mini_fb 1.1.3 → 1.1.4

data/lib/mini_fb.rb

@@ -16,6 +16,9 @@ require 'erb'
 require 'json' unless defined? JSON
 require 'rest_client'
 require 'hashie'
+require 'base64'
+require 'openssl'
+require 'logger'
 
 module MiniFB
 
@@ -24,13 +27,35 @@ module MiniFB
     FB_API_VERSION = "1.0"
 
     @@logging = false
+    @@log = Logger.new(STDOUT)
+
+    def self.log_level=(level)
+        if level.is_a? Numeric
+            @@log.level = level
+        else
+            @@log.level = case level
+                when :fatal
+                    @@log.level = Logger::FATAL
+                when :error
+                    @@log.level = Logger::ERROR
+                when :warn
+                    @@log.level = Logger::WARN
+                when :info
+                    @@log.level = Logger::INFO
+                when :debug
+                    @@log.level = Logger::DEBUG
+                          end
+        end
+    end
 
     def self.enable_logging
         @@logging = true
+        @@log.level = Logger::DEBUG
     end
 
     def self.disable_logging
         @@logging = false
+        @@log.level = Logger::ERROR
     end
 
     class FaceBookError < StandardError
@@ -135,6 +160,8 @@ module MiniFB
                         "dashboard.incrementcount", "dashboard.setcount"
     ].collect { |x| x.downcase }
 
+    # THIS IS FOR THE OLD FACEBOOK API, NOT THE GRAPH ONE. See MiniFB.get and MiniFB.post for Graph API
+    #
     # Call facebook server with a method request. Most keyword arguments
     # are passed directly to the server with a few exceptions.
     # The 'sig' value will always be computed automatically.
@@ -247,28 +274,61 @@ module MiniFB
 
     # Returns true is signature is valid, false otherwise.
     def MiniFB.verify_signature(secret, arguments)
-        signature = arguments.delete("fb_sig")
-        return false if signature.nil?
+        if arguments.is_a? String
+            #new way: params[:session]
+            session = JSON.parse(arguments)
 
-        unsigned = Hash.new
-        signed = Hash.new
+            signature = session.delete('sig')
+            return false if signature.nil?
 
-        arguments.each do |k, v|
-            if k =~ /^fb_sig_(.*)/ then
-                signed[$1] = v
-            else
-                unsigned[k] = v
+            arg_string = String.new
+            session.sort.each { |k, v| arg_string << "#{k}=#{v}" }
+            if Digest::MD5.hexdigest(arg_string + secret) == signature
+                return true
             end
-        end
+        else
+            #old way
 
-        arg_string = String.new
-        signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
-        if Digest::MD5.hexdigest(arg_string + secret) == signature
-            return true
+            signature = arguments.delete("fb_sig")
+            return false if signature.nil?
+
+            unsigned = Hash.new
+            signed = Hash.new
+
+            arguments.each do |k, v|
+                if k =~ /^fb_sig_(.*)/ then
+                    signed[$1] = v
+                else
+                    unsigned[k] = v
+                end
+            end
+
+            arg_string = String.new
+            signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
+            if Digest::MD5.hexdigest(arg_string + secret) == signature
+                return true
+            end
         end
         return false
     end
 
+    # This function takes the app secret and the signed request, and verifies if the request is valid.
+    def self.verify_signed_request(secret, req)
+        s, p = req.split(".")
+        sig = base64_url_decode(s)
+        expected_sig = OpenSSL::HMAC.digest('SHA256', secret, p.tr("-_", "+/"))
+        return sig == expected_sig
+    end
+
+    # Ruby's implementation of base64 decoding seems to be reading the string in multiples of 4 and ignoring
+    # any extra characters if there are no white-space characters at the end. Since facebook does not take this
+    # into account, this function fills any string with white spaces up to the point where it becomes divisible
+    # by 4, then it replaces '-' with '+' and '_' with '/' (URL-safe decoding), and decodes the result.
+    def self.base64_url_decode(str)
+        str = str + "=" * (4 - str.size % 4) unless str.size % 4 == 0
+        return Base64.decode64(str.tr("-_", "+/"))
+    end
+
     # Parses cookies in order to extract the facebook cookie and parse it into a useable hash
     #
     # options:
@@ -364,9 +424,9 @@ module MiniFB
         def initialize(session_or_token, id)
             @oauth_session = if session_or_token.is_a?(MiniFB::OAuthSession)
                 session_or_token
-            else
-                MiniFB::OAuthSession.new(session_or_token)
-            end
+                             else
+                                 MiniFB::OAuthSession.new(session_or_token)
+                             end
             @id = id
             @object = @oauth_session.get(id, :metadata => true)
             @connections_cache = {}
@@ -447,6 +507,36 @@ module MiniFB
         return params
     end
 
