Permalink
Browse files

[ios-sdk] When using iOS integrated auth, ensure basic info permissio…

…n is part of read permissions.

Summary:
iOS integrated auth requires at least one permission to be specified, so if read permissions
are being requested, ensure basic info ("email") is among them.

Test Plan:
- Ran unit tests
- Ran Scrumptious with iOS 6 integrated auth

Revert Plan:

Reviewers: jacl

Reviewed By: jacl

CC: msdkexp@

Differential Revision: https://phabricator.fb.com/D582163
  • Loading branch information...
1 parent b9c4cd8 commit e85ada7d707d052341ac87fc6de236163dfd3eb8 @clang13 clang13 committed Sep 23, 2012
Showing with 57 additions and 20 deletions.
  1. +1 −1 samples/Scrumptious/scrumptious/SCAppDelegate.m
  2. +56 −19 src/FBSession.m
@@ -116,7 +116,7 @@ - (void)sessionStateChanged:(FBSession *)session
}
- (BOOL)openSessionWithAllowLoginUI:(BOOL)allowLoginUI {
- NSArray *permissions = [NSArray arrayWithObjects:@"email", @"user_photos", nil];
+ NSArray *permissions = [NSArray arrayWithObjects:@"user_photos", nil];
return [FBSession openActiveSessionWithReadPermissions:permissions
allowLoginUI:allowLoginUI
completionHandler:^(FBSession *session, FBSessionState state, NSError *error) {
View
@@ -116,12 +116,12 @@ - (void)authorizeWithPermissions:(NSArray*)permissions
FBAppAuth:(BOOL)tryFBAppAuth
safariAuth:(BOOL)trySafariAuth
fallback:(BOOL)tryFallback
- isReauthorize:(BOOL)isReauthorize;
+ isReauthorize:(BOOL)isReauthorize;
- (void)authorizeUsingSystemAccountStore:(id)accountStore
accountType:(id)accountType
permissions:(NSArray*)permissions
defaultAudience:(FBSessionDefaultAudience)defaultAudience
- isReauthorize:(BOOL)isReauthorize;
+ isReauthorize:(BOOL)isReauthorize;
- (BOOL)handleOpenURLPreOpen:(NSDictionary*)parameters
accessToken:(NSString*)accessToken;
- (BOOL)handleOpenURLReauthorize:(NSDictionary*)parameters
@@ -152,6 +152,10 @@ + (void)validateRequestForPermissions:(NSArray*)permissions
isRead:(BOOL)isRead;
+ (BOOL)logIfFoundUnexpectedPermissions:(NSArray*)permissions
isRead:(BOOL)isRead;
++ (NSArray*)addBasicInfoPermission:(NSArray*)permissions;
++ (BOOL)isPublishPermission:(NSString*)permission;
++ (BOOL)areAllPermissionsReadPermissions:(NSArray*)permissions;
+
@end
@implementation FBSession : NSObject
@@ -774,7 +778,7 @@ - (void)authorizeWithPermissions:(NSArray*)permissions
FBAppAuth:tryFacebookLogin
safariAuth:tryFacebookLogin
fallback:tryFallback
- isReauthorize:isReauthorize];
+ isReauthorize:isReauthorize];
}
- (void)authorizeWithPermissions:(NSArray*)permissions
@@ -783,7 +787,7 @@ - (void)authorizeWithPermissions:(NSArray*)permissions
FBAppAuth:(BOOL)tryFBAppAuth
safariAuth:(BOOL)trySafariAuth
fallback:(BOOL)tryFallback
- isReauthorize:(BOOL)isReauthorize {
+ isReauthorize:(BOOL)isReauthorize {
// setup parameters for either the safari or inline login
NSMutableDictionary* params = [NSMutableDictionary dictionaryWithObjectsAndKeys:
self.appID, FBLoginUXClientID,
@@ -891,16 +895,14 @@ - (void)authorizeUsingSystemAccountStore:(ACAccountStore*)accountStore
accountType:(ACAccountType*)accountType
permissions:(NSArray*)permissions
defaultAudience:(FBSessionDefaultAudience)defaultAudience
- isReauthorize:(BOOL)isReauthorize {
+ isReauthorize:(BOOL)isReauthorize {
// app may be asking for nothing, but we will always have an array here
- NSMutableArray *permissionsToUse = nil;
- if (permissions != nil && permissions.count > 0) {
- permissionsToUse = [NSMutableArray arrayWithArray:permissions];
