facebook_session 0.0.5 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 02a8da46d6b40c4957295584de6d46b3fe590399
-  data.tar.gz: 91631fffb4376c561ac11c4d7c977908efc68ca3
+  metadata.gz: 7b5d4f0754ffc4ec193b5d4361c452ad0d4cbb6a
+  data.tar.gz: c6b7aab9c0612dd22cc62e349ca7bf3445061a42
 SHA512:
-  metadata.gz: 1da341cdd46386525f7d0ceddadc4cf0f103fff1bb090010dc8168cb0c7e863d22d70b2f1305ed6e541743f7a67d38ce60c6f68a67412c604b048a652e2a0ef9
-  data.tar.gz: 51ece5975d8db0c0f7df2ebb0d5fc069845435c67ffb3bbebb8a39765e88f91c7afb9bf723bf27f0c4427d4389512ff95ac059ced96ef45a160745b7fcf86858
+  metadata.gz: 4145e761156a6e411a39eb90fcc5a8af36834e84740d02c61b5503f67b59e5db8f64c18536a29d362757865395ac265fc0dd8baa03f392d571f3a8134c127251
+  data.tar.gz: 63a7742caf13f59f3eec877707e8e40c29912ca79ab2ba3cf3af2591878aa60730c7b1d57dc16070b845d72f2b82c3222c8d70c09d04a2423076d917b909186e

data/lib/facebook_session/decodeable_struct.rb

@@ -0,0 +1,17 @@
+module FacebookSession
+  class DecodeableStruct
+    class << self
+      def decode(message)
+        self.new(FacebookSession.message_decoder.decode(message))
+      end
+    end
+
+    def initialize(data={})
+      data.each do |key, value|
+        if self.respond_to?("#{key.to_s}=".to_sym)
+          self.send("#{key.to_s}=".to_sym, value)
+        end
+      end
+    end
+  end
+end

data/lib/facebook_session/helper.rb

@@ -2,10 +2,8 @@ module FacebookSession
   module Helper
 
     def facebook_session
-      return @facebook_session if @facebook_session
-      raise 'FacebookSession not configured!' unless FacebookSession.config?
-      if facebook_cookie = cookies["fbsr_#{FacebookSession.application_id}"]
-        @facebook_session = FacebookSession::Session.parse_cookie(facebook_cookie)
+      if message = cookies["fbsr_#{FacebookSession.application_id}"]
+        @facebook_session ||= FacebookSession::Session.decode(message)
       end
     end
 
@@ -14,10 +12,8 @@ module FacebookSession
     end
 
     def facebook_signed_request
-      return @facebook_signed_request if @facebook_signed_request
-      raise 'FacebookSession not configured!' unless FacebookSession.config?
-      if facebook_signed_request = params[:signed_request]
-        @facebook_signed_request = FacebookSession::SignedRequest.parse_request(facebook_signed_request)
+      if message = params[:signed_request]
+        @facebook_signed_request ||= FacebookSession::SignedRequest.decode(message)
       end
     end
 

data/lib/facebook_session/message_decoder.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+
+module FacebookSession
+  class MessageDecoder
+    def initialize(secret)
+      @secret = secret
+    end
+
+    def decode(string)
+      encoded_digest, payload = string.split('.')
+      digest = decode_base64(encoded_digest)
+
+      if valid_digest?(payload, digest)
+        parse_payload(payload)
+      else
+        raise FacebookSession::InvalidSignature
+      end
+    end
+
+    private
+
+    def decode_base64(str)
+      str += '=' while str.length % 4 != 0 # Pad string with =
+      Base64.urlsafe_decode64(str)
+    end
+
+    def parse_payload(payload)
+      parsed_payload = JSON.parse(decode_base64(payload))
+      parsed_payload.symbolize_keys!
+      parsed_payload
+    end
+
+    def secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+
+    def generate_digest(data)
+      require 'openssl' unless defined?(OpenSSL)
+      OpenSSL::HMAC.digest(
+        OpenSSL::Digest.new('sha256'),
+        @secret,
+        data
+      )
+    end
+
+    def valid_digest?(data, digest)
+      data.present? && digest.present? && secure_compare(digest, generate_digest(data))
+    end
+  end
+end

data/lib/facebook_session/railtie.rb

@@ -0,0 +1,10 @@
+require 'rails'
+
+module PagesCore
+  class Railtie < ::Rails::Railtie
+    initializer :extend_rails do
+      ActionView::Base.send :include, FacebookSession::Helper
+      ActionController::Base.send :include, FacebookSession::Helper
+    end
+  end
+end

