rest-core 0.2.3 → 0.3.0.pre.0

data/example/rails3/test/functional/application_controller_test.rb

@@ -0,0 +1,183 @@
+
+require 'test_helper'
+require 'webmock'
+
+WebMock.disable_net_connect!
+
+class ApplicationControllerTest < ActionController::TestCase
+  include WebMock::API
+
+  def setup
+    body = rand(2) == 0 ? '{"error":{"type":"OAuthException"}}' :
+                          '{"error_code":104}'
+
+    stub_request(:get, 'https://graph.facebook.com/me').
+      to_return(:body => body)
+  end
+
+  def teardown
+    WebMock.reset!
+  end
+
+  def assert_url expected
+    assert_equal(expected, normalize_url(assigns(:rc_facebook_authorize_url)))
+    if @response.status == 200 # js redirect
+      assert_equal(
+        expected,
+        normalize_url(
+          @response.body.match(/window\.top\.location\.href = '(.+?)'/)[1]))
+
+      assert_equal(
+        CGI.escapeHTML(expected),
+        normalize_url(
+          @response.body.match(/content="0;url=(.+?)"/)[1], '&amp;'))
+
+      assert_equal(
+        CGI.escapeHTML(expected),
+        normalize_url(
+          @response.body.match(/<a href="(.+?)" target="_top">/)[1], '&amp;'))
+    end
+  end
+
+  def test_index
+    get(:index)
+    assert_response :redirect
+
+    url = normalize_url(
+      'https://graph.facebook.com/oauth/authorize?client_id=123&' \
+      'scope=&redirect_uri=http%3A%2F%2Ftest.host%2F')
+
+    assert_url(url)
+  end
+
+  def test_canvas
+    get(:canvas)
+    assert_response :success
+
+    url = normalize_url(
+      'https://graph.facebook.com/oauth/authorize?client_id=123&' \
+      'scope=publish_stream&'                                     \
+      'redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fcan%2Fcanvas')
+
+    assert_url(url)
+  end
+
+  def test_diff_canvas
+    get(:diff_canvas)
+    assert_response :success
+
+    url = normalize_url(
+      'https://graph.facebook.com/oauth/authorize?client_id=123&' \
+      'scope=email&'                                              \
+      'redirect_uri=http%3A%2F%2Fapps.facebook.com%2FToT%2Fdiff_canvas')
+
+    assert_url(url)
+  end
+
+  def test_iframe_canvas
+    get(:iframe_canvas)
+    assert_response :success
+
+    url = normalize_url(
+      'https://graph.facebook.com/oauth/authorize?client_id=123&' \
+      'scope=&'                                                   \
+      'redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fzzz%2Fiframe_canvas')
+
+    assert_url(url)
+  end
+
+  def test_options
+    get(:options)
+    assert_response :redirect
+
+    url = normalize_url(
+      'https://graph.facebook.com/oauth/authorize?client_id=123&' \
+      'scope=bogus&'                                              \
+      'redirect_uri=http%3A%2F%2Ftest.host%2Foptions')
+
+    assert_url(url)
+  end
+
+  def test_protected
+    assert_nil @controller.public_methods.find{ |m| m.to_s =~ /^rest_graph/ }
+  end
+
+  def test_no_auto
+    get(:no_auto)
+    assert_response :success
+    assert_equal 'XD', @response.body
+  end
+
+  def test_app_id
+    get(:diff_app_id)
+    assert_response :success
+    assert_equal 'zzz', @response.body
+  end
+
+  def test_cache
+    WebMock.reset!
+    stub_request(:get, 'https://graph.facebook.com/cache').
+      to_return(:body => '{"message":"ok"}')
+
+    get(:cache)
+    assert_response :success
+    assert_equal '{"message":"ok"}', @response.body
+  end
+
+  def test_handler
+    WebMock.reset!
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=aloha').
+      to_return(:body => '["snowman"]')
+
+    Rails.cache[:fbs] = RestCore::Facebook.new(:access_token => 'aloha').fbs
+    get(:handler_)
+    assert_response :success
+    assert_equal '["snowman"]', @response.body
+  ensure
+    Rails.cache.clear
+  end
+
+  def test_session
+    WebMock.reset!
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=wozilla').
+      to_return(:body => '["fireball"]')
+
+    @request.session[RestCore::Facebook::RailsUtil.rc_facebook_storage_key] =
+      RestCore::Facebook.new(:access_token => 'wozilla').fbs
+
+    get(:session_)
+    assert_response :success
+    assert_equal '["fireball"]', @response.body
+  end
+
+  def test_cookies
+    WebMock.reset!
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=blizzard').
+      to_return(:body => '["yeti"]')
+
+    @request.cookies[RestCore::Facebook::RailsUtil.rc_facebook_storage_key] =
+      RestCore::Facebook.new(:access_token => 'blizzard').fbs
+
+    get(:cookies_)
+    assert_response :success
+    assert_equal '["yeti"]', @response.body
+  end
+
+  def test_error
+    get(:error)
+  rescue => e
+    assert_equal RestCore::Facebook::Error, e.class
+  end
+
+  def test_reinitailize
+    get(:reinitialize)
+    assert_response :success
+    assert_equal [nil, {'a' => 'b'}], YAML.load(@response.body)
+  end
+
+  def test_helper
+    get(:helper)
+    assert_response :success
+    assert_equal RestCore::Facebook.default_app_id, @response.body.strip
+  end
+end

