omniauth-facebook 2.0.0 → 2.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 21b5442c102b231ee697de9a8d95fb9ecdb53476
4
- data.tar.gz: 0a42a650390afaf5ee88aea41ccede4b4040d547
3
+ metadata.gz: 260633e199c78445cef2c7490799eccf267750cc
4
+ data.tar.gz: ae89d1f7b067443f94929e2a897686ef95f5adc6
5
5
  SHA512:
6
- metadata.gz: 78b24d80af933ec0b43fb03c7baf5ef843cfdd7b0f1eead56d28b439c7c29e981b4a48a411ad771ccdc221d59474604b3d36dafae27817f721536458b28aa775
7
- data.tar.gz: 5def7cc3f8ac36ae40d6242492f890e76bef0ac67aa6f0c6df6188f753148940de5baeee4b8640bc0c427ee34cf9c57965097ce17c2f56ff4ff3cccdf63bf816
6
+ metadata.gz: b89ed9dbbdf85294d20dbd318cd00f1120a0c6cabbc641c60e96cac5f864d31a2797c6108e5b2459d69c023f34be1e2ec58fcb958c9e51a55458d27775076909
7
+ data.tar.gz: 763264ae25e2c483f541cd8143d9a177c3ff5392fdc217c5b495c06e64242e9f7805266696670af94ff263cb321cc81f3659fb55240d5ae013528721f9aeefaf
@@ -1,8 +1,21 @@
1
+ ## 2.0.1 (2015-02-21)
2
+
3
+ Bugfixes:
4
+
5
+ - Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
6
+ - Allow the image_size option to be set as a symbol. (#182, @jgrau)
7
+
1
8
  ## 2.0.0 (2014-08-07)
2
9
 
10
+ Changes:
11
+
12
+ - remove support for canvas app flow (765ed9, @mkdynamic)
13
+
3
14
  Bugfixes:
4
15
 
5
16
  - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
17
+ - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
18
+ - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
6
19
 
7
20
  ## 1.6.0 (2014-01-13)
8
21
 
data/README.md CHANGED
@@ -59,6 +59,19 @@ Rails.application.config.middleware.use OmniAuth::Builder do
59
59
  end
60
60
  ```
61
61
 
62
+ ### API Version
63
+
64
+ OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
65
+
66
+ ```ruby
67
+ use OmniAuth::Builder do
68
+ provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
69
+ :client_options => {
70
+ :site => 'https://graph.facebook.com/v2.0',
71
+ :authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
72
+ }
73
+ end
74
+ ```
62
75
  ### Per-Request Options
63
76
 
64
77
  If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.
@@ -1,8 +1,8 @@
1
1
  PATH
2
2
  remote: ../
3
3
  specs:
4
- omniauth-facebook (2.0.0.pre1)
5
- omniauth-oauth2 (~> 1.1)
4
+ omniauth-facebook (2.0.0)
5
+ omniauth-oauth2 (~> 1.2)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
@@ -10,25 +10,24 @@ GEM
10
10
  backports (3.3.5)
11
11
  faraday (0.9.0)
12
12
  multipart-post (>= 1.2, < 3)
13
- hashie (2.1.1)
14
- jwt (0.1.13)
15
- multi_json (>= 1.5)
13
+ hashie (3.2.0)
14
+ jwt (1.0.0)
16
15
  multi_json (1.8.2)
17
16
  multi_xml (0.5.5)
18
17
  multipart-post (2.0.0)
19
- oauth2 (0.9.3)
18
+ oauth2 (1.0.0)
20
19
  faraday (>= 0.8, < 0.10)
21
- jwt (~> 0.1.8)
20
+ jwt (~> 1.0)
22
21
  multi_json (~> 1.3)
23
22
  multi_xml (~> 0.5)
24
23
  rack (~> 1.2)
25
- omniauth (1.2.1)
26
- hashie (>= 1.2, < 3)
24
+ omniauth (1.2.2)
25
+ hashie (>= 1.2, < 4)
27
26
  rack (~> 1.0)
28
- omniauth-oauth2 (1.1.2)
27
+ omniauth-oauth2 (1.2.0)
29
28
  faraday (>= 0.8, < 0.10)
30
29
  multi_json (~> 1.3)
31
- oauth2 (~> 0.9.3)
30
+ oauth2 (~> 1.0)
32
31
  omniauth (~> 1.2)
33
32
  rack (1.5.2)
34
33
  rack-protection (1.5.1)
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module Facebook
3
- VERSION = "2.0.0"
3
+ VERSION = "2.0.1"
4
4
  end
5
5
  end
@@ -11,11 +11,12 @@ module OmniAuth
11
11
  class UnknownSignatureAlgorithmError < NotImplementedError; end
12
12
 
13
13
  DEFAULT_SCOPE = 'email'
14
+ SUPPORTED_ALGORITHM = 'HMAC-SHA256'
14
15
 
15
16
  option :client_options, {
16
17
  :site => 'https://graph.facebook.com',
17
18
  :authorize_url => "https://www.facebook.com/dialog/oauth",
18
- :token_url => '/oauth/access_token'
19
+ :token_url => 'oauth/access_token'
19
20
  }
20
21
 
21
22
  option :token_params, {
@@ -56,7 +57,7 @@ module OmniAuth
56
57
  end
57
58
 
58
59
  def raw_info
59
- @raw_info ||= access_token.get('/me', info_options).parsed || {}
60
+ @raw_info ||= access_token.get('me', info_options).parsed || {}
60
61
  end
61
62
 
62
63
  def info_options
@@ -74,7 +75,7 @@ module OmniAuth
74
75
  rescue NoAuthorizationCodeError => e
75
76
  fail!(:no_authorization_code, e)
76
77
  rescue UnknownSignatureAlgorithmError => e
77
- fail!(:unknown_signature_algoruthm, e)
78
+ fail!(:unknown_signature_algorithm, e)
78
79
  end
79
80
 
80
81
  # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize
@@ -166,7 +167,7 @@ module OmniAuth
166
167