data/lib/facebook_session/session.rb

@@ -1,21 +1,5 @@
 module FacebookSession
-  class Session
+  class Session < DecodeableStruct
     attr_accessor :user_id, :oauth_token, :algorithm, :issued_at
-
-    class << self
-      def parse_cookie(cookie)
-        if session_data = FacebookSession.decode_payload(cookie)
-          self.new(session_data)
-        else
-          nil
-        end
-      end
-    end
-
-    def initialize(session_data={})
-      session_data.each do |key, value|
-        self.send("#{key.to_s}=".to_sym, value) if self.respond_to?("#{key.to_s}=".to_sym)
-      end
-    end
   end
 end

data/lib/facebook_session/signed_request.rb

@@ -1,21 +1,6 @@
 module FacebookSession
-  class SignedRequest
-    attr_accessor :code, :algorithm, :issued_at, :user_id, :user, :oauth_token, :expires, :app_data, :page
-
-    class << self
-      def parse_request(request)
-        if request_data = FacebookSession.decode_payload(request)
-          self.new(request_data)
-        else
-          nil
-        end
-      end
-    end
-
-    def initialize(request_data={})
-      request_data.each do |key, value|
-        self.send("#{key.to_s}=".to_sym, value) if self.respond_to?("#{key.to_s}=".to_sym)
-      end
-    end
+  class SignedRequest < DecodeableStruct
+    attr_accessor :user_id, :oauth_token, :algorithm, :issued_at
+    attr_accessor :code, :user, :expires, :app_data, :page
   end
 end

data/lib/facebook_session/version.rb

@@ -1,3 +1,3 @@
 module FacebookSession
-  VERSION = "0.0.5"
+  VERSION = "1.0.0"
 end

data/lib/facebook_session.rb

@@ -1,60 +1,59 @@
+require 'base64'
+
+require File.join(File.dirname(__FILE__), 'facebook_session/decodeable_struct')
 require File.join(File.dirname(__FILE__), 'facebook_session/helper')
+require File.join(File.dirname(__FILE__), 'facebook_session/message_decoder')
 require File.join(File.dirname(__FILE__), 'facebook_session/session')
+require File.join(File.dirname(__FILE__), 'facebook_session/railtie')
 require File.join(File.dirname(__FILE__), 'facebook_session/signed_request')
 
 module FacebookSession
+  class InvalidSignature < StandardError; end
+  class NotConfiguredError < StandardError; end
+
   class << self
 
-    def config
-      @@config ||= {}
+    def clear_config!
+      @@config = nil
     end
 
     def config?
-      self.config[:application_id] && self.config[:application_secret] ? true : false
+      config[:application_id] && config[:application_secret] ? true : false
     end
 
     def configure(options={})
       options.each do |key, val|
-        self.config[key.to_sym] = val
+        config[key.to_sym] = val
       end
-      self.config
+      config
     end
 
     def application_id
-      self.config[:application_id]
+      if config[:application_id].kind_of?(Proc)
+        config[:application_id].call
+      else
+        config[:application_id]
+      end
     end
 
     def application_secret
-      self.config[:application_secret]
+      if config[:application_secret].kind_of?(Proc)
+        config[:application_secret].call
+      else
+        config[:application_secret]
+      end
     end
 
-    def base64_url_decode(string)
-      encoded_string = string.gsub('-','+').gsub('_','/')
-      encoded_string += '=' while (encoded_string.length % 4 != 0)
-      Base64.decode64(encoded_string)
+    def message_decoder
+      raise NotConfiguredError unless config?
+      FacebookSession::MessageDecoder.new(application_secret)
     end
 
-    def decode_payload(string)
-      encoded_sig, payload = string.split('.')
-      sig             = base64_url_decode(encoded_sig)
-      decoded_payload = JSON.parse(base64_url_decode(payload))
-      decoded_payload.symbolize_keys!
-
-      expected_sig = OpenSSL::HMAC.digest(
-        OpenSSL::Digest.new('sha256'),
-        FacebookSession.application_secret,
-        payload
-      )
+    private
 
-      if sig == expected_sig
-        decoded_payload
-      else
-        nil
-      end
+    def config
+      @@config ||= {}
     end
-
   end
 end
 
