Commit 867ff3680c8ea6de7e27f53e385b4f058e50805e - ruby-omniauth-facebook

fail! if there is no 'code' parameter or 'fbsr_' cookie in the callback. Includes tests for #signed_request. Narsimham Chelluri 10 years ago

2 changed file(s) with 34 addition(s) and 7 deletion(s). Raw diff Collapse all Expand all

+13

-1

lib/omniauth/strategies/facebook.rb less more

80	80	end
81	81	end
82	82
	83	def callback_phase
	84	super
	85	rescue NoAuthorizationCodeError => e
	86	fail!(:no_authz_code, e)
	87	rescue NotImplementedError => e
	88	if e.message =~ /unknown algorithm/i
	89	fail!(:algo_not_impl, e)
	90	else
	91	raise e
	92	end
	93	end
	94
83	95	def request_phase
84	96	if signed_request_contains_access_token?
85	97	# if we already have an access token, we can just hit the

204	216	decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
205	217
206	218	unless decoded_payload['algorithm'] == 'HMAC-SHA256'
207		raise NotImplementedError, "unkown algorithm: #{decoded_payload['algorithm']}"
	219	raise NotImplementedError, "unknown algorithm: #{decoded_payload['algorithm']}"
208	220	end
209	221
210	222	if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)

+21

-6

test/test.rb less more

378	378	test 'is nil' do
379	379	assert_nil strategy.send(:signed_request)
380	380	end
	381
	382	test 'throws an error on calling build_access_token' do
	383	assert_equal 'must pass either a `code` parameter or a signed request (via `signed_request` parameter or a `fbsr_XXX` cookie)',
	384	assert_raises(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError) { strategy.send(:build_access_token) }.message
	385	end
381	386	end
382	387
383	388	class CookiePresentTest < TestCase
384		def setup
385		super
	389	def setup(algo = nil)
	390	super()
386	391	@payload = {
387		'algorithm' => 'HMAC-SHA256',
	392	'algorithm' => algo \|\| 'HMAC-SHA256',
388	393	'code' => 'm4c0d3z',
389	394	'issued_at' => Time.now.to_i,
390	395	'user_id' => '123456'

396	401	test 'parses the access code out from the cookie' do
397	402	assert_equal @payload, strategy.send(:signed_request)
398	403	end
	404
	405	test 'throws an error if the algorithm is unknown' do
	406	setup('UNKNOWN-ALGO')
	407	assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
	408	end
399	409	end
400	410
401	411	class ParamPresentTest < TestCase
402		def setup
403		super
	412	def setup(algo = nil)
	413	super()
404	414	@payload = {
405		'algorithm' => 'HMAC-SHA256',
	415	'algorithm' => algo \|\| 'HMAC-SHA256',
406	416	'oauth_token' => 'XXX',
407	417	'issued_at' => Time.now.to_i,
408	418	'user_id' => '123456'

413	423
414	424	test 'parses the access code out from the param' do
415	425	assert_equal @payload, strategy.send(:signed_request)
	426	end
	427
	428	test 'throws an error if the algorithm is unknown' do
	429	setup('UNKNOWN-ALGO')
	430	assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
416	431	end
417	432	end
418	433