  decoded_hex_signature = base64_decode_url(signature)
167
168
  decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
168
169
 
169
- unless decoded_payload['algorithm'] == 'HMAC-SHA256'
170
+ unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
170
171
  raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
171
172
  end
172
173
 
@@ -186,9 +187,10 @@ module OmniAuth
186
187
 
187
188
  def image_url(uid, options)
188
189
  uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
189
- url = uri_class.build({:host => 'graph.facebook.com', :path => "/#{uid}/picture"})
190
+ site_uri = URI.parse(client.site)
191
+ url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
190
192
 
191
- query = if options[:image_size].is_a?(String)
193
+ query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
192
194
  { :type => options[:image_size] }
193
195
  elsif options[:image_size].is_a?(Hash)
194
196
  options[:image_size]
@@ -16,8 +16,10 @@ class ClientTest < StrategyTestCase
16
16
  assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
17
17
  end
18
18
 
19
- test 'has correct token url' do
20
- assert_equal '/oauth/access_token', strategy.client.options[:token_url]
19
+ test 'has correct token url with versioning' do
20
+ @options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
21
+ assert_equal 'oauth/access_token', strategy.client.options[:token_url]
22
+ assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
21
23
  end
22
24
  end
23
25
 
@@ -104,6 +106,13 @@ class InfoTest < StrategyTestCase
104
106
  assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
105
107
  end
106
108
 
109
+ test 'returns the image_url based of the client site' do
110
+ @options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
111
+ raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
112
+ strategy.stubs(:raw_info).returns(raw_info)
113
+ assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
114
+ end
115
+
107
116
  test 'returns the image with size specified in the `image_size` option' do
108
117
  @options = { :image_size => 'normal' }
109
118
  raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
@@ -111,6 +120,13 @@ class InfoTest < StrategyTestCase
111
120
  assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
112
121
  end
113
122
 
123
+ test 'returns the image with size specified as a symbol in the `image_size` option' do
124
+ @options = { :image_size => :normal }
125
+ raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
126
+ strategy.stubs(:raw_info).returns(raw_info)
127
+ assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
128
+ end
129
+
114
130
  test 'returns the image with width and height specified in the `image_size` option' do
115
131
  @options = { :image_size => { :width => 123, :height => 987 } }
116
132
  raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
@@ -250,7 +266,7 @@ class RawInfoTest < StrategyTestCase
250
266
  strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
251
267
  strategy.stubs(:access_token).returns(@access_token)
252
268
  params = {:params => @options}
253
- @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
269
+ @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
254
270
  strategy.raw_info
255
271
  end
256
272
 
@@ -259,7 +275,7 @@ class RawInfoTest < StrategyTestCase
259
275
  strategy.stubs(:access_token).returns(@access_token)
260
276
  strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
261
277
  params = {:params => @options}
262
- @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
278
+ @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
263
279
  strategy.raw_info
264
280
  end
265
281
 
@@ -268,7 +284,7 @@ class RawInfoTest < StrategyTestCase
268
284
  strategy.stubs(:access_token).returns(@access_token)
269
285
  strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
270
286
  params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
271
- @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
287
+ @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
272
288
  strategy.raw_info
273
289
  end
274
290
 
@@ -281,7 +297,7 @@ class RawInfoTest < StrategyTestCase
281
297
  raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
282
298
  oauth2_response = OAuth2::Response.new(raw_response)
283
299
  params = {:params => @options}
284
- @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
300
+ @access_token.stubs(:get).with('me', params).returns(oauth2_response)
285
301
  assert_kind_of Hash, strategy.raw_info
286
302
  assert_equal 'thar', strategy.raw_info['ohai']
287
303
  end
@@ -291,7 +307,7 @@ class RawInfoTest < StrategyTestCase
291
307
  strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
292
308
  oauth2_response = stub('OAuth2::Response', :parsed => false)
293
309
  params = {:params => @options}
294
- @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
310
+ @access_token.stubs(:get).with('me', params).returns(oauth2_response)
295
311
  assert_kind_of Hash, strategy.raw_info
296
312
  assert_equal({}, strategy.raw_info)
297
313
  end
@@ -443,7 +459,7 @@ module SignedRequestTests
443
459
  end
444
460
 
445
461
  test 'calls fail! when a code is not included in the params' do
446
- strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
462
+ strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
447
463
  strategy.callback_phase
448
464
  end
449
465
  end
@@ -462,7 +478,26 @@ module SignedRequestTests
462
478
  end
463
479
 
464
480
  test 'calls fail! when a code is not included in the cookie' do
465
- strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
481
+ strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
482
+ strategy.callback_phase
483
+ end
484
+ end
485
+
486
+ class UnknownAlgorithmInCookieRequestTest < TestCase
487
+ def setup
488
+ super()
489
+ @payload = {
490
+ 'algorithm' => 'UNKNOWN-ALGO',
491
+ 'code' => nil,
492
+ 'issued_at' => Time.now.to_i,
493
+ 'user_id' => '123456'
494
+ }
495
+
496
+ @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
497
+ end
498
+
499
+ test 'calls fail! when an algorithm is unknown' do
500
+ strategy.expects(:fail!).times(1).with(:unknown_signature_algorithm, kind_of(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError))
466
501
  strategy.callback_phase
467
502
  end
468
503
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-facebook
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.0
4
+ version: 2.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Mark Dodwell
@@ -9,62 +9,62 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-08-07 00:00:00.000000000 Z
12
+ date: 2015-02-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth-oauth2
16
16
  requirement: !ruby/object:Gem::Requirement
17
17
  requirements:
18
- - - ~>
18
+ - - "~>"
19
19
  - !ruby/object:Gem::Version
20
20
  version: '1.2'
21
21
  type: :runtime
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
- - - ~>
25
+ - - "~>"
26
26
  - !ruby/object:Gem::Version
27
27
  version: '1.2'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: minitest
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - '>='
32
+ - - ">="
33
33
  - !ruby/object:Gem::Version
34
34
  version: '0'
35
35
  type: :development
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '>='
39
+ - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: mocha
44
44
  requirement: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - '>='
46
+ - - ">="
47
47
  - !ruby/object:Gem::Version
48
48
  version: '0'
49
49
  type: :development
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - '>='
53
+ - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: rake
58
58
  requirement: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - '>='
60
+ - - ">="
61
61
  - !ruby/object:Gem::Version
62
62
  version: '0'
63
63
  type: :development
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
- - - '>='
67
+ - - ">="
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  description:
@@ -75,8 +75,8 @@ executables: []
75
75
  extensions: []
76
76
  extra_rdoc_files: []
77
77
  files:
78
- - .gitignore
79
- - .travis.yml
78
+ - ".gitignore"
79
+ - ".travis.yml"
80
80
  - CHANGELOG.md
81
81
  - Gemfile
82
82
  - README.md
@@ -103,17 +103,17 @@ require_paths:
103
103
  - lib
104
104
  required_ruby_version: !ruby/object:Gem::Requirement
105
105
  requirements:
106
- - - '>='
106
+ - - ">="
107
107
  - !ruby/object:Gem::Version
108
108
  version: '0'
109
109
  required_rubygems_version: !ruby/object:Gem::Requirement
110
110
  requirements:
111
- - - '>='
111
+ - - ">="
112
112
  - !ruby/object:Gem::Version
113
113
  version: '0'
114
114
  requirements: []
115
115
  rubyforge_project:
116
- rubygems_version: 2.2.2
116
+ rubygems_version: 2.4.5
117
117
  signing_key:
118
118
  specification_version: 4
119
119
  summary: Facebook OAuth2 Strategy for OmniAuth