rest-graph 1.4.1 → 1.4.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGES +13 -0
- data/README +1 -1
- data/README.rdoc +1 -1
- data/example/rails/README +3 -5
- data/example/rails/app/controllers/application_controller.rb +18 -10
- data/example/rails/test/functional/application_controller_test.rb +15 -4
- data/lib/rest-graph/rails_util.rb +41 -14
- data/lib/rest-graph/version.rb +1 -1
- data/lib/rest-graph.rb +9 -3
- data/test/test_parse.rb +11 -0
- metadata +7 -7
data/CHANGES
CHANGED
@@ -1,5 +1,18 @@
|
|
1
1
|
= rest-graph changes history
|
2
2
|
|
3
|
+
== rest-graph 1.4.2 -- 2010-08-05
|
4
|
+
|
5
|
+
* [RestGraph] Added RestGraph#fbs to generate fbs with correct sig,
|
6
|
+
to be used for future parse_fbs! See the bug in RailsUtil.
|
7
|
+
|
8
|
+
* [RailsUtil] Added iframe and write_cookies option.
|
9
|
+
* [RailsUtil] Fixed a bug that write_session didn't parse because parse_fbs!
|
10
|
+
reject the fbs due to missing sig.
|
11
|
+
* [RailsUtil] Fixed a bug that in Rails 3, must call safe_html to prevent
|
12
|
+
unintended HTML escaping.
|
13
|
+
|
14
|
+
* Thanks a lot, Andrew.
|
15
|
+
|
3
16
|
== rest-graph 1.4.1 -- 2010-08-04
|
4
17
|
|
5
18
|
* [RestGraph] Call error_handler when response contains error_code as well,
|
data/README
CHANGED
data/README.rdoc
CHANGED
data/example/rails/README
CHANGED
@@ -1,6 +1,4 @@
|
|
1
1
|
|
2
|
-
Please fill config/rest-graph.yaml with your app_id, secret,
|
3
|
-
see if this example is working or not.
|
4
|
-
|
5
|
-
|
6
|
-
The default setup is designed for standalone site with Facebook JavaScript SDK.
|
2
|
+
Please fill config/rest-graph.yaml with your app_id, secret, etc., to
|
3
|
+
see if this example is working or not. The default setup is designed for
|
4
|
+
standalone site with Facebook JavaScript SDK.
|
@@ -10,20 +10,22 @@ class ApplicationController < ActionController::Base
|
|
10
10
|
|
11
11
|
include RestGraph::RailsUtil
|
12
12
|
|
13
|
-
before_filter :filter_common,
|
14
|
-
before_filter :filter_canvas,
|
15
|
-
before_filter :filter_options,
|
16
|
-
before_filter :filter_no_auto,
|
17
|
-
before_filter :filter_diff_app_id, :only => [:diff_app_id]
|
18
|
-
before_filter :filter_diff_canvas, :only => [:diff_canvas]
|
19
|
-
before_filter :
|
13
|
+
before_filter :filter_common , :only => [:index]
|
14
|
+
before_filter :filter_canvas , :only => [:canvas]
|
15
|
+
before_filter :filter_options , :only => [:options]
|
16
|
+
before_filter :filter_no_auto , :only => [:no_auto]
|
17
|
+
before_filter :filter_diff_app_id , :only => [:diff_app_id]
|
18
|
+
before_filter :filter_diff_canvas , :only => [:diff_canvas]
|
19
|
+
before_filter :filter_iframe_canvas, :only => [:iframe_canvas]
|
20
|
+
before_filter :filter_cache , :only => [:cache]
|
20
21
|
|
21
22
|
def index
|
22
23
|
render :text => rest_graph.get('me').to_json
|
23
24
|
end
|
24
|
-
alias_method :canvas
|
25
|
-
alias_method :options
|
26
|
-
alias_method :diff_canvas, :index
|
25
|
+
alias_method :canvas , :index
|
26
|
+
alias_method :options , :index
|
27
|
+
alias_method :diff_canvas , :index
|
28
|
+
alias_method :iframe_canvas, :index
|
27
29
|
|
28
30
|
def no_auto
|
29
31
|
rest_graph.get('me')
|
@@ -57,6 +59,12 @@ class ApplicationController < ActionController::Base
|
|
57
59
|
:auto_authorize_scope => 'email')
|
58
60
|