data/example/rails3/test/test_helper.rb

@@ -0,0 +1,18 @@
+
+ENV["RAILS_ENV"] = "test"
+require File.expand_path('../../config/environment', __FILE__)
+begin
+  require 'rails/test_help'
+rescue LoadError # for rails2
+  require 'test_help'
+end
+
+class ActiveSupport::TestCase
+  def normalize_query query, amp='&'
+    '?' + query[1..-1].split(amp).sort.join(amp)
+  end
+
+  def normalize_url url, amp='&'
+    url.sub(/\?.+/){ |query| normalize_query(query, amp) }
+  end
+end

data/example/rails3/test/unit/rails_util_test.rb

@@ -0,0 +1,44 @@
+
+require 'test_helper'
+require 'rr'
+
+class RailsUtilTest < ActiveSupport::TestCase
+  include RR::Adapters::TestUnit
+
+  def setup_mock url
+    mock(RestCore::Facebook::RailsUtil).rc_facebook_in_canvas?{ false }
+    mock(RestCore::Facebook::RailsUtil).request{
+      mock(Object.new).url{ url }
+    }
+  end
+
+  def test_rest_graph_normalized_request_uri_0
+    setup_mock(  'http://test.com/?code=123&lang=en')
+    assert_equal('http://test.com/?lang=en',
+      RestCore::Facebook::RailsUtil.rc_facebook_normalized_request_uri)
+  end
+
+  def test_rest_graph_normalized_request_uri_1
+    setup_mock(  'http://test.com/?lang=en&code=123')
+    assert_equal('http://test.com/?lang=en',
+      RestCore::Facebook::RailsUtil.rc_facebook_normalized_request_uri)
+  end
+
+  def test_rest_graph_normalized_request_uri_2
+    setup_mock(  'http://test.com/?session=abc&lang=en&code=123')
+    assert_equal('http://test.com/?lang=en',
+      RestCore::Facebook::RailsUtil.rc_facebook_normalized_request_uri)
+  end
+
+  def test_rest_graph_normalized_request_uri_3
+    setup_mock(  'http://test.com/?code=123')
+    assert_equal('http://test.com/',
+      RestCore::Facebook::RailsUtil.rc_facebook_normalized_request_uri)
+  end
+
+  def test_rest_graph_normalized_request_uri_4
+    setup_mock(  'http://test.com/?signed_request=abc&code=123')
+    assert_equal('http://test.com/',
+      RestCore::Facebook::RailsUtil.rc_facebook_normalized_request_uri)
+  end
+end

data/example/sinatra/config.ru

@@ -0,0 +1,16 @@
+
+require 'sinatra'
+require 'rest-core'
+
+app_id = '123'
+secret = 'abc'
+config = {:app_id => app_id,
+          :secret => secret}
+
+post '/' do
+  fb = RestCore::Facebook.new(config)
+  fb.parse_signed_request!(params['signed_request'])
+  "#{fb.get('me').inspect.gsub('<', '&lt;')}\n"
+end
+
+run Sinatra::Application

data/lib/rest-core/app/ask.rb

@@ -1,8 +1,6 @@
 
 require 'rest-core/middleware'
 
