rack_facebook_connect 0.0.1

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,22 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC
+/live

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Michael Bleigh
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,103 @@
+= Rack::FacebookConnect
+
+This is a Rack middleware to provide as simple as possible Facebook Connect functionality to Rack apps. It is built to be as simple and
+unobtrusive as possible and mimic the kinds of authentication flows more common with other SSO providers such as OpenID or OAuth.
+
+== Installation
+
+Rack::FacebookConnect is available as a RubyGem:
+
+    gem install rack_facebook_connect
+    
+== Application Setup
+
+To use Rack::Facebook connect you will need to install it as a middleware in your Rack application. You will also need to set up a Facebook application for yourself with appropriate credentials in the Connect settings panel for your application.
+
+=== Rails 2.3-2.X
+
+To use Rack::FacebookConnect in your Rails 2.X application you need to add it to your gems and middlewares. In <tt>environment.rb</tt> do the following:
+
+    config.gem 'rack_facebook_connect'
+    config.middleware.use 'Rack::FacebookConnect', 'your_api_key', 'your_api_secret'
+    
+=== Rails 3
+
+In Rails 3.0 you simply need to add the middleware to your Gemfile and the provided <tt>config.ru</tt> file before <tt>run YourApp::Application</tt>:
+
+    # in Gemfile
+    gem 'rack_facebook_connect'
+    
+    # in config.ru
+    use Rack::FacebookConnect 'your_api_key', 'your_api_secret'
+    
+== Sinatra
+
+In Sinatra you need to require the Rack::FacebookConnect file somehow (either through bundler or just <tt>require 'rack/facebook_connect'</tt> if you have RubyGems accessible) and then simply declare a "use" statement in your code before your DSL routes:
+
+    use Rack::FacebookConnect 'your_api_key', 'your_api_secret'
+    
+    get '/'
+      #...
+    end
+
+== Usage
+
+Once you've installed Rack::FacebookConnect as a middleware it will take care of many things for you. Rack::FacebookConnect handles:
+
+  1. Adding the required Javascript files to any HTML files rendered by your application to perform Facebook Connect actions.
+  2. Providing the cross-domain receiver file for Facebook's Javascript to bridge to your application.
+  3. A convenient method to perform an authentication 'callback' like with other systems.
+  
+Because of the Javascript Rack::FacebookConnect automatically injects into your site, you will be able to use XFBML, meaning that to provide a Facebook Connect login experience you simply need to add the following code to your application's HTML:
+
+    <fb:login-button onlogin='rack_fbconnect()'></fb:login-button>
+    
+This will render a Facebook Connect button that will prompt the user first to log into Facebook and then to grant access to your application for certain permissions. Once that is done, your user will be redirected to the callback URL.
+
+=== Callback
+
+Rack::FacebookConnect doesn't make assumptions about how you want to handle your user system. Instead, you simply need to provide some route on your application that responds to the path <tt>/auth/facebook/callback</tt>. This URL will be the destination of the redirect performed after authentication. On this URL Rack::FacebookConnect will modify the request parameters with an <tt>:auth</tt> key that provides information about the logged in user. So in Rails you could do something like this:
+
+    # in routes.rb
+    map.connect '/auth/facebook/callback', :controller => 'sessions', :action => 'fb_connect'
+    
+    # in app/controllers/sessions_controller.rb
+    class SessionsController < ApplicationController
+      def fb_connect
+        @user = User.find_by_facebook_uid(params[:auth][:user_id]) || 
+                User.create(:facebook_uid => params[:auth][:user_id],
+                            :name => params[:auth][:info][:name],
+                            :email => params[:auth][:info][:email])
+        session[:user_id] = @user.id
+        redirect_to root_path
+      end
+    end
+    
+Or if you're in Sinatra:
+
+    get '/auth/facebook/callback' do
+      @user = User.find_by_facebook_uid(params[:auth][:user_id]) || 
+              User.create(:facebook_uid => params[:auth][:user_id],
+                          :name => params[:auth][:info][:name],
+                          :email => params[:auth][:info][:email])
+      session[:user_id] = @user.id
+      redirect '/'
+    end
+
+== Gotchas
+
+* Facebook's privacy policy requires that any user information other that the UID be stored for no longer than 24 hours. This means to comply with this policy you will need to re-fetch user information daily by storing the user's session key and secret to make subsequent API calls.
+
+== Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+== Copyright
+
+Copyright (c) 2010 Michael Bleigh. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,46 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "rack_facebook_connect"
+    gem.summary = %Q{A Rack middleware for authentication via Facebook Connect.}
+    gem.description = %Q{A Rack middleware that tries to make FB Connect behave a little bit more like other identity providers such as OpenID and OAuth.}
+    gem.email = "michael@intridea.com"
+    gem.homepage = "http://github.com/intridea/rack_facebook_connect"
+    gem.authors = ["Michael Bleigh"]
+    gem.add_dependency 'mini_fb'
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "rack_facebook_connect #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/lib/rack/facebook_connect.rb

