Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Adding tests

  • Loading branch information...
commit 64ebc17bcb01c8f53eb3d60620c107552cd0241b 1 parent 5eec43a
andy authored
View
19 lib/facebooker2/rails/controller.rb
@@ -218,15 +218,14 @@ def oauth2_current_facebook_user
def oauth2_fetch_client_and_user
return if @_fb_user_fetched
- # Try to authenticate from the signed request first
- sig = oauth2_fetch_client_and_user_from_cookie if @_current_facebook_client.nil? and !signed_request_from_logged_out_user?
+ sig = oauth2_fetch_client_and_user_from_cookie if @_current_facebook_client.nil?
@_fb_user_fetched = true
end
def oauth2_fetch_client_and_user_from_cookie
return unless fb_cookie?
- return unless oauth2_fb_cookie_signature_correct?(fb_cookie)
sig,payload = fb_cookie.split('.')
+ return unless oauth2_fb_cookie_signature_correct?(sig, payload)
data = JSON.parse(oauth2_base64_url_decode(payload))
authenticator = Mogli::Authenticator.new(Facebooker2.app_id, Facebooker2.secret, nil)
client = Mogli::Client.create_from_code_and_authenticator(data["code"], authenticator)
@@ -234,21 +233,19 @@ def oauth2_fetch_client_and_user_from_cookie
fb_sign_in_user_and_client(user, client)
end
- def oauth2_fb_cookie_signature_correct?(cookie)
- sig, payload = cookie.split('.')
+ def oauth2_fb_cookie_signature_correct?(sig, payload)
sig = oauth2_base64_url_decode(sig)
- ### TODO we don't know if the payload needs to be translated from base64_url to base64 as
- # done below. I took this code from our signed request stuff ... and modified it to
- ## look like the PHP implementation
- # https://developers.facebook.com/docs/authentication/signed_request/
- expected_signature = OpenSSL::HMAC.digest('SHA256', Facebooker2.secret, payload)
+ ## From the PHP implementation
+ ## https://developers.facebook.com/docs/authentication/signed_request/
+
+ expected_signature = HMAC::SHA256.digest(Facebooker2.secret, payload)
return sig == expected_signature
end
# Stolen from mini_fb.
# Ruby's implementation of base64 decoding reads the string in multiples of 6 and ignores any extra bytes.
# Since facebook does not take this into account, this function fills any string with white spaces up to
- # the point where it becomes divisible by 6, then it replaces '-' with '+' and '_' with '/' (URL-safe decoding),
+ # the point where it becomes divisible by 6, then it replaces '-' with '+' and '_' with '/' ( reverting the URL-safe encoding),
# and decodes the result.
def oauth2_base64_url_decode(str)
str = str + "=" * (6 - str.size % 6) unless str.size % 6 == 0
View
22 spec/facebooker2_spec.rb
@@ -1,5 +1,9 @@
require "spec_helper"
describe Facebooker2 do
+ after :all do
+ Facebooker2.configuration = {:app_id=>1234,:secret=>"secret", :oauth2=>false}
+ Facebooker2.cookie_prefix='fbs_'
+ end
describe "Configuration" do
it "allows setting of the api_key" do
@@ -46,18 +50,12 @@
end
- #context "with oauth2" do
- # class TestHelper
- # end
- # before do
- # @test_helper = TestHelper.new
- # @test_helper.extend(Facebooker2)
- # @test_helper.configuration= {:oauth2=>true}
- # end
- # it "specifies the correct cookie prefix" do
- # @test_helper.cookie_prefix.should equal('fbsr_')
- # end
- #end
+ context "with oauth2" do
+ it "specifies the correct cookie prefix" do
+ Facebooker2.configuration= {:oauth2=>true}
+ Facebooker2.cookie_prefix.should == 'fbsr_'
+ end
+ end
end
describe "Casting to facebook_id" do
View
49 spec/helpers/javascript_spec.rb
@@ -3,31 +3,30 @@
include Facebooker2::Rails::Helpers
include Facebooker2
describe "fb_connect_async_js" do
- it "loads with defaults" do
- pending
- #js = fb_connect_async_js '12345'
- #js.should == <<-JAVASCRIPT
- # <div id="fb-root"></div>
- # <script>
- # window.fbAsyncInit = function() {
- # FB.init({
- # appId : '12345',
- # status : true, // check login status
- # cookie : true, // enable cookies to allow the server to access the session
- #
- # xfbml : true // parse XFBML
- # });
- #
- # };
- #
- # (function() {
- # var e = document.createElement('script'); e.async = true;
- # e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
- # document.getElementById('fb-root').appendChild(e);
- # }());
- # </script>
- #JAVASCRIPT
- end
+ #it "loads with defaults" do
+ # js = fb_connect_async_js '12345'
+ # js.should == <<-JAVASCRIPT
+ # <div id="fb-root"></div>
+ # <script>
+ # window.fbAsyncInit = function() {
+ # FB.init({
+ # appId : '12345',
+ # status : true, // check login status
+ # cookie : true, // enable cookies to allow the server to access the session
+ #
+ # xfbml : true // parse XFBML
+ # });
+ #
+ # };
+ #
+ # (function() {
+ # var e = document.createElement('script'); e.async = true;
+ # e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
+ # document.getElementById('fb-root').appendChild(e);
+ # }());
+ # </script>
+ # JAVASCRIPT
+ #end
it "disables cookies" do
js = fb_connect_async_js '12345', :cookie => false
View
32 spec/rails/controller_spec.rb
@@ -5,11 +5,17 @@ class FakeController < ActionController::Base
end
describe Facebooker2::Rails::Controller do
+ after(:all) do
+ Facebooker2.app_id = "12345"
+ Facebooker2.secret = "42ca6de519d53f6e0420247a4d108d90"
+ end
+
+ context "Without oauth2" do
before(:each) do
Facebooker2.app_id = "12345"
Facebooker2.secret = "42ca6de519d53f6e0420247a4d108d90"
end
-
+
let :controller do
controller = FakeController.new
controller.stub!(:params).and_return({})
@@ -199,5 +205,29 @@ class FakeController < ActionController::Base
end
end
+ end
+ context "Using oauth2" do
+ let :controller do
+ controller = FakeController.new
+ end
+ it "properly decodes base64 URL encoded string missing appropriate padding" do
+ controller.oauth2_base64_url_decode('VGhpcyBpcyBlbmNvZGVkIQ').should == 'This is encoded!'
+ end
+
+ context "a valid signature" do
+ before do
+ Facebooker2.secret='secret'
+ end
+ # Example from the FB Signed Request doc : http://developers.facebook.com/docs/authentication/signed_request/
+ #vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0
+ it "recognizes a valid signature" do
+ controller.oauth2_fb_cookie_signature_correct?('vlXgu64BQGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0').should be_true
+ end
+ it "rejects an invalid signature" do
+ controller.oauth2_fb_cookie_signature_correct?('QGFSQrY0ZcJBZASMvYvTHu9GQ0YM9rjPSso','eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsIjAiOiJwYXlsb2FkIn0').should be_false
+ end
+
+ end
+ end
end
Please sign in to comment.
Something went wrong with that request. Please try again.