Commit c9db398eecc8c2f015f82990dbc3ef7f7c490d7c - ruby-omniauth-facebook

+1

-1

.gitignore less more

3	3	/Gemfile.lock
4	4	pkg/*
5	5	.powenv
	6	.powder
6	7	tmp
7	8	bin
8		example/app.log

+7

-10

.travis.yml less more

0	0	before_install:
1	1	- gem update bundler
2	2	- bundle --version
3		- gem update --system 2.1.11
	3	- gem update --system
4	4	- gem --version
5	5	rvm:
6		- 1.8.7
7		- 1.9.2
	6	- 2.3.0
	7	- 2.2
	8	- 2.1
	9	- 2.0
8	10	- 1.9.3
9		- 2.0.0
10		- 2.1
11		- jruby
12		- rbx
13		matrix:
14		allow_failures:
15		- rvm: rbx
	11	- jruby-19mode
	12	- rbx-2

+19

-9

CHANGELOG.md less more

	0	## 4.0.0 (2016-07-26)
	1
	2	Changes:
	3
	4	- drop support for Ruby < 1.9.3 (@mkdynamic)
	5	- switch to versioned FB APIs, currently using v2.6 (#245, @printercu, @mkdynamic)
	6	- remove deprecated :nickname field from README example (#223, @abelorian)
	7	- add Ruby 2.2 + 2.3.0 to CI (#225, @tricknotes, @mkdynamic, @anoraak)
	8	- update example app (@mkynamic)
	9
0	10	## 3.0.0 (2015-10-26)
1	11
2	12	Changes:
3	13
4		- Remove query string from redirect_uri on callback by default (#221, @gioblu)
5		- Signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
6		- Change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
	14	- remove query string from redirect_uri on callback by default (#221, @gioblu)
	15	- signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
	16	- change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
7	17
8	18	## 2.0.1 (2015-02-21)
9	19
10	20	Bugfixes:
11	21
12		- Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
13		- Allow the image_size option to be set as a symbol. (#182, @jgrau)
	22	- allow versioning by not forcing absolute path for graph requests (#180, @frausto)
	23	- allow the image_size option to be set as a symbol. (#182, @jgrau)
14	24
15	25	## 2.0.0 (2014-08-07)
16	26
17	27	Changes:
18	28
19		- remove support for canvas app flow (765ed9, @mkdynamic)
	29	- remove support for canvas app flow (765ed9, @mkdynamic)
20	30
21	31	Bugfixes:
22	32
23		- bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
24		- rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
25		- fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
	33	- bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
	34	- rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
	35	- fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
26	36
27	37	## 1.6.0 (2014-01-13)
28	38

+42

-56

README.md less more

0		**IMPORTANT: If you're running < 1.5.1, please upgrade to the latest version to address 3 security vulnerabilities.
1		More details [here](https://github.com/mkdynamic/omniauth-facebook/wiki/CSRF-vulnerability:-CVE-2013-4562), [here](https://github.com/mkdynamic/omniauth-facebook/wiki/Access-token-vulnerability:-CVE-2013-4593) and [here](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6134).**
2
3		---
4
5	0	# OmniAuth Facebook  [![Build Status](https://secure.travis-ci.org/mkdynamic/omniauth-facebook.svg?branch=master)](https://travis-ci.org/mkdynamic/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
6
7	1
8	2	These notes are based on master, please see tags for README pertaining to specific releases.
9	3
10	4	Facebook OAuth2 Strategy for OmniAuth.
11	5
12		Supports the OAuth 2.0 server-side and client-side flows. Read the Facebook docs for more details: http://developers.facebook.com/docs/authentication
	6	Supports OAuth 2.0 server-side and client-side flows. Read the Facebook docs for more details: http://developers.facebook.com/docs/authentication
13	7
14	8	## Installing
15	9

