omniauth-facebook 3.0.0 → 4.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 224e91c8d4a4c7c48c231c2f78984cd0cfe1c307
-  data.tar.gz: 49914f654b85df17a35c191dc7e9ee34cebf596f
+  metadata.gz: b471d95eff279be1902d7aab1ea9762d8388112f
+  data.tar.gz: 8fd01eb76108e6d05bd9ef3585ad8fb505d6327e
 SHA512:
-  metadata.gz: d3ad4f0e61e6b00294a12e80a8d389b58c7230797fe3617585fdf4d39c9dd0da2481d1fb1da476543a3e14c5bb42891d70cadd98f540a0c1ec859237581fcc9b
-  data.tar.gz: e980bb1e8a8fd53bd844ad8b8d41c20be01eb3ada85322748c29e1cf68e24f99e137d1719b69f047dcea53646f85ce96f9bfb16fa0237ddc5d494c5dd4ecb4b8
+  metadata.gz: bc918011a72744c646376fb16e499ed9333552c906899e9433d73244b75bd272a17c5020958de2f311301a449b0035685d8c3a1123207ae8dc8be49352b43392
+  data.tar.gz: 35e6d31f3a277fe98d6c3454f6c7d0306d9a4c62deaacd767804bdec69be576bdbcc35597bf5280212cedab657bd944e96e8f376663ecae74d5114ab80f7a850

data/.gitignore

@@ -4,6 +4,6 @@
 /Gemfile.lock
 pkg/*
 .powenv
+.powder
 tmp
 bin
-example/app.log

data/.travis.yml

@@ -1,16 +1,12 @@
 before_install:
   - gem update bundler
   - bundle --version
-  - gem update --system 2.1.11
+  - gem update --system
   - gem --version
 rvm:
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-  - 2.0.0
+  - 2.2
   - 2.1
-  - jruby
-  - rbx
-matrix:
-  allow_failures:
-    - rvm: rbx
+  - 2.0
+  - 1.9.3
+  - jruby-19mode
+  - rbx-2

data/CHANGELOG.md

@@ -1,29 +1,39 @@
+## 4.0.0 (Unreleased)
+
+Changes:
+
+  - drop support for Ruby < 1.9.3 (@mkdynamic)
+  - switch to versioned FB APIs, currently using v2.6 (#245, @printercu, @mkdynamic)
+  - remove deprecated :nickname field from README example (#223, @abelorian)
+  - add Ruby 2.2 to CI (#225, @tricknotes, @mkdynamic)
+  - update example app (@mkynamic)
+
 ## 3.0.0 (2015-10-26)
 
 Changes:
 
- - Remove query string from redirect_uri on callback by default (#221, @gioblu)
- - Signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
- - Change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
+  - remove query string from redirect_uri on callback by default (#221, @gioblu)
+  - signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
+  - change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
 
 ## 2.0.1 (2015-02-21)
 
 Bugfixes:
 
- - Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
- - Allow the image_size option to be set as a symbol. (#182, @jgrau)
+  - allow versioning by not forcing absolute path for graph requests (#180, @frausto)
+  - allow the image_size option to be set as a symbol. (#182, @jgrau)
 
 ## 2.0.0 (2014-08-07)
 
 Changes:
 
- - remove support for canvas app flow (765ed9, @mkdynamic)
+  - remove support for canvas app flow (765ed9, @mkdynamic)
 
 Bugfixes:
 
- - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
- - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
- - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
+  - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
+  - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
+  - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
 
 ## 1.6.0 (2014-01-13)
 

data/README.md

@@ -1,11 +1,5 @@
-**IMPORTANT: If you're running < 1.5.1, please upgrade to the latest version to address 3 security vulnerabilities.
-More details [here](https://github.com/mkdynamic/omniauth-facebook/wiki/CSRF-vulnerability:-CVE-2013-4562), [here](https://github.com/mkdynamic/omniauth-facebook/wiki/Access-token-vulnerability:-CVE-2013-4593) and [here](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6134).**
-
----
-
 # OmniAuth Facebook &nbsp;[![Build Status](https://secure.travis-ci.org/mkdynamic/omniauth-facebook.svg?branch=master)](https://travis-ci.org/mkdynamic/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
 
-
 **These notes are based on master, please see tags for README pertaining to specific releases.**
 