-require 'restclient'
-
 class RestCore::Ask
   include RestCore::Middleware
   def call env

data/lib/rest-core/client/facebook/rails_util.rb

@@ -0,0 +1,342 @@
+
+require 'cgi'
+require 'uri'
+
+class RestCore::Facebook
+  module DefaultAttributes
+    def default_canvas                ; ''   ; end
+    def default_iframe                ; false; end
+    def default_auto_authorize        ; false; end
+    def default_auto_authorize_options; {}   ; end
+    def default_auto_authorize_scope  ; ''   ; end
+    def default_ensure_authorized     ; false; end
+    def default_write_session         ; false; end
+    def default_write_cookies         ; false; end
+    def default_write_handler         ;   nil; end
+    def default_check_handler         ;   nil; end
+  end
+
+  module RailsCache
+    def []    key       ;  read(key)                ; end
+    def []=   key, value; write(key, value)         ; end
+    def store key, value,
+              options={}; write(key, value, options); end
+  end
+end
+
+module RestCore::Facebook::RailsUtil
+  def self.init app=Rails
+    ActiveSupport::Cache::Store.send(:include, RestCore::Facebook::RailsCache)
+    RestCore::Config.load_for_rails(RestCore::Facebook, 'facebook', app)
+  end
+
+  module Helper
+    def rc_facebook
+      controller.send(:rc_facebook)
+    end
+  end
+
+  def self.included controller
+    # skip if included already, any better way to detect this?
+    return if controller.respond_to?(:rc_facebook, true)
+
+    controller.rescue_from(RestCore::Facebook::Error::AccessToken,
+                           :with => :rc_facebook_on_access_token_error)
+    controller.helper(RestCore::Facebook::RailsUtil::Helper)
+    controller.instance_methods.select{ |method|
+      method.to_s =~ /^rc_facebook/
+    }.each{ |method| controller.send(:protected, method) }
+  end
+
+  def rc_facebook_setup options={}
+    rc_facebook_options_ctl.merge!(
+      rc_facebook_extract_options(options, :reject))
+    rc_facebook_options_new.merge!(
+      rc_facebook_extract_options(options, :select))
+
+    # we'll need to reinitialize rc_facebook with the new options,
+    # otherwise if you're calling rc_facebook before rc_facebook_setup,
+    # you'll end up with default options without the ones you've passed
+    # into rc_facebook_setup.
+    rc_facebook.send(:initialize, rc_facebook_options_new)
+
+    rc_facebook_check_params_signed_request # canvas
+    rc_facebook_check_params_session        # i think it would be deprecated
+    rc_facebook_check_cookie                # for js sdk (canvas or not)
+    rc_facebook_check_code                  # oauth api
+
+    # there are above 4 ways to check the user identity!
+    # if nor of them passed, then we can suppose the user
+    # didn't authorize for us, but we can check if user has authorized
+    # before, in that case, the fbs would be inside session,
+    # as we just saved it there
+
+    rc_facebook_check_rg_fbs # check rc_facebook storage
+
+    if rc_facebook_oget(:ensure_authorized) && !rc_facebook.authorized?
+      rc_facebook_authorize('ensure authorized')
+      false # action halt, redirect to do authorize,
+            # eagerly, as opposed to auto_authorize
+    else
+      true  # keep going
+    end
+  end
+
+  # override this if you need different app_id and secret
+  def rc_facebook
+    @rc_facebook ||= RestCore::Facebook.new(rc_facebook_options_new)
+  end
+
+  def rc_facebook_on_access_token_error error=nil
+    rc_facebook_authorize(error, false)
+  end
+
+  def rc_facebook_authorize error=nil, force_redirect=true
+    logger.warn("WARN: Facebook: #{error.inspect}")
+
+    if force_redirect || rc_facebook_auto_authorize?
+      @rc_facebook_authorize_url = rc_facebook.authorize_url(
+        {:redirect_uri => rc_facebook_normalized_request_uri,
+         :scope        => rc_facebook_oget(:auto_authorize_scope)}.
+        merge(rc_facebook_oget(:auto_authorize_options)))
