rest-graph 1.4.4 → 1.4.5

data/CHANGES

@@ -1,5 +1,18 @@
 = rest-graph changes history
 
+== rest-graph 1.4.5 -- 2010-08-07
+
+* [RestGraph] Treat oauth_token as access_token as well. This came from
+              Facebook's new signed_request. Why didn't they choose
+              consistent name? Why different signature algorithm?
+
+* [RailsUtil] Fixed a bug that didn't reject signed_request in redirect_uri.
+              Now code, session, and signed_request are rejected.
+
+* [RailsUtil] Added write_handler and check_handler option to write/check
+              fbs with user code, instead of using sessions/cookies.
+              That way, you can save fbs into memcache or somewhere.
+
 == rest-graph 1.4.4 -- 2010-08-06
 
 * [RailsUtil] Fixed a bug that empty query appends a question mark,

data/README

@@ -1,4 +1,4 @@
-= rest-graph 1.4.3
+= rest-graph 1.4.5
 by Cardinal Blue ( http://cardinalblue.com )
 
 == LINKS:

data/README.rdoc

@@ -1,4 +1,4 @@
-= rest-graph 1.4.3
+= rest-graph 1.4.5
 by Cardinal Blue ( http://cardinalblue.com )
 
 == LINKS:

data/example/rails/app/controllers/application_controller.rb

@@ -18,6 +18,9 @@ class ApplicationController < ActionController::Base
   before_filter :filter_diff_canvas  , :only => [:diff_canvas]
   before_filter :filter_iframe_canvas, :only => [:iframe_canvas]
   before_filter :filter_cache        , :only => [:cache]
+  before_filter :filter_hanlder      , :only => [:handler_]
+  before_filter :filter_session      , :only => [:session_]
+  before_filter :filter_cookies      , :only => [:cookies_]
 
   def index
     render :text => rest_graph.get('me').to_json
@@ -26,6 +29,9 @@ class ApplicationController < ActionController::Base
   alias_method :options      , :index
   alias_method :diff_canvas  , :index
   alias_method :iframe_canvas, :index
+  alias_method :handler_     , :index
+  alias_method :session_     , :index
+  alias_method :cookies_     , :index
 
   def no_auto
     rest_graph.get('me')
@@ -82,4 +88,25 @@ class ApplicationController < ActionController::Base
   def filter_cache
     rest_graph_setup(:cache => Rails.cache)
   end
+
+  def filter_hanlder
+    rest_graph_setup(:write_handler => method(:write_handler),
+                     :check_handler => method(:check_handler))
+  end
+
+  def write_handler fbs
+    Rails.cache[:fbs] = fbs
+  end
+
+  def check_handler
+    Rails.cache[:fbs]
+  end
+
+  def filter_session
+    rest_graph_setup(:write_session => true)
+  end
+
+  def filter_cookies
+    rest_graph_setup(:write_cookies => true)
+  end
 end

data/example/rails/test/functional/application_controller_test.rb

@@ -84,6 +84,7 @@ class ApplicationControllerTest < ActionController::TestCase
   end
 
   def test_cache
+    reset_webmock
     stub_request(:get, 'https://graph.facebook.com/cache').
       to_return(:body => '{"message":"ok"}')
 
@@ -91,4 +92,43 @@ class ApplicationControllerTest < ActionController::TestCase
     assert_response :success
     assert_equal '{"message":"ok"}', @response.body
   end
+
+  def test_handler
+    reset_webmock
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=aloha').
+      to_return(:body => '["snowman"]')
+
+    Rails.cache[:fbs] = RestGraph.new(:access_token => 'aloha').fbs
+    get(:handler_)
+    assert_response :success
+    assert_equal '["snowman"]', @response.body
+  ensure
+    Rails.cache.clear
+  end
+
+  def test_session
+    reset_webmock
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=wozilla').
+      to_return(:body => '["fireball"]')
+
+    @request.session['rest_graph_session'] =
+      RestGraph.new(:access_token => 'wozilla').fbs
+
+    get(:session_)
+    assert_response :success
+    assert_equal '["fireball"]', @response.body
+  end
+
+  def test_cookies
+    reset_webmock
+    stub_request(:get, 'https://graph.facebook.com/me?access_token=blizzard').
+      to_return(:body => '["yeti"]')
+
+    @request.cookies['rest_graph_cookies'] =
+      RestGraph.new(:access_token => 'blizzard').fbs
+
+    get(:cookies_)
+    assert_response :success
+    assert_equal '["yeti"]', @response.body
+  end
 end

