facebooker 1.0.18 → 1.0.29

data/lib/facebooker/rails/extensions/action_controller.rb

@@ -0,0 +1,48 @@
+module ::ActionController
+  class Base
+    def self.inherited_with_facebooker(subclass)
+      inherited_without_facebooker(subclass)
+      if subclass.to_s == "ApplicationController"
+        subclass.send(:include,Facebooker::Rails::Controller) 
+        subclass.helper Facebooker::Rails::Helpers
+      end
+    end
+    class << self
+      alias_method_chain :inherited, :facebooker
+    end
+  end
+end
+
+
+# When making get requests, Facebook sends fb_sig parameters both in the query string
+# and also in the post body. We want to ignore the query string ones because they are one
+# request out of date
+# We only do thise when there are POST parameters so that IFrame linkage still works
+if Rails.version < '2.3'
+  class ActionController::AbstractRequest
+    def query_parameters_with_facebooker
+      if request_parameters.blank?
+        query_parameters_without_facebooker
+      else
+        (query_parameters_without_facebooker||{}).reject {|key,value| key.to_s =~ /^fb_sig/}
+      end
+    end
+  
+    alias_method_chain :query_parameters, :facebooker
+  end
+else
+  class ActionController::Request
+    def query_parameters_with_facebooker
+      if request_parameters.blank?
+        query_parameters_without_facebooker
+      else
+        (query_parameters_without_facebooker||{}).reject {|key,value| key.to_s =~ /^fb_sig/}
+      end
+    end
+  
+    alias_method_chain :query_parameters, :facebooker
+  end
+end
+
+Mime::Type.register_alias "text/html", :fbml
+Mime::Type.register_alias "text/javascript", :fbjs

data/lib/facebooker/rails/extensions/rack_setup.rb

@@ -0,0 +1,2 @@
+require 'rack/facebook'
+ActionController::Dispatcher.middleware.insert_after 'ActionController::RewindableInput',Rack::Facebook, Facebooker.secret_key

data/lib/facebooker/rails/extensions/routing.rb

@@ -0,0 +1,15 @@
+class ActionController::Routing::Route
+  def recognition_conditions_with_facebooker
+    defaults = recognition_conditions_without_facebooker 
+    defaults << " env[:canvas] == conditions[:canvas] " if conditions[:canvas]
+    defaults
+  end
+  alias_method_chain :recognition_conditions, :facebooker
+end
+
+# We turn off route optimization to make named routes use our code for figuring out if they should go to the session
+ActionController::Base::optimise_named_routes = false 
+
+# pull :canvas=> into env in routing to allow for conditions
+ActionController::Routing::RouteSet.send :include,  Facebooker::Rails::Routing::RouteSetExtensions
+ActionController::Routing::RouteSet::Mapper.send :include, Facebooker::Rails::Routing::MapperExtensions

data/lib/facebooker/rails/facebook_url_helper.rb

@@ -50,7 +50,7 @@ module ActionView
     module UrlHelper
       # Alters one and only one line of the Rails button_to.  See below.
       def button_to_with_facebooker(name, options={}, html_options = {})
-        if !request_comes_from_facebook?
+        if !respond_to?(:request_comes_from_facebook?) || !request_comes_from_facebook?
            button_to_without_facebooker(name,options,html_options)
         else
           html_options = html_options.stringify_keys
@@ -125,7 +125,7 @@ module ActionView
 	# link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:, :content=>"Go to Facebooker?"})
 	# link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:, :content=>"Go to Facebooker?", :color=>"pink"})
   def confirm_javascript_function_with_facebooker(confirm, fun = nil)
-    if !request_comes_from_facebook?
+    if !respond_to?(:request_comes_from_facebook?) || !request_comes_from_facebook?
       confirm_javascript_function_without_facebooker(confirm)
     else
       if(confirm.is_a?(Hash))
@@ -157,7 +157,7 @@ module ActionView
 	# Dynamically creates a form for link_to with method.  Calls confirm_javascript_function if and 
 	# only if (confirm && method) for link_to
         def method_javascript_function_with_facebooker(method, url = '', href = nil, confirm = nil)
-          if !request_comes_from_facebook?
+          if !respond_to?(:request_comes_from_facebook?) || !request_comes_from_facebook?
             method_javascript_function_without_facebooker(method,url,href)
  	  else
             action = (href && url.size > 0) ? "'#{url}'" : 'a.getHref()'

