koala 1.0.0.beta2.1 → 1.0.0.rc

data/spec/cases/oauth_spec.rb

@@ -0,0 +1,374 @@
+require 'spec_helper'
+
+describe "Koala::Facebook::OAuth" do
+  before :each do
+    # make the relevant test data easily accessible
+    @oauth_data = $testing_data["oauth_test_data"]
+    @app_id = @oauth_data["app_id"]
+    @secret = @oauth_data["secret"]
+    @code = @oauth_data["code"]
+    @callback_url = @oauth_data["callback_url"]
+    @raw_token_string = @oauth_data["raw_token_string"]
+    @raw_offline_access_token_string = @oauth_data["raw_offline_access_token_string"]
+    
+    # for signed requests (http://developers.facebook.com/docs/authentication/canvas/encryption_proposal)
+    @signed_params = @oauth_data["signed_params"]
+    @signed_params_result = @oauth_data["signed_params_result"]
+    
+    # this should expanded to cover all variables
+    raise Exception, "Must supply app data to run FacebookOAuthTests!" unless @app_id && @secret && @callback_url && 
+                                                                              @code && @raw_token_string && 
+                                                                              @raw_offline_access_token_string
+
+    @oauth = Koala::Facebook::OAuth.new(@app_id, @secret, @callback_url)
+
+    @time = Time.now
+    Time.stub!(:now).and_return(@time)
+    @time.stub!(:to_i).and_return(1273363199)
+  end
+  
+  # initialization
+  it "should properly initialize" do
+    @oauth.should
+  end
+
+  it "should properly set attributes" do
+    (@oauth.app_id == @app_id && 
+      @oauth.app_secret == @secret && 
+      @oauth.oauth_callback_url == @callback_url).should be_true
+  end
+
+  it "should properly initialize without a callback_url" do
+    @oauth = Koala::Facebook::OAuth.new(@app_id, @secret)
+  end
+
+  it "should properly set attributes without a callback URL" do
+    @oauth = Koala::Facebook::OAuth.new(@app_id, @secret)
+    (@oauth.app_id == @app_id && 
+      @oauth.app_secret == @secret && 
+      @oauth.oauth_callback_url == nil).should be_true
+  end
+  
+  describe "for cookie parsing" do
+    describe "get_user_info_from_cookies" do
+      it "should properly parse valid cookies" do
+        result = @oauth.get_user_info_from_cookies(@oauth_data["valid_cookies"])
+        result.should be_a(Hash)
+      end
+  
+      it "should return all the cookie components from valid cookie string" do
+        cookie_data = @oauth_data["valid_cookies"]
+        parsing_results = @oauth.get_user_info_from_cookies(cookie_data)
+        number_of_components = cookie_data["fbs_#{@app_id.to_s}"].scan(/\=/).length
+        parsing_results.length.should == number_of_components
+      end
+
+      it "should properly parse valid offline access cookies (e.g. no expiration)" do 
+        result = @oauth.get_user_info_from_cookies(@oauth_data["offline_access_cookies"])
+        result["uid"].should      
+      end
+
+      it "should return all the cookie components from offline access cookies" do
+        cookie_data = @oauth_data["offline_access_cookies"]
+        parsing_results = @oauth.get_user_info_from_cookies(cookie_data)
+        number_of_components = cookie_data["fbs_#{@app_id.to_s}"].scan(/\=/).length
+        parsing_results.length.should == number_of_components
+      end
+
+      it "shouldn't parse expired cookies" do
+        result = @oauth.get_user_info_from_cookies(@oauth_data["expired_cookies"])
+        result.should be_nil
+      end
+  
+      it "shouldn't parse invalid cookies" do
+        # make an invalid string by replacing some values
+        bad_cookie_hash = @oauth_data["valid_cookies"].inject({}) { |hash, value| hash[value[0]] = value[1].gsub(/[0-9]/, "3") }
+        result = @oauth.get_user_info_from_cookies(bad_cookie_hash)
+        result.should be_nil
+      end
+    end
+    
+    describe "get_user_from_cookies" do
+      it "should use get_user_info_from_cookies to parse the cookies" do
+        data = @oauth_data["valid_cookies"]
+        @oauth.should_receive(:get_user_info_from_cookies).with(data).and_return({})
+        @oauth.get_user_from_cookies(data)
+      end
+
+      it "should use return a string if the cookies are valid" do
+        result = @oauth.get_user_from_cookies(@oauth_data["valid_cookies"])
