koala 0.10.0 → 1.0.0.beta

data/CHANGELOG

@@ -1,3 +1,19 @@
+v1.0
+New methods:
+-- Photo and file upload now supported through #put_picture and general support for file hashes (see documentation)
+-- Added a delete_like method (thanks to wassem)
+Internal improvements: 
+-- For public requests, Koala now uses http by default (instead of https) to improve speed
+  -- This can be overridden through Koala.always_use_ssl= or by passing :use_ssl => true in the options hash for an api call
+-- Read-only REST API requests now go through the faster api-read server
+-- Replaced parse_signed_request with a version from Facebook that also supports the new signed params proposal
+  -- Note: invalid requests will now raise exceptions rather than return nil, in keeping with other SDKs
+-- delete_object will now raise an error if there's no access token (like put_object and delete_like)
+Test improvements:
+-- Expanded HTTP service tests (added Typhoeus test suite and additional Net::HTTP test cases)
+-- Live tests now verify that the access token has the necessary permissions before starting
+-- Replaced the 50-person network test, which often took 15+ minutes to run live, with a 5-person test
+
 v0.10.0
 -- Added test user module
 -- Fixed bug when raising APIError after Facebook fails to exchange session keys
@@ -11,10 +27,10 @@ v0.9.1
 v0.9.0
 -- Added parse_signed_request to handle Facebook's new authentication scheme
   -- note: creates dependency on OpenSSL (OpenSSL::HMAC) for decryption
--- Added GraphCollection class to provide paging support for GraphAPI get_connections and search methods (thanks to jagthedrummer)    
+-- Added GraphCollection class to provide paging support for GraphAPI get_connections and search methods (thanks to jagthedrummer)
 -- Added get_page method to easily fetch pages of results from GraphCollections
 -- Exchanging sessions for tokens now works properly when provided invalid/expired session keys
--- You can now include a :typhoeus_options key in TyphoeusService#make_request's options hash to control the Typhoeus call (for example, to set :disable_ssl_peer_verification => true) 
+-- You can now include a :typhoeus_options key in TyphoeusService#make_request's options hash to control the Typhoeus call (for example, to set :disable_ssl_peer_verification => true)
 -- All paths provided to HTTP services start with leading / to improve compatibility with stubbing libraries
 -- If Facebook returns nil for search or get_connections requests, Koala now returns nil rather than throwing an exception
 
@@ -23,7 +39,7 @@ v0.8.0
   -- Removed string overloading for the methods, per 0.7.3, which caused Marshaling issues
   -- Removed ability to provide a string as the second argument to url_for_access_token, per 0.5.0
 
-v0.7.4 
+v0.7.4
 -- Fixed bug with get_user_from_cookies
 
 v0.7.3
@@ -34,18 +50,18 @@ v0.7.3
     -- Using those methods triggers a deprecation warning
     -- This will be removed by 1.0
   -- There are new info methods (get_access_token_info, get_app_access_token_info, get_token_info_from_session_keys, and get_user_info_from_cookies) that natively return hashes, for when you want the expiration date
--- Responses with HTTP status 500+ now properly throw errors under Net::HTTP 
+-- Responses with HTTP status 500+ now properly throw errors under Net::HTTP
 -- Updated changelog
 -- Added license
 
 v0.7.2
 -- Added support for exchanging session keys for OAuth access tokens (get_token_from_session_key for single keys, get_tokens_from_session_keys for multiple)
 -- Moved Koala files into a koala/ subdirectory to minimize risk of name collisions
--- Added OAuth Playground git submodule as an example 
+-- Added OAuth Playground git submodule as an example
 -- Updated tests, readme, and changelog
 
 v0.7.1
--- Updated RealtimeUpdates#list_subscriptions and GraphAPI#get_connections to now return an 
+-- Updated RealtimeUpdates#list_subscriptions and GraphAPI#get_connections to now return an
 array of results directly (rather than a hash with one key)
 -- Fixed a bug with Net::HTTP-based HTTP service in which the headers hash was improperly formatted
 -- Updated readme
@@ -92,7 +108,7 @@ v0.3.1
 v0.3
 -- Renamed Graph API class from Facebook::GraphAPI to FacebookGraph::API
 -- Created FacebookGraph::OAuth class for tokens and OAuth URLs
--- Updated method for including HTTP service (think we've got it this time) 
+-- Updated method for including HTTP service (think we've got it this time)
 -- Updated tests
 -- Added CHANGELOG and gemspec
 