 Facebook OAuth2 Strategy for OmniAuth.
@@ -56,23 +50,24 @@ For example, to request `email`, `user_birthday` and `read_stream` permissions a
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
-           :scope => 'email,user_birthday,read_stream', :display => 'popup'
+           scope: 'email,user_birthday,read_stream', display: 'popup'
 end
 ```
 
 ### API Version
 
-OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
+OmniAuth Facebook uses versioned API endpoints by default (current v2.6). You can configure a different version via `client_options` hash passed to `provider`. For example:
 
 ```ruby
 use OmniAuth::Builder do
   provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
-    :client_options => {
-      :site => 'https://graph.facebook.com/v2.0',
-      :authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
+    client_options: {
+      site: 'https://graph.facebook.com/v2.6',
+      authorize_url: "https://www.facebook.com/v2.6/dialog/oauth"
     }
 end
 ```
+
 ### Per-Request Options
 
 If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.
@@ -83,39 +78,38 @@ Here's an example *Auth Hash* available in `request.env['omniauth.auth']`:
 
 ```ruby
 {
-  :provider => 'facebook',
-  :uid => '1234567',
-  :info => {
-    :nickname => 'jbloggs',
-    :email => 'joe@bloggs.com',
-    :name => 'Joe Bloggs',
-    :first_name => 'Joe',
-    :last_name => 'Bloggs',
-    :image => 'http://graph.facebook.com/1234567/picture?type=square',
-    :urls => { :Facebook => 'http://www.facebook.com/jbloggs' },
-    :location => 'Palo Alto, California',
-    :verified => true
+  provider: 'facebook',
+  uid: '1234567',
+  info: {
+    email: 'joe@bloggs.com',
+    name: 'Joe Bloggs',
+    first_name: 'Joe',
+    last_name: 'Bloggs',
+    image: 'http://graph.facebook.com/1234567/picture?type=square',
+    urls: { Facebook: 'http://www.facebook.com/jbloggs' },
+    location: 'Palo Alto, California',
+    verified: true
   },
-  :credentials => {
-    :token => 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
-    :expires_at => 1321747205, # when the access token expires (it always will)
-    :expires => true # this will always be true
+  credentials: {
+    token: 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
+    expires_at: 1321747205, # when the access token expires (it always will)
+    expires: true # this will always be true
   },
-  :extra => {
-    :raw_info => {
-      :id => '1234567',
-      :name => 'Joe Bloggs',
-      :first_name => 'Joe',
-      :last_name => 'Bloggs',
-      :link => 'http://www.facebook.com/jbloggs',
-      :username => 'jbloggs',
-      :location => { :id => '123456789', :name => 'Palo Alto, California' },
-      :gender => 'male',
-      :email => 'joe@bloggs.com',
-      :timezone => -8,
-      :locale => 'en_US',
-      :verified => true,
-      :updated_time => '2011-11-11T06:21:03+0000'
+  extra: {
+    raw_info: {
+      id: '1234567',
+      name: 'Joe Bloggs',
+      first_name: 'Joe',
+      last_name: 'Bloggs',
+      link: 'http://www.facebook.com/jbloggs',
+      username: 'jbloggs',
+      location: { id: '123456789', name: 'Palo Alto, California' },
+      gender: 'male',
+      email: 'joe@bloggs.com',
+      timezone: -8,
+      locale: 'en_US',
+      verified: true,
+      updated_time: '2011-11-11T06:21:03+0000'
     }
   }
 }
@@ -157,15 +151,9 @@ If you use the server-side flow, Facebook will give you back a longer lived acce
 
 ## Supported Rubies
 
-Actively tested with the following Ruby versions:
-
-- MRI 2.1.0
-- MRI 2.0.0
-- MRI 1.9.3
-- MRI 1.9.2
-- MRI 1.8.7
-- JRuby 1.7.9
-- Rubinius (latest stable)
+- Ruby MRI (1.9.3+)
+- JRuby (1.9 mode)
+- RBX (2.1.1+)
 
 ## License
 
@@ -176,6 +164,3 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/mkdynamic/omniauth-facebook/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

data/Rakefile

@@ -6,4 +6,4 @@ Rake::TestTask.new do |task|
   task.test_files = FileList['test/*_test.rb']
 end
 