data/lib/facebooker/rails/facebook_url_rewriting.rb

@@ -1,8 +1,16 @@
 module ::ActionController
-  class AbstractRequest                         
-    def relative_url_root
-      Facebooker.path_prefix
-    end                                         
+  if Rails.version < '2.3'
+    class AbstractRequest                         
+      def relative_url_root
+        Facebooker.path_prefix
+      end                                         
+    end
+  else
+    class Request                         
+      def relative_url_root
+        Facebooker.path_prefix
+      end                                         
+    end
   end
   
   class Base
@@ -19,7 +27,12 @@ module ::ActionController
     def link_to_canvas?(params, options)
       option_override = options[:canvas]
       return false if option_override == false # important to check for false. nil should use default behavior
-      option_override || @request.parameters["fb_sig_in_canvas"] == "1" ||  @request.parameters[:fb_sig_in_canvas] == "1" 
+      option_override || (can_safely_access_request_parameters? && (@request.parameters["fb_sig_in_canvas"] == "1" ||  @request.parameters[:fb_sig_in_canvas] == "1" ))
+    end
+    
+    #rails blindly tries to merge things that may be nil into the parameters. Make sure this won't break
+    def can_safely_access_request_parameters?
+      @request.request_parameters
     end
   
     def rewrite_url_with_facebooker(*args)

data/lib/facebooker/rails/helpers.rb

@@ -44,6 +44,13 @@ module Facebooker
       
       FB_DIALOG_BUTTON_VALID_OPTION_KEYS = [:close_dialog, :href, :form_id, :clickrewriteurl, :clickrewriteid, :clickrewriteform]
       
+      def fb_show_feed_dialog(action, user_message = "", prompt = "", callback = nil)
+        update_page do |page|
+          page.call "Facebook.showFeedDialog",action.template_id,action.data,action.body_general,action.target_ids,callback,prompt,user_message
+        end
+      end
+      
+      
       # Create an fb:request-form without a selector
       #
       # The block passed to this tag is used as the content of the form
@@ -282,15 +289,25 @@ module Facebooker
       
       # Render an <fb:profile-pic> for the specified user.
       #
-      # You can optionally specify the size using the :size=> option.
+      # You can optionally specify the size using the :size=> option.  Valid
+      # sizes are :thumb, :small, :normal and :square.  Or, you can specify
+      # width and height settings instead, just like an img tag.
+      #
+      # You can optionally specify whether or not to include the facebook icon
+      # overlay using the :facebook_logo => true option. Default is false.
       #
-      # Valid sizes are :thumb, :small, :normal and :square
       def fb_profile_pic(user, options={})
         options = options.dup
         validate_fb_profile_pic_size(options)
+        options.transform_keys!(FB_PROFILE_PIC_OPTION_KEYS_TO_TRANSFORM)
+        options.assert_valid_keys(FB_PROFILE_PIC_VALID_OPTION_KEYS)
         options.merge!(:uid => cast_to_facebook_id(user))
         content_tag("fb:profile-pic", nil,stringify_vals(options))
       end
+
+      FB_PROFILE_PIC_OPTION_KEYS_TO_TRANSFORM = {:facebook_logo => 'facebook-logo'}
+      FB_PROFILE_PIC_VALID_OPTION_KEYS = [:size, :linked, 'facebook-logo', :width, :height]
+            
       
       # Render an fb:photo tag.
       # photo is either a Facebooker::Photo or an id of a Facebook photo or an object that responds to photo_id.