54	48
55	49	```ruby
56	50	Rails.application.config.middleware.use OmniAuth::Builder do
57		provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
58		:scope => 'email,user_birthday,read_stream', :display => 'popup'
	51	provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
	52	scope: 'email,user_birthday,read_stream', display: 'popup'
59	53	end
60	54	```
61	55
62	56	### API Version
63	57
64		OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
	58	OmniAuth Facebook uses versioned API endpoints by default (current v2.6). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v3.0 (assuming that exists):
65	59
66	60	```ruby
67	61	use OmniAuth::Builder do
68	62	provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
69		:client_options => {
70		:site => 'https://graph.facebook.com/v2.0',
71		:authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
	63	client_options: {
	64	site: 'https://graph.facebook.com/v3.0',
	65	authorize_url: "https://www.facebook.com/v3.0/dialog/oauth"
72	66	}
73	67	end
74	68	```
	69
75	70	### Per-Request Options
76	71
77	72	If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.

82	77
83	78	```ruby
84	79	{
85		:provider => 'facebook',
86		:uid => '1234567',
87		:info => {
88		:nickname => 'jbloggs',
89		:email => 'joe@bloggs.com',
90		:name => 'Joe Bloggs',
91		:first_name => 'Joe',
92		:last_name => 'Bloggs',
93		:image => 'http://graph.facebook.com/1234567/picture?type=square',
94		:urls => { :Facebook => 'http://www.facebook.com/jbloggs' },
95		:location => 'Palo Alto, California',
96		:verified => true
	80	provider: 'facebook',
	81	uid: '1234567',
	82	info: {
	83	email: 'joe@bloggs.com',
	84	name: 'Joe Bloggs',
	85	first_name: 'Joe',
	86	last_name: 'Bloggs',
	87	image: 'http://graph.facebook.com/1234567/picture?type=square',
	88	urls: { Facebook: 'http://www.facebook.com/jbloggs' },
	89	location: 'Palo Alto, California',
	90	verified: true
97	91	},
98		:credentials => {
99		:token => 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
100		:expires_at => 1321747205, # when the access token expires (it always will)
101		:expires => true # this will always be true
	92	credentials: {
	93	token: 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
	94	expires_at: 1321747205, # when the access token expires (it always will)
	95	expires: true # this will always be true
102	96	},
103		:extra => {
104		:raw_info => {
105		:id => '1234567',
106		:name => 'Joe Bloggs',
107		:first_name => 'Joe',
108		:last_name => 'Bloggs',
109		:link => 'http://www.facebook.com/jbloggs',
110		:username => 'jbloggs',
111		:location => { :id => '123456789', :name => 'Palo Alto, California' },
112		:gender => 'male',
113		:email => 'joe@bloggs.com',
114		:timezone => -8,
115		:locale => 'en_US',
116		:verified => true,
117		:updated_time => '2011-11-11T06:21:03+0000'
	97	extra: {
	98	raw_info: {
	99	id: '1234567',
	100	name: 'Joe Bloggs',
	101	first_name: 'Joe',
	102	last_name: 'Bloggs',
	103	link: 'http://www.facebook.com/jbloggs',
	104	username: 'jbloggs',
	105	location: { id: '123456789', name: 'Palo Alto, California' },
	106	gender: 'male',
	107	email: 'joe@bloggs.com',
	108	timezone: -8,
	109	locale: 'en_US',
	110	verified: true,
	111	updated_time: '2011-11-11T06:21:03+0000',
	112	# ...
118	113	}
119	114	}
120	115	}

156	151
157	152	## Supported Rubies
158	153
159		Actively tested with the following Ruby versions:
160
161		- MRI 2.1.0
162		- MRI 2.0.0
163		- MRI 1.9.3
164		- MRI 1.9.2
165		- MRI 1.8.7
166		- JRuby 1.7.9
167		- Rubinius (latest stable)
	154	- Ruby MRI (1.9.3+)
	155	- JRuby (1.9 mode)
	156	- RBX (2.1.1+)
168	157
169	158	## License
170	159

175	164	The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
176	165
177	166	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
178
179
180		[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/mkdynamic/omniauth-facebook/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

+1

-1

Rakefile less more

5	5	task.test_files = FileList['test/*_test.rb']
6	6	end
7	7
8		task :default => :test
	8	task default: :test