+        result.should be_a(String)
+      end
+      
+      it "should return nil if the cookies are invalid" do
+        # make an invalid string by replacing some values
+        bad_cookie_hash = @oauth_data["valid_cookies"].inject({}) { |hash, value| hash[value[0]] = value[1].gsub(/[0-9]/, "3") }
+        result = @oauth.get_user_from_cookies(bad_cookie_hash)
+        result.should be_nil
+      end        
+    end
+  end
+  
+  # OAuth URLs
+  
+  describe "for URL generation" do
+
+    describe "for OAuth codes" do 
+      # url_for_oauth_code
+      it "should generate a properly formatted OAuth code URL with the default values" do 
+        url = @oauth.url_for_oauth_code
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{@callback_url}"
+      end
+
+      it "should generate a properly formatted OAuth code URL when a callback is given" do 
+        callback = "foo.com"
+        url = @oauth.url_for_oauth_code(:callback => callback)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{callback}"
+      end
+
+      it "should generate a properly formatted OAuth code URL when permissions are requested as a string" do 
+        permissions = "publish_stream,read_stream"
+        url = @oauth.url_for_oauth_code(:permissions => permissions)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{@callback_url}&scope=#{permissions}"
+      end
+
+      it "should generate a properly formatted OAuth code URL when permissions are requested as a string" do 
+        permissions = ["publish_stream", "read_stream"]
+        url = @oauth.url_for_oauth_code(:permissions => permissions)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{@callback_url}&scope=#{permissions.join(",")}"
+      end
+
+      it "should generate a properly formatted OAuth code URL when both permissions and callback are provided" do 
+        permissions = "publish_stream,read_stream"
+        callback = "foo.com"
+        url = @oauth.url_for_oauth_code(:callback => callback, :permissions => permissions)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{callback}&scope=#{permissions}"
+      end
+
+      it "should generate a properly formatted OAuth code URL when a display is given as a string" do 
+        url = @oauth.url_for_oauth_code(:display => "page")
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{@callback_url}&display=page"
+      end
+
+      it "should raise an exception if no callback is given in initialization or the call" do 
+        oauth2 = Koala::Facebook::OAuth.new(@app_id, @secret)
+        lambda { oauth2.url_for_oauth_code }.should raise_error(ArgumentError)
+      end
+    end
+  
+    describe "for access token URLs" do
+
+      # url_for_access_token
+      it "should generate a properly formatted OAuth token URL when provided a code" do 
+        url = @oauth.url_for_access_token(@code)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/access_token?client_id=#{@app_id}&redirect_uri=#{@callback_url}&client_secret=#{@secret}&code=#{@code}"
+      end
+
+      it "should generate a properly formatted OAuth token URL when provided a callback" do 
+        callback = "foo.com"
+        url = @oauth.url_for_access_token(@code, :callback => callback)
+        url.should == "https://#{Koala::Facebook::GRAPH_SERVER}/oauth/access_token?client_id=#{@app_id}&redirect_uri=#{callback}&client_secret=#{@secret}&code=#{@code}"
+      end
+    end
+  end
+
+  describe "for fetching access tokens" do 
+    describe "get_access_token_info" do
+      it "should properly get and parse an access token token results into a hash" do
+        result = @oauth.get_access_token_info(@code)
+        result.should be_a(Hash)
+      end
+
+      it "should properly include the access token results" do
+        result = @oauth.get_access_token_info(@code)
+        result["access_token"].should
+      end
+
+      it "should raise an error when get_access_token is called with a bad code" do
+        lambda { @oauth.get_access_token_info("foo") }.should raise_error(Koala::Facebook::APIError) 
+      end
+    end
+
+    describe "get_access_token" do
+      it "should use get_access_token_info to get and parse an access token token results" do
+        result = @oauth.get_access_token(@code)
+        result.should be_a(String)
+      end
+