+
+      logger.debug(
+      "DEBUG: Facebook: redirect to #{@rc_facebook_authorize_url}")
+
+      cookies.delete("fbs_#{rc_facebook.app_id}")
+      rc_facebook_authorize_redirect
+    end
+  end
+
+  # override this if you want the simple redirect_to
+  def rc_facebook_authorize_redirect
+    unless rc_facebook_in_canvas?
+      redirect_to @rc_facebook_authorize_url
+    else
+      rc_facebook_js_redirect(@rc_facebook_authorize_url,
+                               rc_facebook_authorize_body)
+    end
+  end
+
+  def rc_facebook_js_redirect redirect_url, body=''
+    render :inline => <<-HTML
+    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+    <html>
+      <head>
+      <script type="text/javascript">
+        window.top.location.href = '#{redirect_url}'
+      </script>
+      <noscript>
+        <meta http-equiv="refresh" content="0;url=#{
+          CGI.escapeHTML(redirect_url)}"/>
+        <meta http-equiv="window-target" content="_top"/>
+      </noscript>
+      </head>
+      <body>
+        #{body}
+      </bodt>
+    </html>
+    HTML
+  end
+
+  def rc_facebook_authorize_body redirect_url=@rc_facebook_authorize_url
+    <<-HTML
+    <div>
+      Please
+      <a href="#{CGI.escapeHTML(redirect_url)}" target="_top">authorize</a>
+      if this page is not automatically redirected.
+    </div>
+    HTML
+  end
+
+  module_function
+
+  # ==================== begin options utility =======================
+  def rc_facebook_oget key
+    if rc_facebook_options_ctl.has_key?(key)
+      rc_facebook_options_ctl[key]
+    else
+      RestCore::Facebook.send("default_#{key}")
+    end
+  end
+
+  def rc_facebook_options_ctl
+    @rc_facebook_options_ctl ||= {}
+  end
+
+  def rc_facebook_options_new
+    @rc_facebook_options_new ||= {:log_method => logger.method(:debug)}
+  end
+  # ==================== end options utility =======================
+
+
+
+  # ==================== begin facebook check ======================
+  def rc_facebook_check_params_signed_request
+    return if rc_facebook.authorized? || !params[:signed_request]
+
+    rc_facebook.parse_signed_request!(params[:signed_request])
+    logger.debug("DEBUG: Facebook: detected signed_request,"  \
+                 " parsed: #{rc_facebook.data.inspect}")
+
+    if rc_facebook.authorized?
+      rc_facebook_write_rg_fbs
+    else
+      logger.warn(
+        "WARN: Facebook: bad signed_request: #{params[:signed_request]}")
+    end
+  end
+
+  # if the code is bad or not existed,
+  # check if there's one in session,
+  # meanwhile, there the sig and access_token is correct,
+  # that means we're in the context of canvas
+  def rc_facebook_check_params_session
+    return if rc_facebook.authorized? || !params[:session]
+
+    rc_facebook.parse_json!(params[:session])
+    logger.debug("DEBUG: Facebook: detected session, parsed:" \
+                 " #{rc_facebook.data.inspect}")
+
+    if rc_facebook.authorized?
+      rc_facebook_write_rg_fbs
+    else
+      logger.warn("WARN: Facebook: bad session: #{params[:session]}")
+    end
+  end
+
+  # if we're not in canvas nor code passed,
+  # we could check out cookies as well.
+  def rc_facebook_check_cookie
+    return if rc_facebook.authorized? ||
+              !cookies["fbs_#{rc_facebook.app_id}"]
+
+    rc_facebook.parse_cookies!(cookies)
+    logger.debug("DEBUG: Facebook: detected cookies, parsed:" \
+                 " #{rc_facebook.data.inspect}")
+  end
+
+  # exchange the code with access_token
+  def rc_facebook_check_code
+    return if rc_facebook.authorized? || !params[:code]
+
+    rc_facebook.authorize!(:code => params[:code],
+                          :redirect_uri => rc_facebook_normalized_request_uri)
+    logger.debug(
+      "DEBUG: Facebook: detected code with "   \
+      "#{rc_facebook_normalized_request_uri}," \
+      " parsed: #{rc_facebook.data.inspect}")
+
+    rc_facebook_write_rg_fbs if rc_facebook.authorized?
