facebook_sig_validator 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/Gemfile ADDED
@@ -0,0 +1,5 @@
1
+ source "http://rubygems.org"
2
+ group :development do
3
+ gem "bundler", "~> 1.0.0"
4
+ gem "jeweler", "~> 1.5.2"
5
+ end
@@ -0,0 +1,16 @@
1
+ GEM
2
+ remote: http://rubygems.org/
3
+ specs:
4
+ git (1.2.5)
5
+ jeweler (1.5.2)
6
+ bundler (~> 1.0.0)
7
+ git (>= 1.2.5)
8
+ rake
9
+ rake (0.8.7)
10
+
11
+ PLATFORMS
12
+ ruby
13
+
14
+ DEPENDENCIES
15
+ bundler (~> 1.0.0)
16
+ jeweler (~> 1.5.2)
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2011 Billy Reisinger
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,11 @@
1
+ = facebook_sig_validator
2
+
3
+ This is a very simple class that validates a Facebook Javascript SDK cookie to insure that:
4
+ * The cookie has not been tampered with or fabricated
5
+ * The cookie has not expired
6
+
7
+ == Copyright
8
+
9
+ Copyright (c) 2011 Billy Reisinger. See LICENSE.txt for
10
+ further details.
11
+
@@ -0,0 +1,42 @@
1
+ require 'rubygems'
2
+ require 'bundler'
3
+ begin
4
+ Bundler.setup(:default, :development)
5
+ rescue Bundler::BundlerError => e
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
+ end
10
+ require 'rake'
11
+
12
+ require 'jeweler'
13
+ Jeweler::Tasks.new do |gem|
14
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
15
+ gem.name = "facebook_sig_validator"
16
+ gem.homepage = "http://github.com/unclebilly/facebook_sig_validator"
17
+ gem.license = "MIT"
18
+ gem.summary = %Q{Validate Facebook Javascript SDK cookie with ease}
19
+ gem.description = %Q{This is a very simple class that validates a Facebook Javascript SDK cookie}
20
+ gem.email = "billy.reisinger@gmail.com"
21
+ gem.authors = ["Billy Reisinger"]
22
+ end
23
+ Jeweler::RubygemsDotOrgTasks.new
24
+
25
+ require 'rake/testtask'
26
+ Rake::TestTask.new(:test) do |test|
27
+ test.libs << 'lib' << 'test'
28
+ test.pattern = 'test/**/test_*.rb'
29
+ test.verbose = true
30
+ end
31
+
32
+ task :default => :test
33
+
34
+ require 'rake/rdoctask'
35
+ Rake::RDocTask.new do |rdoc|
36
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
37
+
38
+ rdoc.rdoc_dir = 'rdoc'
39
+ rdoc.title = "facebook_sig_validator #{version}"
40
+ rdoc.rdoc_files.include('README*')
41
+ rdoc.rdoc_files.include('lib/**/*.rb')
42
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.0
@@ -0,0 +1,57 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{facebook_sig_validator}
8
+ s.version = "0.1.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Billy Reisinger"]
12
+ s.date = %q{2011-02-15}
13
+ s.description = %q{This is a very simple class that validates a Facebook Javascript SDK cookie}
14
+ s.email = %q{billy.reisinger@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE.txt",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ "Gemfile",
22
+ "Gemfile.lock",
23
+ "LICENSE.txt",
24
+ "README.rdoc",
25
+ "Rakefile",
26
+ "VERSION",
27
+ "facebook_sig_validator.gemspec",
28
+ "lib/facebook_sig_validator.rb",
29
+ "test/helper.rb",
30
+ "test/test_facebook_sig_validator.rb"
31
+ ]
32
+ s.homepage = %q{http://github.com/unclebilly/facebook_sig_validator}
33
+ s.licenses = ["MIT"]
34
+ s.require_paths = ["lib"]
35
+ s.rubygems_version = %q{1.5.0}
36
+ s.summary = %q{Validate Facebook Javascript SDK cookie with ease}
37
+ s.test_files = [
38
+ "test/helper.rb",
39
+ "test/test_facebook_sig_validator.rb"
40
+ ]
41
+
42
+ if s.respond_to? :specification_version then
43
+ s.specification_version = 3
44
+
45
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
46
+ s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
47
+ s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
48
+ else
49
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
50
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
51
+ end
52
+ else
53
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
54
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
55
+ end
56
+ end
57
+
@@ -0,0 +1,14 @@
1
+ require 'digest/md5'
2
+
3
+ class FacebookSigValidator
4
+ # If the cookie is valid, return true. If the cookie is out of date or invalid, return false.
