mini_fb 1.0.3 → 1.0.4

data/README.markdown

@@ -24,7 +24,7 @@ Installation
 Facebook Graph API
 ==================
 
-For an overview of what this is all about, see http://developers.facebook.com/docs/api.
+For an overview of what this is all about, see <http://developers.facebook.com/docs/api>.
 
 Authentication
 --------------
@@ -57,7 +57,8 @@ It's very simple:
     @response_hash = MiniFB.get(@access_token, @id, :type=>@type)
     # @response_hash is a hash, but also allows object like syntax for instance, the following is true:
     @response_hash["user"] == @response_hash.user
-    
+
+See <http://developers.facebook.com/docs/api> for the available types.
 
 Posting Data to Facebook
 ------------------------
@@ -161,12 +162,11 @@ Then add the following script to the page where you put the login button so it l
 Define an fb_connect method in your login/sessions controller like so:
 
      def fb_connect
-        @fb_uid = cookies[FB_API_KEY + "_user"]
-        @fb_session = cookies[FB_API_KEY + "_session_key"]
-        puts "uid=#{@fb_uid}"
-        puts "session=#{@fb_session}"
+        @fb_info = MiniFB.parse_cookie_information(FB_APP_ID, cookies) # some users may have to use their API rather than the app. ID.
+        puts "uid=#{@fb_info['uid']}"
+        puts "session=#{@fb_info['session_key']}"
         
-        if MiniFB.verify_connect_signature(FB_API_KEY, FB_SECRET, cookies)
+        if MiniFB.verify_cookie_signature(FB_APP_ID, FB_SECRET, cookies)
           # And here you would create the user if it doesn't already exist, then redirect them to wherever you want.
         else
           # The cookies may have been modified as the signature does not match

data/lib/mini_fb.rb

@@ -255,35 +255,37 @@ module MiniFB
         end
         return false
     end
+    
+    # Parses cookies in order to extract the facebook cookie and parse it into a useable hash
+    #
+    # options:
+    # * app_id - the connect applications app_id (some users may find they have to use their facebook API key)
+    # * secret - the connect application secret
+    # * cookies - the cookies given by facebook - it is ok to just pass all of the cookies, the method will do the filtering for you.
+    def MiniFB.parse_cookie_information(app_id, cookies)
+      return nil if cookies["fbs_#{app_id}"].nil?
+      Hash[*cookies["fbs_#{app_id}"].split('&').map{|v| v.gsub('"', '').split('=', 2) }.flatten]
+    end
 
     # Validates that the cookies sent by the user are those that were set by facebook. Since your
     # secret is only known by you and facebook it is used to sign all of the cookies set.
     #
     # options:
-    # * api_key - the connect applications facebook API key
+    # * app_id - the connect applications app_id (some users may find they have to use their facebook API key)
     # * secret - the connect application secret
     # * cookies - the cookies given by facebook - it is ok to just pass all of the cookies, the method will do the filtering for you.
+    def MiniFB.verify_cookie_signature(app_id, secret, cookies)
+      fb_keys = MiniFB.parse_cookie_information(app_id, cookies)
+      return false if fb_keys.nil?
+      
+      signature = fb_keys.delete('sig')
+      return signature == Digest::MD5.hexdigest(fb_keys.map{|k,v| "#{k}=#{v}"}.sort.join + secret)
+    end
+    
+    # <b>DEPRECATED:</b> Please use <tt>verify_cookie_signature</tt> instead.
     def MiniFB.verify_connect_signature(api_key, secret, cookies)
-        signature = cookies[api_key]
-        return false if signature.nil?
-
-        unsigned = Hash.new
-        signed = Hash.new
-
-        cookies.each do |k, v|
-            if k =~ /^#{api_key}_(.*)/ then
-                signed[$1] = v
-            else
-                unsigned[k] = v
-            end
-        end
-
-        arg_string = String.new
-        signed.sort.each {|kv| arg_string << kv[0] << "=" << kv[1] }
-        if Digest::MD5.hexdigest(arg_string + secret) == signature
-            return true
-        end
-        return false
+      warn "DEPRECATION WARNING: 'verify_connect_signature' has been renamed to 'verify_cookie_signature' as Facebook no longer calls this 'connect'"
+      MiniFB.verify_cookie_signature(api_key, secret, cookies)
     end
 
     # Returns the login/add app url for your application.
@@ -308,7 +310,9 @@ module MiniFB
         oauth_url = "#{graph_base}oauth/authorize"
         oauth_url << "?client_id=#{app_id}"
         oauth_url << "&redirect_uri=#{URI.escape(redirect_uri)}"
-        oauth_url << "&scope=#{options[:scope]}" if options[:scope]
+#        oauth_url << "&scope=#{options[:scope]}" if options[:scope]
+        oauth_url << ("&" + options.each.map { |k,v| "%s=%s" % [k, v] }.join('&')) unless options.empty?
+        oauth_url
     end
 
     # returns a hash with one value being 'access_token', the other being 'expires'
@@ -347,6 +351,9 @@ module MiniFB
             if options[:method] == :post              
                 resp = RestClient.post url, options[:params]
             else
+                if options[:params] && options[:params].size > 0
+                     url += '?' + options[:params].each.map {|k,v| "%s=%s" % [k,v]}.join('&')
+                end
                 resp = RestClient.get url
             end
   
@@ -404,9 +411,9 @@ module MiniFB
     # Uses new Oauth 2 authentication against old Facebook REST API
     def self.rest(access_token, api_method, options={})
         url = "https://api.facebook.com/method/#{api_method}"  
-        options[:token] = access_token
-        options[:format] = "json"        
-        method = (options[:method]) ? options[:method]: :get
+        options[:access_token] = access_token
+        options[:format] = "json"
+        method = (options[:method]) ? options[:method] : :get
         options.delete(:method) if options[:method]
         return fetch(url, :params => options, :method => method)
     end

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: mini_fb
 version: !ruby/object:Gem::Version 
+  hash: 31
   prerelease: false
   segments: 
   - 1
   - 0
-  - 3
-  version: 1.0.3
+  - 4
+  version: 1.0.4
 platform: ruby
 authors: 
 - Travis Reeder
@@ -15,21 +16,37 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-05-07 00:00:00 -07:00
+date: 2010-06-04 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rest-client
   prerelease: false
   requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        hash: 3
         segments: 
         - 0
         version: "0"
   type: :runtime
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: hashie
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
 description: Tiny facebook library
 email: travis@appoxy.com
 executables: []
@@ -41,6 +58,7 @@ extra_rdoc_files:
 files: 
 - lib/mini_fb.rb
 - README.markdown
+- test/test_mini_fb.rb
 has_rdoc: true
 homepage: http://github.com/appoxy/mini_fb
 licenses: []
@@ -51,23 +69,27 @@ rdoc_options:
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: Tiny facebook library