omniauth-facebook 9.0.0 → 10.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b51f78b3013a92af5b911a3eb98f86685a0cc16c8d2922ef0fb273aa8dae6cea
-  data.tar.gz: f7ff402165f1f8e0d1e1ef88e212f8bd7e30e0a3a291de125b4f8f1907e0554a
+  metadata.gz: 0a121c1f37d032c1669ec67eb4cd7629f569dfc063e69f054a776a80b68409eb
+  data.tar.gz: 5b38258394e3cac9e7579ccb5bbe2af62034965ab870739fcf7e94800cb614be
 SHA512:
-  metadata.gz: 3d5d625cc5b137e56479f15be3dbb3cf7bc0bf201c27e31c79807d443a09ae6c158b158ef193645e297058ae3064e64cbee6202ba13ee4abef462fb9357f17f1
-  data.tar.gz: d13123c4ca19743aa01821339e1ab44b083c5611b5a3a3b876a07e97cecf7dfa9aeba4e80aa030d399ec8430455aba2ca33857458c85a37f64bbe14d64743a54
+  metadata.gz: '00297b6593b4a91e1738df9d6af7bb9252ca8404fb0ed0d269580337557f9f777a43fc121abbca9627bb83f085e6f7192eee8e959876c5a158b0bdb925831983'
+  data.tar.gz: e8029bc7178ec6675393f7689de9c531977981e5f5b589be5ad5238d78f01a8a1bec93a539cbcac490ac91d62f3a0270336bfaddc9a5c3cf924fe95711a2abbe

data/.github/workflows/ci.yml

@@ -4,25 +4,22 @@ on: [push, pull_request]
 
 jobs:
   test:
-    runs-on: ${{ matrix.os }}-latest
+    runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        os:
-          - ubuntu
         ruby:
-          - "2.5"
-          - "2.6"
-          - "2.7"
           - "3.0"
+          - "3.1"
+          - "3.2"
+          - "3.3"
+          - head
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
-    - name: Install dependencies
-      run: bundle install
+        bundler-cache: true # 'bundle install' and cache
     - name: Run tests
       run: bundle exec rake

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 10.0.0 (2024-05-23)
+
+Changes:
+
+  - bumped version of FB Graph API to v19.0
+
 ## 9.0.0 (2021-10-25)
 
 Changes:

data/README.md

@@ -39,7 +39,9 @@ You can configure several options, which you pass in to the `provider` method vi
 Option name | Default | Explanation
 --- | --- | ---
 `scope` | `email` | A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: https://developers.facebook.com/docs/reference/login/
-`display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
+`display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and 
+`config_id` |  | The configuration ID to use for a System User access token with Facebook Login for Business. Read the Facebook docs for more details: https://developers.facebook.com/docs/facebook-login/facebook-login-for-business#invoke-a--login-dialog
+`touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
 `image_size` | `square` | Set the size for the returned image url in the auth hash. Valid options include `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Additionally, you can request a picture of a specific size by setting this option to a hash with `:width` and `:height` as keys. This will return an available profile picture closest to the requested size and requested aspect ratio. If only `:width` or `:height` is specified, we will return a picture whose width or height is closest to the requested size, respectively.
 `info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
 `locale` |  | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
@@ -58,21 +60,21 @@ end
 
 ### API Version
 
-OmniAuth Facebook uses versioned API endpoints by default (current v5.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v7.0 (assuming that exists):
+OmniAuth Facebook uses versioned API endpoints by default (current v19.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v20.0 (assuming that exists):
 
 ```ruby
 use OmniAuth::Builder do
   provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
     client_options: {
-      site: 'https://graph.facebook.com/v7.0',
-      authorize_url: "https://www.facebook.com/v7.0/dialog/oauth"
+      site: 'https://graph.facebook.com/v20.0',
+      authorize_url: "https://www.facebook.com/v20.0/dialog/oauth"
     }
 end
 ```
 
 ### Per-Request Options
 
-If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.
+If you want to set the `display` format, `auth_type`, `scope` or `config_id` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup`, `/auth/facebook?scope=email` or `/auth/facebook?config_id=001`.
 
 ## Auth Hash
 
@@ -152,7 +154,7 @@ If you use the server-side flow, Facebook will give you back a longer lived acce
 
 ## Supported Rubies
 
-- Ruby MRI (2.5, 2.6, 2.7, 3.0)
+- Ruby MRI (3.0, 3.1, 3.2 and 3.3)
 
 ## License
 

data/lib/omniauth/facebook/signed_request.rb

@@ -28,7 +28,7 @@ module OmniAuth
         return if signature.nil?
 
         decoded_hex_signature = base64_decode_url(signature)
-        decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
+        decoded_payload = JSON.parse(base64_decode_url(encoded_payload))
 
         unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
           raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = '9.0.0'
+    VERSION = '10.0.0'
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -10,7 +10,7 @@ module OmniAuth
       class NoAuthorizationCodeError < StandardError; end
 