-task :default => :test
+task default: :test

data/example/Gemfile

@@ -2,4 +2,4 @@ source 'https://rubygems.org'
 
 gem 'sinatra'
 gem 'sinatra-reloader'
-gem 'omniauth-facebook', :path => '../'
+gem 'omniauth-facebook', path: '../'

data/example/Gemfile.lock

@@ -1,53 +1,51 @@
 PATH
   remote: ../
   specs:
-    omniauth-facebook (2.0.0)
+    omniauth-facebook (3.0.0)
       omniauth-oauth2 (~> 1.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    backports (3.3.5)
-    faraday (0.9.0)
+    backports (3.6.8)
+    faraday (0.9.2)
       multipart-post (>= 1.2, < 3)
-    hashie (3.2.0)
-    jwt (1.0.0)
-    multi_json (1.8.2)
+    hashie (3.4.4)
+    jwt (1.5.1)
+    multi_json (1.12.1)
     multi_xml (0.5.5)
     multipart-post (2.0.0)
-    oauth2 (1.0.0)
+    oauth2 (1.1.0)
       faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+      jwt (~> 1.0, < 1.5.2)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
+      rack (>= 1.2, < 3)
+    omniauth (1.3.1)
       hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
+      rack (>= 1.0, < 3)
+    omniauth-oauth2 (1.4.0)
       oauth2 (~> 1.0)
       omniauth (~> 1.2)
-    rack (1.5.2)
-    rack-protection (1.5.1)
+    rack (1.6.4)
+    rack-protection (1.5.3)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
-    sinatra (1.4.4)
-      rack (~> 1.4)
+    sinatra (1.4.7)
+      rack (~> 1.5)
       rack-protection (~> 1.4)
-      tilt (~> 1.3, >= 1.3.4)
-    sinatra-contrib (1.4.2)
+      tilt (>= 1.3, < 3)
+    sinatra-contrib (1.4.7)
       backports (>= 2.0)
       multi_json
       rack-protection
       rack-test
       sinatra (~> 1.4.0)
-      tilt (~> 1.3)
+      tilt (>= 1.3, < 3)
     sinatra-reloader (1.0)
       sinatra-contrib
-    tilt (1.4.1)
+    tilt (2.0.5)
 
 PLATFORMS
   ruby
@@ -56,3 +54,6 @@ DEPENDENCIES
   omniauth-facebook!
   sinatra
   sinatra-reloader
+
+BUNDLED WITH
+   1.12.5

data/example/app.rb

@@ -6,88 +6,80 @@ require 'yaml'
 set :run, false
 set :raise_errors, true
 
-# setup logging to file
-log = File.new("app.log", "a+")
-$stdout.reopen(log)
-$stderr.reopen(log)
-$stderr.sync = true
-$stdout.sync = true
-
-# server-side flow
+# REQUEST STEP (server-side flow)
 get '/server-side' do
-  # NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is just here to
-  #       explicit declare this server-side flow.
+  # NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is
+  #       just here to explicit declare this server-side flow.
   redirect '/auth/facebook'
 end
 
-# client-side flow
+# REQUEST STEP (client-side flow)
 get '/client-side' do
   content_type 'text/html'
-  # NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback will send a signed
-  #       request in a cookie back the OmniAuth callback which will parse out the authorization code and obtain an
-  #       access_token with it.
-  <<-END
+  # NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback
+  #       will send a signed request in a cookie back the OmniAuth callback which will parse out the
+  #       authorization code and obtain an access_token with it.
+  <<-HTML
     <html>
     <head>
       <title>Client-side Flow Example</title>
-      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
-    </head>
-    <body>
-      <div id="fb-root"></div>
-
+      <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js" type="text/javascript"></script>
       <script type="text/javascript">
         window.fbAsyncInit = function() {
           FB.init({
-            appId  : '#{ENV['APP_ID']}',
-            status : true, // check login status
-            cookie : true, // enable cookies to allow the server to access the session
-            xfbml  : true  // parse XFBML
+            appId: '#{ENV['APP_ID']}',
+            version: 'v2.6',
+            cookie: true // IMPORTANT must enable cookies to allow the server to access the session
           });
+          console.log("fb init");
         };
 
