facebooker2 0.0.7 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2) hide show
  1. data/lib/facebooker2/rails/controller.rb +83 -14
  2. metadata +84 -4
@@ -21,25 +21,40 @@ module Facebooker2
21
21
  @_current_facebook_client
22
22
  end
23
23
 
24
+ # This mimics the getSession logic from the php facebook SDK
25
+ # https://github.com/facebook/php-sdk/blob/master/src/facebook.php#L333
26
+ #
24
27
  def fetch_client_and_user
25
28
  return if @_fb_user_fetched
26
- fetch_client_and_user_from_cookie
27
- fetch_client_and_user_from_signed_request unless @_current_facebook_client
29
+ # Try to authenticate from the signed request first
30
+ sig = fetch_client_and_user_from_signed_request
31
+ sig = fetch_client_and_user_from_cookie unless @_current_facebook_client
32
+
33
+ #write the authentication params to a new cookie
34
+ if !@_current_facebook_client.nil?
35
+ #we may have generated the signature based on the params in @facebook_params, and the expiration here is different
36
+
37
+ set_fb_cookie(@_current_facebook_client.access_token, @_current_facebook_client.expiration, @_current_facebook_user.id, sig)
38
+ else
39
+ # if we do not have a client, delete the cookie
40
+ set_fb_cookie(nil,nil,nil,nil)
41
+ end
42
+
28
43
  @_fb_user_fetched = true
29
44
  end
30
45
 
31
46
  def fetch_client_and_user_from_cookie
32
- app_id = Facebooker2.app_id
33
- if (hash_data = fb_cookie_hash_for_app_id(app_id)) and
34
- fb_cookie_signature_correct?(fb_cookie_hash_for_app_id(app_id),Facebooker2.secret)
47
+ if (hash_data = fb_cookie_hash) and
48
+ fb_cookie_signature_correct?(fb_cookie_hash,Facebooker2.secret)
35
49
  fb_create_user_and_client(hash_data["access_token"],hash_data["expires"],hash_data["uid"])
50
+ return fb_cookie_hash["sig"]
36
51
  end
37
52
  end
38
53
 
39
54
  def fb_create_user_and_client(token,expires,userid)
40
55
  client = Mogli::Client.new(token,expires.to_i)
41
56
  user = Mogli::User.new(:id=>userid)
42
- fb_sign_in_user_and_client(user,client)
57
+ fb_sign_in_user_and_client(user,client)
43
58
  end
44
59
 
45
60
  def fb_sign_in_user_and_client(user,client)
@@ -49,10 +64,10 @@ module Facebooker2
49
64
  @_fb_user_fetched = true
50
65
  end
51
66
 
52
- def fb_cookie_hash_for_app_id(app_id)
53
- return nil unless fb_cookie_for_app_id?(app_id)
67
+ def fb_cookie_hash
68
+ return nil unless fb_cookie?
54
69
  hash={}
55
- data = fb_cookie_for_app_id(app_id).gsub(/"/,"")
70
+ data = fb_cookie.gsub(/"/,"")
56
71
  data.split("&").each do |str|
57
72
  parts = str.split("=")
58
73
  hash[parts.first] = parts.last
@@ -60,22 +75,33 @@ module Facebooker2
60
75
  hash
61
76
  end
62
77
 
63
- def fb_cookie_for_app_id?(app_id)
64
- !fb_cookie_for_app_id(app_id).nil?
78
+ def fb_cookie?
79
+ !fb_cookie.nil?
80
+ end
81
+
82
+ def fb_cookie
83
+ cookies[fb_cookie_name]
65
84
  end
66
85
 
67
- def fb_cookie_for_app_id(app_id)
68
- cookies["fbs_#{app_id}"]
86
+ def fb_cookie_name
87
+ return "fbs_#{Facebooker2.app_id}"
69
88
  end
70
89
 
90
+ # check if the expected signature matches the one from facebook
71
91
  def fb_cookie_signature_correct?(hash,secret)
92
+ generate_signature(hash,secret) == hash["sig"]
93
+ end
94
+
95
+ # compute the md5 sig based on access_token,expires,uid, and the app secret
96
+ def generate_signature(hash,secret)
72
97
  sorted_keys = hash.keys.reject {|k| k=="sig"}.sort
73
98
  test_string = ""
74
99
  sorted_keys.each do |key|
75
100
  test_string += "#{key}=#{hash[key]}"
76
101
  end
77
102
  test_string += secret
78
- Digest::MD5.hexdigest(test_string) == hash["sig"]
103
+ sig = Digest::MD5.hexdigest(test_string)
104
+ return sig
79
105
  end
80
106
 
