RubyGems - facebook_client - Versions diffs - 0.0.5.0 → 0.0.5.2 - Mend

facebook_client 0.0.5.0 → 0.0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

data/lib/facebook_client.rb +8 -5
data/lib/graph.rb +7 -9
data/lib/session/base.rb +17 -0
data/lib/session/cookie.rb +54 -0
data/lib/session/fb_sig_param.rb +64 -0
data/lib/session/session_param.rb +54 -0
data/lib/session/signed_request_param.rb +91 -0
metadata +8 -6
data/lib/cookie_session.rb +0 -52
data/lib/iframe_session.rb +0 -51
data/lib/legacy_session.rb +0 -60

data/lib/facebook_client.rb CHANGED Viewed

@@ -1,12 +1,15 @@
+require 'openssl'
 require File.dirname(__FILE__)+'/ext'
 require File.dirname(__FILE__)+'/graph'
 require File.dirname(__FILE__)+'/auth'
 require File.dirname(__FILE__)+'/rest_api'
-require File.dirname(__FILE__)+'/cookie_session'
-require File.dirname(__FILE__)+'/iframe_session'
-require File.dirname(__FILE__)+'/legacy_session'
+require File.dirname(__FILE__)+'/session/base'
+require File.dirname(__FILE__)+'/session/cookie'
+require File.dirname(__FILE__)+'/session/fb_sig_param'
+require File.dirname(__FILE__)+'/session/signed_request_param'
+require File.dirname(__FILE__)+'/session/session_param'
 module FacebookClient
@@ -30,8 +33,8 @@ module FacebookClient
       @auth ||= Auth.new(self)
     end
-    def graph(token, expires=nil)
-      Graph.new(self,token,expires)
+    def graph(token, expires = nil)
+      Graph.new(self, token, expires)
     end
     def rest_api

data/lib/graph.rb CHANGED Viewed

@@ -8,16 +8,14 @@ module FacebookClient
     attr_reader :access_token
-    def initialize(fb, access_token, expires=nil)
-      @fb=fb
-      @access_token=access_token
-      if expires.nil?
-        expires=0
-      end
-      expires=expires.to_i
+    def initialize(fb, access_token, expires = nil)
+      @fb           = fb
+      @access_token = access_token
+      expires       = 0 if expires.nil?
+      expires       = expires.to_i
     end
-    def get(path, params={})
+    def get(path, params = {})
       params = params.stringify_keys
       params['access_token'] = @access_token
       response = connection.run_request(:get, path, nil, {}) do |request|

data/lib/session/base.rb ADDED Viewed

@@ -0,0 +1,17 @@
+module FacebookClient
+  module Session
+    class Base
+      attr_reader :fb
+      def graph
+        @graph ||= Graph.new(fb, access_token, 0)
+      end
+    end
+  end
+end

data/lib/session/cookie.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module FacebookClient
+  module Session
+    require 'rack'
+    require 'digest'
+    class Cookie < Base
+      def self.create_and_secure(fb, cookies)
+        cookie_session = new(fb, cookies)
+        cookie_session.secure? ? cookie_session : nil
+      end
+      def initialize(fb, cookies)
+        @fb=fb
+        @data=parse_fbs!(cookies["fbs_#{fb.app_id}"])
+      end
+      def parse_fbs!(fbs)
+        @data = fbs &&
+          check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('uid')
+      end
+      def access_token
+        @data['access_token']
+      end
+      def uid
+        @data['uid']
+      end
+      private
+      def check_sig_and_return_data(cookies)
+        cookies if calculate_sig(cookies) == cookies['sig']
+      end
+      def calculate_sig(cookies)
+        args = cookies.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+    end
+  end
+end