+1

-1

example/Gemfile less more

1	1
2	2	gem 'sinatra'
3	3	gem 'sinatra-reloader'
4		gem 'omniauth-facebook', :path => '../'
	4	gem 'omniauth-facebook', path: '../'

+24

-23

example/Gemfile.lock less more

0	0	PATH
1	1	remote: ../
2	2	specs:
3		omniauth-facebook (2.0.0)
	3	omniauth-facebook (3.0.0)
4	4	omniauth-oauth2 (~> 1.2)
5	5
6	6	GEM
7	7	remote: https://rubygems.org/
8	8	specs:
9		backports (3.3.5)
10		faraday (0.9.0)
	9	backports (3.6.8)
	10	faraday (0.9.2)
11	11	multipart-post (>= 1.2, < 3)
12		hashie (3.2.0)
13		jwt (1.0.0)
14		multi_json (1.8.2)
	12	hashie (3.4.4)
	13	jwt (1.5.1)
	14	multi_json (1.12.1)
15	15	multi_xml (0.5.5)
16	16	multipart-post (2.0.0)
17		oauth2 (1.0.0)
	17	oauth2 (1.1.0)
18	18	faraday (>= 0.8, < 0.10)
19		jwt (~> 1.0)
	19	jwt (~> 1.0, < 1.5.2)
20	20	multi_json (~> 1.3)
21	21	multi_xml (~> 0.5)
22		rack (~> 1.2)
23		omniauth (1.2.2)
	22	rack (>= 1.2, < 3)
	23	omniauth (1.3.1)
24	24	hashie (>= 1.2, < 4)
25		rack (~> 1.0)
26		omniauth-oauth2 (1.2.0)
27		faraday (>= 0.8, < 0.10)
28		multi_json (~> 1.3)
	25	rack (>= 1.0, < 3)
	26	omniauth-oauth2 (1.4.0)
29	27	oauth2 (~> 1.0)
30	28	omniauth (~> 1.2)
31		rack (1.5.2)
32		rack-protection (1.5.1)
	29	rack (1.6.4)
	30	rack-protection (1.5.3)
33	31	rack
34		rack-test (0.6.2)
	32	rack-test (0.6.3)
35	33	rack (>= 1.0)
36		sinatra (1.4.4)
37		rack (~> 1.4)
	34	sinatra (1.4.7)
	35	rack (~> 1.5)
38	36	rack-protection (~> 1.4)
39		tilt (~> 1.3, >= 1.3.4)
40		sinatra-contrib (1.4.2)
	37	tilt (>= 1.3, < 3)
	38	sinatra-contrib (1.4.7)
41	39	backports (>= 2.0)
42	40	multi_json
43	41	rack-protection
44	42	rack-test
45	43	sinatra (~> 1.4.0)
46		tilt (~> 1.3)
	44	tilt (>= 1.3, < 3)
47	45	sinatra-reloader (1.0)
48	46	sinatra-contrib
49		tilt (1.4.1)
	47	tilt (2.0.5)
50	48
51	49	PLATFORMS
52	50	ruby

55	53	omniauth-facebook!
56	54	sinatra
57	55	sinatra-reloader
	56
	57	BUNDLED WITH
	58	1.12.5