-        (function(d) {
-          var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
-          js = d.createElement('script'); js.id = id; js.async = true;
-          js.src = "//connect.facebook.net/en_US/all.js";
-          d.getElementsByTagName('head')[0].appendChild(js);
-        }(document));
-
-        $(function() {
-          $('a').click(function(e) {
-            e.preventDefault();
-
-            FB.login(function(response) {
-              if (response.authResponse) {
-                $('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
-
-                // since we have cookies enabled, this request will allow omniauth to parse
-                // out the auth code from the signed request in the fbsr_XXX cookie
-                $.getJSON('/auth/facebook/callback', function(json) {
-                  $('#connect').html('Connected! Callback complete.');
-                  $('#results').html(JSON.stringify(json));
-                });
-              }
-            }, { scope: 'email,read_stream', state: 'abc123' });
-          });
-        });
+        (function(d, s, id){
+           var js, fjs = d.getElementsByTagName(s)[0];
+           if (d.getElementById(id)) {return;}
+           js = d.createElement(s); js.id = id;
+           js.src = "//connect.facebook.net/en_US/sdk.js";
+           fjs.parentNode.insertBefore(js, fjs);
+         }(document, 'script', 'facebook-jssdk'));
       </script>
+    </head>
+    <body>
+      <div id="fb-root"></div>
 
       <p id="connect">
         <a href="#">Connect to FB!</a>
       </p>
 
       <p id="results" />
+
+      <script type="text/javascript">
+        $('a').click(function(e) {
+          e.preventDefault();
+
+          FB.login(function(response) {
+            console.log(response);
+            if (response.authResponse) {
+              $('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
+
+              // since we have cookies enabled, this request will allow omniauth to parse
+              // out the auth code from the signed request in the fbsr_XXX cookie
+              $.getJSON('/auth/facebook/callback', function(json) {
+                $('#connect').html('Connected! Callback complete.');
+                $('#results').html(JSON.stringify(json));
+              });
+            }
+          }); // if you want custom scopes, pass them as an extra, final argument to FB.login
+        });
+      </script>
     </body>
     </html>
-  END
+  HTML
 end
 
+# CALLBACK STEP
+# - redirected here for server-side flow
+# - ajax request made here for client-side flow
 get '/auth/:provider/callback' do
   content_type 'application/json'
   MultiJson.encode(request.env)
 end
-
-get '/auth/failure' do
-  content_type 'application/json'
-  MultiJson.encode(request.env)
-end

data/example/config.ru

@@ -2,10 +2,10 @@ require 'bundler/setup'
 require 'omniauth-facebook'
 require './app.rb'
 
-use Rack::Session::Cookie, :secret => 'abc123'
+use Rack::Session::Cookie, secret: 'abc123'
 
 use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'], :scope => 'email,read_stream'
+  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET']
 end
 
 run Sinatra::Application

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "3.0.0"
+    VERSION = "4.0.0.rc1"
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -12,18 +12,14 @@ module OmniAuth
       DEFAULT_SCOPE = 'email'
 
       option :client_options, {
-        :site => 'https://graph.facebook.com',
-        :authorize_url => "https://www.facebook.com/dialog/oauth",
-        :token_url => 'oauth/access_token'
-      }
-
-      option :token_params, {
-        :parse => :query
+        site: 'https://graph.facebook.com/v2.6',
+        authorize_url: "https://www.facebook.com/v2.6/dialog/oauth",
+        token_url: 'oauth/access_token'
       }
 
       option :access_token_options, {
-        :header_format => 'OAuth %s',
-        :param_name => 'access_token'
+        header_format: 'OAuth %s',
+        param_name: 'access_token'
       }
 
       option :authorize_options, [:scope, :display, :auth_type]
@@ -59,11 +55,11 @@ module OmniAuth
       end
 
       def info_options
-        params = {:appsecret_proof => appsecret_proof}
-        params.merge!({:fields => (options[:info_fields] || 'name,email')})
-        params.merge!({:locale => options[:locale]}) if options[:locale]
+        params = {appsecret_proof: appsecret_proof}
+        params.merge!({fields: (options[:info_fields] || 'name,email')})
+        params.merge!({locale: options[:locale]}) if options[:locale]
 