+    # Return a JSON object of working Oauth tokens from working session keys, returned in order given
+    def self.oauth_exchange_session(app_id, secret, session_keys)
+        url = "#{graph_base}oauth/exchange_sessions"
+        params = {}
+        params["client_id"] = "#{app_id}"
+        params["client_secret"] = "#{secret}"
+        params["sessions"] = "#{session_keys}"
+        options = {}
+        options[:params] = params
+        options[:method] = :post
+        return fetch(url, options)
+    end
+
+    # Return a JSON object of working Oauth tokens from working session keys, returned in order given
+    def self.authenticate_as_app(app_id, secret)
+        url = "#{graph_base}oauth/access_token"
+        params = {}
+        params["type"] = "client_cred"
+        params["client_id"] = "#{app_id}"
+        params["client_secret"] = "#{secret}"
+#      resp = RestClient.get url
+        options = {}
+        options[:params] = params
+        options[:method] = :get
+        options[:response_type] = :params
+        resp = fetch(url, options)
+        puts 'resp=' + resp.body.to_s if @@logging
+        resp
+    end
+
     # Gets data from the Facebook Graph API
     # options:
     #   - type: eg: feed, home, etc
@@ -458,6 +548,7 @@ module MiniFB
         params = options[:params] || {}
         params["access_token"] = "#{(access_token)}"
         params["metadata"] = "1" if options[:metadata]
+        params["fields"] = options[:fields].join(",") if options[:fields]
         options[:params] = params
         return fetch(url, options)
     end
@@ -527,28 +618,42 @@ module MiniFB
         return fetch(url, options)
     end
 
-
     def self.fetch(url, options={})
 
         begin
             if options[:method] == :post
-                puts 'url_post=' + url if @@logging
+                @@log.debug 'url_post=' + url if @@logging
                 resp = RestClient.post url, options[:params]
             else
                 if options[:params] && options[:params].size > 0
                     url += '?' + options[:params].map { |k, v| URI.escape("%s=%s" % [k, v]) }.join('&')
                 end
-                puts 'url_get=' + url if @@logging
+                @@log.debug 'url_get=' + url if @@logging
                 resp = RestClient.get url
             end
 
-            puts 'resp=' + resp.to_s if @@logging
+            @@log.debug 'resp=' + resp.to_s
 
-            begin
-                res_hash = JSON.parse(resp.to_s)
-            rescue
-                # quick fix for things like stream.publish that don't return json
-                res_hash = JSON.parse("{\"response\": #{resp.to_s}}")
+            if options[:response_type] == :params
+                # Some methods return a param like string, for example: access_token=11935261234123|rW9JMxbN65v_pFWQl5LmHHABC
+                params = {}
+                params_array = resp.split("&")
+                params_array.each do |p|
+                    ps = p.split("=")
+                    params[ps[0]] = ps[1]
+                end
+                return params
+            else
+                begin
+                    res_hash = JSON.parse(resp.to_s)
+                rescue
+                    # quick fix for things like stream.publish that don't return json
+                    res_hash = JSON.parse("{\"response\": #{resp.to_s}}")
+                end
+            end
+            
+            if res_hash.size == 1 && res_hash["data"]
+                res_hash = res_hash["data"]
             end
 
             if res_hash.is_a? Array # fql  return this
@@ -574,10 +679,10 @@ module MiniFB
     # Returns all available scopes.
     def self.scopes
         scopes = %w{
-            about_me activities birthday education_history events groups
-            hometown interests likes location notes online_presence
-            photo_video_tags photos relationships religion_politics
-            status videos website work_history
+            about_me activities birthday checkins education_history
+            events groups hometown interests likes location notes
+            online_presence photo_video_tags photos relationships
+            religion_politics status videos website work_history
         }
         scopes.map! do |scope|
             ["user_#{scope}", "friends_#{scope}"]
@@ -590,6 +695,7 @@ module MiniFB
         }
     end
 
+
     # This function expects arguments as a hash, so
     # it is agnostic to different POST handling variants in ruby.
     #

data/test/test_mini_fb.rb

@@ -1,19 +1,32 @@
 require 'test/unit'
 require 'uri'
+require 'yaml'
+require 'active_support'
+require '../lib/mini_fb'
 
 class MiniFBTests < Test::Unit::TestCase
 
 
     def setup
+        @config = File.open(File.expand_path("~/.mini_fb_tests.yml")) { |yf| YAML::load(yf) }
+        puts @config.inspect
+        MiniFB.log_level = :debug
     end
 
     def teardown
 
     end
 
+    def test_authenticate_as_app
+        res = MiniFB.authenticate_as_app(@config["fb_api_key"], @config["fb_secret"])
+        puts 'res=' + res.inspect
+        assert res["access_token"].present?
+        assert res["access_token"].starts_with?(@config["fb_app_id"].to_s)
+    end
+
     # Test signature verification.
     def test_signature
-        
+
     end
 
     def test_basic_calls
@@ -25,7 +38,7 @@ class MiniFBTests < Test::Unit::TestCase
     end
 
     def test_photos
-        
+
     end
 
     def test_uri_escape

metadata

@@ -1,22 +1,20 @@
 --- !ruby/object:Gem::Specification 
 name: mini_fb
 version: !ruby/object:Gem::Version 
-  hash: 21
   prerelease: false
   segments: 
   - 1
   - 1
-  - 3
-  version: 1.1.3
+  - 4
+  version: 1.1.4
 platform: ruby
 authors: 
 - Travis Reeder
-- Aaron Hurley
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2010-07-07 00:00:00 -07:00
+date: 2010-10-30 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -27,7 +25,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
@@ -41,7 +38,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        hash: 3
         segments: 
         - 0
         version: "0"
@@ -73,7 +69,6 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"
@@ -82,7 +77,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
       segments: 
       - 0
       version: "0"