+      it "should return the access token as a string" do
+        result = @oauth.get_access_token(@code)
+        original = @oauth.get_access_token_info(@code)
+        result.should == original["access_token"]
+      end
+
+      it "should raise an error when get_access_token is called with a bad code" do
+        lambda { @oauth.get_access_token("foo") }.should raise_error(Koala::Facebook::APIError) 
+      end
+    end
+
+    describe "get_app_access_token_info" do
+      it "should properly get and parse an app's access token as a hash" do
+        result = @oauth.get_app_access_token_info
+        result.should be_a(Hash)
+      end
+  
+      it "should include the access token" do
+        result = @oauth.get_app_access_token_info
+        result["access_token"].should
+      end
+    end
+  
+    describe "get_app_acess_token" do
+      it "should use get_access_token_info to get and parse an access token token results" do
+        result = @oauth.get_app_access_token
+        result.should be_a(String)
+      end
+
+      it "should return the access token as a string" do
+        result = @oauth.get_app_access_token
+        original = @oauth.get_app_access_token_info
+        result.should == original["access_token"]
+      end
+    end
+    
+    describe "protected methods" do
+    
+      # protected methods
+      # since these are pretty fundamental and pretty testable, we want to test them
+
+      # parse_access_token
+      it "should properly parse access token results" do
+        result = @oauth.send(:parse_access_token, @raw_token_string)
+        has_both_parts = result["access_token"] && result["expires"]
+        has_both_parts.should
+      end
+
+      it "should properly parse offline access token results" do
+        result = @oauth.send(:parse_access_token, @raw_offline_access_token_string)
+        has_both_parts = result["access_token"] && !result["expires"]
+        has_both_parts.should
+      end
+
+      # fetch_token_string
+      # somewhat duplicative with the tests for get_access_token and get_app_access_token
+      # but no harm in thoroughness
+      it "should fetch a proper token string from Facebook when given a code" do
+        result = @oauth.send(:fetch_token_string, :code => @code, :redirect_uri => @callback_url)
+        result.should =~ /^access_token/
+      end
+
+      it "should fetch a proper token string from Facebook when asked for the app token" do
+        result = @oauth.send(:fetch_token_string, {:type => 'client_cred'}, true)
+        result.should =~ /^access_token/
+      end
+    end
+  end
+
+  describe "for exchanging session keys" do
+    describe "with get_token_info_from_session_keys" do
+      it "should get an array of session keys from Facebook when passed a single key" do
+        result = @oauth.get_tokens_from_session_keys([@oauth_data["session_key"]])
+        result.should be_an(Array)
+        result.length.should == 1
+      end
+
+      it "should get an array of session keys from Facebook when passed multiple keys" do
+        result = @oauth.get_tokens_from_session_keys(@oauth_data["multiple_session_keys"])
+        result.should be_an(Array)
+        result.length.should == 2
+      end
+      
+      it "should return the original hashes" do
+        result = @oauth.get_token_info_from_session_keys(@oauth_data["multiple_session_keys"])
+        result[0].should be_a(Hash)
+      end
+      
+      it "should properly handle invalid session keys" do
+        result = @oauth.get_token_info_from_session_keys(["foo", "bar"])
+        #it should return nil for each of the invalid ones
+        result.each {|r| r.should be_nil}
+      end
+      
+      it "should properly handle a mix of valid and invalid session keys" do
+        result = @oauth.get_token_info_from_session_keys(["foo"].concat(@oauth_data["multiple_session_keys"]))
+        # it should return nil for each of the invalid ones
+        result.each_with_index {|r, index| index > 0 ? r.should(be_a(Hash)) : r.should(be_nil)}
+      end
+      
+      it "should throw an APIError if Facebook returns an empty body (as happens for instance when the API breaks)" do
+        @oauth.should_receive(:fetch_token_string).and_return("")