+51

-59

example/app.rb less more

5	5	set :run, false
6	6	set :raise_errors, true
7	7
8		# setup logging to file
9		log = File.new("app.log", "a+")
10		$stdout.reopen(log)
11		$stderr.reopen(log)
12		$stderr.sync = true
13		$stdout.sync = true
14
15		# server-side flow
	8	# REQUEST STEP (server-side flow)
16	9	get '/server-side' do
17		# NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is just here to
18		# explicit declare this server-side flow.
	10	# NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is
	11	# just here to explicit declare this server-side flow.
19	12	redirect '/auth/facebook'
20	13	end
21	14
22		# client-side flow
	15	# REQUEST STEP (client-side flow)
23	16	get '/client-side' do
24	17	content_type 'text/html'
25		# NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback will send a signed
26		# request in a cookie back the OmniAuth callback which will parse out the authorization code and obtain an
27		# access_token with it.
28		<<-END
	18	# NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback
	19	# will send a signed request in a cookie back the OmniAuth callback which will parse out the
	20	# authorization code and obtain an access_token with it.
	21	<<-HTML
29	22	<html>
30	23	<head>
31	24	<title>Client-side Flow Example</title>
32		<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
	25	<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js" type="text/javascript"></script>
	26	<script type="text/javascript">
	27	window.fbAsyncInit = function() {
	28	FB.init({
	29	appId: '#{ENV['APP_ID']}',
	30	version: 'v2.6',
	31	cookie: true // IMPORTANT must enable cookies to allow the server to access the session
	32	});
	33	console.log("fb init");
	34	};
	35
	36	(function(d, s, id){
	37	var js, fjs = d.getElementsByTagName(s)[0];
	38	if (d.getElementById(id)) {return;}
	39	js = d.createElement(s); js.id = id;
	40	js.src = "//connect.facebook.net/en_US/sdk.js";
	41	fjs.parentNode.insertBefore(js, fjs);
	42	}(document, 'script', 'facebook-jssdk'));
	43	</script>
33	44	</head>
34	45	<body>
35	46	<div id="fb-root"></div>
36
37		<script type="text/javascript">
38		window.fbAsyncInit = function() {
39		FB.init({
40		appId : '#{ENV['APP_ID']}',
41		status : true, // check login status
42		cookie : true, // enable cookies to allow the server to access the session
43		xfbml : true // parse XFBML
44		});
45		};
46
47		(function(d) {
48		var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
49		js = d.createElement('script'); js.id = id; js.async = true;
50		js.src = "//connect.facebook.net/en_US/all.js";
51		d.getElementsByTagName('head')[0].appendChild(js);
52		}(document));
53
54		$(function() {
55		$('a').click(function(e) {
56		e.preventDefault();
57
58		FB.login(function(response) {
59		if (response.authResponse) {
60		$('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
61
62		// since we have cookies enabled, this request will allow omniauth to parse
63		// out the auth code from the signed request in the fbsr_XXX cookie
64		$.getJSON('/auth/facebook/callback', function(json) {
65		$('#connect').html('Connected! Callback complete.');
66		$('#results').html(JSON.stringify(json));
67		});
68		}
69		}, { scope: 'email,read_stream', state: 'abc123' });
70		});
71		});
72		</script>
73	47
74	48	<p id="connect">
75	49	<a href="#">Connect to FB!</a>
76	50	</p>
77	51
78	52	<p id="results" />
	53
	54	<script type="text/javascript">
	55	$('a').click(function(e) {
	56	e.preventDefault();
	57
	58	FB.login(function(response) {
	59	console.log(response);
	60	if (response.authResponse) {
	61	$('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
	62
	63	// since we have cookies enabled, this request will allow omniauth to parse
	64	// out the auth code from the signed request in the fbsr_XXX cookie
	65	$.getJSON('/auth/facebook/callback', function(json) {
	66	$('#connect').html('Connected! Callback complete.');
	67	$('#results').html(JSON.stringify(json));
	68	});
	69	}
	70	}); // if you want custom scopes, pass them as an extra, final argument to FB.login
	71	});
	72	</script>
79	73	</body>
80	74	</html>
81		END
	75	HTML
82	76	end
83	77
	78	# CALLBACK STEP
	79	# - redirected here for server-side flow
	80	# - ajax request made here for client-side flow
84	81	get '/auth/:provider/callback' do
85	82	content_type 'application/json'
86	83	MultiJson.encode(request.env)
87	84	end
88
89		get '/auth/failure' do
90		content_type 'application/json'
91		MultiJson.encode(request.env)
92		end

+2

-2

example/config.ru less more

1	1	require 'omniauth-facebook'
2	2	require './app.rb'
3	3
4		use Rack::Session::Cookie, :secret => 'abc123'
	4	use Rack::Session::Cookie, secret: 'abc123'
5	5
6	6	use OmniAuth::Builder do
7		provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'], :scope => 'email,read_stream'
	7	provider :facebook, ENV['APP_ID'], ENV['APP_SECRET']
8	8	end
9	9
10	10	run Sinatra::Application