-        { :params => params }
+        { params: params }
       end
 
       def callback_phase
@@ -162,10 +158,10 @@ module OmniAuth
       def image_url(uid, options)
         uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
         site_uri = URI.parse(client.site)
-        url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
+        url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
 
         query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
-          { :type => options[:image_size] }
+          { type: options[:image_size] }
         elsif options[:image_size].is_a?(Hash)
           options[:image_size]
         end

data/test/strategy_test.rb

@@ -9,15 +9,15 @@ end
 
 class ClientTest < StrategyTestCase
   test 'has correct Facebook site' do
-    assert_equal 'https://graph.facebook.com', strategy.client.site
+    assert_equal 'https://graph.facebook.com/v2.6', strategy.client.site
   end
 
   test 'has correct authorize url' do
-    assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
+    assert_equal 'https://www.facebook.com/v2.6/dialog/oauth', strategy.client.options[:authorize_url]
   end
 
   test 'has correct token url with versioning' do
-    @options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
+    @options = {client_options: {site: 'https://graph.facebook.net/v2.2'}}
     assert_equal 'oauth/access_token', strategy.client.options[:token_url]
     assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
   end
@@ -33,7 +33,7 @@ class CallbackUrlTest < StrategyTestCase
   end
 
   test "returns path from callback_path option (omitting querystring)" do
-    @options = { :callback_path => "/auth/FB/done"}
+    @options = { callback_path: "/auth/FB/done"}
     url_base = 'http://auth.request.com'
     @request.stubs(:url).returns("#{url_base}/page/path")
     strategy.stubs(:script_name).returns('') # as not to depend on Rack env
@@ -43,7 +43,7 @@ class CallbackUrlTest < StrategyTestCase
 
   test "returns url from callback_url option" do
     url = 'https://auth.myapp.com/auth/fb/callback'
-    @options = { :callback_url => url }
+    @options = { callback_url: url }
     assert_equal url, strategy.callback_url
   end
 end
@@ -73,12 +73,6 @@ class AuthorizeParamsTest < StrategyTestCase
   end
 end
 
-class TokeParamsTest < StrategyTestCase
-  test 'has correct parse strategy' do
-    assert_equal :query, strategy.token_params[:parse]
-  end
-end
-
 class AccessTokenOptionsTest < StrategyTestCase
   test 'has correct param name by default' do
     assert_equal 'access_token', strategy.access_token_options[:param_name]
@@ -102,40 +96,40 @@ end
 
 class InfoTest < StrategyTestCase
   test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
-    @options = { :secure_image_url => true }
+    @options = { secure_image_url: true }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
+    assert_equal 'https://graph.facebook.com/v2.6/321/picture', strategy.info['image']
   end
 
   test 'returns the image_url based of the client site' do
-    @options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
+    @options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
     assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
   end
 
   test 'returns the image with size specified in the `image_size` option' do
-    @options = { :image_size => 'normal' }
+    @options = { image_size: 'normal' }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
   end
 
   test 'returns the image with size specified as a symbol in the `image_size` option' do
-    @options = { :image_size => :normal }
+    @options = { image_size: :normal }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
   end
 
   test 'returns the image with width and height specified in the `image_size` option' do
-    @options = { :image_size => { :width => 123, :height => 987 } }
+    @options = { image_size: { width: 123, height: 987 } }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
     assert_match 'width=123', strategy.info['image']
     assert_match 'height=987', strategy.info['image']
-    assert_match 'http://graph.facebook.com/321/picture?', strategy.info['image']
+    assert_match 'http://graph.facebook.com/v2.6/321/picture?', strategy.info['image']
   end
 end
 
@@ -182,7 +176,7 @@ class InfoTestOptionalDataPresent < StrategyTestCase
 
   test 'returns the facebook avatar url' do
     @raw_info['id'] = '321'
-    assert_equal 'http://graph.facebook.com/321/picture', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v2.6/321/picture', strategy.info['image']
   end
 
   test 'returns the Facebook link as the Facebook url' do
@@ -261,39 +255,39 @@ class RawInfoTest < StrategyTestCase
     super
     @access_token = stub('OAuth2::AccessToken')
     @appsecret_proof = 'appsecret_proof'
-    @options = {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}
+    @options = {appsecret_proof: @appsecret_proof, fields: 'name,email'}
   end
 
