rest-graph 2.0.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGES.md +23 -0
- data/README.md +1 -1
- data/example/rails2/app/controllers/application_controller.rb +2 -2
- data/example/rails2/config/environment.rb +10 -0
- data/example/rails2/test/functional/application_controller_test.rb +26 -0
- data/example/rails3/app/controllers/application_controller.rb +2 -2
- data/example/rails3/test/functional/application_controller_test.rb +26 -0
- data/lib/rest-graph/core.rb +2 -2
- data/lib/rest-graph/rails_util.rb +8 -1
- data/lib/rest-graph/version.rb +1 -1
- data/rest-graph.gemspec +2 -2
- data/test/test_oauth.rb +5 -3
- metadata +2 -2
data/CHANGES.md
CHANGED
@@ -1,5 +1,28 @@
|
|
1
1
|
# CHANGES
|
2
2
|
|
3
|
+
## rest-graph 2.0.1 -- 2011-11-25
|
4
|
+
|
5
|
+
### Bugs fixes back ported from [rest-more][]
|
6
|
+
|
7
|
+
* [RestGraph] Now we're using POST in `authorize!` to exchange the
|
8
|
+
access_token with the code instead of GET. If we're using GET,
|
9
|
+
we would run into a risk where a user might use the code to
|
10
|
+
get other people's access_token via the cache. Using POST would
|
11
|
+
prevent this because POSTs are not cached.
|
12
|
+
|
13
|
+
* [RestGraph::RailsUtil] Fixed a serious bug. The bug would jump up if
|
14
|
+
you're using :write_session or :write_cookies or :write_handler along
|
15
|
+
with :auto_authorize, for example:
|
16
|
+
`rest_graph_setup(:auto_authorize => true, :write_session => true)`
|
17
|
+
The problem is that RestGraph::RailsUtil is not removing the invalid
|
18
|
+
access_token stored in session or cookie, and yet it is considered
|
19
|
+
authorized, making redirecting to Facebook and redirecting back doesn't
|
20
|
+
update the access_token. `rest_graph_cleanup` is introduced to remove
|
21
|
+
all invalid access_tokens, which would get called once the user is
|
22
|
+
redirected to Facebook, fixing this bug.
|
23
|
+
|
24
|
+
[rest-more]: https://github.com/cardinalblue/rest-more
|
25
|
+
|
3
26
|
## rest-graph 2.0.0 -- 2011-10-08
|
4
27
|
|
5
28
|
We have moved the development from rest-graph to [rest-core][].
|
data/README.md
CHANGED
@@ -13,7 +13,7 @@ an experienced Ruby programmer, you might also want to look at
|
|
13
13
|
## LINKS:
|
14
14
|
|
15
15
|
* [github](https://ithub.com/cardinalblue/rest-graph)
|
16
|
-
* [rubygems](
|
16
|
+
* [rubygems](https://rubygems.org/gems/rest-graph)
|
17
17
|
* [rdoc](http://rdoc.info/projects/cardinalblue/rest-graph)
|
18
18
|
* [mailing list](http://groups.google.com/group/rest-graph/topics)
|
19
19
|
|
@@ -118,10 +118,10 @@ class ApplicationController < ActionController::Base
|
|
118
118
|
end
|
119
119
|
|
120
120
|
def filter_session
|
121
|
-
rest_graph_setup(:write_session => true)
|
121
|
+
rest_graph_setup(:write_session => true, :auto_authorize => true)
|
122
122
|
end
|
123
123
|
|
124
124
|
def filter_cookies
|
125
|
-
rest_graph_setup(:write_cookies => true)
|
125
|
+
rest_graph_setup(:write_cookies => true, :auto_authorize => true)
|
126
126
|
end
|
127
127
|
end
|
@@ -3,6 +3,16 @@
|
|
3
3
|
# Specifies gem version of Rails to use when vendor/rails is not present
|
4
4
|
RAILS_GEM_VERSION = '2.3.14' unless defined? RAILS_GEM_VERSION
|
5
5
|
|
6
|
+
# monkey patch from https://github.com/rails/rails/pull/3473
|
7
|
+
class MissingSourceFile < LoadError #:nodoc:
|
8
|
+
REGEXPS = [
|
9
|
+
[/^no such file to load -- (.+)$/i, 1],
|
10
|
+
[/^Missing \w+ (file\s*)?([^\s]+.rb)$/i, 2],
|
11
|
+
[/^Missing API definition file in (.+)$/i, 1],
|
12
|
+
[/^cannot load such file -- (.+)$/i, 1]
|
13
|
+
]
|
14
|
+
end
|
15
|
+
|
6
16
|
# Bootstrap the Rails environment, frameworks, and default configuration
|
7
17
|
require File.join(File.dirname(__FILE__), 'boot')
|
8
18
|
|
@@ -166,6 +166,32 @@ class ApplicationControllerTest < ActionController::TestCase
|
|
166
166
|
assert_equal '["yeti"]', @response.body
|
167
167
|
end
|
168
168
|
|
169
|
+
def test_wrong_session
|
170
|
+
WebMock.reset!