data/lib/facebooker/rails/helpers/fb_connect.rb

@@ -16,10 +16,19 @@ module Facebooker
           if block_given?
             additions = capture(&proc)
           end
+
+          options = {:js => :prototype}
+          if required_features.last.is_a?(Hash)
+            options.merge!(required_features.pop.symbolize_keys)
+          end
+
           init_string = "FB.Facebook.init('#{Facebooker.api_key}','/xd_receiver.html');"
           unless required_features.blank?
              init_string = <<-FBML
-              Element.observe(window,'load', function() {
+             #{case options[:js]
+               when :jquery then "$(document).ready("
+               else "Element.observe(window,'load',"
+               end} function() {
                 FB_RequireFeatures(#{required_features.to_json}, function() {
                   #{init_string}
                   #{additions}
@@ -27,8 +36,8 @@ module Facebooker
               });
               FBML
           end
-          if block_given?
-            concat javascript_tag(init_string)
+          if block_given? && block_is_within_action_view?(proc)
+            concat(javascript_tag(init_string), proc.binding)
           else
             javascript_tag init_string
           end
@@ -54,32 +63,33 @@ module Facebooker
         def fb_login_button(*args)
 
           callback = args.first
-          options = args.second || {}
+          options = args[1] || {}
           options.merge!(:onlogin=>callback)if callback
 
           content_tag("fb:login-button",nil, options)
         end
-        def fb_login_and_redirect(url)
+
+        def fb_login_and_redirect(url, options = {})
           js = update_page do |page|
             page.redirect_to url
           end
-          content_tag("fb:login-button",nil,:onlogin=>js)
+          content_tag("fb:login-button",nil,options.merge(:onlogin=>js))
         end
         
         def fb_unconnected_friends_count
           content_tag "fb:unconnected-friends-count",nil
         end
         
-        def fb_logout_link(text,url)
+        def fb_logout_link(text,url,*args)
           js = update_page do |page|
             page.call "FB.Connect.logoutAndRedirect",url
           end
-          link_to_function text, js
+          link_to_function text, js, *args
         end
         
-        def fb_user_action(action)
+        def fb_user_action(action, user_message = "", prompt = "", callback = nil)
           update_page do |page|
-            page.call "FB.Connect.showFeedDialog",action.template_id,action.data,action.target_ids,action.body_general,nil,"FB.RequireConnect.promptConnect"
+            page.call "FB.Connect.showFeedDialog",action.template_id,action.data,action.target_ids,action.body_general,nil,page.literal("FB.RequireConnect.promptConnect"),callback,prompt,user_message
           end
         end
         

data/lib/facebooker/rails/publisher.rb

@@ -224,12 +224,12 @@ module Facebooker
         attr_accessor :template_id
         attr_accessor :template_name
         attr_accessor :story_size
+        
         def target_ids=(val)
           @target_ids = val.is_a?(Array) ? val.join(",") : val
         end
         def data_hash
-          default_data = story_size.nil? ? {} : {:story_size=>story_size}
-          default_data.merge(data||{})
+          data||{}
         end
       end
       
@@ -377,7 +377,7 @@ module Facebooker
         when Ref
           Facebooker::Session.create.server_cache.set_ref_handle(_body.handle,_body.fbml)
         when UserAction
-          @from.session.publish_user_action(_body.template_id,_body.data_hash,_body.target_ids,_body.body_general)
+          @from.session.publish_user_action(_body.template_id,_body.data_hash,_body.target_ids,_body.body_general,_body.story_size)
         else
           raise UnspecifiedBodyType.new("You must specify a valid send_as")
         end
@@ -404,7 +404,10 @@ module Facebooker
         #only do this on Rails 2.1
 	      if ActionController::Base.respond_to?(:append_view_path)
   	      # only add the view path once
-	        ActionController::Base.append_view_path(controller_root) unless ActionController::Base.view_paths.include?(controller_root)
+  	      unless ActionController::Base.view_paths.include?(controller_root)
+	          ActionController::Base.append_view_path(controller_root) 
+	          ActionController::Base.append_view_path(controller_root+"/..") 
+	        end
 	      end
         returning ActionView::Base.new([template_root,controller_root], assigns, self) do |template|
           template.controller=self
@@ -427,6 +430,7 @@ module Facebooker
         include ActionView::Helpers::FormHelper
         include ActionView::Helpers::FormTagHelper
         include ActionView::Helpers::AssetTagHelper
+        include ActionView::Helpers::NumberHelper
         include Facebooker::Rails::Helpers
         
