omniauth-facebook 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 21b5442c102b231ee697de9a8d95fb9ecdb53476
-  data.tar.gz: 0a42a650390afaf5ee88aea41ccede4b4040d547
+  metadata.gz: 260633e199c78445cef2c7490799eccf267750cc
+  data.tar.gz: ae89d1f7b067443f94929e2a897686ef95f5adc6
 SHA512:
-  metadata.gz: 78b24d80af933ec0b43fb03c7baf5ef843cfdd7b0f1eead56d28b439c7c29e981b4a48a411ad771ccdc221d59474604b3d36dafae27817f721536458b28aa775
-  data.tar.gz: 5def7cc3f8ac36ae40d6242492f890e76bef0ac67aa6f0c6df6188f753148940de5baeee4b8640bc0c427ee34cf9c57965097ce17c2f56ff4ff3cccdf63bf816
+  metadata.gz: b89ed9dbbdf85294d20dbd318cd00f1120a0c6cabbc641c60e96cac5f864d31a2797c6108e5b2459d69c023f34be1e2ec58fcb958c9e51a55458d27775076909
+  data.tar.gz: 763264ae25e2c483f541cd8143d9a177c3ff5392fdc217c5b495c06e64242e9f7805266696670af94ff263cb321cc81f3659fb55240d5ae013528721f9aeefaf

data/CHANGELOG.md

@@ -1,8 +1,21 @@
+## 2.0.1 (2015-02-21)
+
+Bugfixes:
+
+ - Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
+ - Allow the image_size option to be set as a symbol. (#182, @jgrau)
+
 ## 2.0.0 (2014-08-07)
 
+Changes:
+
+ - remove support for canvas app flow (765ed9, @mkdynamic)
+
 Bugfixes:
 
  - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
+ - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
+ - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
 