- } else {
- permissionsToUse = [NSMutableArray array];
- // No iOS 6 auth can contain 0 permissions; email is a proxy for basic
- [permissionsToUse addObject:@"email"];
+ NSArray *permissionsToUse = permissions ? permissions : [NSArray array];
+ if ([FBSession areAllPermissionsReadPermissions:permissions]) {
+ // If we have only read permissions being requested, ensure that basic info
+ // is among the permissions requested.
+ permissionsToUse = [FBSession addBasicInfoPermission:permissionsToUse];
}
NSString *audience;
@@ -984,7 +986,7 @@ - (void)authorizeUsingSystemAccountStore:(ACAccountStore*)accountStore
FBAppAuth:YES
safariAuth:YES
fallback:YES
- isReauthorize:NO];
+ isReauthorize:NO];
} else {
// create an error object with additional info regarding failed login
NSError *err = [FBSession errorLoginFailedWithReason:nil
@@ -1043,7 +1045,7 @@ - (BOOL)handleOpenURLPreOpen:(NSDictionary*)parameters
FBAppAuth:NO
safariAuth:YES
fallback:NO
- isReauthorize:NO];
+ isReauthorize:NO];
return YES;
}
@@ -1056,7 +1058,7 @@ - (BOOL)handleOpenURLPreOpen:(NSDictionary*)parameters
FBAppAuth:NO
safariAuth:NO
fallback:NO
- isReauthorize:NO];
+ isReauthorize:NO];
return YES;
}
@@ -1511,21 +1513,41 @@ + (void)validateRequestForPermissions:(NSArray*)permissions
}
}
++ (BOOL)isPublishPermission:(NSString*)permission {
+ return [permission hasPrefix:@"publish"] ||
+ [permission hasPrefix:@"manage"] ||
+ [permission isEqualToString:@"ads_management"] ||
+ [permission isEqualToString:@"create_event"] ||
+ [permission isEqualToString:@"rsvp_event"];
+}
+
++ (BOOL)areAllPermissionsReadPermissions:(NSArray*)permissions {
+ for (NSString *permission in permissions) {
+ if ([self isPublishPermission:permission]) {
+ return NO;
+ }
+ }
+ return YES;
+}
+
+ (BOOL)logIfFoundUnexpectedPermissions:(NSArray*)permissions
isRead:(BOOL)isRead {
BOOL publishPermissionFound = NO;
BOOL readPermissionFound = NO;
BOOL result = NO;
for (NSString *p in permissions) {
- if (!publishPermissionFound &&
- ([p hasPrefix:@"publish"] ||
- [p hasPrefix:@"manage"] ||
- [p isEqualToString:@"ads_management"])) {
+ if ([self isPublishPermission:p]) {
publishPermissionFound = YES;
} else {
readPermissionFound = YES;
}
+
+ // If we've found one of each we can stop looking.
+ if (publishPermissionFound && readPermissionFound) {
+ break;
+ }
}
+
if (!isRead && readPermissionFound) {
FBConditionalLog(NO, @"FBSession: a permission request for publish or manage permissions contains unexpected read permissions");
result = YES;
@@ -1538,6 +1560,21 @@ + (BOOL)logIfFoundUnexpectedPermissions:(NSArray*)permissions
return result;
}
++ (NSArray*)addBasicInfoPermission:(NSArray*)permissions {
+ // When specifying read permissions, be sure basic info is included; "email" is used
+ // as a proxy for basic info permission.
+ for (NSString *p in permissions) {
+ if ([p isEqualToString:@"email"]) {
+ // Already requested, don't need to add it again.
+ return permissions;
+ }
+ }
+
+ NSMutableArray *newPermissions = [[NSMutableArray alloc] initWithArray:permissions];
+ [newPermissions addObject:@"email"];
+ return newPermissions;
@calebshay
calebshay Sep 26, 2012

Leak here. newPermissions is retained but not autoreleased on return.

+}
+
+ (void)deleteFacebookCookies {
NSHTTPCookieStorage* cookies = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray* facebookCookies = [cookies cookiesForURL:

0 comments on commit e85ada7

Please sign in to comment.