@@ -0,0 +1,108 @@
+require 'rack/facebook_connect/helpers'
+
+module Rack
+  class FacebookConnect
+    include Helpers
+    
+    # Initialize the Rack::FacebookConnect middleware. Requires
+    # a Facebook API key and secret and takes the following options:
+    #
+    # <tt>:permissions</tt> :: An array of Facebook extended permissions, defaults to <tt>%w(email offline_access)</tt>
+    # <tt>:get_info</tt> :: Boolean as to whether to fetch info about the user on login. Defaults to "true".
+    #
+    def initialize(app, api_key, api_secret, options = {})
+      @options = {
+        :permissions => %w(email offline_access),
+        :get_info => true
+      }.merge(options)
+      
+      @app = app
+      @api_key = api_key
+      @api_secret = api_secret
+    end
+    
+    def call(env)
+      dup._call(env)
+    end
+    
+    def _call(env) #:nodoc:
+      @env = env
+      @base_url = (request.scheme.downcase == 'https' ? 'https://ssl.connect.facebook.com' : 'http://static.ak.connect.facebook.com')
+      
+      case request.path
+        when "/auth/facebook/xd_receiver.html"
+          xd_receiver
+        when '/auth/facebook/callback'
+          perform_callback
+        else
+          inject_facebook
+      end
+    end
+    
+    def xd_receiver #:nodoc:
+      xd = <<-HTML
+      <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+      <html xmlns="http://www.w3.org/1999/xhtml" >
+      <head>
+          <title>Cross-Domain Receiver Page</title>
+      </head>
+      <body>
+          <script src="#{@base_url}/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
+      </body>
+      </html>
+      HTML
+      
+      Rack::Response.new(xd).finish
+    end
+    
+    def perform_callback #:nodoc:
+      request[:auth] = {
+        :provider => :facebook,
+        :user_id => request.cookies["#{@api_key}_user"],
+        :session => {
+          :key => request.cookies["#{@api_key}_session_key"],
+          :secret => request.cookies["#{@api_key}_ss"],
+          :expires => (Time.at(request.cookies["#{@api_key}_expires"].to_i) if request.cookies["#{@api_key}_expires"].to_i > 0)
+        }
+      }
+      
+      if @options[:get_info]
+        require 'mini_fb'
+        request[:auth][:info] = MiniFB.call(@api_key, @api_secret, "Users.getInfo", 'session_key' => request[:auth][:session][:key], 'uids' => request[:auth][:user_id], 'fields' => MiniFB::User.all_fields)[0]
+      end
+      
+      @app.call(@env)
+    end
+    
+    def inject_facebook #:nodoc:
+      status, headers, responses = @app.call(@env)
+      responses = Array(responses) unless responses.respond_to?(:each)
+
+      if headers["Content-Type"] =~ %r{(text/html)|(application/xhtml+xml)}
+        resp = []
+        responses.each do |r|
+          r.sub! /(<html[^\/>]*)>/i, '\1 xmlns:fb=\"http://www.facebook.com/2008/fbml\">'
+          r.sub! /(<body[^\/>]*)>/i, '\1><script src="' + @base_url + '/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script>'
+          r.sub! /<\/body>/i, <<-HTML
+            <script type="text/javascript">
+              FB.init("#{@api_key}", "/auth/facebook/xd_receiver.html");
+              function rack_fbconnect() {
+                FB.Connect.showPermissionDialog("#{Array(@options[:permissions]).join(',')}", function(perms) {
+                  if (perms) {
+                    window.location.href = '/auth/facebook/callback';
+                  } else {
+                    window.location.href = '/auth/facebook/callback?permissions=denied';
+                  }
+                });
+              }
+            </script></body>
+          HTML
+          resp << r
+        end
+      end
+      
+      Rack::Response.new(resp || responses, status, headers).finish
+    end
+  end
+end

data/lib/rack/facebook_connect/helpers.rb

@@ -0,0 +1,11 @@
+require 'digest/md5'
+
+module Rack
+  class FacebookConnect
+    module Helpers
+      def request #:nodoc:
+        @request ||= Rack::Request.new(@env)
+      end
+    end
+  end
+end

data/lib/rack_facebook_connect.rb

@@ -0,0 +1 @@
+require 'rack/facebook_connect'