data/example/rails/test/unit/rails_util_test.rb

@@ -35,4 +35,10 @@ class RailsUtilTest < ActiveSupport::TestCase
     assert_equal('http://test.com/',
                  RestGraph::RailsUtil.rest_graph_normalized_request_uri)
   end
+
+  def test_rest_graph_normalized_request_uri_4
+    setup_mock(  'http://test.com/?signed_request=abc&code=123')
+    assert_equal('http://test.com/',
+                 RestGraph::RailsUtil.rest_graph_normalized_request_uri)
+  end
 end

data/lib/rest-graph.rb

@@ -76,7 +76,7 @@ class RestGraph < RestGraphStruct
   end
 
   def access_token
-    data['access_token']
+    data['access_token'] || data['oauth_token']
   end
 
   def access_token= token

data/lib/rest-graph/rails_util.rb

@@ -10,6 +10,8 @@ class RestGraph
     def default_auto_authorize_scope  ; ''   ; end
     def default_write_session         ; false; end
     def default_write_cookies         ; false; end
+    def default_write_handler         ;   nil; end
+    def default_check_handler         ;   nil; end
   end
 
   module RailsCache
@@ -49,8 +51,7 @@ module RestGraph::RailsUtil
     # before, in that case, the fbs would be inside session,
     # as we just saved it there
 
-    rest_graph_check_rg_session # prefered way to store fbs
-    rest_graph_check_rg_cookies # in canvas, session might not work..
+    rest_graph_check_rg_fbs
   end
 
   # override this if you need different app_id and secret
@@ -110,8 +111,7 @@ module RestGraph::RailsUtil
 
   module_function
 
-  # ==================== options utility =======================
-
+  # ==================== begin options utility =======================
   def rest_graph_oget key
     if rest_graph_options_ctl.has_key?(key)
       rest_graph_options_ctl[key]
@@ -129,9 +129,11 @@ module RestGraph::RailsUtil
       {:error_handler => method(:rest_graph_authorize),
          :log_handler => method(:rest_graph_log)}
   end
+  # ==================== end options utility =======================
 
-  # ==================== checking utility ======================
 
+
+  # ==================== begin facebook check ======================
   # if we're not in canvas nor code passed,
   # we could check out cookies as well.
   def rest_graph_check_cookie
@@ -151,8 +153,7 @@ module RestGraph::RailsUtil
                  " #{rest_graph.data.inspect}")
 
     if rest_graph.authorized?
-      rest_graph_write_rg_session
-      rest_graph_write_rg_cookies
+      rest_graph_write_rg_fbs
     else
       logger.warn(
         "WARN: RestGraph: bad signed_request: #{params[:signed_request]}")
@@ -171,8 +172,7 @@ module RestGraph::RailsUtil
                  " #{rest_graph.data.inspect}")
 
     if rest_graph.authorized?
-      rest_graph_write_rg_session
-      rest_graph_write_rg_cookies
+      rest_graph_write_rg_fbs
     else
       logger.warn("WARN: RestGraph: bad session: #{params[:session]}")
     end
@@ -189,42 +189,72 @@ module RestGraph::RailsUtil
       "#{rest_graph_normalized_request_uri}, " \
       "parsed: #{rest_graph.data.inspect}")
 
-    if rest_graph.authorized?
-      rest_graph_write_rg_session
-      rest_graph_write_rg_cookies
-    end
+    rest_graph_write_rg_fbs if rest_graph.authorized?
+  end
+  # ==================== end facebook check ======================
+
+
+
+  # ==================== begin check ================================
+  def rest_graph_check_rg_fbs
+    rest_graph_check_rg_handler # custom method to store fbs
+    rest_graph_check_rg_session # prefered way to store fbs
+    rest_graph_check_rg_cookies # in canvas, session might not work..
+  end
+
+  def rest_graph_check_rg_handler
+    return if rest_graph.authorized? || !rest_graph_oget(:check_handler)
+    rest_graph.parse_fbs!(rest_graph_oget(:check_handler).call)
+    logger.debug("DEBUG: RestGraph: called check_handler, parsed:" \
+                 " #{rest_graph.data.inspect}")
   end
 