         #define this for the publisher views
@@ -471,7 +475,7 @@ module Facebooker
           case publisher._body
           when UserAction
             publisher._body.template_name = method
-            publisher._body.template_id = FacebookTemplate.bundle_id_for_class_and_method(self,method)
+            publisher._body.template_id ||= FacebookTemplate.bundle_id_for_class_and_method(self,method)
           end
           
           should_send ? publisher.send_message(method) : publisher._body

data/lib/facebooker/service.rb

@@ -2,7 +2,6 @@ begin
   require 'curb'
   Facebooker.use_curl = true
 rescue LoadError
-  $stderr.puts "Curb not found. Using Net::HTTP."
   require 'net/http'
 end
 require 'facebooker/parser'
@@ -92,4 +91,4 @@ module Facebooker
       parray
     end
   end
-end
+end

data/lib/facebooker/session.rb

@@ -6,7 +6,15 @@ module Facebooker
   # other than the logged in user (if that's unallowed)
   class NonSessionUser < StandardError;  end
   class Session
+    
+    #
+    # Raised when a facebook session has expired.  This 
+    # happens when the timeout is reached, or when the
+    # user logs out of facebook
+    # can be handled with:
+    # rescue_from Facebooker::Session::SessionExpired, :with => :some_method_name
     class SessionExpired < StandardError; end
+
     class UnknownError < StandardError; end
     class ServiceUnavailable < StandardError; end
     class MaxRequestsDepleted < StandardError; end
@@ -48,6 +56,9 @@ module Facebooker
     class TooManyUnapprovedPhotosPending < StandardError; end
     class ExtendedPermissionRequired < StandardError; end
     class InvalidFriendList < StandardError; end
+    class UserUnRegistrationFailed < StandardError
+      attr_accessor :failed_users
+    end
     class UserRegistrationFailed < StandardError
       attr_accessor :failed_users
     end
@@ -360,10 +371,11 @@ module Facebooker
     # publish a previously rendered template bundle
     # see http://wiki.developers.facebook.com/index.php/Feed.publishUserAction
     #
-    def publish_user_action(bundle_id,data={},target_ids=nil,body_general=nil)
+    def publish_user_action(bundle_id,data={},target_ids=nil,body_general=nil,story_size=nil)
       parameters={:template_bundle_id=>bundle_id,:template_data=>data.to_json}
       parameters[:target_ids] = target_ids unless target_ids.blank?
       parameters[:body_general] = body_general unless body_general.blank?
+      parameters[:story_size] = story_size unless story_size.nil?
       post("facebook.feed.publishUserAction", parameters)
     end
     

data/lib/facebooker/version.rb

@@ -2,7 +2,7 @@ module Facebooker #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 1
     MINOR = 0
-    TINY  = 18
+    TINY  = 29
 