       DEFAULT_SCOPE = 'email'
-      DEFAULT_FACEBOOK_API_VERSION = 'v5.0'.freeze
+      DEFAULT_FACEBOOK_API_VERSION = 'v19.0'.freeze
 
       option :client_options, {
         site: "https://graph.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}",
@@ -25,7 +25,7 @@ module OmniAuth
 
       option :authorization_code_from_signed_request_in_cookie, nil
 
-      option :authorize_options, [:scope, :display, :auth_type]
+      option :authorize_options, [:scope, :display, :auth_type, :config_id]
 
       option :secure_image_url, true
 
@@ -85,7 +85,7 @@ module OmniAuth
           ''
         else
           # Fixes regression in omniauth-oauth2 v1.4.0 by https://github.com/intridea/omniauth-oauth2/commit/85fdbe117c2a4400d001a6368cc359d88f40abc7
-          options[:callback_url] || (full_host + script_name + callback_path)
+          options[:callback_url] || (full_host + callback_path)
         end
       end
 
@@ -93,13 +93,13 @@ module OmniAuth
         options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
       end
 
-      # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if you need to set them dynamically.
+      # You can pass +display+, +scope+, +auth_type+ or +config_id+ params to the auth request, if you need to set them dynamically.
       # You can also set these options in the OmniAuth config :authorize_params option.
       #
       # For example: /auth/facebook?display=popup
       def authorize_params
         super.tap do |params|
-          %w[display scope auth_type].each do |v|
+          %w[display scope auth_type config_id].each do |v|
             if request.params[v]
               params[v.to_sym] = request.params[v]
             end

data/omniauth-facebook.gemspec

@@ -16,7 +16,8 @@ Gem::Specification.new do |s|
   s.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   s.require_paths = ['lib']
 
-  s.add_runtime_dependency 'omniauth-oauth2', '~> 1.2'
+  s.add_runtime_dependency 'omniauth-oauth2', '>= 1.2', '< 3'
+  s.add_runtime_dependency 'bigdecimal'
 
   s.add_development_dependency 'minitest'
   s.add_development_dependency 'mocha'

data/test/helper.rb

@@ -1,6 +1,6 @@
 require 'bundler/setup'
 require 'minitest/autorun'
-require 'mocha/setup'
+require 'mocha/minitest'
 require 'omniauth/strategies/facebook'
 
 OmniAuth.config.test_mode = true

data/test/signed_request_test.rb

@@ -5,7 +5,7 @@ class SignedRequestTest < Minitest::Test
   def setup
     @value = fixture('signed_request.txt').strip
     @secret = "897z956a2z7zzzzz5783z458zz3z7556"
-    @expected_payload = MultiJson.decode(fixture('payload.json'))
+    @expected_payload = JSON.parse(fixture('payload.json'))
   end
 
   def test_signed_request_payload

data/test/strategy_test.rb

@@ -26,10 +26,11 @@ end
 class CallbackUrlTest < StrategyTestCase
   test "returns the default callback url (omitting querystring)" do
     url_base = 'http://auth.request.com'
+    script_name = '/script_name'
     @request.stubs(:url).returns("#{url_base}/some/page")
-    strategy.stubs(:script_name).returns('') # as not to depend on Rack env
+    strategy.stubs(:script_name).returns(script_name) # as not to depend on Rack env
     strategy.stubs(:query_string).returns('?foo=bar')
-    assert_equal "#{url_base}/auth/facebook/callback", strategy.callback_url
+    assert_equal "#{url_base}#{script_name}/auth/facebook/callback", strategy.callback_url
   end
 
   test "returns path from callback_path option (omitting querystring)" do
@@ -60,6 +61,12 @@ class AuthorizeParamsTest < StrategyTestCase
     assert_equal 'touch', strategy.authorize_params[:display]
   end
 
+  test 'includes config_id parameter from request when present' do
+    @request.stubs(:params).returns({ 'config_id' => '000111222' })
+    assert strategy.authorize_params.is_a?(Hash)
+    assert_equal '000111222', strategy.authorize_params[:config_id]
+  end
+
   test 'includes auth_type parameter from request when present' do
     @request.stubs(:params).returns({ 'auth_type' => 'reauthenticate' })
     assert strategy.authorize_params.is_a?(Hash)
@@ -427,7 +434,7 @@ end
 
 module SignedRequestHelpers
   def signed_request(payload, secret)
-    encoded_payload = base64_encode_url(MultiJson.encode(payload))
+    encoded_payload = base64_encode_url(JSON.dump(payload))
     encoded_signature = base64_encode_url(signature(encoded_payload, secret))
     [encoded_signature, encoded_payload].join('.')
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-facebook
 version: !ruby/object:Gem::Version
-  version: 9.0.0
+  version: 10.0.0
 platform: ruby
 authors:
 - Mark Dodwell
@@ -9,22 +9,42 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-25 00:00:00.000000000 Z
+date: 2024-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -117,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.22
+rubygems_version: 3.4.0.dev
 signing_key:
 specification_version: 4
 summary: Facebook OAuth2 Strategy for OmniAuth