-ActionView::Base.send :include, FacebookSession::Helper
-ActionController::Base.send :include, FacebookSession::Helper

data/spec/facebook_session_spec.rb

@@ -0,0 +1,76 @@
+require 'spec_helper'
+
+describe FacebookSession do
+  before(:each) do
+    FacebookSession.clear_config!
+  end
+
+  describe ".config?" do
+    subject { FacebookSession.config? }
+
+    context "when no config is set" do
+      it { is_expected.to eq(false) }
+    end
+
+    context "when one option is missing" do
+      before { FacebookSession.configure(application_id: "foo") }
+      it { is_expected.to eq(false) }
+    end
+
+    context "when both options are set" do
+      before { FacebookSession.configure(application_id: "foo", application_secret: "bar") }
+      it { is_expected.to eq(true) }
+    end
+  end
+
+  describe ".application_id" do
+    subject { FacebookSession.application_id }
+
+    context "when unconfigured" do
+      it { is_expected.to eq(nil) }
+    end
+
+    context "when configured with a string" do
+      before { FacebookSession.configure(application_id: "foo") }
+      it { is_expected.to eq("foo") }
+    end
+
+    context "when configured with a proc" do
+      before { FacebookSession.configure(application_id: -> { "foo" }) }
+      it { is_expected.to eq("foo") }
+    end
+  end
+
+  describe ".application_secret" do
+    subject { FacebookSession.application_secret }
+
+    context "when unconfigured" do
+      it { is_expected.to eq(nil) }
+    end
+
+    context "when configured with a string" do
+      before { FacebookSession.configure(application_secret: "foo") }
+      it { is_expected.to eq("foo") }
+    end
+
+    context "when configured with a proc" do
+      before { FacebookSession.configure(application_secret: -> { "foo" }) }
+      it { is_expected.to eq("foo") }
+    end
+  end
+
+  describe ".message_decoder" do
+    subject { FacebookSession.message_decoder }
+
+    context "without configuration" do
+      it "should raise an error" do
+        expect { subject }.to raise_error(FacebookSession::NotConfiguredError)
+      end
+    end
+
+    context "with configuration" do
+      before { FacebookSession.configure(application_id: "foo", application_secret: "bar") }
+      it { is_expected.to be_a(FacebookSession::MessageDecoder) }
+    end
+  end
+end

data/spec/helper_spec.rb

@@ -0,0 +1,85 @@
+require 'spec_helper'
+
+class TestController
+  include FacebookSession::Helper
+  def initialize(options = {})
+    @fb_session = options[:fb_session]
+    @signed_request = options[:signed_request]
+  end
+
+  def cookies
+    { "fbsr_foo" => @fb_session }
+  end
+
+  def params
+    { signed_request: @signed_request }
+  end
+end
+
+describe FacebookSession::Helper do
+  before(:all) { FacebookSession.configure(application_id: "foo", application_secret: "bar") }
+
+  let(:json)       { '{"user_id": "123", "oauth_token": "abc", "algorithm": "sha256", "issued_at": "2014"}' }
+  let(:payload)    { Base64.urlsafe_encode64(json) }
+  let(:digest)     { Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), "bar", payload)) }
+  let(:message)    { "#{digest}.#{payload}" }
+  let(:controller) { TestController.new }
+
+  describe "#facebook_session" do
+    subject { controller.facebook_session }
+
+    context "without session data" do
+      it { is_expected.to eq(nil) }
+    end
+
+    context "with session data" do
+      let(:controller) { TestController.new(fb_session: message) }
+      it { is_expected.to be_a(FacebookSession::Session) }
+      it "should decode the message" do
+        expect(subject.user_id).to eq("123")
+      end
+    end
+  end
+
+  describe "#facebook_session?" do
+    subject { controller.facebook_session? }
+
+    context "without session data" do
+      it { is_expected.to eq(false) }
+    end
+
+    context "with session data" do
+      let(:controller) { TestController.new(fb_session: message) }
+      it { is_expected.to eq(true) }
+    end
+  end
+
+  describe "#facebook_signed_request" do
+    subject { controller.facebook_signed_request }
+
+    context "without a signed request" do
+      it { is_expected.to eq(nil) }
+    end
+
+    context "with a signed request" do
+      let(:controller) { TestController.new(signed_request: message) }
+      it { is_expected.to be_a(FacebookSession::SignedRequest) }
+      it "should decode the message" do
+        expect(subject.user_id).to eq("123")
+      end
+    end
+  end
+
+  describe "#facebook_signed_request?" do
+    subject { controller.facebook_signed_request? }
+
+    context "without a signed request" do
+      it { is_expected.to eq(false) }
+    end
+
+    context "with a signed request" do
+      let(:controller) { TestController.new(signed_request: message) }
+      it { is_expected.to eq(true) }
+    end
+  end
+end

