No error raised when access token is retrieved for blocked IPs

No error was raised when an access token was retrieved from an IP that was not white-listed. Moved all the error code into one method that detects both OAuth 2.0 00 style and OAuth 2.0 10 style.
gboer · Oct 19, 2012 · 0609c29 · 0609c29
1 parent 721f53b
commit 0609c29
Showing 1 changed file with 36 additions and 11 deletions.
diff --git a/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php b/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php
@@ -724,6 +724,15 @@ protected function getAccessTokenFromCode($code, $redirect_uri = null) {
       return false;
     }
 
+    // Check for errors, which are returned as json data, rather than query-strings.
+    if (is_string($access_token_response)) {
+      $json = json_decode($access_token_response, true);
+
+      if (is_array($json)) {
+        $this->throwAPIExceptionIfError($json);
+      }
+    }
+
     $response_params = array();
     parse_str($access_token_response, $response_params);
     if (!isset($response_params['access_token'])) {
@@ -752,18 +761,30 @@ protected function _restserver($params) {
     ), true);
 
     // results are returned, errors are thrown
-    if (is_array($result) && isset($result['error_code'])) {
-      $this->throwAPIException($result);
-    }
-
+    $this->throwAPIExceptionIfError($result);
+
     if ($params['method'] === 'auth.expireSession' ||
         $params['method'] === 'auth.revokeAuthorization') {
       $this->destroySession();
     }
 
     return $result;
   }
-
+
+  /**
+   * Throws an exception if an error occurred during an oauth call.
+   *
+   * @param array $response
+   */
+  protected function throwAPIExceptionIfError($response)
+  {
+    if (is_array($response) &&
+        (isset($response['error_code']) ||
+         isset($response['error']))) {
+      $this->throwAPIException($response);
+    }
+  }
+
   /**
    * Return true if this is video post.
    *
@@ -808,9 +829,7 @@ protected function _graph($path, $method = 'GET', $params = array()) {
     ), true);
 
     // results are returned, errors are thrown
-    if (is_array($result) && isset($result['error'])) {
-      $this->throwAPIException($result);
-    }
+    $this->throwAPIExceptionIfError($result);
 
     return $result;
   }
@@ -836,7 +855,11 @@ protected function _oauthRequest($url, $params) {
       }
     }
 
-    return $this->makeRequest($url, $params);
+    $result = $this->makeRequest($url, $params);
+
+    $this->throwAPIExceptionIfError($result);
+
+    return $result;
   }
 
   /**
@@ -1277,7 +1300,7 @@ abstract protected function clearAllPersistentData();
 	* http://developers.facebook.com/roadmap/offline-access-removal/#extend_token
 	* http://stackoverflow.com/a/9035036/1106794
 	*/
-	function extendedAccessToken( $old_access_token )
+	public function extendedAccessToken( $old_access_token )
 	{
 		// Make a OAuth Request.
 		try {
@@ -1301,7 +1324,9 @@ function extendedAccessToken( $old_access_token )
 		if (empty($response)) {
 			return false;
 		}
-
+
+    $this->throwAPIExceptionIfError($response);
+
 		$response_params = array();
 
 		parse_str($response, $response_params);