+        lambda { @oauth.get_token_info_from_session_keys(@oauth_data["multiple_session_keys"]) }.should raise_error(Koala::Facebook::APIError)
+      end
+    end
+    
+    describe "with get_tokens_from_session_keys" do
+      it "should call get_token_info_from_session_keys" do
+        args = @oauth_data["multiple_session_keys"]
+        @oauth.should_receive(:get_token_info_from_session_keys).with(args).and_return([])
+        @oauth.get_tokens_from_session_keys(args)
+      end
+      
+      it "should return an array of strings" do
+        args = @oauth_data["multiple_session_keys"]
+        result = @oauth.get_tokens_from_session_keys(args)
+        result.each {|r| r.should be_a(String) }
+      end
+      
+      it "should properly handle invalid session keys" do
+        result = @oauth.get_tokens_from_session_keys(["foo", "bar"])
+        # it should return nil for each of the invalid ones
+        result.each {|r| r.should be_nil}
+      end
+      
+      it "should properly handle a mix of valid and invalid session keys" do
+        result = @oauth.get_tokens_from_session_keys(["foo"].concat(@oauth_data["multiple_session_keys"]))
+        # it should return nil for each of the invalid ones
+        result.each_with_index {|r, index| index > 0 ? r.should(be_a(String)) : r.should(be_nil)}
+      end
+    end
+
+    describe "get_token_from_session_key" do
+      it "should call get_tokens_from_session_keys when the get_token_from_session_key is called" do
+        key = @oauth_data["session_key"]
+        @oauth.should_receive(:get_tokens_from_session_keys).with([key]).and_return([])
+        @oauth.get_token_from_session_key(key)
+      end
+
+      it "should get back the access token string from get_token_from_session_key" do
+        result = @oauth.get_token_from_session_key(@oauth_data["session_key"])
+        result.should be_a(String)
+      end
+
+      it "should be the first value in the array" do
+        result = @oauth.get_token_from_session_key(@oauth_data["session_key"])
+        array = @oauth.get_tokens_from_session_keys([@oauth_data["session_key"]])
+        result.should == array[0]
+      end
+      
+      it "should properly handle an invalid session key" do
+        result = @oauth.get_token_from_session_key("foo")
+        result.should be_nil
+      end
+    end    
+  end
+  
+  describe "for parsing signed requests" do
+    # the signed request code is ported directly from Facebook
+    # so we only need to test at a high level that it works      
+    it "should throw an error if the algorithm is unsupported" do
+      JSON.stub!(:parse).and_return("algorithm" => "my fun algorithm")
+      lambda { @oauth.parse_signed_request(@signed_request) }.should raise_error
+    end
+    
+    it "should throw an error if the signature is invalid" do
+      OpenSSL::HMAC.stub!(:hexdigest).and_return("i'm an invalid signature")
+      lambda { @oauth.parse_signed_request(@signed_request) }.should raise_error
+    end
+
+    it "properly parses requests" do
+      @oauth = Koala::Facebook::OAuth.new(@app_id, @secret || @app_secret)
+      @oauth.parse_signed_request(@signed_params).should == @signed_params_result
+    end
+  end
+
+end # describe

data/spec/cases/realtime_updates_spec.rb

@@ -0,0 +1,184 @@
+require 'spec_helper'
+
+describe "Koala::Facebook::RealtimeUpdates" do
+  before :all do
+    # get oauth data
+    @oauth_data = $testing_data["oauth_test_data"]
+    @app_id = @oauth_data["app_id"]
+    @secret = @oauth_data["secret"]
+    @callback_url = @oauth_data["callback_url"]
+    @app_access_token = @oauth_data["app_access_token"]
+    
+    # check OAuth data
+    unless @app_id && @secret && @callback_url && @app_access_token
+      raise Exception, "Must supply OAuth app id, secret, app_access_token, and callback to run live subscription tests!" 
+    end
+    
+    # get subscription data
+    @subscription_data = $testing_data["subscription_test_data"]
+    @verify_token = @subscription_data["verify_token"]
+    @challenge_data = @subscription_data["challenge_data"]
+    @subscription_path = @subscription_data["subscription_path"]
+    
+    # check subscription data
+    unless @verify_token && @challenge_data && @subscription_path
+      raise Exception, "Must supply verify_token and equivalent challenge_data to run live subscription tests!" 