end
|
59
61
|
|
62
|
+
def filter_iframe_canvas
|
63
|
+
rest_graph_setup(:canvas => 'zzz',
|
64
|
+
:iframe => true,
|
65
|
+
:auto_authorize => true)
|
66
|
+
end
|
67
|
+
|
60
68
|
def filter_no_auto
|
61
69
|
rest_graph_setup(:auto_authorize => false)
|
62
70
|
end
|
@@ -29,24 +29,35 @@ class ApplicationControllerTest < ActionController::TestCase
|
|
29
29
|
|
30
30
|
def test_canvas
|
31
31
|
get(:canvas)
|
32
|
-
assert_response :
|
32
|
+
assert_response :redirect
|
33
33
|
assert_equal(
|
34
34
|
normalize_url(
|
35
35
|
'https://graph.facebook.com/oauth/authorize?client_id=123&' \
|
36
36
|
'scope=publish_stream&' \
|
37
37
|
'redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fcan%2Fcanvas'),
|
38
|
-
normalize_url(
|
38
|
+
normalize_url(assigns(:rest_graph_authorize_url)))
|
39
39
|
end
|
40
40
|
|
41
41
|
def test_diff_canvas
|
42
42
|
get(:diff_canvas)
|
43
|
-
assert_response :
|
43
|
+
assert_response :redirect
|
44
44
|
assert_equal(
|
45
45
|
normalize_url(
|
46
46
|
'https://graph.facebook.com/oauth/authorize?client_id=123&' \
|
47
47
|
'scope=email&' \
|
48
48
|
'redirect_uri=http%3A%2F%2Fapps.facebook.com%2FToT%2Fdiff_canvas'),
|
49
|
-
normalize_url(
|
49
|
+
normalize_url(assigns(:rest_graph_authorize_url)))
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_iframe_canvas
|
53
|
+
get(:iframe_canvas)
|
54
|
+
assert_response :success
|
55
|
+
assert_equal(
|
56
|
+
normalize_url(
|
57
|
+
'https://graph.facebook.com/oauth/authorize?client_id=123&' \
|
58
|
+
'scope=&' \
|
59
|
+
'redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fzzz%2Fiframe_canvas'),
|
60
|
+
normalize_url(assigns(:rest_graph_authorize_url)))
|
50
61
|
end
|
51
62
|
|
52
63
|
def test_options
|
@@ -4,10 +4,12 @@ require 'rest-graph'
|
|
4
4
|
class RestGraph
|
5
5
|
module DefaultAttributes
|
6
6
|
def default_canvas ; '' ; end
|
7
|
+
def default_iframe ; false; end
|
7
8
|
def default_auto_authorize ; false; end
|
8
9
|
def default_auto_authorize_options; {} ; end
|
9
10
|
def default_auto_authorize_scope ; '' ; end
|
10
11
|
def default_write_session ; false; end
|
12
|
+
def default_write_cookies ; false; end
|
11
13
|
end
|
12
14
|
|
13
15
|
module RailsCache
|
@@ -36,10 +38,10 @@ module RestGraph::RailsUtil
|
|
36
38
|
rest_graph_options_ctl.merge!(rest_graph_extract_options(options, :reject))
|
37
39
|
rest_graph_options_new.merge!(rest_graph_extract_options(options, :select))
|
38
40
|
|
39
|
-
rest_graph_check_cookie
|
40
|
-
rest_graph_check_params_signed_request
|
41
|
-
rest_graph_check_params_session
|
42
|
-
rest_graph_check_code
|
41
|
+
rest_graph_check_cookie # for javascript sdk (canvas or not)
|
42
|
+
rest_graph_check_params_signed_request # canvas
|
43
|
+
rest_graph_check_params_session # i think it would be deprecated
|
44
|
+
rest_graph_check_code # oauth api
|
43
45
|
|
44
46
|
# there are above 4 ways to check the user identity!
|
45
47
|
# if nor of them passed, then we can suppose the user
|
@@ -47,7 +49,8 @@ module RestGraph::RailsUtil
|
|
47
49
|
# before, in that case, the fbs would be inside session,
|
48
50
|
# as we just saved it there
|
49
51
|
|
50
|
-
rest_graph_check_rails_session
|
52
|
+
rest_graph_check_rails_session # prefered way to store fbs
|
53
|
+
rest_graph_check_rails_cookies # in canvas, session might not work..
