/ext'
 require File.dirname(__FILE__)+'/graph'
 require File.dirname(__FILE__)+'/auth'
 require File.dirname(__FILE__)+'/rest_api'
-require File.dirname(__FILE__)+'/cookie_session'
-require File.dirname(__FILE__)+'/iframe_session'
-require File.dirname(__FILE__)+'/legacy_session'
+require File.dirname(__FILE__)+'/session/base'
+require File.dirname(__FILE__)+'/session/cookie'
+require File.dirname(__FILE__)+'/session/fb_sig_param'
+require File.dirname(__FILE__)+'/session/signed_request_param'
+require File.dirname(__FILE__)+'/session/session_param'
 module FacebookClient
@@ -30,8 +33,8 @@ module FacebookClient
       @auth ||= Auth.new(self)
     end
-    def graph(token, expires=nil)
-      Graph.new(self,token,expires)
+    def graph(token, expires = nil)
+      Graph.new(self, token, expires)
     end
     def rest_api

data/lib/graph.rb CHANGED Viewed

@@ -8,16 +8,14 @@ module FacebookClient
     attr_reader :access_token
-    def initialize(fb, access_token, expires=nil)
-      @fb=fb
-      @access_token=access_token
-      if expires.nil?
-        expires=0
-      end
-      expires=expires.to_i
+    def initialize(fb, access_token, expires = nil)
+      @fb           = fb
+      @access_token = access_token
+      expires       = 0 if expires.nil?
+      expires       = expires.to_i
     end
-    def get(path, params={})
+    def get(path, params = {})
       params = params.stringify_keys
       params['access_token'] = @access_token
       response = connection.run_request(:get, path, nil, {}) do |request|

data/lib/session/base.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module FacebookClient
+  module Session
+    class Base
+      attr_reader :fb
+      def graph
+        @graph ||= Graph.new(fb, access_token, 0)
+      end
+    end
+  end
+end

data/lib/session/cookie.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module FacebookClient
+  module Session
+    require 'rack'
+    require 'digest'
+    class Cookie < Base
+      def self.create_and_secure(fb, cookies)
+        cookie_session = new(fb, cookies)
+        cookie_session.secure? ? cookie_session : nil
+      end
+      def initialize(fb, cookies)
+        @fb=fb
+        @data=parse_fbs!(cookies["fbs_#{fb.app_id}"])
+      end
+      def parse_fbs!(fbs)
+        @data = fbs &&
+          check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('uid')
+      end
+      def access_token
+        @data['access_token']
+      end
+      def uid
+        @data['uid']
+      end
+      private
+      def check_sig_and_return_data(cookies)
+        cookies if calculate_sig(cookies) == cookies['sig']
+      end
+      def calculate_sig(cookies)
+        args = cookies.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+    end
+  end
+end

data/lib/session/fb_sig_param.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module FacebookClient
+  module Session
+    require 'digest'
+    class FbSigParam < Base
+      def self.create_and_secure(fb, params)
+        legacy_session = new(fb, params)
+        legacy_session.secure? ? legacy_session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @params=verfiy_params_and_return(params)
+      end
+      def secure?
+        @params.is_a?(Hash) and @params.has_key?('user')
+      end
+      def uid
+        @params['user']
+      end
+      def access_token
+        @params["session_key"]
+      end
+      def verfiy_params_and_return(params)
+        if params['fb_sig'].nil? or !params['fb_sig'].is_a?(String)
+          log 'missing fb_sig'
+          return nil
+        end
+        facebook_sig_params = params.inject({}) do |collection, pair|
+          collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
+          collection
+        end
+        if params['fb_sig']==calculate_sig(facebook_sig_params)
+          log "secured for #{facebook_sig_params['user']}"
+          return facebook_sig_params
+        else
+          log "sig #{params['fb_sig']} invalid, should be #{calculate_sig(facebook_sig_params)}"
+          return nil
+        end
+      end
+      def calculate_sig(facebook_sig_params)
+        raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
+        Digest::MD5.hexdigest([raw_string, @fb.secret].join)
+      end
+      def log(msg)
+        # puts("legacy_session/#{@fb.app_id} #{msg}")
+      end
+    end
+  end
+end

data/lib/session/session_param.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module FacebookClient
+  module Session
+    require 'digest'
+    require 'yajl'
+    class SessionParam < Base
+      def self.create_and_secure(fb, params)
+        iframe_session = new(fb, params)
+        iframe_session.secure? ? iframe_session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @data=parse_fbs!(params["session"])
+      end
+      def parse_fbs!(fbs)
+        @data = fbs &&
+          check_sig_and_return_data(Yajl::Parser.parse(fbs))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('uid')
+      end
+      def uid
+        @data['uid']
+      end
+      def access_token
+        @data["access_token"]
+      end
+      # private
+      def check_sig_and_return_data(params)
+        params if calculate_sig(params) == params['sig']
+      end
+      def calculate_sig(params)
+        args = params.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+    end
+  end
+end

