rfacebook 0.8.6 → 0.8.7

data/lib/facepricot.rb

@@ -110,7 +110,8 @@ module RFacebook
     include FacepricotChaining
 
     def initialize(hpricotDoc)
-      super(hpricotDoc.inner_html)
+      # TODO: does this fix the Hpricot HTML entity escaping problem?
+      super(hpricotDoc.inner_html.gsub("&", "&"))
       @doc = hpricotDoc
     end
     

data/lib/rfacebook_on_rails/controller_extensions.rb

@@ -93,8 +93,8 @@ module RFacebook
       
       def fbsession
         
-        # if we are in the canvas or iframe, we should be able to activate the session here
-        if (!rfacebook_session_holder.is_valid? and (in_facebook_canvas? or in_facebook_frame?))
+        # if we are in the canvas, iframe, or mock ajax, we should be able to activate the session here
+        if (!rfacebook_session_holder.is_valid? and (in_facebook_canvas? or in_facebook_frame? or in_mock_ajax?))
                   
           # then try to activate it somehow (or retrieve from previous state)
           # these might be nil
@@ -139,6 +139,10 @@ module RFacebook
         return (params["fb_sig_in_iframe"] != nil or params["fb_sig_in_canvas"] != nil)
       end
       
+      def in_mock_ajax?
+        return (params["fb_mockajax_url"] != nil)
+      end
+      
       def in_external_app?
         return (!params[:fb_sig] and !in_facebook_frame?)
       end
@@ -168,6 +172,7 @@ module RFacebook
             # grab saved Facebook session from Rails session
             RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: grabbing Facebook session from Rails session"
             @rfacebook_session_holder = session[:rfacebook_session]
+            @rfacebook_session_holder.logger = RAILS_DEFAULT_LOGGER
           
           end
         
@@ -175,6 +180,8 @@ module RFacebook
           if !rfacebook_session_holder.is_valid?
             RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK WARNING: Facebook session could not be activated (from handle_facebook_login)"
           elsif params["auth_token"]
+            # TODO: ignoring is proper when we have already used the auth_token (we could try to reauth and swallow the exception)
+            #         however, we probably want to re-auth if the new auth_token is valid (new user, old user probably logged out)
             RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: received a new auth_token, but we already have a valid session (ignored new auth_token)"
           end
             
@@ -245,7 +252,7 @@ module RFacebook
       end
       
       def facebook_debug_panel(options={})
-        return ERB.new(RFacebook::Rails::DEBUG_PANEL_ERB_TEMPLATE).result(Proc.new{})
+        return ERB.new(RFacebook::Rails::DEBUG_PANEL_ERB_TEMPLATE).result(Proc.new{}) # TODO: should use File.dirname(__FILE__) + 'templates/debug_panel.rhtml' instead
       end
       
       def facebook_status_manager
@@ -312,20 +319,38 @@ module RFacebook
             alias_method(:url_for__ALIASED, :url_for)
       
             def url_for(options={}, *parameters)
+              
+              # error check
               if !options
                 RAILS_DEFAULT_LOGGER.info "** RFACEBOOK WARNING: options cannot be nil in call to url_for"
               end
-              if in_facebook_canvas? #TODO: or in_facebook_frame?)
+              
+              # use special URL rewriting when inside the canvas
+              # setting the mock_ajax option to true will override this
+              # and force usage of regular Rails rewriting
+              if (in_facebook_canvas? and !options[:mock_ajax]) #TODO: or in_facebook_frame?
+                
                 if options.is_a? Hash
                   options[:only_path] = true
                 end
+                
+                # try to get a regular URL
                 path = url_for__ALIASED(options, *parameters)
+                path += "/"
+                                
+                # replace anything that references the callback with the
+                # Facebook canvas equivalent (apps.facebook.com/*)
                 if path.starts_with?(self.facebook_callback_path)
-                  path.gsub!(self.facebook_callback_path, self.facebook_canvas_path)
-                  if !options.has_key?(:only_path)
-                    path = "http://apps.facebook.com#{path}"
-                  end
+                  path.sub!(self.facebook_callback_path, self.facebook_canvas_path)
+                  path = "http://apps.facebook.com#{path}"
+                else
+                  # default to a full URL (will link externally)
+                  RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to get canvas-friendly URL ("+path+") for ["+options.inspect+"], creating an external URL instead"
+                  options[:only_path] = false
+                  path = url_for__ALIASED(options, *parameters)
                 end
+              
+              # regular Rails rewriting
               else
                 path = url_for__ALIASED(options, *parameters)
               end
@@ -338,8 +363,9 @@ module RFacebook
           
             def redirect_to(options = {}, *parameters)
               if in_facebook_canvas?
-                RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: Canvas redirect to #{url_for(options)}"
-                render :text => "<fb:redirect url=\"#{url_for(options)}\" />"     
+                canvasRedirUrl = url_for(options, *parameters)
+                RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: Canvas redirect to #{canvasRedirUrl}"
+                render :text => "<fb:redirect url=\"#{canvasRedirUrl}\" />"     
               else
                 RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: Regular redirect_to"
                 redirect_to__ALIASED(options, *parameters)

data/lib/rfacebook_on_rails/plugin/init.rb

@@ -31,6 +31,9 @@ require "rfacebook_on_rails/view_extensions"
 require "rfacebook_on_rails/controller_extensions"
 require "rfacebook_on_rails/model_extensions"
 