|
51
54
|
end
|
52
55
|
|
53
56
|
# override this if you need different app_id and secret
|
@@ -74,16 +77,23 @@ module RestGraph::RailsUtil
|
|
74
77
|
|
75
78
|
# override this if you want the simple redirect_to
|
76
79
|
def rest_graph_authorize_redirect
|
77
|
-
if !
|
80
|
+
if !rest_graph_oget(:iframe)
|
78
81
|
redirect_to @rest_graph_authorize_url
|
79
82
|
else
|
83
|
+
# for rails 3
|
84
|
+
@rest_graph_safe_url = if ''.respond_to?(:html_safe)
|
85
|
+
@rest_graph_authorize_url.html_safe
|
86
|
+
else
|
87
|
+
@rest_graph_authorize_url
|
88
|
+
end
|
89
|
+
|
80
90
|
render :inline => <<-HTML
|
81
91
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
82
92
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
83
93
|
<html>
|
84
94
|
<head>
|
85
95
|
<script type="text/javascript">
|
86
|
-
window.top.location.href = '<%= @
|
96
|
+
window.top.location.href = '<%= @rest_graph_safe_url %>'
|
87
97
|
</script>
|
88
98
|
<noscript>
|
89
99
|
<meta http-equiv="refresh" content="0;url=<%= h @rest_graph_authorize_url %>" />
|
@@ -142,6 +152,7 @@ module RestGraph::RailsUtil
|
|
142
152
|
|
143
153
|
if rest_graph.authorized?
|
144
154
|
rest_graph_write_session
|
155
|
+
rest_graph_write_cookies
|
145
156
|
else
|
146
157
|
logger.warn(
|
147
158
|
"WARN: RestGraph: bad signed_request: #{params[:signed_request]}")
|
@@ -161,6 +172,7 @@ module RestGraph::RailsUtil
|
|
161
172
|
|
162
173
|
if rest_graph.authorized?
|
163
174
|
rest_graph_write_session
|
175
|
+
rest_graph_write_cookies
|
164
176
|
else
|
165
177
|
logger.warn("WARN: RestGraph: bad session: #{params[:session]}")
|
166
178
|
end
|
@@ -177,27 +189,42 @@ module RestGraph::RailsUtil
|
|
177
189
|
"#{rest_graph_normalized_request_uri}, " \
|
178
190
|
"parsed: #{rest_graph.data.inspect}")
|
179
191
|
|
180
|
-
|
192
|
+
if rest_graph.authorized?
|
193
|
+
rest_graph_write_session
|
194
|
+
rest_graph_write_cookies
|
195
|
+
end
|
181
196
|
end
|
182
197
|
|
183
198
|
def rest_graph_check_rails_session
|
184
|
-
return if rest_graph.authorized? || !session['
|
185
|
-
|
186
|
-
rest_graph.parse_fbs!(session['fbs'])
|
199
|
+
return if rest_graph.authorized? || !session['rest_graph_session']
|
200
|
+
rest_graph.parse_fbs!(session['rest_graph_session'])
|
187
201
|
logger.debug("DEBUG: RestGraph: detected session, parsed:" \
|
188
202
|
" #{rest_graph.data.inspect}")
|
189
203
|
end
|
190
204
|
|
205
|
+
def rest_graph_check_rails_cookies
|
206
|
+
return if rest_graph.authorized? || !cookies['rest_graph_cookies']
|
207
|
+
rest_graph.parse_fbs!(cookies['rest_graph_cookies'])
|
208
|
+
logger.debug("DEBUG: RestGraph: detected cookies, parsed:" \
|
209
|
+
" #{rest_graph.data.inspect}")
|
210
|
+
end
|
211
|
+
|
191
212
|
# ==================== others ================================
|
192
213
|
|
193
214
|
def rest_graph_write_session
|
194
215
|
return if !rest_graph_oget(:write_session)
|
195
|
-
|
196
|
-
|
197
|
-
session['fbs'] = fbs
|
216
|
+
fbs = rest_graph.fbs
|
217
|
+
session['rest_graph_session'] = fbs
|
198
218
|
logger.debug("DEBUG: RestGraph: wrote session: fbs => #{fbs}")
|
199
219
|
end
|
200
220
|
|
221
|
+
def rest_graph_write_cookies
|
222
|
+
return if !rest_graph_oget(:write_cookies)
|
223
|
+
fbs = rest_graph.fbs
|
224
|
+
cookies['rest_graph_cookies'] = fbs
|
225
|
+
logger.debug("DEBUG: RestGraph: wrote cookies: fbs => #{fbs}")
|
226
|
+
end
|
227
|
+
|
201
228
|
def rest_graph_log event
|
202
229
|
message = "DEBUG: RestGraph: spent #{sprintf('%f', event.duration)} "
|
203
230
|
case event
|
data/lib/rest-graph/version.rb
CHANGED
data/lib/rest-graph.rb
CHANGED
@@ -130,6 +130,10 @@ class RestGraph < RestGraphStruct
|
|
130
130
|
rescue JSON::ParserError
|
131
131
|
end
|
132
132
|
|
133
|
+
def fbs
|
134
|
+
"#{fbs_without_sig(data)}&sig=#{calculate_sig(data)}"