data/Manifest

@@ -13,9 +13,11 @@ lib/koala/test_users.rb
 readme.md
 spec/facebook_data.yml
 spec/koala/api_base_tests.rb
+spec/koala/assets/beach.jpg
 spec/koala/graph_and_rest_api/graph_and_rest_api_no_token_tests.rb
 spec/koala/graph_and_rest_api/graph_and_rest_api_with_token_tests.rb
 spec/koala/graph_api/graph_api_no_access_token_tests.rb
+spec/koala/graph_api/graph_api_tests.rb
 spec/koala/graph_api/graph_api_with_access_token_tests.rb
 spec/koala/graph_api/graph_collection_tests.rb
 spec/koala/live_testing_data_helper.rb
@@ -23,8 +25,10 @@ spec/koala/net_http_service_tests.rb
 spec/koala/oauth/oauth_tests.rb
 spec/koala/realtime_updates/realtime_updates_tests.rb
 spec/koala/rest_api/rest_api_no_access_token_tests.rb
+spec/koala/rest_api/rest_api_tests.rb
 spec/koala/rest_api/rest_api_with_access_token_tests.rb
 spec/koala/test_users/test_users_tests.rb
+spec/koala/typhoeus_service_tests.rb
 spec/koala_spec.rb
 spec/koala_spec_helper.rb
 spec/koala_spec_without_mocks.rb

data/Rakefile

@@ -4,14 +4,14 @@ require 'rake'
 require 'echoe'
 
 # gem management
-Echoe.new('koala', '0.10.0') do |p|
-  p.summary    = "A lightweight, flexible library for Facebook with support for the Graph API, the old REST API, realtime updates, and OAuth validation."
-  p.description = "Koala is a lightweight, flexible Ruby SDK for Facebook.  It allows read/write access to the social graph via the Graph API and the older REST API, as well as support for realtime updates and OAuth and Facebook Connect authentication.  Koala is fully tested and supports Net::HTTP and Typhoeus connections out of the box and can accept custom modules for other services."
+Echoe.new('koala', '1.0.0.beta') do |p|
+  p.summary        = "A lightweight, flexible library for Facebook with support for the Graph API, the old REST API, realtime updates, and OAuth validation."
+  p.description    = "Koala is a lightweight, flexible Ruby SDK for Facebook.  It allows read/write access to the social graph via the Graph API and the older REST API, as well as support for realtime updates and OAuth and Facebook Connect authentication.  Koala is fully tested and supports Net::HTTP and Typhoeus connections out of the box and can accept custom modules for other services."
   p.url            = "http://github.com/arsduo/koala"
   p.author         = ["Alex Koppel", "Chris Baclig", "Rafi Jacoby", "Context Optional"]
   p.email          = "alex@alexkoppel.com"
   p.ignore_pattern = ["tmp/*", "script/*", "pkg/*"]
-  p.runtime_dependencies = ["json >=1.0"]
+  p.runtime_dependencies = ["json >=1.0", "multipart-post >=1.0"]
   p.development_dependencies = []
   p.retain_gemspec = true
 end