data/lib/session/fb_sig_param.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module FacebookClient
+  module Session
+    require 'digest'
+    class FbSigParam < Base
+      def self.create_and_secure(fb, params)
+        legacy_session = new(fb, params)
+        legacy_session.secure? ? legacy_session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @params=verfiy_params_and_return(params)
+      end
+      def secure?
+        @params.is_a?(Hash) and @params.has_key?('user')
+      end
+      def uid
+        @params['user']
+      end
+      def access_token
+        @params["session_key"]
+      end
+      def verfiy_params_and_return(params)
+        if params['fb_sig'].nil? or !params['fb_sig'].is_a?(String)
+          log 'missing fb_sig'
+          return nil
+        end
+        facebook_sig_params = params.inject({}) do |collection, pair|
+          collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
+          collection
+        end
+        if params['fb_sig']==calculate_sig(facebook_sig_params)
+          log "secured for #{facebook_sig_params['user']}"
+          return facebook_sig_params
+        else
+          log "sig #{params['fb_sig']} invalid, should be #{calculate_sig(facebook_sig_params)}"
+          return nil
+        end
+      end
+      def calculate_sig(facebook_sig_params)
+        raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
+        Digest::MD5.hexdigest([raw_string, @fb.secret].join)
+      end
+      def log(msg)
+        # puts("legacy_session/#{@fb.app_id} #{msg}")
+      end
+    end
+  end
+end

data/lib/session/session_param.rb ADDED Viewed

@@ -0,0 +1,54 @@
+module FacebookClient
+  module Session
+    require 'digest'
+    require 'yajl'
+    class SessionParam < Base
+      def self.create_and_secure(fb, params)
+        iframe_session = new(fb, params)
+        iframe_session.secure? ? iframe_session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @data=parse_fbs!(params["session"])
+      end
+      def parse_fbs!(fbs)
+        @data = fbs &&
+          check_sig_and_return_data(Yajl::Parser.parse(fbs))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('uid')
+      end
+      def uid
+        @data['uid']
+      end
+      def access_token
+        @data["access_token"]
+      end
+      # private
+      def check_sig_and_return_data(params)
+        params if calculate_sig(params) == params['sig']
+      end
+      def calculate_sig(params)
+        args = params.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+    end
+  end
+end