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/lib/rack/facebook.rb

@@ -0,0 +1,77 @@
+module Rack
+  # This Rack middleware checks the signature of Facebook params, and
+  # converts them to Ruby objects when appropiate. Also, it converts
+  # the request method from the Facebook POST to the original HTTP
+  # method used by the client.
+  #
+  # If the signature is wrong, it returns a "400 Invalid Facebook Signature".
+  # 
+  # Optionally, it can take a block that receives the Rack environment
+  # and returns a value that evaluates to true when we want the middleware to
+  # be executed for the specific request.
+  #
+  # == Usage
+  #
+  # In your config.ru:
+  #
+  #   require 'rack/facebook'
+  #   use Rack::Facebook, "my_facebook_secret_key"
+  #
+  # Using a block condition:
+  #
+  #   use Rack::Facebook, "my_facebook_secret_key" do |env|
+  #     env['REQUEST_URI'] =~ /^\/facebook_only/
+  #   end
+  #
+  class Facebook
+    def initialize(app, secret_key, &condition)
+      @app = app
+      @secret_key = secret_key
+      @condition = condition
+    end
+    
+    def call(env)
+      if @condition.nil? || @condition.call(env)
+        request = Rack::Request.new(env)
+        fb_params = extract_fb_sig_params(request.POST)
+        unless fb_params.empty?
+          unless signature_is_valid?(fb_params, request.POST['fb_sig'])
+            return Rack::Response.new(["Invalid Facebook signature"], 400).finish
+          end
+          env['REQUEST_METHOD'] = fb_params["request_method"] if fb_params["request_method"]
+          convert_parameters!(request.POST)
+        end
+      end
+      @app.call(env)
+    end
+    
+    private
+
+    def extract_fb_sig_params(params)
+      params.inject({}) do |collection, (param, value)|
+        collection[param.sub(/^fb_sig_/, '')] = value if param[0,7] == 'fb_sig_'
+        collection
+      end
+    end
+    
+    def signature_is_valid?(fb_params, actual_sig)
+      raw_string = fb_params.map{ |*args| args.join('=') }.sort.join
+      expected_signature = Digest::MD5.hexdigest([raw_string, @secret_key].join)
+      actual_sig == expected_signature
+    end
+    
+    def convert_parameters!(params)
+      
+      params.each do |key, value|
+        case key
+        when 'fb_sig_added', 'fb_sig_in_canvas', 'fb_sig_in_new_facebook', 'fb_sig_position_fix', 'fb_sig_is_ajax'
+          params[key] = value == "1"
+        when 'fb_sig_expires', 'fb_sig_profile_update_time', 'fb_sig_time'
+          params[key] = value == "0" ? nil : Time.at(value.to_f)
+        when 'fb_sig_friends'
+          params[key] = value.split(',')
+        end
+      end
+    end
+  end
+end

data/lib/tasks/tunnel.rake

@@ -19,8 +19,7 @@ namespace :facebooker do
     # Adapted from Evan Weaver: http://blog.evanweaver.com/articles/2007/07/13/developing-a-facebook-app-locally/ 
     desc "Check if reverse tunnel is running"
     task :status => [ :environment, :config ] do
-     if `ssh #{@public_host} -l #{@public_host_username} netstat -an | 
-         egrep "tcp.*:#{@public_port}.*LISTEN" | wc`.to_i > 0
+     if `ssh #{@public_host} -l #{@public_host_username} netstat -an | egrep "tcp.*:#{@public_port}.*LISTEN" | wc`.to_i > 0
        puts "Seems ok"
      else
        puts "Down"
@@ -35,10 +34,11 @@ namespace :facebooker do
      @public_port = FACEBOOKER['tunnel']['public_port'] 
      @local_port = FACEBOOKER['tunnel']['local_port'] 
      @ssh_port = FACEBOOKER['tunnel']['ssh_port'] || 22
+     @server_alive_interval = FACEBOOKER['tunnel']['server_alive_interval'] || 0
      @notification = "Starting tunnel #{@public_host}:#{@public_port} to 0.0.0.0:#{@local_port}"
      @notification << " using SSH port #{@ssh_port}" unless @ssh_port == 22
      # "GatewayPorts yes" needs to be enabled in the remote's sshd config
-     @ssh_command = "ssh -v -p #{@ssh_port} -nNT4 -R *:#{@public_port}:localhost:#{@local_port} #{@public_host_username}@#{@public_host}" 
+     @ssh_command = %Q[ssh -v -p #{@ssh_port} -nNT4 -o "ServerAliveInterval #{@server_alive_interval}" -R *:#{@public_port}:localhost:#{@local_port} #{@public_host_username}@#{@public_host}]
     end
   end  
   desc "Create a reverse ssh tunnel from a public server to a private development server."