data/koala.gemspec

@@ -2,32 +2,34 @@
 
 Gem::Specification.new do |s|
   s.name = %q{koala}
-  s.version = "0.10.0"
+  s.version = "1.0.0.beta"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Alex Koppel, Chris Baclig, Rafi Jacoby, Context Optional"]
-  s.date = %q{2010-12-15}
+  s.date = %q{2011-01-26}
   s.description = %q{Koala is a lightweight, flexible Ruby SDK for Facebook.  It allows read/write access to the social graph via the Graph API and the older REST API, as well as support for realtime updates and OAuth and Facebook Connect authentication.  Koala is fully tested and supports Net::HTTP and Typhoeus connections out of the box and can accept custom modules for other services.}
   s.email = %q{alex@alexkoppel.com}
   s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "lib/koala.rb", "lib/koala/graph_api.rb", "lib/koala/http_services.rb", "lib/koala/realtime_updates.rb", "lib/koala/rest_api.rb", "lib/koala/test_users.rb"]
-  s.files = ["CHANGELOG", "LICENSE", "Manifest", "Rakefile", "init.rb", "koala.gemspec", "lib/koala.rb", "lib/koala/graph_api.rb", "lib/koala/http_services.rb", "lib/koala/realtime_updates.rb", "lib/koala/rest_api.rb", "lib/koala/test_users.rb", "readme.md", "spec/facebook_data.yml", "spec/koala/api_base_tests.rb", "spec/koala/graph_and_rest_api/graph_and_rest_api_no_token_tests.rb", "spec/koala/graph_and_rest_api/graph_and_rest_api_with_token_tests.rb", "spec/koala/graph_api/graph_api_no_access_token_tests.rb", "spec/koala/graph_api/graph_api_with_access_token_tests.rb", "spec/koala/graph_api/graph_collection_tests.rb", "spec/koala/live_testing_data_helper.rb", "spec/koala/net_http_service_tests.rb", "spec/koala/oauth/oauth_tests.rb", "spec/koala/realtime_updates/realtime_updates_tests.rb", "spec/koala/rest_api/rest_api_no_access_token_tests.rb", "spec/koala/rest_api/rest_api_with_access_token_tests.rb", "spec/koala/test_users/test_users_tests.rb", "spec/koala_spec.rb", "spec/koala_spec_helper.rb", "spec/koala_spec_without_mocks.rb", "spec/mock_facebook_responses.yml", "spec/mock_http_service.rb"]
+  s.files = ["CHANGELOG", "LICENSE", "Manifest", "Rakefile", "init.rb", "koala.gemspec", "lib/koala.rb", "lib/koala/graph_api.rb", "lib/koala/http_services.rb", "lib/koala/realtime_updates.rb", "lib/koala/rest_api.rb", "lib/koala/test_users.rb", "readme.md", "spec/facebook_data.yml", "spec/koala/api_base_tests.rb", "spec/koala/assets/beach.jpg", "spec/koala/graph_and_rest_api/graph_and_rest_api_no_token_tests.rb", "spec/koala/graph_and_rest_api/graph_and_rest_api_with_token_tests.rb", "spec/koala/graph_api/graph_api_no_access_token_tests.rb", "spec/koala/graph_api/graph_api_tests.rb", "spec/koala/graph_api/graph_api_with_access_token_tests.rb", "spec/koala/graph_api/graph_collection_tests.rb", "spec/koala/live_testing_data_helper.rb", "spec/koala/net_http_service_tests.rb", "spec/koala/oauth/oauth_tests.rb", "spec/koala/realtime_updates/realtime_updates_tests.rb", "spec/koala/rest_api/rest_api_no_access_token_tests.rb", "spec/koala/rest_api/rest_api_tests.rb", "spec/koala/rest_api/rest_api_with_access_token_tests.rb", "spec/koala/test_users/test_users_tests.rb", "spec/koala/typhoeus_service_tests.rb", "spec/koala_spec.rb", "spec/koala_spec_helper.rb", "spec/koala_spec_without_mocks.rb", "spec/mock_facebook_responses.yml", "spec/mock_http_service.rb"]
   s.homepage = %q{http://github.com/arsduo/koala}
-  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Koala", "--main", "readme.md"]
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Koala"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{koala}
-  s.rubygems_version = %q{1.3.6}
+  s.rubygems_version = %q{1.4.2}
   s.summary = %q{A lightweight, flexible library for Facebook with support for the Graph API, the old REST API, realtime updates, and OAuth validation.}
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_runtime_dependency(%q<json>, [">= 1.0"])
+      s.add_runtime_dependency(%q<multipart-post>, [">= 1.0"])
     else
       s.add_dependency(%q<json>, [">= 1.0"])
+      s.add_dependency(%q<multipart-post>, [">= 1.0"])
     end
   else
     s.add_dependency(%q<json>, [">= 1.0"])
+    s.add_dependency(%q<multipart-post>, [">= 1.0"])
   end
 end

data/lib/koala.rb

@@ -5,8 +5,9 @@ require 'digest/md5'
 require 'rubygems'
 require 'json'
 
