facebook_sig_validator 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,5 @@
+source "http://rubygems.org"
+group :development do
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.5.2"
+end

data/Gemfile.lock

@@ -0,0 +1,16 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    git (1.2.5)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    rake (0.8.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.5.2)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Billy Reisinger
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,11 @@
+= facebook_sig_validator
+
+This is a very simple class that validates a Facebook Javascript SDK cookie to insure that: 
+* The cookie has not been tampered with or fabricated
+* The cookie has not expired
+
+== Copyright
+
+Copyright (c) 2011 Billy Reisinger. See LICENSE.txt for
+further details.
+

data/Rakefile

@@ -0,0 +1,42 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "facebook_sig_validator"
+  gem.homepage = "http://github.com/unclebilly/facebook_sig_validator"
+  gem.license = "MIT"
+  gem.summary = %Q{Validate Facebook Javascript SDK cookie with ease}
+  gem.description = %Q{This is a very simple class that validates a Facebook Javascript SDK cookie}
+  gem.email = "billy.reisinger@gmail.com"
+  gem.authors = ["Billy Reisinger"]
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "facebook_sig_validator #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/facebook_sig_validator.gemspec

@@ -0,0 +1,57 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{facebook_sig_validator}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Billy Reisinger"]
+  s.date = %q{2011-02-15}
+  s.description = %q{This is a very simple class that validates a Facebook Javascript SDK cookie}
+  s.email = %q{billy.reisinger@gmail.com}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "facebook_sig_validator.gemspec",
+    "lib/facebook_sig_validator.rb",
+    "test/helper.rb",
+    "test/test_facebook_sig_validator.rb"
+  ]
+  s.homepage = %q{http://github.com/unclebilly/facebook_sig_validator}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.5.0}
+  s.summary = %q{Validate Facebook Javascript SDK cookie with ease}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_facebook_sig_validator.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+    else
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    end
+  else
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+  end
+end
+

data/lib/facebook_sig_validator.rb

@@ -0,0 +1,14 @@
+require 'digest/md5'
+
+class FacebookSigValidator
+  # If the cookie is valid, return true.  If the cookie is out of date or invalid, return false.
+  # cookies is a hash
+  # app_id is your facebook app id
+  # secret is your facebook app secret
+  def self.valid_cookie?(cookies, app_id, secret)
+    cookie = cookies["fbs_#{app_id}"].gsub(/\"/, "") rescue ''
+    pairs = Hash[cookie.split("&").map {|kv| kv.split("=") }]
+    str = pairs.keys.sort.collect {|a| a == "sig" ? nil : "#{a}=#{pairs[a]}"}.reject {|a| a.nil?}.join("")
+    (Digest::MD5.hexdigest(str + secret) == pairs["sig"]) && (pairs["expires"] == "0" || Time.now.to_i < pairs["expires"].to_i)
+  end
+end

data/test/helper.rb

@@ -0,0 +1,8 @@
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'facebook_sig_validator'
+
+class Test::Unit::TestCase
+end

data/test/test_facebook_sig_validator.rb

@@ -0,0 +1,82 @@
+require 'helper'
+
+class TestFacebookSigValidator < Test::Unit::TestCase
+  def test_valid_signature
+    app_secret = "OMGOMGOMG"
+    app_id = "123123"
+    
+    access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
+    expires = Time.now.to_i + 7000
+    secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
+    session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
+    uid = '1104597451'
+    sig = 'f1a41ebc69e96487e87219b60c942c96'
+    
+    sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
+    sum = Digest::MD5.hexdigest(sum_str)
+
+    cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" + 
+                                  "&expires=#{expires}" + 
+                                  "&secret=#{secret}" + 
+                                  "&session_key=#{session_key}" +
+                                  "&sig=#{sum}" +
+                                  "&uid=#{uid}" }
+
+    assert(FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))                              
+  end
+  
+  def test_signature_too_old
+    app_secret = "OMGOMGOMG"
+    app_id = "123123"
+    
+    access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
+    expires = Time.now.to_i - 7000
+    secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
+    session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
+    uid = '1104597451'
+    sig = 'f1a41ebc69e96487e87219b60c942c96'
+    
+    sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
+    sum = Digest::MD5.hexdigest(sum_str)
+
+    cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" + 
+                                  "&expires=#{expires}" + 
+                                  "&secret=#{secret}" + 
+                                  "&session_key=#{session_key}" +
+                                  "&sig=#{sum}" +
+                                  "&uid=#{uid}" }
+
+    assert(!FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))
+  end
+  
+  def test_signature_incorrect
+    app_secret = "OMGOMGOMG"
+    app_id = "123123"
+    
+    access_token = '141099679280355%7C2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451%7C9CqJGZ4IaMgvIBQHK_HF0yA1jjU'
+    expires = Time.now.to_i + 7000
+    secret = 'nPGWG5m_14m8wOy6_ZEu3g__'
+    session_key = '2.V6Cm2wWhy0ATucuZVgQBWQ__.3600.1297807200-1104597451'
+    uid = '1104597451'
+    sig = 'f1a41ebc69e96487e87219b60c942c96'
+    
+    sum_str = "access_token=#{access_token}expires=#{expires}secret=#{secret}session_key=#{session_key}uid=#{uid}#{app_secret}"
+    sum = Digest::MD5.hexdigest(sum_str)
+
+    cookies = {"fbs_#{app_id}" => "access_token=#{access_token}" + 
+                                  "&expires=#{expires}" + 
+                                  "&secret=#{secret.gsub(/P/,'p')}" + 
+                                  "&session_key=#{session_key}" +
+                                  "&sig=#{sum}" +
+                                  "&uid=#{uid}" }
+
+    assert(!FacebookSigValidator.valid_cookie?(cookies, app_id, app_secret))
+  end
+  
+  def test_no_cookie
+    app_secret = "OMGOMGOMG"
+    app_id = "123123"
+    
+    assert(!FacebookSigValidator.valid_cookie?({}, app_id, app_secret))
+  end
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification 
+name: facebook_sig_validator
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: 
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Billy Reisinger
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-02-15 00:00:00 -06:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 23
+        segments: 
+        - 1
+        - 0
+        - 0
+        version: 1.0.0
+  prerelease: false
+  type: :development
+  requirement: *id001
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 5
+        - 2
+        version: 1.5.2
+  prerelease: false
+  type: :development
+  requirement: *id002
+description: This is a very simple class that validates a Facebook Javascript SDK cookie
+email: billy.reisinger@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- facebook_sig_validator.gemspec
+- lib/facebook_sig_validator.rb
+- test/helper.rb
+- test/test_facebook_sig_validator.rb
+has_rdoc: true
+homepage: http://github.com/unclebilly/facebook_sig_validator
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: Validate Facebook Javascript SDK cookie with ease
+test_files: 
+- test/helper.rb
+- test/test_facebook_sig_validator.rb