data/rack_facebook_connect.gemspec

@@ -0,0 +1,60 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rack_facebook_connect}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Michael Bleigh"]
+  s.date = %q{2010-03-29}
+  s.description = %q{A Rack middleware that tries to make FB Connect behave a little bit more like other identity providers such as OpenID and OAuth.}
+  s.email = %q{michael@intridea.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "lib/rack/facebook_connect.rb",
+     "lib/rack/facebook_connect/helpers.rb",
+     "lib/rack_facebook_connect.rb",
+     "rack_facebook_connect.gemspec",
+     "spec/rack_facebook_connect_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/intridea/rack_facebook_connect}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.6}
+  s.summary = %q{A Rack middleware for authentication via Facebook Connect.}
+  s.test_files = [
+    "spec/rack_facebook_connect_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<mini_fb>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+    else
+      s.add_dependency(%q<mini_fb>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    end
+  else
+    s.add_dependency(%q<mini_fb>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+  end
+end
+

data/spec/rack_facebook_connect_spec.rb

@@ -0,0 +1,72 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+class TestApp < Sinatra::Base
+  get '/' do
+    '<html><head></head><body><fb:login-button onlogin="rack_fbconnect()"></fb:login-button></body></html>'
+  end
+  
+  get '/not-html.json' do
+    content_type :xml
+    '<html><head></head><body><fb:login-button></fb:login-button></body></html>'
+  end
+end
+
+def app
+  Rack::Builder.new {
+    use Rack::FacebookConnect, *(@params || ['my_app_key', 'my_app_secret'])
+    run TestApp
+  }.to_app
+end
+
+describe Rack::FacebookConnect do
+  after { @app = nil }
+  
+  context ' Javascript injection' do
+    it 'should inject the appropriate pieces' do
+      get '/'
+      last_response.body.should be_include('FB.init')
+      last_response.body.should be_include('FeatureLoader.js.php')
+      last_response.body.should be_include('xmlns:fb=\"http://www.facebook.com/2008/fbml\">')
+    end
+    
+    it 'should use SSL when appropriate' do
+      get '/', {}, {'rack.url_scheme' => 'https', 'HTTPS' => 'on'}
+      last_response.body.should be_include('https://ssl.connect.facebook.com')
+    end
+    
+    it 'should not use SSL when not appropriate' do
+      get '/'
+      last_response.body.should_not be_include('https://ssl.connect.facebook.com')
+    end
+    
+    it 'should not inject on non HTML datatypes' do
+      get '/not-html.json'
+      last_response.body.should_not be_include('FB.init')
+    end
+  end
+  
+  context ' /auth/facebook/xd_receiver' do
+    it 'should be at /auth/facebook/xd_receiver.html' do
+      get '/auth/facebook/xd_receiver.html'
+      last_response.body.should be_include('XdCommReceiver.js')
+    end
+    
+    it 'should use SSL when appropriate' do
+      get '/auth/facebook/xd_receiver.html', {}, {'rack.url_scheme' => 'https', 'HTTPS' => 'on'}
+      last_response.body.should be_include('https://ssl.connect.facebook.com')
+    end
+    
+    it 'should not use SSL when not appropriate' do
+      get '/auth/facebook/xd_receiver.html'
+      last_response.body.should_not be_include('https://ssl.connect.facebook.com')
+    end
+  end
+  
+  context ' /auth/facebook/callback' do
+    it 'should call to MiniFB' do
+      require 'mini_fb'
+      MiniFB.should_receive(:call).and_return({})
+      get '/auth/facebook/callback'
+    end
+  end
+end

data/spec/spec.opts

@@ -0,0 +1,3 @@
+--color
+--backtrace
+--format=specdoc

data/spec/spec_helper.rb

@@ -0,0 +1,15 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'rubygems'
+require 'spec'
+require 'spec/autorun'
+require 'sinatra'
+require 'rack/test'
+require 'rack/facebook_connect'
+
+include Rack::Test::Methods
+
+Spec::Runner.configure do |config|
+  
+end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification 
+name: rack_facebook_connect
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Michael Bleigh
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-03-29 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: mini_fb
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id002
+description: A Rack middleware that tries to make FB Connect behave a little bit more like other identity providers such as OpenID and OAuth.
+email: michael@intridea.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/rack/facebook_connect.rb
+- lib/rack/facebook_connect/helpers.rb
+- lib/rack_facebook_connect.rb
+- rack_facebook_connect.gemspec
+- spec/rack_facebook_connect_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/intridea/rack_facebook_connect
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: A Rack middleware for authentication via Facebook Connect.
+test_files: 
+- spec/rack_facebook_connect_spec.rb
+- spec/spec_helper.rb