-# openssl is required to support signed_request
+# OpenSSL and Base64 are required to support signed_request
 require 'openssl'
+require 'base64'
 
 # include default http services
 require 'koala/http_services'
@@ -24,7 +25,7 @@ require 'koala/realtime_updates'
 require 'koala/test_users'
 
 module Koala
-    
+
   module Facebook
     # Ruby client library for the Facebook Platform.
     # Copyright 2010 Facebook
@@ -40,7 +41,7 @@ module Koala
     # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
     # License for the specific language governing permissions and limitations
     # under the License.
-    # 
+    #
     # This client library is designed to support the Graph API and the official
     # Facebook JavaScript SDK, which is the canonical way to implement
     # Facebook authentication. Read more about the Graph API at
@@ -53,7 +54,7 @@ module Koala
         @access_token = access_token
       end
       attr_reader :access_token
-      
+
       def api(path, args = {}, verb = "get", options = {}, &error_checking_block)
         # Fetches the given path in the Graph API.
         args["access_token"] = @access_token || @app_access_token if @access_token || @app_access_token
@@ -63,20 +64,20 @@ module Koala
 
         # make the request via the provided service
         result = Koala.make_request(path, args, verb, options)
-        
+
         # Check for any 500 errors before parsing the body
         # since we're not guaranteed that the body is valid JSON
         # in the case of a server error
         raise APIError.new({"type" => "HTTP #{result.status.to_s}", "message" => "Response body: #{result.body}"}) if result.status >= 500
-        
-        # Parse the body as JSON and check for errors if provided a mechanism to do so 
+
+        # Parse the body as JSON and check for errors if provided a mechanism to do so
         # Note: Facebook sometimes sends results like "true" and "false", which aren't strictly objects
         # and cause JSON.parse to fail -- so we account for that by wrapping the result in []
         body = response = JSON.parse("[#{result.body.to_s}]")[0]
         if error_checking_block
           yield(body)
         end
-        
+
         # now return the desired information
         if options[:http_component]
           result.send(options[:http_component])
@@ -85,57 +86,57 @@ module Koala
         end
       end
     end
-    
+
     class GraphAPI < API
       include GraphAPIMethods
     end
-    
+
     class RestAPI < API
       include RestAPIMethods
     end
-    
+
     class GraphAndRestAPI < API
       include GraphAPIMethods
       include RestAPIMethods
     end
-    
+
     class RealtimeUpdates < API
       include RealtimeUpdateMethods
     end
-    
+
     class TestUsers < API
       include TestUserMethods
       # make the Graph API accessible in case someone wants to make other calls to interact with their users
       attr_reader :graph_api
     end
-    
+
     class APIError < Exception
       attr_accessor :fb_error_type
       def initialize(details = {})
-        self.fb_error_type = details["type"]  
+        self.fb_error_type = details["type"]
         super("#{fb_error_type}: #{details["message"]}")
       end
     end
-    
-    
+
+
     class OAuth
       attr_reader :app_id, :app_secret, :oauth_callback_url
       def initialize(app_id, app_secret, oauth_callback_url = nil)
         @app_id = app_id
         @app_secret = app_secret
-        @oauth_callback_url = oauth_callback_url 
+        @oauth_callback_url = oauth_callback_url
       end
 
       def get_user_info_from_cookie(cookie_hash)
         # Parses the cookie set by the official Facebook JavaScript SDK.
-        # 
+        #
         # cookies should be a Hash, like the one Rails provides
-        # 
+        #
         # If the user is logged in via Facebook, we return a dictionary with the
         # keys "uid" and "access_token". The former is the user's Facebook ID,
         # and the latter can be used to make authenticated requests to the Graph API.
         # If the user is not logged in, we return None.
-        # 
+        #
         # Download the official Facebook JavaScript SDK at
         # http://github.com/facebook/connect-js/. Read more about Facebook
         # authentication at http://developers.facebook.com/docs/authentication/.
@@ -150,21 +151,21 @@ module Koala
 