81
107
  def fb_signed_request_json(encoded)
@@ -105,7 +131,50 @@ module Facebooker2
105
131
  def fetch_client_and_user_from_signed_request
106
132
  if facebook_params[:oauth_token]
107
133
  fb_create_user_and_client(facebook_params[:oauth_token],facebook_params[:expires],facebook_params[:user_id])
134
+
135
+ if @_current_facebook_client
136
+ #compute a signature so we can store it in the cookie
137
+ sig_hash = Hash["uid"=>facebook_params[:user_id],"access_token"=>facebook_params[:oauth_token],"expires"=>facebook_params[:expires]]
138
+ return generate_signature(sig_hash, Facebooker2.secret)
139
+ end
140
+ end
141
+ end
142
+
143
+
144
+ # /**
145
+ # This method was shamelessly stolen from the php facebook SDK:
146
+ # https://github.com/facebook/php-sdk/blob/master/src/facebook.php
147
+ #
148
+ # Set a JS Cookie based on the _passed in_ session. It does not use the
149
+ # currently stored session -- you need to explicitly pass it in.
150
+ #
151
+ # If a nil access_token is passed in this method will actually delete the fbs_ cookie
152
+ #
153
+ # */
154
+ def set_fb_cookie(access_token,expires,uid,sig)
155
+
156
+ #default values for the cookie
157
+ value = 'deleted'
158
+ expires = Time.now.utc - 3600 unless expires != nil
159
+
160
+ if access_token
161
+ data = fb_cookie_hash || {}
162
+ data.merge!('access_token' => access_token, 'uid' => uid, 'sig' => sig, "expires" => expires.to_i.to_s)
163
+ value = '"'
164
+ data.each do |k,v|
165
+ value += "#{k.to_s}=#{v.to_s}&"
166
+ end
167
+ value.chop!
168
+ value+='"'
169
+ end
170
+
171
+ # if an existing cookie is not set, we dont need to delete it
172
+ if (value == 'deleted' && cookies[fb_cookie_name] == "" )
173
+ return;
108
174
  end
175
+
176
+ #My browser doesn't seem to save the cookie if I set expires
177
+ cookies[fb_cookie_name] = { :value=>value }#, :expires=>expires}
109
178
  end
110
179
  end
111
180
  end
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: facebooker2
3
3
  version: !ruby/object:Gem::Version
4
- hash: 17
4
+ hash: 15
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 0
9
- - 7
10
- version: 0.0.7
9
+ - 8
10
+ version: 0.0.8
11
11
  platform: ruby
12
12
  authors:
13
13
  - Mike Mangino
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-01-12 00:00:00 -05:00
18
+ date: 2011-02-10 00:00:00 -05:00
19
19
  default_executable:
20
20
  dependencies:
21
21
  - !ruby/object:Gem::Dependency
@@ -48,6 +48,86 @@ dependencies:
48
48
  version: "0"
49
49
  type: :runtime
50
50
  version_requirements: *id002
51
+ - !ruby/object:Gem::Dependency
52
+ name: rake
53
+ prerelease: false
54
+ requirement: &id003 !ruby/object:Gem::Requirement
55
+ none: false
56
+ requirements:
57
+ - - ~>
58
+ - !ruby/object:Gem::Version
59
+ hash: 49
60
+ segments:
61
+ - 0
62
+ - 8
63
+ - 7
64
+ version: 0.8.7
65
+ type: :development
66
+ version_requirements: *id003
67
+ - !ruby/object:Gem::Dependency
68
+ name: rspec
69
+ prerelease: false
70
+ requirement: &id004 !ruby/object:Gem::Requirement
71
+ none: false
72
+ requirements:
73
+ - - ~>
74
+ - !ruby/object:Gem::Version
75
+ hash: 25
76
+ segments:
77
+ - 1
78
+ - 3
79
+ - 1
80
+ version: 1.3.1
81
+ type: :development
82
+ version_requirements: *id004
83
+ - !ruby/object:Gem::Dependency
84
+ name: rspec-rails
85
+ prerelease: false
86
+ requirement: &id005 !ruby/object:Gem::Requirement
87
+ none: false
88
+ requirements:
89
+ - - ~>
90
+ - !ruby/object:Gem::Version
91
+ hash: 25
92
+ segments:
93
+ - 1
94
+ - 3
95
+ - 1
96
+ version: 1.3.1
97
+ type: :development
98
+ version_requirements: *id005
99
+ - !ruby/object:Gem::Dependency
100
+ name: rails
101
+ prerelease: false
102
+ requirement: &id006 !ruby/object:Gem::Requirement
103
+ none: false
104
+ requirements:
105
+ - - ~>
106
+ - !ruby/object:Gem::Version
107
+ hash: 23
108
+ segments:
109
+ - 2
110
+ - 3
111
+ - 10
112
+ version: 2.3.10
113
+ type: :development
114
+ version_requirements: *id006
115
+ - !ruby/object:Gem::Dependency
116
+ name: json
117
+ prerelease: false
118
+ requirement: &id007 !ruby/object:Gem::Requirement
119
+ none: false
120
+ requirements:
121
+ - - ~>
122
+ - !ruby/object:Gem::Version
123
+ hash: 7
124
+ segments:
125
+ - 1
126
+ - 4
127
+ - 0
128
+ version: 1.4.0
129
+ type: :development
130
+ version_requirements: *id007
51
131
  description: Facebook Connect integration library for ruby and rails
52
132
  email: mmangino@elevatedrails.com
53
133
  executables: []