RubyGems - rfacebook - Versions diffs - 0.8.8 → 0.8.9 - Mend

rfacebook 0.8.8 → 0.8.9

Files changed (3) hide show

data/lib/rfacebook_on_rails/plugin/init.rb +17 -96
data/lib/rfacebook_on_rails/session_extensions.rb +101 -0
metadata +3 -2

data/lib/rfacebook_on_rails/plugin/init.rb CHANGED Viewed

@@ -30,9 +30,7 @@
 require "rfacebook_on_rails/view_extensions"
 require "rfacebook_on_rails/controller_extensions"
 require "rfacebook_on_rails/model_extensions"
-require "digest/md5"
-require "cgi"
+require "rfacebook_on_rails/session_extensions"
 module RFacebook
   module Rails
@@ -94,7 +92,7 @@ end
 FACEBOOK["canvas_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["canvas_path"])
 FACEBOOK["callback_path"] = ensureLeadingAndTrailingSlashesForPath(FACEBOOK["callback_path"])
-# inject methods
+# inject methods to Rails MVC classes
 ActionView::Base.send(:include, RFacebook::Rails::ViewExtensions)
 ActionView::Base.send(:include, RFacebook::Rails::Plugin::ViewExtensions)
@@ -104,99 +102,22 @@ ActionController::Base.send(:include, RFacebook::Rails::Plugin::ControllerExtens
 ActiveRecord::Base.send(:include, RFacebook::Rails::ModelExtensions)
 ActiveRecord::Base.send(:include, RFacebook::Rails::Plugin::ModelExtensions)
-class CGI::Session
-  alias :initialize__ALIASED :initialize
-  alias :new_session__ALIASED :new_session
-  def using_facebook_session_id?
-    return @using_fb_session_id
-  end
-  def force_to_be_new!
-    @force_to_be_new = true
-  end
-  def new_session
-    if @force_to_be_new
-      return true
-    else
-      return new_session__ALIASED
-    end
-  end
-  def initialize(request, options = {})
-    # check the environment to find a Facebook sig_session_key (credit: Blake Carlson and David Troy)
-    fbsessionId = nil
-    ["RAW_POST_DATA", "QUERY_STRING", "HTTP_REFERER"].each do |tableSource|
-      if request.env_table[tableSource]
-        fbsessionId = CGI::parse(request.env_table[tableSource]).fetch('fb_sig_session_key'){[]}.first
-        RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: checked #{tableSource} for Facebook session id and got [#{fbsessionId}]"
-      end
-      break if fbsessionId
-    end
-    # we only want to change the session_id if we got one from the fb_sig
-    if fbsessionId
-      options['session_id'] = Digest::MD5.hexdigest(fbsessionId)
-      @using_facebook_session_id = true
-      RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: using MD5 of Facebook session id [#{options['session_id']}] for the Rails session id}"
-    end
-    # now call the default Rails session initialization
-    initialize__ALIASED(request, options)
-  end
-end
-# NOTE: the following extensions allow ActiveRecord and PStore to use the Facebook session id for sessions
-#       Their implementation warrants another look.  Ideally, we'd like to solve this further up the chain
-#       so that sessions will work no matter what store you have
-#       ...maybe we could just override CGI::Session#session_id? what are the consequences?
-# TODO: support other session stores (like MemCached, etc.)
-# force ActiveRecordStore to use the Facebook session id (credit: Blake Carlson)
-class CGI
-  class Session
-    class ActiveRecordStore
+# inject methods to patch Rails session containers
+# TODO: document this as API so that everyone knows how to patch their own custom session container
+module RFacebook::Rails::Toolbox
+  def self.patch_session_store_class(sessionStoreKlass)
+    sessionStoreKlass.send(:include, RFacebook::Rails::SessionStoreExtensions)
+    sessionStoreKlass.class_eval'
       alias :initialize__ALIASED :initialize
-      def initialize(session, options = nil)
-        initialize__ALIASED(session, options)
-        session_id = session.session_id
-        unless @session = ActiveRecord::Base.silence { @@session_class.find_by_session_id(session_id) }
-          # FIXME: technically this might be a security problem, since an external browser can grab any unused session id they want
-          @session = @@session_class.new(:session_id => session_id, :data => {})
-        end
-      end
-    end
+      alias :initialize :initialize__RFACEBOOK
+    '
   end
 end
-# force PStore to use the Facebook session id
-class CGI
-  class Session
-    class PStore
-      alias :initialize__ALIASED :initialize
-      def initialize(session, options = nil)
-        begin
-          RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: inside PStore, with session_id: #{session.session_id}, new_session = #{session.new_session ? 'yes' : 'no'}"
-          initialize__ALIASED(session, options)
-        rescue Exception => e
-          begin
-            RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to init PStore session, trying to make a new session"
-            # FIXME: technically this might be a security problem, since an external browser can grab any unused session id they want
-            if session.session_id
-              session.force_to_be_new!
-            end
-            initialize__ALIASED(session, options)
-          rescue Exception => e
-            RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to create a new PStore session falling back to default Rails behavior"
-            raise e
-          end
-        end
-      end
-    end
-  end
-end
+# patch as many session stores as possible
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::PStore)
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::ActiveRecordStore)
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::DRbStore)
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::FileStore)
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::MemoryStore)
+RFacebook::Rails::Toolbox::patch_session_store_class(CGI::Session::MemCacheStore)