5
+ # cookies is a hash
6
+ # app_id is your facebook app id
7
+ # secret is your facebook app secret
8
+ def self.valid_cookie?(cookies, app_id, secret)
9
+ cookie = cookies["fbs_#{app_id}"].gsub(/\"/, "") rescue ''
10
+ pairs = Hash[cookie.split("&").map {|kv| kv.split("=") }]
11
+ str = pairs.keys.sort.collect {|a| a == "sig" ? nil : "#{a}=#{pairs[a]}"}.reject {|a| a.nil?}.join("")
12
+ (Digest::MD5.hexdigest(str + secret) == pairs["sig"]) && (pairs["expires"] == "0" || Time.now.to_i < pairs["expires"].to_i)
13
+ end
14
+ end
@@ -0,0 +1,8 @@
1
+ require 'test/unit'
2
+
3
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
4
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
5
+ require 'facebook_sig_validator'
6
+
7
+ class Test::Unit::TestCase
8
+ end
@@ -0,0 +1,82 @@
1
+ require 'helper'
2
+
3
+ class TestFacebookSigValidator < Test::Unit::TestCase
4
+ def test_valid_signature
5
+ app_secret = "OMGOMGOMG"
6
+ app_id = "123123"
7
+
8
+ access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
9
+ expires = Time.now.to_i + 7000
10
+ secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
11
+ session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
12
+ uid = '1104597451'
13
+ sig = 'f1a41ebc69e96487e87219b60c942c96'
14
+
15
+ sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
16
+ sum = Digest::MD5.hexdigest(sum_str)
17
+
18
+ cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" +
19
+ "&expires=#{expires}" +
20
+ "&secret=#{secret}" +
21
+ "&session_key=#{session_key}" +
22
+ "&sig=#{sum}" +
23
+ "&uid=#{uid}" }
24
+
25
+ assert(FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))
26
+ end
27
+
28
+ def test_signature_too_old
29
+ app_secret = "OMGOMGOMG"
30
+ app_id = "123123"
31
+
32
+ access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
33
+ expires = Time.now.to_i - 7000
34
+ secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
35
+ session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
36
+ uid = '1104597451'
37
+ sig = 'f1a41ebc69e96487e87219b60c942c96'
38
+
39
+ sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
40
+ sum = Digest::MD5.hexdigest(sum_str)
41
+
42
+ cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" +
43
+ "&expires=#{expires}" +
44
+ "&secret=#{secret}" +
45
+ "&session_key=#{session_key}" +
46
+ "&sig=#{sum}" +
47
+ "&uid=#{uid}" }
48
+
49
+ assert(!FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))
50
+ end
51
+
52
+ def test_signature_incorrect
53
+ app_secret = "OMGOMGOMG"
54
+ app_id = "123123"
55
+
56
+ access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
57
+ expires = Time.now.to_i + 7000
58
+ secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
59
+ session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
60
+ uid = '1104597451'
61
+ sig = 'f1a41ebc69e96487e87219b60c942c96'
62
+
63
+ sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
64
+ sum = Digest::MD5.hexdigest(sum_str)
65
+
66
+ cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" +
67
+ "&expires=#{expires}" +
68
+ "&secret=#{secret.gsub(/P/,'p')}" +
69
+ "&session_key=#{session_key}" +
70
+ "&sig=#{sum}" +
71
+ "&uid=#{uid}" }
72
+
73
+ assert(!FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))
74
+ end
75
+
76
+ def test_no_cookie
77
+ app_secret = "OMGOMGOMG"
78
+ app_id = "123123"
79
+
80
+ assert(!FacebookSigValidator.valid_cookie?({}, app_id, app_secret))
81
+ end
82
+ end
metadata ADDED
@@ -0,0 +1,110 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: facebook_sig_validator
3
+ version: !ruby/object:Gem::Version
4
+ hash: 27
5
+ prerelease:
6
+ segments:
7
+ - 0
8
+ - 1
9
+ - 0
10
+ version: 0.1.0
11
+ platform: ruby
12
+ authors:
13
+ - Billy Reisinger
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain: []
17
+
18
+ date: 2011-02-15 00:00:00 -06:00
19
+ default_executable:
20
+ dependencies:
21
+ - !ruby/object:Gem::Dependency
22
+ name: bundler
23
+ version_requirements: &id001 !ruby/object:Gem::Requirement
24
+ none: false
25
+ requirements:
26
+ - - ~>
27
+ - !ruby/object:Gem::Version
28
+ hash: 23
29
+ segments:
30
+ - 1
31
+ - 0
32
+ - 0
33
+ version: 1.0.0
34
+ prerelease: false
35
+ type: :development
36
+ requirement: *id001
37
+ - !ruby/object:Gem::Dependency
38
+ name: jeweler
39
+ version_requirements: &id002 !ruby/object:Gem::Requirement
40
+ none: false
41
+ requirements:
42
+ - - ~>
43
+ - !ruby/object:Gem::Version
44
+ hash: 7
45
+ segments:
46
+ - 1
47
+ - 5
48
+ - 2
49
+ version: 1.5.2
50
+ prerelease: false
51
+ type: :development
52
+ requirement: *id002
53
+ description: This is a very simple class that validates a Facebook Javascript SDK cookie
54
+ email: billy.reisinger@gmail.com
55
+ executables: []
56
+
57
+ extensions: []
58
+
59
+ extra_rdoc_files:
60
+ - LICENSE.txt
61
+ - README.rdoc
62
+ files:
63
+ - .document
64
+ - Gemfile
65
+ - Gemfile.lock
66
+ - LICENSE.txt
67
+ - README.rdoc
68
+ - Rakefile
69
+ - VERSION
70
+ - facebook_sig_validator.gemspec
71
+ - lib/facebook_sig_validator.rb
72
+ - test/helper.rb
73
+ - test/test_facebook_sig_validator.rb
74
+ has_rdoc: true
75
+ homepage: http://github.com/unclebilly/facebook_sig_validator
76
+ licenses:
77
+ - MIT
78
+ post_install_message:
79
+ rdoc_options: []
80
+
81
+ require_paths:
82
+ - lib
83
+ required_ruby_version: !ruby/object:Gem::Requirement
84
+ none: false
85
+ requirements:
86
+ - - ">="
87
+ - !ruby/object:Gem::Version
88
+ hash: 3
89
+ segments:
90
+ - 0
91
+ version: "0"
92
+ required_rubygems_version: !ruby/object:Gem::Requirement
93
+ none: false
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ hash: 3
98
+ segments:
99
+ - 0
100
+ version: "0"
101
+ requirements: []
102
+
103
+ rubyforge_project:
104
+ rubygems_version: 1.5.0
105
+ signing_key:
106
+ specification_version: 3
107
+ summary: Validate Facebook Javascript SDK cookie with ease
108
+ test_files:
109
+ - test/helper.rb
110
+ - test/test_facebook_sig_validator.rb