+  end
+  # ==================== end facebook check ======================
+
+
+
+  # ==================== begin check ================================
+  def rc_facebook_storage_key
+    "rc_facebook_fbs_#{rc_facebook_oget(:app_id)}"
+  end
+
+  def rc_facebook_check_rg_fbs
+    rc_facebook_check_rg_handler # custom method to store fbs
+    rc_facebook_check_rg_session # prefered way to store fbs
+    rc_facebook_check_rg_cookies # in canvas, session might not work..
+  end
+
+  def rc_facebook_check_rg_handler handler=rc_facebook_oget(:check_handler)
+    return if rc_facebook.authorized? || !handler
+    rc_facebook.parse_fbs!(handler.call)
+    logger.debug("DEBUG: Facebook: called check_handler, parsed:" \
+                 " #{rc_facebook.data.inspect}")
+  end
+
+  def rc_facebook_check_rg_session
+    return if rc_facebook.authorized? || !rc_facebook_oget(:write_session) ||
+              !(fbs = session[rc_facebook_storage_key])
+    rc_facebook.parse_fbs!(fbs)
+    logger.debug("DEBUG: Facebook: detected rc_facebook session, parsed:" \
+                 " #{rc_facebook.data.inspect}")
+  end
+
+  def rc_facebook_check_rg_cookies
+    return if rc_facebook.authorized? || !rc_facebook_oget(:write_cookies) ||
+              !(fbs = cookies[rc_facebook_storage_key])
+    rc_facebook.parse_fbs!(fbs)
+    logger.debug("DEBUG: Facebook: detected rc_facebook cookies, parsed:" \
+                 " #{rc_facebook.data.inspect}")
+  end
+  # ====================   end check ================================
+  # ==================== begin write ================================
+  def rc_facebook_write_rg_fbs
+    cookies.delete("fbs_#{rc_facebook.app_id}")
+    rc_facebook_write_rg_handler
+    rc_facebook_write_rg_session
+    rc_facebook_write_rg_cookies
+  end
+
+  def rc_facebook_write_rg_handler handler=rc_facebook_oget(:write_handler)
+    return if !handler
+    handler.call(fbs = rc_facebook.fbs)
+    logger.debug("DEBUG: Facebook: called write_handler: fbs => #{fbs}")
+  end
+
+  def rc_facebook_write_rg_session
+    return if !rc_facebook_oget(:write_session)
+    session[rc_facebook_storage_key] = fbs = rc_facebook.fbs
+    logger.debug("DEBUG: Facebook: wrote session: fbs => #{fbs}")
+  end
+
+  def rc_facebook_write_rg_cookies
+    return if !rc_facebook_oget(:write_cookies)
+    cookies[rc_facebook_storage_key] = fbs = rc_facebook.fbs
+    logger.debug("DEBUG: Facebook: wrote cookies: fbs => #{fbs}")
+  end
+  # ==================== end write ================================
+
+
+
+  # ==================== begin misc ================================
+  def rc_facebook_normalized_request_uri
+    uri = if rc_facebook_in_canvas?
+            # rails 3 uses newer rack which has fullpath
+            "http://apps.facebook.com/#{rc_facebook_oget(:canvas)}" +
+            (request.respond_to?(:fullpath) ?
+              request.fullpath : request.request_uri)
+          else
+            request.url
+          end
+
+    rc_facebook_filter_uri(uri)
+  end
+
+  def rc_facebook_filter_uri uri
+    URI.parse(URI.encode(uri)).tap{ |uri|
+      uri.query = uri.query.split('&').reject{ |q|
+                    q =~ /^(code|session|signed_request)\=/
+                  }.join('&') if uri.query
+      uri.query = nil if uri.query.blank?
+    }.to_s
+  end
+
+  def rc_facebook_in_canvas?
+    !rc_facebook_oget(:canvas).blank?
+  end
+
+  def rc_facebook_auto_authorize?
+    !rc_facebook_oget(:auto_authorize_scope)  .blank? ||
+    !rc_facebook_oget(:auto_authorize_options).blank? ||
+     rc_facebook_oget(:auto_authorize)
+  end
+
+  def rc_facebook_extract_options options, method
+    # Hash[] is for ruby 1.8.7
+    # map(&:to_sym) is for ruby 1.8.7
+    Hash[options.send(method){ |(k, v)|
+      RestCore::Facebook.members.map(&:to_sym).member?(k) }]
+  end
+  # ==================== end misc ================================
+end
+
+RestCore::Facebook::RailsUtil.init(Rails)