data/lib/rfacebook_on_rails/session_extensions.rb ADDED Viewed

@@ -0,0 +1,101 @@
+# Copyright (c) 2007, Matt Pizzimenti (www.livelearncode.com)
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without modification,
+# are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# Neither the name of the original author nor the names of contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+require "digest/md5"
+require "cgi"
+# patch up the CGI session module to use Facebook session keys when cookies aren't available
+class CGI::Session
+  alias :initialize__ALIASED :initialize
+  alias :new_session__ALIASED :new_session
+  def using_facebook_session_id?
+    return @using_fb_session_id
+  end
+  def force_to_be_new!
+    @force_to_be_new = true
+  end
+  def new_session
+    if @force_to_be_new
+      return true
+    else
+      return new_session__ALIASED
+    end
+  end
+  def initialize(request, options = {})
+    # check the environment to find a Facebook sig_session_key (credit: Blake Carlson and David Troy)
+    fbsessionId = nil
+    ["RAW_POST_DATA", "QUERY_STRING", "HTTP_REFERER"].each do |tableSource|
+      if request.env_table[tableSource]
+        fbsessionId = CGI::parse(request.env_table[tableSource]).fetch('fb_sig_session_key'){[]}.first
+        RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: checked #{tableSource} for Facebook session id and got [#{fbsessionId}]"
+      end
+      break if fbsessionId
+    end
+    # we only want to change the session_id if we got one from the fb_sig
+    if fbsessionId
+      options['session_id'] = Digest::MD5.hexdigest(fbsessionId)
+      @using_facebook_session_id = true
+      RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: using MD5 of Facebook session id [#{options['session_id']}] for the Rails session id}"
+    end
+    # now call the default Rails session initialization
+    initialize__ALIASED(request, options)
+  end
+end
+# Module: SessionStoreExtensions
+#
+#   Special initialize method that forces any session store to use the Facebook session
+module RFacebook::Rails::SessionStoreExtensions
+  def initialize__RFACEBOOK(session, options, *extraParams)
+    begin
+      RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: inside #{self.class.to_s}, with session_id: #{session.session_id}, new_session = #{session.new_session ? 'yes' : 'no'}"
+      initialize__ALIASED(session, options, *extraParams)
+    rescue Exception => e
+      begin
+        RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to init #{self.class.to_s} session, trying to make a new session"
+        # FIXME: technically this might be a security problem, since an external browser can grab any unused session id they want
+        if session.session_id
+          session.force_to_be_new!
+        end
+        initialize__ALIASED(session, options, *extraParams)
+      rescue Exception => e
+        RAILS_DEFAULT_LOGGER.debug "** RFACEBOOK INFO: failed to create a new #{self.class.to_s} session falling back to default Rails behavior"
+        raise e
+      end
+    end
+  end
+end

metadata CHANGED Viewed

@@ -3,8 +3,8 @@ rubygems_version: 0.9.1
 specification_version: 1
 name: rfacebook
 version: !ruby/object:Gem::Version
-  version: 0.8.8
-date: 2007-08-17 00:00:00 -05:00
+  version: 0.8.9
+date: 2007-08-18 00:00:00 -05:00
 summary: A Ruby interface to the Facebook API v1.0+ (F8 and beyond).  Works with RFacebook on Rails plugin (see rfacebook.rubyforge.org).
 require_paths:
 - lib
@@ -38,6 +38,7 @@ files:
 - lib/rfacebook_on_rails/controller_extensions.rb
 - lib/rfacebook_on_rails/model_extensions.rb
 - lib/rfacebook_on_rails/plugin
+- lib/rfacebook_on_rails/session_extensions.rb
 - lib/rfacebook_on_rails/status_manager.rb
 - lib/rfacebook_on_rails/templates
 - lib/rfacebook_on_rails/view_extensions.rb