+    end
+  end
+
+  describe "when initializing" do
+    # basic initialization
+    it "should initialize properly with an app_id and an app_access_token" do
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :app_access_token => @app_access_token)
+      updates.should be_a(Koala::Facebook::RealtimeUpdates)
+    end
+    
+    # attributes
+    it "should allow read access to app_id, app_access_token, and secret" do
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :app_access_token => @app_access_token)
+      # this should not throw errors
+      updates.app_id && updates.app_access_token && updates.secret
+    end
+    
+    it "should not allow write access to app_id" do
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :app_access_token => @app_access_token)
+      # this should not throw errors
+      lambda { updates.app_id = 2 }.should raise_error(NoMethodError)
+    end
+
+    it "should not allow write access to app_access_token" do
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :app_access_token => @app_access_token)
+      # this should not throw errors
+      lambda { updates.app_access_token = 2 }.should raise_error(NoMethodError)
+    end
+  
+    it "should not allow write access to secret" do
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :app_access_token => @app_access_token)
+      # this should not throw errors
+      lambda { updates.secret = 2 }.should raise_error(NoMethodError)
+    end
+    
+    # init with secret / fetching the token
+    it "should initialize properly with an app_id and a secret" do 
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :secret => @secret)
+      updates.should be_a(Koala::Facebook::RealtimeUpdates)      
+    end
+
+    it "should fetch an app_token from Facebook when provided an app_id and a secret" do 
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :secret => @secret)
+      updates.app_access_token.should_not be_nil
+    end
+    
+    it "should use the OAuth class to fetch a token when provided an app_id and a secret" do
+      oauth = Koala::Facebook::OAuth.new(@app_id, @secret)
+      token = oauth.get_app_access_token
+      oauth.should_receive(:get_app_access_token).and_return(token)
+      Koala::Facebook::OAuth.should_receive(:new).with(@app_id, @secret).and_return(oauth) 
+      updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :secret => @secret)
+    end
+  end
+
+  describe "when used" do
+    before :each do 
+      @updates = Koala::Facebook::RealtimeUpdates.new(:app_id => @app_id, :secret => @secret)
+    end
+    
+    it "should send a subscription request to a valid server" do
+      result = @updates.subscribe("user", "name", @subscription_path, @verify_token)
+      result.should be_true
+    end
+    
+    it "should send a subscription request to a valid server" do
+      result = @updates.subscribe("user", "name", @subscription_path, @verify_token)
+      result.should be_true
+    end
+    
+    it "should send a subscription request to an invalid path on a valid server" do
+      lambda { result = @updates.subscribe("user", "name", @subscription_path + "foo", @verify_token) }.should raise_exception(Koala::Facebook::APIError)
+    end
+    
+    it "should fail to send a subscription request to an invalid server" do
+      lambda { @updates.subscribe("user", "name", "foo", @verify_token) }.should raise_exception(Koala::Facebook::APIError)
+    end
+  
+    it "should unsubscribe a valid individual object successfully" do 
+      @updates.unsubscribe("user").should be_true
+    end
+
+    it "should unsubscribe all subscriptions successfully" do 
+      @updates.unsubscribe.should be_true
+    end
+
+    it "should fail when an invalid object is provided to unsubscribe" do 
+      lambda { @updates.unsubscribe("kittens") }.should raise_error(Koala::Facebook::APIError)
+    end
+    
+    it "should is subscriptions properly" do
+      @updates.list_subscriptions.should be_a(Array)
+    end
+  end # describe "when used"
+  
+  describe "when meeting challenge" do
+    it "should return false if hub.mode isn't subscribe" do
+      params = {'hub.mode' => 'not subscribe'}
+      Koala::Facebook::RealtimeUpdates.meet_challenge(params).should be_false
+    end
+    
+    it "should return false if not given a verify_token or block" do
+      params = {'hub.mode' => 'subscribe'}
+      Koala::Facebook::RealtimeUpdates.meet_challenge(params).should be_false
+    end
+    
+    describe "and mode is 'subscribe'" do
+      before(:each) do 
+        @params = {'hub.mode' => 'subscribe'}
+      end
+      
+      describe "and a token is given" do
+        before(:each) do
+          @token = 'token'
+          @params['hub.verify_token'] = @token
+        end
+        
+        it "should return false if the given verify token doesn't match" do
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params, @token + '1').should be_false
+        end
+        
+        it "should return the challenge if the given verify token matches" do
+          @params['hub.challenge'] = 'challenge val'
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params, @token).should == @params['hub.challenge']
+        end
+      end
+      
+      describe "and a block is given" do
+        it "should give the block the token as a parameter" do
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params)do |token|
+            token.should == @token
+          end
+        end
+        
+        it "should return false if the given block return false" do
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params)do |token|
+            false
+          end.should be_false
+        end
+        
+        it "should return false if the given block returns nil" do
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params)do |token|
+            nil
+          end.should be_false
+        end
+        
+        it "should return the challenge if the given block returns true" do
+          @params['hub.challenge'] = 'challenge val'
+          Koala::Facebook::RealtimeUpdates.meet_challenge(@params) do |token|
+            true
+          end.should be_true
+        end
+      end
+    
+    end # describe "and mode is subscribe"
+    
+  end # describe "when meeting challenge"
+  
+end # describe