Skip to content
Browse files

Merge branch 'master' of http://github.com/mjallday/pyfacebook

Also added similar code to work with the 'New SDKs' Migrations setting.
  • Loading branch information...
2 parents 10463e3 + 7fd2cb4 commit e3ad05bff3e1e2f20d00e79c7ed6b090156c4acd @woodcoder woodcoder committed Jun 14, 2010
Showing with 102 additions and 27 deletions.
  1. +40 −7 facebook/__init__.py
  2. +61 −19 facebook/djangofb/__init__.py
  3. +1 −1 setup.py
View
47 facebook/__init__.py
@@ -110,7 +110,7 @@ def urlread(url, data=None):
__all__ = ['Facebook','create_hmac']
-VERSION = '1.0a1'
+VERSION = '1.0a2'
FACEBOOK_URL = 'http://api.facebook.com/restserver.php'
FACEBOOK_VIDEO_URL = 'http://api-video.facebook.com/restserver.php'
@@ -1716,14 +1716,26 @@ def check_session(self, request, params=None):
params = self.validate_signature(request.GET)
if not params:
+ cookies = None
+
# first check if we are in django - to check cookies
if hasattr(request, 'COOKIES'):
- params = self.validate_cookie_signature(request.COOKIES)
- self.is_session_from_cookie = True
+ cookies = request.COOKIES
else:
- # if not, then we might be on GoogleAppEngine, check their request object cookies
- if hasattr(request,'cookies'):
- params = self.validate_cookie_signature(request.cookies)
+ if hasattr(request, 'cookies'):
+ cookies = request.cookies
+
+ if cookies:
+
+ print('cookies exexex')
+
+ params = self.validate_oauth_cookie_signature(cookies)
+
+ if params:
+ self.is_oauth = True
+ self.oauth_token = params['access_token']
+ else:
+ params = self.validate_cookie_signature(cookies)
self.is_session_from_cookie = True
if not params:
@@ -1782,6 +1794,8 @@ def check_session(self, request, params=None):
self.uid = params['user']
elif 'page_id' in params:
self.page_id = params['page_id']
+ elif 'uid' in params:
+ self.uid = params['uid']
else:
return False
elif 'profile_session_key' in params:
@@ -1799,6 +1813,13 @@ def check_session(self, request, params=None):
return True
+ def validate_oauth_session(self, session_json):
+ session = simplejson.loads(session_json)
+ sig = session.pop('sig')
+ hash = self._hash_args(session)
+ if hash == sig:
+ return session
+ return None
def validate_signature(self, post, prefix='fb_sig', timeout=None):
"""
@@ -1838,11 +1859,23 @@ def validate_iframe(self, request):
digest = create_hmac("%s%s" % (str(userid),str(request_time)))
return digest == app_sig
+ def validate_oauth_cookie_signature(self, cookies):
+ cookie_name = 'fbs_%s' % self.app_id
+ if cookie_name in cookies:
+ # value like
+ # "access_token=104302089510310%7C2.HYYLow1Vlib0s_sJSAESjw__.3600.1275037200-100000214342553%7CtC1aolM22Lauj_dZhYnv_tF2CK4.&base_domain=yaycy.com&expires=1275037200&secret=FvIHkbAFwEy_0sueRk2ZYQ__&session_key=2.HYYoow1Vlib0s_sJSAESjw__.3600.1275037200-100000214342553&sig=7bb035a0411be7aa801964ae34416f28&uid=100000214342553"
+ params = dict([part.split('=') for part in cookies[cookie_name]])
+ sig = params.pop('sig')
+ hash = self._hash_args(params)
+ if hash == sig:
+ return params
+ return None
+
def validate_cookie_signature(self, cookies):
"""
Validate parameters passed by cookies, namely facebookconnect or js api.
"""
-
+
api_key = self.api_key
if api_key not in cookies:
return None
View
80 facebook/djangofb/__init__.py
@@ -55,21 +55,35 @@ def _oauth2_process_params(self, request):
if not self.uid:
self.uid = request.REQUEST.get('fb_sig_user')
- def oauth2_check_session(self, request, copy_session_key=None):
+ def oauth2_check_session(self, request):
"""
Check to see if we have an access_token in our session
"""
valid_token = False
- # Used to transfer access_token for cross-domain requests (e.g. iframe)
- if copy_session_key:
- from django.utils.importlib import import_module
- engine = import_module(settings.SESSION_ENGINE)
- copy_session = engine.SessionStore(copy_session_key)
- request.session['oauth2_token'] = copy_session['oauth2_token']
- request.session['oauth2_token_expires'] = copy_session['oauth2_token_expires']
-
+ # See if they're in the request
+ if 'session' in request.POST:
+ print 'session from POST'
+ values = self.validate_oauth_session(request.POST['session'])
+
+ # Might be in the query string (e.g. from iframe)
+ elif 'session' in request.GET:
+ print 'session from GET'
+ values = self.validate_oauth_session(request.GET['session'])
+
+ # Look out for an access_token in our cookies from the JS SDK FB.init
+ elif request.COOKIES:
+ values = self.validate_oauth_cookie_signature(request.COOKIES)
+ print 'session from COOKIE %s' % values
+
+ if values and 'access_token' in values:
+ request.session['oauth2_token'] = values['access_token']
+ request.session['oauth2_token_expires'] = values['expires']
+ self.session_key = values['session_key']
+ self.uid = values['uid']
+ self.added = True
+
# If we've been accepted by the user
if self.added:
@@ -100,6 +114,9 @@ def oauth2_check_permissions(self, request, required_permissions,
"""
has_permissions = False
+ print 'req %s' % required_permissions
+ print 'add %s' % additional_permissions
+
req_perms = set(required_permissions.split(','))