           # generate the signature and make sure it matches what we expect
           auth_string = components.keys.sort.collect {|a| a == "sig" ? nil : "#{a}=#{components[a]}"}.reject {|a| a.nil?}.join("")
-          sig = Digest::MD5.hexdigest(auth_string + @app_secret)          
+          sig = Digest::MD5.hexdigest(auth_string + @app_secret)
           sig == components["sig"] && (components["expires"] == "0" || Time.now.to_i < components["expires"].to_i) ? components : nil
         end
       end
       alias_method :get_user_info_from_cookies, :get_user_info_from_cookie
-    
+
       def get_user_from_cookie(cookies)
         if info = get_user_info_from_cookies(cookies)
           string = info["uid"]
         end
       end
       alias_method :get_user_from_cookies, :get_user_from_cookie
-    
+
       # URLs
-    
+
       def url_for_oauth_code(options = {})
         # for permissions, see http://developers.facebook.com/docs/authentication/permissions
         permissions = options[:permissions]
@@ -174,54 +175,71 @@ module Koala
         raise ArgumentError, "url_for_oauth_code must get a callback either from the OAuth object or in the options!" unless callback
 
         # Creates the URL for oauth authorization for a given callback and optional set of permissions
-        "https://#{GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{callback}#{scope}"    
+        "https://#{GRAPH_SERVER}/oauth/authorize?client_id=#{@app_id}&redirect_uri=#{callback}#{scope}"
       end
-        
+
       def url_for_access_token(code, options = {})
         # Creates the URL for the token corresponding to a given code generated by Facebook
         callback = options[:callback] || @oauth_callback_url
         raise ArgumentError, "url_for_access_token must get a callback either from the OAuth object or in the parameters!" unless callback
         "https://#{GRAPH_SERVER}/oauth/access_token?client_id=#{@app_id}&redirect_uri=#{callback}&client_secret=#{@app_secret}&code=#{code}"
       end
-            
+
       def get_access_token_info(code)
         # convenience method to get a parsed token from Facebook for a given code
         # should this require an OAuth callback URL?
         get_token_from_server(:code => code, :redirect_uri => @oauth_callback_url)
       end
-      
+
       def get_access_token(code)
         # upstream methods will throw errors if needed
-        if info = get_access_token_info(code) 
-          string = info["access_token"]        
+        if info = get_access_token_info(code)
+          string = info["access_token"]
         end
       end
-      
+
       def get_app_access_token_info
-        # convenience method to get a the application's sessionless access token 
+        # convenience method to get a the application's sessionless access token
         get_token_from_server({:type => 'client_cred'}, true)
       end
-      
+
       def get_app_access_token
         if info = get_app_access_token_info
-          string = info["access_token"] 
+          string = info["access_token"]
         end
       end
-      
-      # signed_request
-      def parse_signed_request(request)
-        # Facebook's signed requests come in two parts -- the signature and the data payload
-        # see http://developers.facebook.com/docs/authentication/canvas
-        encoded_sig, payload = request.split(".")
-        
-        sig = base64_url_decode(encoded_sig)
-
-        # if the signature matches, return the data, decoded and parsed as JSON
-        if OpenSSL::HMAC.digest("sha256", @app_secret, payload) == sig
-          JSON.parse(base64_url_decode(payload))
-        else
-          nil
-        end
+    
+      # provided directly by Facebook
+      # see https://github.com/facebook/crypto-request-examples/blob/master/sample.rb
+      # and http://developers.facebook.com/docs/authentication/canvas/encryption_proposal
+      def parse_signed_request(input, max_age = 3600)
+        encoded_sig, encoded_envelope = input.split('.', 2)
+        envelope = JSON.parse(base64_url_decode(encoded_envelope))
+        algorithm = envelope['algorithm']
+
+        raise 'Invalid request. (Unsupported algorithm.)' \
+          if algorithm != 'AES-256-CBC HMAC-SHA256' && algorithm != 'HMAC-SHA256'
+
+        raise 'Invalid request. (Too old.)' \
+          if algorithm == "AES-256-CBC HMAC-SHA256" && envelope['issued_at'].to_i < Time.now.to_i - max_age
+
+        raise 'Invalid request. (Invalid signature.)' \
+          if base64_url_decode(encoded_sig) !=
+              OpenSSL::HMAC.hexdigest(
+                'sha256', @app_secret, encoded_envelope).split.pack('H*')
+
+        # for requests that are signed, but not encrypted, we're done
+        return envelope if algorithm == 'HMAC-SHA256'
+
+        # otherwise, decrypt the payload
+        cipher = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
+        cipher.decrypt
+        cipher.key = @app_secret
+        cipher.iv = base64_url_decode(envelope['iv'])
+        cipher.padding = 0
+        decrypted_data = cipher.update(base64_url_decode(envelope['payload']))
+        decrypted_data << cipher.final
+        return JSON.parse(decrypted_data.strip)
       end
 