 ## 1.6.0 (2014-01-13)
 

data/README.md

@@ -59,6 +59,19 @@ Rails.application.config.middleware.use OmniAuth::Builder do
 end
 ```
 
+### API Version
+
+OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
+
+```ruby
+use OmniAuth::Builder do
+  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
+    :client_options => {
+      :site => 'https://graph.facebook.com/v2.0',
+      :authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
+    }
+end
+```
 ### Per-Request Options
 
 If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.

data/example/Gemfile.lock

@@ -1,8 +1,8 @@
 PATH
   remote: ../
   specs:
-    omniauth-facebook (2.0.0.pre1)
-      omniauth-oauth2 (~> 1.1)
+    omniauth-facebook (2.0.0)
+      omniauth-oauth2 (~> 1.2)
 
 GEM
   remote: https://rubygems.org/
@@ -10,25 +10,24 @@ GEM
     backports (3.3.5)
     faraday (0.9.0)
       multipart-post (>= 1.2, < 3)
-    hashie (2.1.1)
-    jwt (0.1.13)
-      multi_json (>= 1.5)
+    hashie (3.2.0)
+    jwt (1.0.0)
     multi_json (1.8.2)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    oauth2 (0.9.3)
+    oauth2 (1.0.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 0.1.8)
+      jwt (~> 1.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (~> 1.2)
-    omniauth (1.2.1)
-      hashie (>= 1.2, < 3)
+    omniauth (1.2.2)
+      hashie (>= 1.2, < 4)
       rack (~> 1.0)
-    omniauth-oauth2 (1.1.2)
+    omniauth-oauth2 (1.2.0)
       faraday (>= 0.8, < 0.10)
       multi_json (~> 1.3)
-      oauth2 (~> 0.9.3)
+      oauth2 (~> 1.0)
       omniauth (~> 1.2)
     rack (1.5.2)
     rack-protection (1.5.1)

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "2.0.0"
+    VERSION = "2.0.1"
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -11,11 +11,12 @@ module OmniAuth
       class UnknownSignatureAlgorithmError < NotImplementedError; end
 
       DEFAULT_SCOPE = 'email'
+      SUPPORTED_ALGORITHM = 'HMAC-SHA256'
 
       option :client_options, {
         :site => 'https://graph.facebook.com',
         :authorize_url => "https://www.facebook.com/dialog/oauth",
-        :token_url => '/oauth/access_token'
+        :token_url => 'oauth/access_token'
       }
 
       option :token_params, {
@@ -56,7 +57,7 @@ module OmniAuth
       end
 
       def raw_info
-        @raw_info ||= access_token.get('/me', info_options).parsed || {}
+        @raw_info ||= access_token.get('me', info_options).parsed || {}
       end
 
       def info_options
@@ -74,7 +75,7 @@ module OmniAuth
       rescue NoAuthorizationCodeError => e
         fail!(:no_authorization_code, e)
       rescue UnknownSignatureAlgorithmError => e
-        fail!(:unknown_signature_algoruthm, e)
+        fail!(:unknown_signature_algorithm, e)
       end
 
       # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize
@@ -166,7 +167,7 @@ module OmniAuth
         decoded_hex_signature = base64_decode_url(signature)
         decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
 
-        unless decoded_payload['algorithm'] == 'HMAC-SHA256'
+        unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
           raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
         end
 
@@ -186,9 +187,10 @@ module OmniAuth
 
       def image_url(uid, options)
         uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
-        url = uri_class.build({:host => 'graph.facebook.com', :path => "/#{uid}/picture"})
+        site_uri = URI.parse(client.site)
+        url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
 
-        query = if options[:image_size].is_a?(String)
+        query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
           { :type => options[:image_size] }
         elsif options[:image_size].is_a?(Hash)
           options[:image_size]

data/test/test.rb

@@ -16,8 +16,10 @@ class ClientTest < StrategyTestCase
     assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
   end
 
-  test 'has correct token url' do
-    assert_equal '/oauth/access_token', strategy.client.options[:token_url]
+  test 'has correct token url with versioning' do
+    @options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
+    assert_equal 'oauth/access_token', strategy.client.options[:token_url]
+    assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
   end
 end
 
@@ -104,6 +106,13 @@ class InfoTest < StrategyTestCase
     assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
   end
 
+  test 'returns the image_url based of the client site' do
+    @options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
+  end
+
   test 'returns the image with size specified in the `image_size` option' do
     @options = { :image_size => 'normal' }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
@@ -111,6 +120,13 @@ class InfoTest < StrategyTestCase
     assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
   end
 
+  test 'returns the image with size specified as a symbol in the `image_size` option' do
+    @options = { :image_size => :normal }
+    raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+    strategy.stubs(:raw_info).returns(raw_info)
+    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+  end
+
   test 'returns the image with width and height specified in the `image_size` option' do
     @options = { :image_size => { :width => 123, :height => 987 } }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
@@ -250,7 +266,7 @@ class RawInfoTest < StrategyTestCase
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     strategy.stubs(:access_token).returns(@access_token)
     params = {:params => @options}
-    @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+    @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
@@ -259,7 +275,7 @@ class RawInfoTest < StrategyTestCase
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     params = {:params => @options}
-    @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+    @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
@@ -268,7 +284,7 @@ class RawInfoTest < StrategyTestCase
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
-    @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
+    @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
@@ -281,7 +297,7 @@ class RawInfoTest < StrategyTestCase
     raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
     oauth2_response = OAuth2::Response.new(raw_response)
     params = {:params => @options}
-    @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
+    @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal 'thar', strategy.raw_info['ohai']
   end
@@ -291,7 +307,7 @@ class RawInfoTest < StrategyTestCase
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     oauth2_response = stub('OAuth2::Response', :parsed => false)
     params = {:params => @options}
-    @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
+    @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal({}, strategy.raw_info)
   end
@@ -443,7 +459,7 @@ module SignedRequestTests
     end
 
     test 'calls fail! when a code is not included in the params' do
-      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
       strategy.callback_phase
     end
   end
@@ -462,7 +478,26 @@ module SignedRequestTests
     end
 
     test 'calls fail! when a code is not included in the cookie' do
-      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
+      strategy.callback_phase
+    end
+  end
+
+  class UnknownAlgorithmInCookieRequestTest < TestCase
+    def setup
+      super()
+      @payload = {
+        'algorithm' => 'UNKNOWN-ALGO',
+        'code' => nil,
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+    end
+
+    test 'calls fail! when an algorithm is unknown' do
+      strategy.expects(:fail!).times(1).with(:unknown_signature_algorithm, kind_of(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError))
       strategy.callback_phase
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-facebook
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Mark Dodwell
@@ -9,62 +9,62 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-07 00:00:00.000000000 Z
+date: 2015-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -75,8 +75,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - README.md
@@ -103,17 +103,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Facebook OAuth2 Strategy for OmniAuth