-  test 'performs a GET to https://graph.facebook.com/me' do
+  test 'performs a GET to https://graph.facebook.com/v2.6/me' do
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     strategy.stubs(:access_token).returns(@access_token)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with locale' do
-    @options.merge!({ :locale => 'cs_CZ' })
+  test 'performs a GET to https://graph.facebook.com/v2.6/me with locale' do
+    @options.merge!({ locale: 'cs_CZ' })
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with info_fields' do
-    @options.merge!({:info_fields => 'about'})
+  test 'performs a GET to https://graph.facebook.com/v2.6/me with info_fields' do
+    @options.merge!({info_fields: 'about'})
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
+    params = {params: {appsecret_proof: @appsecret_proof, fields: 'about'}}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with default info_fields' do
+  test 'performs a GET to https://graph.facebook.com/v2.6/me with default info_fields' do
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}}
+    params = {params: {appsecret_proof: @appsecret_proof, fields: 'name,email'}}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
@@ -306,7 +300,7 @@ class RawInfoTest < StrategyTestCase
     raw_response.stubs(:status).returns(200)
     raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
     oauth2_response = OAuth2::Response.new(raw_response)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal 'thar', strategy.raw_info['ohai']
@@ -315,16 +309,16 @@ class RawInfoTest < StrategyTestCase
   test 'returns an empty hash when the response is false' do
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    oauth2_response = stub('OAuth2::Response', :parsed => false)
-    params = {:params => @options}
+    oauth2_response = stub('OAuth2::Response', parsed: false)
+    params = {params: @options}
     @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal({}, strategy.raw_info)
   end
 
   test 'should not include raw_info in extras hash when skip_info is specified' do
-    @options = { :skip_info => true }
-    strategy.stubs(:raw_info).returns({:foo => 'bar' })
+    @options = { skip_info: true }
+    strategy.stubs(:raw_info).returns({foo: 'bar' })
     refute_has_key 'raw_info', strategy.extra
   end
 end

data/test/support/shared_examples.rb

@@ -13,7 +13,7 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should be initialized with symbolized client_options' do
-      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      @options = { client_options: { 'authorize_url' => 'https://example.com' } }
       assert_equal 'https://example.com', strategy.client.options[:authorize_url]
     end
   end
@@ -22,19 +22,19 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should include any authorize params passed in the :authorize_params option' do
-      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      @options = { authorize_params: { foo: 'bar', baz: 'zip' } }
       assert_equal 'bar', strategy.authorize_params['foo']
       assert_equal 'zip', strategy.authorize_params['baz']
     end
 
     test 'should include top-level options that are marked as :authorize_options' do
-      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      @options = { authorize_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
       assert_equal 'bar', strategy.authorize_params['scope']
       assert_equal 'baz', strategy.authorize_params['foo']
     end
     
     test 'should exclude top-level options that are not passed' do
-      @options = { :authorize_options => [:bar] }
+      @options = { authorize_options: [:bar] }
       refute_has_key :bar, strategy.authorize_params
       refute_has_key 'bar', strategy.authorize_params
     end
@@ -51,7 +51,7 @@ module OAuth2StrategyTests
     end
 
     test 'should not store state in the session when present in authorize params vs. a random one' do
-      @options = { :authorize_params => { :state => 'bar' } }
+      @options = { authorize_params: { state: 'bar' } }
       refute_empty strategy.authorize_params['state']
       refute_equal 'bar', strategy.authorize_params[:state]
       refute_empty strategy.session['omniauth.state']
@@ -71,13 +71,13 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should include any authorize params passed in the :token_params option' do
-      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      @options = { token_params: { foo: 'bar', baz: 'zip' } }
       assert_equal 'bar', strategy.token_params['foo']
       assert_equal 'zip', strategy.token_params['baz']
     end
 
     test 'should include top-level options that are marked as :token_options' do
-      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      @options = { token_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
       assert_equal 'bar', strategy.token_params['scope']
       assert_equal 'baz', strategy.token_params['foo']
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-facebook
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 4.0.0.rc1
 platform: ruby
 authors:
 - Mark Dodwell
@@ -9,62 +9,62 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-27 00:00:00.000000000 Z
+date: 2016-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -75,8 +75,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - README.md
@@ -107,17 +107,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Facebook OAuth2 Strategy for OmniAuth