data/lib/session/signed_request_param.rb ADDED Viewed

@@ -0,0 +1,91 @@
+# http://developers.facebook.com/docs/authentication/canvas
+# sample fb data from july 19, 2010
+# {"fb_sig_app_id"=>"126995317325037", "signed_request"=>"XRVtkDu6T9Kre3nIcQXLlAdD8A8pW09QDxX_S1t1yJQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjAsIm9hdXRoX3Rva2VuIjoiMTI2OTk1MzE3MzI1MDM3fGViNmU2ZTczNGFlNjY0ZjMwMWQ4YTM3NS0xMDAwMDExNjU1MDczMTl8QlZxMER4MnVUVXdfTWUwbXkxQzBPLUZYYVNZLiIsInVzZXJfaWQiOiIxMDAwMDExNjU1MDczMTkifQ", "fb_sig_iframe_key"=>"98f13708210194c475687be6106a3b84", "fb_sig_locale"=>"en_US", "fb_sig_in_iframe"=>"1", "action"=>"index", "fb_sig"=>"0f9c16fe38b6507287a513070fc4882e", "fb_sig_in_new_facebook"=>"1", "fb_sig_added"=>"1", "fb_sig_country"=>"us", "fb_sig_ext_perms"=>"read_stream,status_update,photo_upload,video_upload,offline_access,email,create_note,share_item,publish_stream,user_photos,user_photo_video_tags,friends_photos,friends_photo_video_tags", "fb_sig_cookie_sig"=>"07eea766c8bdc363783472c34aea3cba", "fb_sig_session_key"=>"eb6e6e734ae664f301d8a375-100001165507319", "fb_sig_expires"=>"0", "fb_sig_ss"=>"cde1e8478e3f7d72960da3133091d6ae", "controller"=>"quizzes", "fb_sig_api_key"=>"12ad2dc78d9f6816ae50be94f93b571c", "fb_sig_user"=>"100001165507319", "fb_sig_profile_update_time"=>"1275440106", "fb_sig_time"=>"1279687778.633"}
+# The signed_request parameter is the concatenation of
+# a HMAC SHA-256 signature string, a period (.),
+# and a base64url encoded JSON object.
+# It looks something like this (without the newlines):
+# vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso
+# .
+# eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0
+module FacebookClient
+  module Session
+    require 'digest'
+    require 'digest/md5'
+    require 'yajl'
+    require 'base64'
+    require 'openssl'
+    class SignedRequestParam < Base
+      def self.create_and_secure(fb, params)
+        session = new(fb, params)
+        session.secure? ? session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @data=parse_signed_request!(params["signed_request"])
+      end
+      def parse_signed_request!(str)
+        @data = str &&
+          check_sig_and_return_data(str, self.class.parse_params(str))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('user_id')
+      end
+      def uid
+        @data['user_id']
+      end
+      def access_token
+        @data["oauth_token"]
+      end
+      # private
+      def check_sig_and_return_data(signed_request, params)
+        params if self.class.verify_signed_request(@fb.secret, signed_request)
+      end
+      def calculate_sig(params)
+        args = params.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+      # looks like this:
+      # {"expires"=>0, "algorithm"=>"HMAC-SHA256", "user_id"=>"19392189382", "oauth_token"=>"some-token"}
+      def self.parse_params(signed_request)
+        encoded_url = signed_request.split(".").last
+        data = JSON.parse(base64_url_decode(encoded_url))
+      end
+      # This function takes the app secret and the signed request, and verifies if the request is valid.
+      def self.verify_signed_request(secret, signed_request)
+        signature, encoded_url = signed_request.split(".")
+        signature = base64_url_decode(signature)
+        expected_sig = OpenSSL::HMAC.digest('SHA256', secret, encoded_url.tr("-_", "+/"))
+        return signature == expected_sig
+      end
+      # Ruby's implementation of base64 decoding seems to be reading the string in multiples of 4 and ignoring
+      # any extra characters if there are no white-space characters at the end. Since facebook does not take this
+      # into account, this function fills any string with white spaces up to the point where it becomes divisible
+      # by 4, then it replaces '-' with '+' and '_' with '/' (URL-safe decoding), and decodes the result.
+      def self.base64_url_decode(str)
+        str = str + "=" * (4 - str.size % 4) unless str.size % 4 == 0
+        return Base64.decode64(str.tr("-_", "+/"))
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: facebook_client
 version: !ruby/object:Gem::Version
-  hash: 91
+  hash: 95
   prerelease: false
   segments:
   - 0
   - 0
   - 5
-  - 0
-  version: 0.0.5.0
+  - 2
+  version: 0.0.5.2
 platform: ruby
 authors:
 - David Crockett
@@ -77,13 +77,15 @@ extra_rdoc_files: []
 files:
 - lib/auth.rb
-- lib/cookie_session.rb
 - lib/ext.rb
 - lib/facebook_client.rb
 - lib/graph.rb
-- lib/iframe_session.rb
-- lib/legacy_session.rb
 - lib/rest_api.rb
+- lib/session/base.rb
+- lib/session/cookie.rb
+- lib/session/fb_sig_param.rb
+- lib/session/session_param.rb
+- lib/session/signed_request_param.rb
 has_rdoc: true
 homepage:
 licenses: []