|
171
|
+
stub_request(:get, 'https://graph.facebook.com/me').
|
172
|
+
to_return(:body => '{"error":{"type":"OAuthException"}}')
|
173
|
+
|
174
|
+
session = @request.session
|
175
|
+
key = RestGraph::RailsUtil.rest_graph_storage_key
|
176
|
+
session[key] = 'bad'
|
177
|
+
|
178
|
+
get(:session_)
|
179
|
+
assert_equal nil, session[key]
|
180
|
+
end
|
181
|
+
|
182
|
+
def test_wrong_cookies
|
183
|
+
WebMock.reset!
|
184
|
+
stub_request(:get, 'https://graph.facebook.com/me').
|
185
|
+
to_return(:body => '{"error":{"type":"OAuthException"}}')
|
186
|
+
|
187
|
+
cookies = @request.cookies
|
188
|
+
key = RestGraph::RailsUtil.rest_graph_storage_key
|
189
|
+
session[key] = 'bad'
|
190
|
+
|
191
|
+
get(:cookies_)
|
192
|
+
assert_equal nil, cookies[key]
|
193
|
+
end
|
194
|
+
|
169
195
|
def test_error
|
170
196
|
get(:error)
|
171
197
|
rescue => e
|
@@ -118,10 +118,10 @@ class ApplicationController < ActionController::Base
|
|
118
118
|
end
|
119
119
|
|
120
120
|
def filter_session
|
121
|
-
rest_graph_setup(:write_session => true)
|
121
|
+
rest_graph_setup(:write_session => true, :auto_authorize => true)
|
122
122
|
end
|
123
123
|
|
124
124
|
def filter_cookies
|
125
|
-
rest_graph_setup(:write_cookies => true)
|
125
|
+
rest_graph_setup(:write_cookies => true, :auto_authorize => true)
|
126
126
|
end
|
127
127
|
end
|
@@ -166,6 +166,32 @@ class ApplicationControllerTest < ActionController::TestCase
|
|
166
166
|
assert_equal '["yeti"]', @response.body
|
167
167
|
end
|
168
168
|
|
169
|
+
def test_wrong_session
|
170
|
+
WebMock.reset!
|
171
|
+
stub_request(:get, 'https://graph.facebook.com/me').
|
172
|
+
to_return(:body => '{"error":{"type":"OAuthException"}}')
|
173
|
+
|
174
|
+
session = @request.session
|
175
|
+
key = RestGraph::RailsUtil.rest_graph_storage_key
|
176
|
+
session[key] = 'bad'
|
177
|
+
|
178
|
+
get(:session_)
|
179
|
+
assert_equal nil, session[key]
|
180
|
+
end
|
181
|
+
|
182
|
+
def test_wrong_cookies
|
183
|
+
WebMock.reset!
|
184
|
+
stub_request(:get, 'https://graph.facebook.com/me').