   def rest_graph_check_rg_session
-    return if rest_graph.authorized? || !session['rest_graph_session']
-    rest_graph.parse_fbs!(session['rest_graph_session'])
+    return if rest_graph.authorized? || !session[:rest_graph_session]
+    rest_graph.parse_fbs!(session[:rest_graph_session])
     logger.debug("DEBUG: RestGraph: detected rest-graph session, parsed:" \
                  " #{rest_graph.data.inspect}")
   end
 
   def rest_graph_check_rg_cookies
-    return if rest_graph.authorized? || !cookies['rest_graph_cookies']
-    rest_graph.parse_fbs!(cookies['rest_graph_cookies'])
+    return if rest_graph.authorized? || !cookies[:rest_graph_cookies]
+    rest_graph.parse_fbs!(cookies[:rest_graph_cookies])
     logger.debug("DEBUG: RestGraph: detected rest-graph cookies, parsed:" \
                  " #{rest_graph.data.inspect}")
   end
+  # ====================   end check ================================
+  # ==================== begin write ================================
+  def rest_graph_write_rg_fbs
+    rest_graph_write_rg_handler
+    rest_graph_write_rg_session
+    rest_graph_write_rg_cookies
+  end
 
-  # ==================== others ================================
+  def rest_graph_write_rg_handler
+    return if !rest_graph_oget(:write_handler)
+    fbs = rest_graph.fbs
+    rest_graph_oget(:write_handler).call(fbs)
+    logger.debug("DEBUG: RestGraph: called write_handler: fbs => #{fbs}")
+  end
 
   def rest_graph_write_rg_session
     return if !rest_graph_oget(:write_session)
     fbs = rest_graph.fbs
-    session['rest_graph_session'] = fbs
+    session[:rest_graph_session] = fbs
     logger.debug("DEBUG: RestGraph: wrote session: fbs => #{fbs}")
   end
 
   def rest_graph_write_rg_cookies
     return if !rest_graph_oget(:write_cookies)
     fbs = rest_graph.fbs
-    cookies['rest_graph_cookies'] = fbs
+    cookies[:rest_graph_cookies] = fbs
     logger.debug("DEBUG: RestGraph: wrote cookies: fbs => #{fbs}")
   end
+  # ==================== end write ================================
+
+
 
+  # ==================== begin misc ================================
   def rest_graph_log event
     message = "DEBUG: RestGraph: spent #{sprintf('%f', event.duration)} "
     case event
@@ -247,7 +277,7 @@ module RestGraph::RailsUtil
               end).
       tap{ |uri|
         uri.query = uri.query.split('&').reject{ |q|
-                      q =~ /^(code|session)\=/
+                      q =~ /^(code|session|signed_request)\=/
                     }.join('&') if uri.query
         uri.query = nil if uri.query.blank?
       }.to_s
@@ -268,4 +298,5 @@ module RestGraph::RailsUtil
     return result if result.kind_of?(Hash) # RUBY_VERSION >= 1.9.1
     result.inject({}){ |r, (k, v)| r[k] = v; r }
   end
+  # ==================== end misc ================================
 end

data/lib/rest-graph/version.rb

@@ -1,4 +1,4 @@
 
 require 'rest-graph'
 
-RestGraph::VERSION = '1.4.4'
+RestGraph::VERSION = '1.4.5'

data/test/test_rest-graph.rb

@@ -130,4 +130,12 @@ describe RestGraph do
     }
     cache.should == {rg.send(:cache_key, url) => body}
   end
+
+  it 'would treat oauth_token as access_token as well' do
+    rg = RestGraph.new
+    hate_facebook = 'why the hell two different name?'
+    rg.data['oauth_token'] = hate_facebook
+    rg.authorized?.should == true
+    rg.access_token       == hate_facebook
+  end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: rest-graph
 version: !ruby/object:Gem::Version 
-  hash: 15
+  hash: 13
   prerelease: false
   segments: 
   - 1
   - 4
-  - 4
-  version: 1.4.4
+  - 5
+  version: 1.4.5
 platform: ruby
 authors: 
 - Cardinal Blue
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-06 00:00:00 +08:00
+date: 2010-08-07 00:00:00 +08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency