omniauth-facebook 1.3.0 → 1.4.0

data/README.md

@@ -34,6 +34,8 @@ You can configure several options, which you pass in to the `provider` method vi
 
 * `scope`: A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: http://developers.facebook.com/docs/reference/api/permissions. Default: `email`
 * `display`: The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/. Default: `page`
+* `auth_type`: Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/authentication/reauthentication/.
+Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Default is `nil`.
 * `secure_image_url`: Set to `true` to use https for the avatar image url returned in the auth hash. Default is `false`.
 * `image_size`: Set the size for the returned image url in the auth hash. Valid options are `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Default is `square` (50x50).
 
@@ -54,7 +56,7 @@ You can also pass through a `state` param which will be passed along to the call
 
 ### Custom Callback URL/Path
 
-You can set a custom `callback_url` or `callback_path` option to override the default value. See [OmniAuth::Strategy#callback_url](https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L387) for more details on the default.
+You can set a custom `callback_url` or `callback_path` option to override the default value. See [OmniAuth::Strategy#callback_url](https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L411) for more details on the default.
 
 ## Auth Hash
 
@@ -120,7 +122,7 @@ When you call `/auth/facebook/callback` in the success callback of `FB.login` th
 2. extract the authorization code contained in it
 3. and hit Facebook and obtain an access token which will get placed in the `request.env['omniauth.auth']['credentials']` hash.
 
-Note that this access token will be the same token obtained and available in the client through the hash [as (detailed in the Facebook docs](https://developers.facebook.com/docs/authentication/client-side/)).
+Note that this access token will be the same token obtained and available in the client through the hash [as detailed in the Facebook docs](https://developers.facebook.com/docs/authentication/client-side/).
 
 ## Canvas Apps
 

data/example/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ../
   specs:
-    omniauth-facebook (1.2.0)
+    omniauth-facebook (1.3.0)
       omniauth-oauth2 (~> 1.0.2)
 
 GEM

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "1.3.0"
+    VERSION = "1.4.0"
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -24,7 +24,7 @@ module OmniAuth
         :param_name => 'access_token'
       }
 
-      option :authorize_options, [:scope, :display]
+      option :authorize_options, [:scope, :display, :auth_type]
 
       uid { raw_info['id'] }
 
@@ -46,17 +46,10 @@ module OmniAuth
         })
       end
 
-      credentials do
-        prune!({
-          'expires' => access_token.expires?,
-          'expires_at' => access_token.expires_at
-        })
-      end
-
       extra do
-        prune!({
-          'raw_info' => raw_info
-        })
+        hash = {}
+        hash['raw_info'] = raw_info unless skip_info?
+        prune! hash
       end
 
       def raw_info
@@ -64,7 +57,12 @@ module OmniAuth
       end
 
       def build_access_token
-        if signed_request_contains_access_token?
+        if access_token = request.params["access_token"]
+          ::OAuth2::AccessToken.from_hash(
+            client, 
+            {"access_token" => access_token}.update(access_token_options)
+          )
+        elsif signed_request_contains_access_token?
           hash = signed_request.clone
           ::OAuth2::AccessToken.new(
             client,

data/spec/omniauth/strategies/facebook_spec.rb

@@ -245,16 +245,17 @@ describe OmniAuth::Strategies::Facebook do
   describe '#raw_info' do
     before :each do
       @access_token = double('OAuth2::AccessToken')
-      subject.stub(:access_token) { @access_token }
     end
 
     it 'performs a GET to https://graph.facebook.com/me' do
+      subject.stub(:access_token) { @access_token }
       @access_token.stub(:get) { double('OAuth2::Response').as_null_object }
       @access_token.should_receive(:get).with('/me')
       subject.raw_info
     end
 
     it 'returns a Hash' do
+      subject.stub(:access_token) { @access_token }
       @access_token.stub(:get).with('/me') do
         raw_response = double('Faraday::Response')
         raw_response.stub(:body) { '{ "ohai": "thar" }' }
@@ -267,6 +268,7 @@ describe OmniAuth::Strategies::Facebook do
     end
 
     it 'returns an empty hash when the response is false' do
+      subject.stub(:access_token) { @access_token }
       @access_token.stub(:get).with('/me') do
         response = double('OAuth2::Response')
         response.stub(:parsed => false)
@@ -274,6 +276,12 @@ describe OmniAuth::Strategies::Facebook do
       end
       subject.raw_info.should be_a(Hash)
     end
+
+    it 'should not include raw_info in extras hash when skip_info is specified' do
+      @options = { :skip_info => true }
+      subject.stub(:raw_info) { { :foo => 'bar' } }
+      subject.extra.should_not have_key('raw_info')
+    end
   end
 
   describe '#credentials' do
@@ -463,6 +471,22 @@ describe OmniAuth::Strategies::Facebook do
         result.expires_at.should eq(@payload['expires'])
       end
     end
+
+    describe 'params contain an access token string' do
+      before do
+        @request.stub(:params) do
+          { 'access_token' => 'm4c0d3z' }
+        end
+
+        subject.stub(:callback_url) { '/' }
+      end
+
+      it 'returns a new access token' do
+        result = subject.build_access_token
+        result.should be_an_instance_of(::OAuth2::AccessToken)
+        result.token.should eq('m4c0d3z')
+      end
+    end
   end
 
 private

data/spec/support/shared_examples.rb

@@ -19,6 +19,11 @@ shared_examples 'an oauth2 strategy' do
       subject.authorize_params['scope'].should eq('bar')
       subject.authorize_params['foo'].should eq('baz')
     end
+    
+    it 'should exclude top-level options that are not passed' do
+      @options = { :authorize_options => [:bar] }
+      subject.authorize_params.should_not have_keys(:bar, 'bar')
+    end
   end
 
   describe '#token_params' do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-facebook
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-05 00:00:00.000000000 Z
+date: 2012-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2