data/lib/cookie_session.rb DELETED Viewed

@@ -1,52 +0,0 @@
-module FacebookClient
-  require 'rack'
-  require 'digest'
-  class CookieSession
-    def self.create_and_secure(fb, cookies)
-      cookie_session = new(fb, cookies)
-      cookie_session.secure? ? cookie_session : nil
-    end
-    def initialize(fb, cookies)
-      @fb=fb
-      @data=parse_fbs!(cookies["fbs_#{fb.app_id}"])
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @data["access_token"], 0)
-      @graph
-    end
-    def parse_fbs!(fbs)
-      @data = fbs &&
-        check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
-    end
-    def secure?
-      @data.is_a?(Hash) and @data.has_key?('uid')
-    end
-    def uid
-      @data['uid']
-    end
-    private
-    def check_sig_and_return_data(cookies)
-      cookies if calculate_sig(cookies) == cookies['sig']
-    end
-    def calculate_sig(cookies)
-      args = cookies.reject{ |(k, v)| k == 'sig' }.sort.
-        map{ |a| a.join('=') }.join
-      Digest::MD5.hexdigest(args + @fb.secret)
-    end
-  end
-end

data/lib/iframe_session.rb DELETED Viewed

@@ -1,51 +0,0 @@
-module FacebookClient
-  require 'digest'
-  require 'yajl'
-  class IframeSession
-    def self.create_and_secure(fb, params)
-      iframe_session = new(fb, params)
-      iframe_session.secure? ? iframe_session : nil
-    end
-    def initialize(fb, params)
-      @fb=fb
-      @data=parse_fbs!(params["session"])
-    end
-    def parse_fbs!(fbs)
-      @data = fbs &&
-        check_sig_and_return_data(Yajl::Parser.parse(fbs))
-    end
-    def secure?
-      @data.is_a?(Hash) and @data.has_key?('uid')
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @data["access_token"], 0)
-      @graph
-    end
-    def uid
-      @data['uid']
-    end
-    # private
-    def check_sig_and_return_data(params)
-      params if calculate_sig(params) == params['sig']
-    end
-    def calculate_sig(params)
-      args = params.reject{ |(k, v)| k == 'sig' }.sort.
-        map{ |a| a.join('=') }.join
-      Digest::MD5.hexdigest(args + @fb.secret)
-    end
-  end
-end

data/lib/legacy_session.rb DELETED Viewed

@@ -1,60 +0,0 @@
-module FacebookClient
-  require 'digest'
-  class LegacySession
-    def self.create_and_secure(fb, params)
-      legacy_session = new(fb, params)
-      legacy_session.secure? ? legacy_session : nil
-    end
-    def initialize(fb, params)
-      @fb=fb
-      @params=verfiy_params_and_return(params)
-    end
-    def secure?
-      @params.is_a?(Hash) and @params.has_key?('user')
-    end
-    def uid
-      @params['user']
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @params["session_key"], 0)
-      @graph
-    end
-    def verfiy_params_and_return(params)
-      if params['fb_sig'].nil? or !params['fb_sig'].is_a?(String)
-        log 'missing fb_sig'
-        return nil
-      end
-      facebook_sig_params = params.inject({}) do |collection, pair|
-        collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
-        collection
-      end
-      if params['fb_sig']==calculate_sig(facebook_sig_params)
-        log "secured for #{facebook_sig_params['user']}"
-        return facebook_sig_params
-      else
-        log "sig #{params['fb_sig']} invalid, should be #{calculate_sig(facebook_sig_params)}"
-        return nil
-      end
-    end
-    def calculate_sig(facebook_sig_params)
-      raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
-      Digest::MD5.hexdigest([raw_string, @fb.secret].join)
-    end
-    def log(msg)
-      # puts("legacy_session/#{@fb.app_id} #{msg}")
-    end
-  end
-end