+1

-1

lib/omniauth/facebook/version.rb less more

0	0	module OmniAuth
1	1	module Facebook
2		VERSION = "3.0.0"
	2	VERSION = "4.0.0"
3	3	end
4	4	end

+11

-15

lib/omniauth/strategies/facebook.rb less more

11	11	DEFAULT_SCOPE = 'email'
12	12
13	13	option :client_options, {
14		:site => 'https://graph.facebook.com',
15		:authorize_url => "https://www.facebook.com/dialog/oauth",
16		:token_url => 'oauth/access_token'
17		}
18
19		option :token_params, {
20		:parse => :query
	14	site: 'https://graph.facebook.com/v2.6',
	15	authorize_url: "https://www.facebook.com/v2.6/dialog/oauth",
	16	token_url: 'oauth/access_token'
21	17	}
22	18
23	19	option :access_token_options, {
24		:header_format => 'OAuth %s',
25		:param_name => 'access_token'
	20	header_format: 'OAuth %s',
	21	param_name: 'access_token'
26	22	}
27	23
28	24	option :authorize_options, [:scope, :display, :auth_type]

58	54	end
59	55
60	56	def info_options
61		params = {:appsecret_proof => appsecret_proof}
62		params.merge!({:fields => (options[:info_fields] \|\| 'name,email')})
63		params.merge!({:locale => options[:locale]}) if options[:locale]
	57	params = {appsecret_proof: appsecret_proof}
	58	params.merge!({fields: (options[:info_fields] \|\| 'name,email')})
	59	params.merge!({locale: options[:locale]}) if options[:locale]
64	60
65		{ :params => params }
	61	{ params: params }
66	62	end
67	63
68	64	def callback_phase

161	157	def image_url(uid, options)
162	158	uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
163	159	site_uri = URI.parse(client.site)
164		url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
	160	url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
165	161
166	162	query = if options[:image_size].is_a?(String) \|\| options[:image_size].is_a?(Symbol)
167		{ :type => options[:image_size] }
	163	{ type: options[:image_size] }
168	164	elsif options[:image_size].is_a?(Hash)
169	165	options[:image_size]
170	166	end