|
135
|
+
end
|
136
|
+
|
133
137
|
# facebook's new signed_request...
|
134
138
|
|
135
139
|
def parse_signed_request! request
|
@@ -235,10 +239,12 @@ class RestGraph < RestGraphStruct
|
|
235
239
|
end
|
236
240
|
|
237
241
|
def calculate_sig cookies
|
238
|
-
|
239
|
-
|
242
|
+
Digest::MD5.hexdigest(fbs_without_sig(cookies) + secret)
|
243
|
+
end
|
240
244
|
|
241
|
-
|
245
|
+
def fbs_without_sig cookies
|
246
|
+
cookies.reject{ |(k, v)| k == 'sig' }.sort.
|
247
|
+
map{ |a| a.join('=') }.join
|
242
248
|
end
|
243
249
|
|
244
250
|
def cache_key uri
|
data/test/test_parse.rb
CHANGED
@@ -87,4 +87,15 @@ describe RestGraph do
|
|
87
87
|
rg.parse_signed_request!(signed_request).should == nil
|
88
88
|
end
|
89
89
|
|
90
|
+
it 'would generate correct fbs with correct sig' do
|
91
|
+
RestGraph.new(:access_token => 'fake', :secret => 's').fbs.should ==
|
92
|
+
"access_token=fake&sig=#{Digest::MD5.hexdigest('access_token=fakes')}"
|
93
|
+
end
|
94
|
+
|
95
|
+
it 'could parse fbs from facebook response which lacks sig...' do
|
96
|
+
rg = RestGraph.new(:access_token => 'a', :secret => 'z')
|
97
|
+
rg.parse_fbs!(rg.fbs) .should.kind_of?(Hash)
|
98
|
+
rg.parse_fbs!(rg.fbs.sub(/sig\=\w+/, 'sig=abc')).should == nil
|
99
|
+
end
|
100
|
+
|
90
101
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rest-graph
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 3
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 1
|
8
8
|
- 4
|
9
|
-
-
|
10
|
-
version: 1.4.
|
9
|
+
- 2
|
10
|
+
version: 1.4.2
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Cardinal Blue
|
@@ -16,7 +16,7 @@ autorequire:
|
|
16
16
|
bindir: bin
|
17
17
|
cert_chain: []
|
18
18
|
|
19
|
-
date: 2010-08-
|
19
|
+
date: 2010-08-05 00:00:00 +08:00
|
20
20
|
default_executable:
|
21
21
|
dependencies:
|
22
22
|
- !ruby/object:Gem::Dependency
|
@@ -91,12 +91,12 @@ dependencies:
|
|
91
91
|
requirements:
|
92
92
|
- - ">="
|
93
93
|
- !ruby/object:Gem::Version
|
94
|
-
hash:
|
94
|
+
hash: 29
|
95
95
|
segments:
|
96
96
|
- 1
|
97
97
|
- 3
|
98
|
-
-
|
99
|
-
version: 1.3.
|
98
|
+
- 3
|
99
|
+
version: 1.3.3
|
100
100
|
type: :development
|
101
101
|
version_requirements: *id005
|
102
102
|
- !ruby/object:Gem::Dependency
|