|
185
|
+
to_return(:body => '{"error":{"type":"OAuthException"}}')
|
186
|
+
|
187
|
+
cookies = @request.cookies
|
188
|
+
key = RestGraph::RailsUtil.rest_graph_storage_key
|
189
|
+
session[key] = 'bad'
|
190
|
+
|
191
|
+
get(:cookies_)
|
192
|
+
assert_equal nil, cookies[key]
|
193
|
+
end
|
194
|
+
|
169
195
|
def test_error
|
170
196
|
get(:error)
|
171
197
|
rescue => e
|
data/lib/rest-graph/core.rb
CHANGED
@@ -408,10 +408,10 @@ class RestGraph < RestGraphStruct
|
|
408
408
|
end
|
409
409
|
|
410
410
|
def authorize! opts={}
|
411
|
-
|
411
|
+
payload = {:client_id => app_id, :client_secret => secret}.merge(opts)
|
412
412
|
self.data = Rack::Utils.parse_query(
|
413
413
|
request({:auto_decode => false}.merge(opts),
|
414
|
-
[:
|
414
|
+
[:post, url('oauth/access_token'), payload]))
|
415
415
|
end
|
416
416
|
|
417
417
|
|
@@ -122,7 +122,7 @@ module RestGraph::RailsUtil
|
|
122
122
|
|
123
123
|
logger.debug("DEBUG: RestGraph: redirect to #{@rest_graph_authorize_url}")
|
124
124
|
|
125
|
-
|
125
|
+
rest_graph_cleanup
|
126
126
|
rest_graph_authorize_redirect
|
127
127
|
end
|
128
128
|
end
|
@@ -318,6 +318,13 @@ module RestGraph::RailsUtil
|
|
318
318
|
|
319
319
|
|
320
320
|
# ==================== begin misc ================================
|
321
|
+
def rest_graph_cleanup
|
322
|
+
cookies.delete("fbs_#{rest_graph.app_id}")
|
323
|
+
cookies.delete("fbsr_#{rest_graph.app_id}")
|
324
|
+
cookies.delete(rest_graph_storage_key)
|
325
|
+
session.delete(rest_graph_storage_key)
|
326
|
+
end
|
327
|
+
|
321
328
|
def rest_graph_normalized_request_uri
|
322
329
|
uri = if rest_graph_in_canvas?
|
323
330
|
# rails 3 uses newer rack which has fullpath
|
data/lib/rest-graph/version.rb
CHANGED
data/rest-graph.gemspec
CHANGED
@@ -2,13 +2,13 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "rest-graph"
|
5
|
-
s.version = "2.0.
|
5
|
+
s.version = "2.0.1"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = [
|
9
9
|
"Cardinal Blue",
|
10
10
|
"Lin Jen-Shin (godfat)"]
|
11
|
-
s.date = "2011-
|
11
|
+
s.date = "2011-11-25"
|
12
12
|
s.description = "A lightweight Facebook Graph API client\n\nWe have moved the development from rest-graph to [rest-core][].\nBy now on, we would only fix bugs in rest-graph rather than adding\nfeatures, and we would only backport important changes from rest-core\nonce in a period. If you want the latest goodies, please see [rest-core][]\nOtherwise, you can stay with rest-graph with bugs fixes.\n\n[rest-core]: https://github.com/cardinalblue/rest-core"
|
13
13
|
s.email = ["dev (XD) cardinalblue.com"]
|
14
14
|
s.files = [
|
data/test/test_oauth.rb
CHANGED
@@ -22,9 +22,11 @@ describe RestGraph do
|
|
22
22
|
end
|
23
23
|
|
24
24
|
should 'do authorizing and parse result and save it in data' do
|
25
|
-
stub_request(:
|
26
|
-
|
27
|
-
|
25
|
+
stub_request(:post, 'https://graph.facebook.com/oauth/access_token'). \
|
26
|
+
with(:body => {'client_id' => '29' ,
|
27
|
+
'client_secret' => '18' ,
|
28
|
+
'redirect_uri' => 'http://zzz.tw',
|
29
|
+
'code' => 'zzz'}).
|
28
30
|
to_return(:body => 'access_token=baken&expires=2918')
|
29
31
|
|
30
32
|
result = {'access_token' => 'baken', 'expires' => '2918'}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rest-graph
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2011-
|
13
|
+
date: 2011-11-25 00:00:00.000000000 Z
|
14
14
|
dependencies: []
|
15
15
|
description: ! 'A lightweight Facebook Graph API client
|
16
16
|
|