       # from session keys
@@ -231,69 +249,68 @@ module Koala
           :type => 'client_cred',
           :sessions => sessions.join(",")
         }, true, "exchange_sessions")
-        
+
         # Facebook returns an empty body in certain error conditions
-        if response == "" 
+        if response == ""
           raise APIError.new({
-            "type" => "ArgumentError", 
+            "type" => "ArgumentError",
             "message" => "get_token_from_session_key received an error (empty response body) for sessions #{sessions.inspect}!"
           })
         end
-        
+
         JSON.parse(response)
       end
-  
+
       def get_tokens_from_session_keys(sessions)
         # get the original hash results
         results = get_token_info_from_session_keys(sessions)
         # now recollect them as just the access tokens
         results.collect { |r| r ? r["access_token"] : nil }
       end
-      
+
       def get_token_from_session_key(session)
         # convenience method for a single key
         # gets the overlaoded strings automatically
         get_tokens_from_session_keys([session])[0]
       end
-      
+
       protected
-      
+
       def get_token_from_server(args, post = false)
         # fetch the result from Facebook's servers
         result = fetch_token_string(args, post)
-        
+
         # if we have an error, parse the error JSON and raise an error
         raise APIError.new((JSON.parse(result)["error"] rescue nil) || {}) if result =~ /error/
 
         # otherwise, parse the access token
-        parse_access_token(result)       
+        parse_access_token(result)
       end
-      
+
       def parse_access_token(response_text)
         components = response_text.split("&").inject({}) do |hash, bit|
           key, value = bit.split("=")
           hash.merge!(key => value)
         end
-        components 
+        components
       end
 
       def fetch_token_string(args, post = false, endpoint = "access_token")
         Koala.make_request("/oauth/#{endpoint}", {
-          :client_id => @app_id, 
+          :client_id => @app_id,
           :client_secret => @app_secret
-        }.merge!(args), post ? "post" : "get").body
+        }.merge!(args), post ? "post" : "get", :use_ssl => true).body
       end
-      
+
       # base 64
-      def base64_url_decode(string)
-        # to properly decode what Facebook provides, we need to add == to the end
-        # and translate certain characters to others before running the actual decoding
-        # see http://developers.facebook.com/docs/authentication/canvas 
-        "#{string}==".tr("-_", "+/").unpack("m")[0]
+      # directly from https://github.com/facebook/crypto-request-examples/raw/master/sample.rb
+      def base64_url_decode(str)
+        str += '=' * (4 - str.length.modulo(4))
+        Base64.decode64(str.gsub('-', '+').gsub('_', '/'))
       end
     end
   end
-  
+
   # finally, set up the http service Koala methods used to make requests
   # you can use your own (for HTTParty, etc.) by calling Koala.http_service = YourModule
   def self.http_service=(service)
@@ -302,7 +319,6 @@ module Koala
 
   # by default, try requiring Typhoeus -- if that works, use it
   begin
-    require 'typhoeus'
     Koala.http_service = TyphoeusService
   rescue LoadError
     Koala.http_service = NetHTTPService