+require "digest/md5"
+require "cgi"
+
 module RFacebook
   module Rails
     module Plugin
@@ -73,6 +76,7 @@ rescue
 end
 
 # make sure the paths have leading and trailing slashes
+# TODO: also parse for full URLs beginning with HTTP (see: http://rubyforge.org/tracker/index.php?func=detail&aid=13096&group_id=3607&atid=13796)
 def ensureLeadingAndTrailingSlashesForPath(path)
   if (path and path.size>0)
     if !path.starts_with?("/")
@@ -87,8 +91,8 @@ def ensureLeadingAndTrailingSlashesForPath(path)
   end
 end
 
-FACEBOOK["canvas_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["canvas_path"])
-FACEBOOK["callback_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["callback_path"])
+FACEBOOK["canvas_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["canvas_path"]).strip
+FACEBOOK["callback_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["callback_path"]).strip
 
 # inject methods
 ActionView::Base.send(:include, RFacebook::Rails::ViewExtensions)
@@ -99,3 +103,100 @@ ActionController::Base.send(:include, RFacebook::Rails::Plugin::ControllerExtens
 
 ActiveRecord::Base.send(:include, RFacebook::Rails::ModelExtensions)
 ActiveRecord::Base.send(:include, RFacebook::Rails::Plugin::ModelExtensions)
+
+
+class CGI::Session
+
+  alias :initialize__ALIASED :initialize
+  alias :new_session__ALIASED :new_session
+  
+  def using_facebook_session_id?
+    return @using_fb_session_id
+  end
+  
+  def force_to_be_new!
+    @force_to_be_new = true
+  end
+  
+  def new_session
+    if @force_to_be_new
+      return true
+    else
+      return new_session__ALIASED
+    end
+  end
+
+  def initialize(request, options = {})
+    
+    # check the environment to find a Facebook sig_session_key (credit: Blake Carlson and David Troy)
+    fbsessionId = nil
+    ["RAW_POST_DATA", "QUERY_STRING", "HTTP_REFERER"].each do |tableSource|
+      if request.env_table[tableSource]
+        fbsessionId = CGI::parse(request.env_table[tableSource]).fetch('fb_sig_session_key'){[]}.first
+        RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: checked #{tableSource} for Facebook session id and got [#{fbsessionId}]"
+      end
+      break if fbsessionId
+    end
+
+    # we only want to change the session_id if we got one from the fb_sig
+    if fbsessionId
+      options['session_id'] = Digest::MD5.hexdigest(fbsessionId)
+      @using_facebook_session_id = true
+      RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: using MD5 of Facebook session id [#{options['session_id']}] for the Rails session id}"
+    end
+    
+    # now call the default Rails session initialization
+    initialize__ALIASED(request, options)
+  end
+end
+
+# NOTE: the following extensions allow ActiveRecord and PStore to use the Facebook session id for sessions
+#       Their implementation warrants another look.  Ideally, we'd like to solve this further up the chain
+#       so that sessions will work no matter what store you have
+#       ...maybe we could just override CGI::Session#session_id? what are the consequences?
+
+# TODO: support other session stores (like MemCached, etc.)
+
+# force ActiveRecordStore to use the Facebook session id (credit: Blake Carlson)
+class CGI
+  class Session
+    class ActiveRecordStore
+      alias :initialize__ALIASED :initialize
+      def initialize(session, options = nil)
+        initialize__ALIASED(session, options)
+        session_id = session.session_id
+        unless @session = ActiveRecord::Base.silence { @@session_class.find_by_session_id(session_id) }
+          # FIXME: technically this might be a security problem, since an external browser can grab any unused session id they want
+          @session = @@session_class.new(:session_id => session_id, :data => {})
+        end
+      end      
+    end
+  end
+end
+
+# force PStore to use the Facebook session id
+class CGI
+  class Session
+    class PStore
+      alias :initialize__ALIASED :initialize
+      def initialize(session, options = nil)
+        begin
+          RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: inside PStore, with session_id: #{session.session_id}, new_session = #{session.new_session ? 'yes' : 'no'}"
+          initialize__ALIASED(session, options)
+        rescue Exception => e 
+          begin
+            RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to init PStore session, trying to make a new session"
+            # FIXME: technically this might be a security problem, since an external browser can grab any unused session id they want
+            if session.session_id
+              session.force_to_be_new!
+            end
+            initialize__ALIASED(session, options)
+          rescue Exception => e
+            RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to create a new PStore session falling back to default Rails behavior"
+            raise e
+          end
+        end
+      end      
+    end
+  end
+end

data/lib/rfacebook_on_rails/view_extensions.rb

@@ -49,7 +49,7 @@ module RFacebook
       
       def image_path(*params)
         path = super(*params)
-        if in_facebook_canvas? # TODO: or in_facebook_frame?)
+        if (in_facebook_canvas? or in_mock_ajax?) # TODO: or in_facebook_frame?)
           path = "#{request.protocol}#{request.host_with_port}#{path}"
         end
         return path

metadata

@@ -3,8 +3,8 @@ rubygems_version: 0.9.0
 specification_version: 1
 name: rfacebook
 version: !ruby/object:Gem::Version 
-  version: 0.8.6
-date: 2007-08-11 00:00:00 -07:00
+  version: 0.8.7
+date: 2007-08-16 00:00:00 -05:00
 summary: A Ruby interface to the Facebook API v1.0+ (F8 and beyond).  Works with RFacebook on Rails plugin (see rfacebook.rubyforge.org).
 require_paths: 
 - lib