+0

-130

~~metadata.yml~~ less more

0		--- !ruby/object:Gem::Specification
1		name: omniauth-facebook
2		version: !ruby/object:Gem::Version
3		version: 3.0.0
4		platform: ruby
5		authors:
6		- Mark Dodwell
7		- Josef Šimánek
8		autorequire:
9		bindir: bin
10		cert_chain: []
11		date: 2015-10-27 00:00:00.000000000 Z
12		dependencies:
13		- !ruby/object:Gem::Dependency
14		name: omniauth-oauth2
15		requirement: !ruby/object:Gem::Requirement
16		requirements:
17		- - ~>
18		- !ruby/object:Gem::Version
19		version: '1.2'
20		type: :runtime
21		prerelease: false
22		version_requirements: !ruby/object:Gem::Requirement
23		requirements:
24		- - ~>
25		- !ruby/object:Gem::Version
26		version: '1.2'
27		- !ruby/object:Gem::Dependency
28		name: minitest
29		requirement: !ruby/object:Gem::Requirement
30		requirements:
31		- - '>='
32		- !ruby/object:Gem::Version
33		version: '0'
34		type: :development
35		prerelease: false
36		version_requirements: !ruby/object:Gem::Requirement
37		requirements:
38		- - '>='
39		- !ruby/object:Gem::Version
40		version: '0'
41		- !ruby/object:Gem::Dependency
42		name: mocha
43		requirement: !ruby/object:Gem::Requirement
44		requirements:
45		- - '>='
46		- !ruby/object:Gem::Version
47		version: '0'
48		type: :development
49		prerelease: false
50		version_requirements: !ruby/object:Gem::Requirement
51		requirements:
52		- - '>='
53		- !ruby/object:Gem::Version
54		version: '0'
55		- !ruby/object:Gem::Dependency
56		name: rake
57		requirement: !ruby/object:Gem::Requirement
58		requirements:
59		- - '>='
60		- !ruby/object:Gem::Version
61		version: '0'
62		type: :development
63		prerelease: false
64		version_requirements: !ruby/object:Gem::Requirement
65		requirements:
66		- - '>='
67		- !ruby/object:Gem::Version
68		version: '0'
69		description:
70		email:
71		- mark@madeofcode.com
72		- retro@ballgag.cz
73		executables: []
74		extensions: []
75		extra_rdoc_files: []
76		files:
77		- .gitignore
78		- .travis.yml
79		- CHANGELOG.md
80		- Gemfile
81		- README.md
82		- Rakefile
83		- example/Gemfile
84		- example/Gemfile.lock
85		- example/app.rb
86		- example/config.ru
87		- lib/omniauth-facebook.rb
88		- lib/omniauth/facebook.rb
89		- lib/omniauth/facebook/signed_request.rb
90		- lib/omniauth/facebook/version.rb
91		- lib/omniauth/strategies/facebook.rb
92		- omniauth-facebook.gemspec
93		- test/fixtures/payload.json
94		- test/fixtures/signed_request.txt
95		- test/helper.rb
96		- test/signed_request_test.rb
97		- test/strategy_test.rb
98		- test/support/shared_examples.rb
99		homepage: https://github.com/mkdynamic/omniauth-facebook
100		licenses:
101		- MIT
102		metadata: {}
103		post_install_message:
104		rdoc_options: []
105		require_paths:
106		- lib
107		required_ruby_version: !ruby/object:Gem::Requirement
108		requirements:
109		- - '>='
110		- !ruby/object:Gem::Version
111		version: '0'
112		required_rubygems_version: !ruby/object:Gem::Requirement
113		requirements:
114		- - '>='
115		- !ruby/object:Gem::Version
116		version: '0'
117		requirements: []
118		rubyforge_project:
119		rubygems_version: 2.0.14
120		signing_key:
121		specification_version: 4
122		summary: Facebook OAuth2 Strategy for OmniAuth
123		test_files:
124		- test/fixtures/payload.json
125		- test/fixtures/signed_request.txt
126		- test/helper.rb
127		- test/signed_request_test.rb
128		- test/strategy_test.rb
129		- test/support/shared_examples.rb

+33

-39

test/strategy_test.rb less more

8	8
9	9	class ClientTest < StrategyTestCase
10	10	test 'has correct Facebook site' do
11		assert_equal 'https://graph.facebook.com', strategy.client.site
	11	assert_equal 'https://graph.facebook.com/v2.6', strategy.client.site
12	12	end
13	13
14	14	test 'has correct authorize url' do
15		assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
	15	assert_equal 'https://www.facebook.com/v2.6/dialog/oauth', strategy.client.options[:authorize_url]
16	16	end
17	17
18	18	test 'has correct token url with versioning' do
19		@options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
	19	@options = {client_options: {site: 'https://graph.facebook.net/v2.2'}}
20	20	assert_equal 'oauth/access_token', strategy.client.options[:token_url]
21	21	assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
22	22	end

32	32	end
33	33
34	34	test "returns path from callback_path option (omitting querystring)" do
35		@options = { :callback_path => "/auth/FB/done"}
	35	@options = { callback_path: "/auth/FB/done"}
36	36	url_base = 'http://auth.request.com'
37	37	@request.stubs(:url).returns("#{url_base}/page/path")
38	38	strategy.stubs(:script_name).returns('') # as not to depend on Rack env

42	42
43	43	test "returns url from callback_url option" do
44	44	url = 'https://auth.myapp.com/auth/fb/callback'
45		@options = { :callback_url => url }
	45	@options = { callback_url: url }
46	46	assert_equal url, strategy.callback_url
47	47	end
48	48	end

72	72	end
73	73	end
74	74
75		class TokeParamsTest < StrategyTestCase
76		test 'has correct parse strategy' do
77		assert_equal :query, strategy.token_params[:parse]
78		end
79		end
80
81	75	class AccessTokenOptionsTest < StrategyTestCase
82	76	test 'has correct param name by default' do
83	77	assert_equal 'access_token', strategy.access_token_options[:param_name]