data/lib/session/signed_request_param.rb ADDED Viewed

@@ -0,0 +1,91 @@
+# http://developers.facebook.com/docs/authentication/canvas
+# sample fb data from july 19, 2010
+# {"fb_sig_app_id"=>"126995317325037", "signed_request"=>"XRVtkDu6T9Kre3nIcQXLlAdD8A8pW09QDxX_S1t1yJQ.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjAsIm9hdXRoX3Rva2VuIjoiMTI2OTk1MzE3MzI1MDM3fGViNmU2ZTczNGFlNjY0ZjMwMWQ4YTM3NS0xMDAwMDExNjU1MDczMTl8QlZxMER4MnVUVXdfTWUwbXkxQzBPLUZYYVNZLiIsInVzZXJfaWQiOiIxMDAwMDExNjU1MDczMTkifQ", "fb_sig_iframe_key"=>"98f13708210194c475687be6106a3b84", "fb_sig_locale"=>"en_US", "fb_sig_in_iframe"=>"1", "action"=>"index", "fb_sig"=>"0f9c16fe38b6507287a513070fc4882e", "fb_sig_in_new_facebook"=>"1", "fb_sig_added"=>"1", "fb_sig_country"=>"us", "fb_sig_ext_perms"=>"read_stream,status_update,photo_upload,video_upload,offline_access,email,create_note,share_item,publish_stream,user_photos,user_photo_video_tags,friends_photos,friends_photo_video_tags", "fb_sig_cookie_sig"=>"07eea766c8bdc363783472c34aea3cba", "fb_sig_session_key"=>"eb6e6e734ae664f301d8a375-100001165507319", "fb_sig_expires"=>"0", "fb_sig_ss"=>"cde1e8478e3f7d72960da3133091d6ae", "controller"=>"quizzes", "fb_sig_api_key"=>"12ad2dc78d9f6816ae50be94f93b571c", "fb_sig_user"=>"100001165507319", "fb_sig_profile_update_time"=>"1275440106", "fb_sig_time"=>"1279687778.633"}
+# The signed_request parameter is the concatenation of
+# a HMAC SHA-256 signature string, a period (.),
+# and a base64url encoded JSON object.
+# It looks something like this (without the newlines):
+# vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso
+# .
+# eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0
+module FacebookClient
+  module Session
+    require 'digest'
+    require 'digest/md5'
+    require 'yajl'
+    require 'base64'
+    require 'openssl'
+    class SignedRequestParam < Base
+      def self.create_and_secure(fb, params)
+        session = new(fb, params)
+        session.secure? ? session : nil
+      end
+      def initialize(fb, params)
+        @fb=fb
+        @data=parse_signed_request!(params["signed_request"])
+      end
+      def parse_signed_request!(str)
+        @data = str &&
+          check_sig_and_return_data(str, self.class.parse_params(str))
+      end
+      def secure?
+        @data.is_a?(Hash) and @data.has_key?('user_id')
+      end
+      def uid
+        @data['user_id']
+      end
+      def access_token
+        @data["oauth_token"]
+      end
+      # private
+      def check_sig_and_return_data(signed_request, params)
+        params if self.class.verify_signed_request(@fb.secret, signed_request)
+      end
+      def calculate_sig(params)
+        args = params.reject{ |(k, v)| k == 'sig' }.sort.
+          map{ |a| a.join('=') }.join
+        Digest::MD5.hexdigest(args + @fb.secret)
+      end
+      # looks like this:
+      # {"expires"=>0, "algorithm"=>"HMAC-SHA256", "user_id"=>"19392189382", "oauth_token"=>"some-token"}
+      def self.parse_params(signed_request)
+        encoded_url = signed_request.split(".").last
+        data = JSON.parse(base64_url_decode(encoded_url))
+      end
+      # This function takes the app secret and the signed request, and verifies if the request is valid.
+      def self.verify_signed_request(secret, signed_request)
+        signature, encoded_url = signed_request.split(".")
+        signature = base64_url_decode(signature)
+        expected_sig = OpenSSL::HMAC.digest('SHA256', secret, encoded_url.tr("-_", "+/"))
+        return signature == expected_sig
+      end
+      # Ruby's implementation of base64 decoding seems to be reading the string in multiples of 4 and ignoring
+      # any extra characters if there are no white-space characters at the end. Since facebook does not take this
+      # into account, this function fills any string with white spaces up to the point where it becomes divisible
+      # by 4, then it replaces '-' with '+' and '_' with '/' (URL-safe decoding), and decodes the result.
+      def self.base64_url_decode(str)
+        str = str + "=" * (4 - str.size % 4) unless str.size % 4 == 0
+        return Base64.decode64(str.tr("-_", "+/"))
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: facebook_client
 version: !ruby/object:Gem::Version
-  hash: 91
+  hash: 95
   prerelease: false
   segments:
   - 0
   - 0
   - 5
-  - 0
-  version: 0.0.5.0
+  - 2
+  version: 0.0.5.2
 platform: ruby
 authors:
 - David Crockett
@@ -77,13 +77,15 @@ extra_rdoc_files: []
 files:
 - lib/auth.rb
-- lib/cookie_session.rb
 - lib/ext.rb
 - lib/facebook_client.rb
 - lib/graph.rb
-- lib/iframe_session.rb
-- lib/legacy_session.rb
 - lib/rest_api.rb
+- lib/session/base.rb
+- lib/session/cookie.rb
+- lib/session/fb_sig_param.rb
+- lib/session/session_param.rb
+- lib/session/signed_request_param.rb
 has_rdoc: true
 homepage:
 licenses: []