if 'oauth2_extended_permissions' in request.session:
@@ -120,6 +137,9 @@ def oauth2_check_permissions(self, request, required_permissions,
if additional_permissions:
perms_query += ',' + additional_permissions
+ print 'query %s' % perms_query
+ print 'query %s' % self.uid
+
perms_results = self.fql.query('select %s from permissions where uid=%s'
% (perms_query, self.uid))[0]
actual_perms = set()
@@ -136,9 +156,8 @@ def oauth2_process_code(self, request, redirect_uri):
Convert the code into an access_token.
"""
- if self.added and 'code' in request.GET:
- # We've been added and got a code from an authorisation, so convert
- # it to a access_token
+ if 'code' in request.GET:
+ # We've got a code from an authorisation, so convert it to a access_token
self.oauth2_access_token(request.GET['code'], next=redirect_uri)
@@ -175,7 +194,7 @@ def _check_middleware(request):
return fb
-def require_oauth(redirect_path=None, keep_state=True,
+def require_oauth(redirect_path=None, keep_state=True, in_canvas=True,
required_permissions=None, check_permissions=None, force_check=True):
"""
Decorator for Django views that requires the user to be OAuth 2.0'd.
@@ -196,8 +215,14 @@ def newview(request, *args, **kwargs):
fb = _check_middleware(request)
+ print 'require oauth'
+ print request.POST
+ print request.GET
+
valid_token = fb.oauth2_check_session(request)
+ print 'valid %s' % valid_token
+
if required_permissions:
has_permissions = fb.oauth2_check_permissions(
request, required_permissions, check_permissions,
@@ -206,6 +231,9 @@ def newview(request, *args, **kwargs):
has_permissions = True
if not valid_token or not has_permissions:
+ if in_canvas:
+ fb.in_canvas = in_canvas
+
redirect_uri = fb.url_for(_redirect_path(redirect_path, fb, request.path))
if keep_state:
@@ -216,9 +244,11 @@ def newview(request, *args, **kwargs):
# passing state directly to facebook oauth endpoint doesn't work
redirect_uri += '?state=%s' % urlquote(state)
- return fb.redirect(
- fb.get_login_url(next=redirect_uri,
- required_permissions=required_permissions))
+ url = fb.get_login_url(next=redirect_uri,
+ required_permissions=required_permissions)
+ print url
+
+ return fb.redirect(url)
return view(request, *args, **kwargs)
# newview.permissions = permissions
@@ -240,7 +270,7 @@ def _redirect_path(redirect_path, fb, path):
return redirect_path
-def process_oauth(restore_state=True):
+def process_oauth(restore_state=True, in_canvas=True):
"""
Decorator for Django views that processes the user's code and converts it
into an access_token.
@@ -257,16 +287,22 @@ def newview(request, *args, **kwargs):
fb = _check_middleware(request)
+ if in_canvas:
+ fb.in_canvas = in_canvas
+
# Work out what the original redirect_uri value was
redirect_uri = fb.url_for(_strip_code(request.get_full_path()))
+ print 'redirect %s' % redirect_uri
+
if fb.oauth2_process_code(request, redirect_uri):
if restore_state:
state = request.GET['state']
if callable(restore_state):
state = restore_state(state)
else:
state = fb.url_for(state)
+ print 'state %s' % state
return fb.redirect(state)
return view(request, *args, **kwargs)
@@ -468,12 +504,15 @@ class FacebookMiddleware(object):
"""
def __init__(self, api_key=None, secret_key=None, app_name=None,
- callback_path=None, internal=None, oauth2=None, oauth2_redirect=None):
+ callback_path=None, internal=None, app_id=None,
+ oauth2=None, oauth2_redirect=None):
self.api_key = api_key or settings.FACEBOOK_API_KEY
self.secret_key = secret_key or settings.FACEBOOK_SECRET_KEY
self.app_name = app_name or getattr(settings, 'FACEBOOK_APP_NAME', None)
self.callback_path = callback_path or getattr(settings, 'FACEBOOK_CALLBACK_PATH', None)
self.internal = internal or getattr(settings, 'FACEBOOK_INTERNAL', True)
+ self.app_id = app_id or getattr(settings, 'FACEBOOK_APP_ID', None)
+ print 'APP ID: %s' % self.app_id
self.oauth2 = oauth2 or getattr(settings, 'FACEBOOK_OAUTH2', False)
self.oauth2_redirect = oauth2_redirect or getattr(settings, 'FACEBOOK_OAUTH2_REDIRECT', None)
self.proxy = None
@@ -484,7 +523,10 @@ def process_request(self, request):
callback_path = self.callback_path
if callable(callback_path):
callback_path = callback_path()
- _thread_locals.facebook = request.facebook = Facebook(self.api_key, self.secret_key, app_name=self.app_name, callback_path=callback_path, internal=self.internal, proxy=self.proxy, oauth2=self.oauth2)
+ _thread_locals.facebook = request.facebook = Facebook(self.api_key,
+ self.secret_key, app_name=self.app_name,
+ callback_path=callback_path, internal=self.internal,
+ proxy=self.proxy, app_id=self.app_id, oauth2=self.oauth2)
if self.oauth2:
if self.oauth2_redirect:
request.facebook.oauth2_redirect = self.oauth2_redirect
View
2 setup.py
@@ -3,7 +3,7 @@
from setuptools import setup, find_packages
setup(name='pyfacebook',
- version='1.0a1',
+ version='1.0a2',
description='Python Client Library for the Facebook API',
author='Samuel Cormier-Iijima',
author_email='sciyoshi@gmail.com',

0 comments on commit e3ad05b

Please sign in to comment.
Something went wrong with that request. Please try again.