data/spec/message_decoder_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe FacebookSession::MessageDecoder do
+  let(:secret)   { "topsecret" }
+  let(:verifier) { FacebookSession::MessageDecoder.new(secret) }
+  let(:json)     { '{"foo": "bar"}' }
+  let(:payload)  { Base64.urlsafe_encode64(json).gsub(/[=]+$/, '') }
+  let(:digest)   { Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), secret, payload)).gsub(/[=]+$/, '') }
+  let(:message)  { "#{digest}.#{payload}" }
+
+  describe "#decode" do
+    subject { verifier.decode(message) }
+
+    context "with valid data" do
+      it { is_expected.to eq({foo: "bar"}) }
+    end
+
+    context "with invalid digest" do
+      let(:digest) { "1639a467ae544a4a9b4a5623fe56a2f93276087b" }
+      it "should raise an error" do
+        expect { subject }.to raise_error(FacebookSession::InvalidSignature)
+      end
+    end
+  end
+end

data/spec/session_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe FacebookSession::Session do
+  before(:all) { FacebookSession.configure(application_id: "foo", application_secret: "bar") }
+
+  let(:json)    { '{"user_id": "123", "oauth_token": "abc", "algorithm": "sha256", "issued_at": "2014"}' }
+  let(:payload) { Base64.urlsafe_encode64(json) }
+  let(:digest)  { Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), "bar", payload)) }
+  let(:message) { "#{digest}.#{payload}" }
+
+  describe ".decode" do
+    subject { FacebookSession::Session.decode(message) }
+
+    context "with a valid message" do
+      it { is_expected.to be_a(FacebookSession::Session) }
+      it "should recieve the data" do
+        expect(subject.user_id).to eq("123")
+        expect(subject.oauth_token).to eq("abc")
+        expect(subject.algorithm).to eq("sha256")
+        expect(subject.issued_at).to eq("2014")
+      end
+    end
+  end
+end

data/spec/signed_request_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe FacebookSession::SignedRequest do
+  before(:all) { FacebookSession.configure(application_id: "foo", application_secret: "bar") }
+
+  let(:json)    { '{"user_id": "123", "oauth_token": "abc", "algorithm": "sha256", "issued_at": "2014", "code": "code", "user": "user", "expires": "expires", "app_data": "app_data", "page": "page"}' }
+  let(:payload) { Base64.urlsafe_encode64(json) }
+  let(:digest)  { Base64.urlsafe_encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), "bar", payload)) }
+  let(:message) { "#{digest}.#{payload}" }
+
+  describe ".decode" do
+    subject { FacebookSession::SignedRequest.decode(message) }
+
+    context "with a valid message" do
+      it { is_expected.to be_a(FacebookSession::SignedRequest) }
+      it "should recieve the data" do
+        expect(subject.user_id).to eq("123")
+        expect(subject.oauth_token).to eq("abc")
+        expect(subject.algorithm).to eq("sha256")
+        expect(subject.issued_at).to eq("2014")
+        expect(subject.code).to eq("code")
+        expect(subject.user).to eq("user")
+        expect(subject.expires).to eq("expires")
+        expect(subject.app_data).to eq("app_data")
+        expect(subject.page).to eq("page")
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+require "codeclimate-test-reporter"
+CodeClimate::TestReporter.start
+
+require_relative '../lib/facebook_session'
+
+RSpec.configure do |config|
+end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: facebook_session
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 1.0.0
 platform: ruby
 authors:
 - Inge Jørgensen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-30 00:00:00.000000000 Z
-dependencies: []
+date: 2014-09-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 description: Rails plugin for simple Facebook session authentication
 email: inge@manualdesign.no
 executables: []
@@ -17,11 +31,20 @@ extensions: []
 extra_rdoc_files: []
 files:
 - lib/facebook_session.rb
+- lib/facebook_session/decodeable_struct.rb
 - lib/facebook_session/helper.rb
+- lib/facebook_session/message_decoder.rb
+- lib/facebook_session/railtie.rb
 - lib/facebook_session/session.rb
 - lib/facebook_session/signed_request.rb
 - lib/facebook_session/version.rb
-homepage: https://github.com/manualdesign/simple_session
+- spec/facebook_session_spec.rb
+- spec/helper_spec.rb
+- spec/message_decoder_spec.rb
+- spec/session_spec.rb
+- spec/signed_request_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/manualdesign/facebook_session
 licenses: []
 metadata: {}
 post_install_message: 
@@ -32,7 +55,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -40,8 +63,14 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.4.1
 signing_key: 
 specification_version: 4
 summary: Rails plugin for simple Facebook session authentication
-test_files: []
+test_files:
+- spec/facebook_session_spec.rb
+- spec/helper_spec.rb
+- spec/message_decoder_spec.rb
+- spec/session_spec.rb
+- spec/signed_request_spec.rb
+- spec/spec_helper.rb