data/lib/cookie_session.rb DELETED Viewed

@@ -1,52 +0,0 @@
-module FacebookClient
-  require 'rack'
-  require 'digest'
-  class CookieSession
-    def self.create_and_secure(fb, cookies)
-      cookie_session = new(fb, cookies)
-      cookie_session.secure? ? cookie_session : nil
-    end
-    def initialize(fb, cookies)
-      @fb=fb
-      @data=parse_fbs!(cookies["fbs_#{fb.app_id}"])
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @data["access_token"], 0)
-      @graph
-    end
-    def parse_fbs!(fbs)
-      @data = fbs &&
-        check_sig_and_return_data(Rack::Utils.parse_query(fbs[1..-2]))
-    end
-    def secure?
-      @data.is_a?(Hash) and @data.has_key?('uid')
-    end
-    def uid
-      @data['uid']
-    end
-    private
-    def check_sig_and_return_data(cookies)
-      cookies if calculate_sig(cookies) == cookies['sig']
-    end
-    def calculate_sig(cookies)
-      args = cookies.reject{ |(k, v)| k == 'sig' }.sort.
-        map{ |a| a.join('=') }.join
-      Digest::MD5.hexdigest(args + @fb.secret)
-    end
-  end
-end

data/lib/iframe_session.rb DELETED Viewed

@@ -1,51 +0,0 @@
-module FacebookClient
-  require 'digest'
-  require 'yajl'
-  class IframeSession
-    def self.create_and_secure(fb, params)
-      iframe_session = new(fb, params)
-      iframe_session.secure? ? iframe_session : nil
-    end
-    def initialize(fb, params)
-      @fb=fb
-      @data=parse_fbs!(params["session"])
-    end
-    def parse_fbs!(fbs)
-      @data = fbs &&
-        check_sig_and_return_data(Yajl::Parser.parse(fbs))
-    end
-    def secure?
-      @data.is_a?(Hash) and @data.has_key?('uid')
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @data["access_token"], 0)
-      @graph
-    end
-    def uid
-      @data['uid']
-    end
-    # private
-    def check_sig_and_return_data(params)
-      params if calculate_sig(params) == params['sig']
-    end
-    def calculate_sig(params)
-      args = params.reject{ |(k, v)| k == 'sig' }.sort.
-        map{ |a| a.join('=') }.join
-      Digest::MD5.hexdigest(args + @fb.secret)
-    end
-  end
-end

data/lib/legacy_session.rb DELETED Viewed

@@ -1,60 +0,0 @@
-module FacebookClient
-  require 'digest'
-  class LegacySession
-    def self.create_and_secure(fb, params)
-      legacy_session = new(fb, params)
-      legacy_session.secure? ? legacy_session : nil
-    end
-    def initialize(fb, params)
-      @fb=fb
-      @params=verfiy_params_and_return(params)
-    end
-    def secure?
-      @params.is_a?(Hash) and @params.has_key?('user')
-    end
-    def uid
-      @params['user']
-    end
-    def graph
-      @graph ||= Graph.new(@fb, @params["session_key"], 0)
-      @graph
-    end
-    def verfiy_params_and_return(params)
-      if params['fb_sig'].nil? or !params['fb_sig'].is_a?(String)
-        log 'missing fb_sig'
-        return nil
-      end
-      facebook_sig_params = params.inject({}) do |collection, pair|
-        collection[pair.first.sub(/^fb_sig_/, '')] = pair.last if pair.first[0,7] == 'fb_sig_'
-        collection
-      end
-      if params['fb_sig']==calculate_sig(facebook_sig_params)
-        log "secured for #{facebook_sig_params['user']}"
-        return facebook_sig_params
-      else
-        log "sig #{params['fb_sig']} invalid, should be #{calculate_sig(facebook_sig_params)}"
-        return nil
-      end
-    end
-    def calculate_sig(facebook_sig_params)
-      raw_string = facebook_sig_params.map{ |*args| args.join('=') }.sort.join
-      Digest::MD5.hexdigest([raw_string, @fb.secret].join)
-    end
-    def log(msg)
-      # puts("legacy_session/#{@fb.app_id} #{msg}")
-    end
-  end
-end