101	95
102	96	class InfoTest < StrategyTestCase
103	97	test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
104		@options = { :secure_image_url => true }
	98	@options = { secure_image_url: true }
105	99	raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
106	100	strategy.stubs(:raw_info).returns(raw_info)
107		assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
	101	assert_equal 'https://graph.facebook.com/v2.6/321/picture', strategy.info['image']
108	102	end
109	103
110	104	test 'returns the image_url based of the client site' do
111		@options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
	105	@options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
112	106	raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
113	107	strategy.stubs(:raw_info).returns(raw_info)
114	108	assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
115	109	end
116	110
117	111	test 'returns the image with size specified in the `image_size` option' do
118		@options = { :image_size => 'normal' }
	112	@options = { image_size: 'normal' }
119	113	raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
120	114	strategy.stubs(:raw_info).returns(raw_info)
121		assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
	115	assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
122	116	end
123	117
124	118	test 'returns the image with size specified as a symbol in the `image_size` option' do
125		@options = { :image_size => :normal }
	119	@options = { image_size: :normal }
126	120	raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
127	121	strategy.stubs(:raw_info).returns(raw_info)
128		assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
	122	assert_equal 'http://graph.facebook.com/v2.6/321/picture?type=normal', strategy.info['image']
129	123	end
130	124
131	125	test 'returns the image with width and height specified in the `image_size` option' do
132		@options = { :image_size => { :width => 123, :height => 987 } }
	126	@options = { image_size: { width: 123, height: 987 } }
133	127	raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
134	128	strategy.stubs(:raw_info).returns(raw_info)
135	129	assert_match 'width=123', strategy.info['image']
136	130	assert_match 'height=987', strategy.info['image']
137		assert_match 'http://graph.facebook.com/321/picture?', strategy.info['image']
	131	assert_match 'http://graph.facebook.com/v2.6/321/picture?', strategy.info['image']
138	132	end
139	133	end
140	134

181	175
182	176	test 'returns the facebook avatar url' do
183	177	@raw_info['id'] = '321'
184		assert_equal 'http://graph.facebook.com/321/picture', strategy.info['image']
	178	assert_equal 'http://graph.facebook.com/v2.6/321/picture', strategy.info['image']
185	179	end
186	180
187	181	test 'returns the Facebook link as the Facebook url' do

260	254	super
261	255	@access_token = stub('OAuth2::AccessToken')
262	256	@appsecret_proof = 'appsecret_proof'
263		@options = {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}
264		end
265
266		test 'performs a GET to https://graph.facebook.com/me' do
	257	@options = {appsecret_proof: @appsecret_proof, fields: 'name,email'}
	258	end
	259
	260	test 'performs a GET to https://graph.facebook.com/v2.6/me' do
267	261	strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
268	262	strategy.stubs(:access_token).returns(@access_token)
269		params = {:params => @options}
	263	params = {params: @options}
270	264	@access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
271	265	strategy.raw_info
272	266	end
273	267
274		test 'performs a GET to https://graph.facebook.com/me with locale' do
275		@options.merge!({ :locale => 'cs_CZ' })
	268	test 'performs a GET to https://graph.facebook.com/v2.6/me with locale' do
	269	@options.merge!({ locale: 'cs_CZ' })
276	270	strategy.stubs(:access_token).returns(@access_token)
277	271	strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
278		params = {:params => @options}
	272	params = {params: @options}
279	273	@access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
280	274	strategy.raw_info
281	275	end
282	276
283		test 'performs a GET to https://graph.facebook.com/me with info_fields' do
284		@options.merge!({:info_fields => 'about'})
	277	test 'performs a GET to https://graph.facebook.com/v2.6/me with info_fields' do
	278	@options.merge!({info_fields: 'about'})
285	279	strategy.stubs(:access_token).returns(@access_token)
286	280	strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
287		params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
	281	params = {params: {appsecret_proof: @appsecret_proof, fields: 'about'}}
288	282	@access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
289	283	strategy.raw_info
290	284	end
291	285
292		test 'performs a GET to https://graph.facebook.com/me with default info_fields' do
	286	test 'performs a GET to https://graph.facebook.com/v2.6/me with default info_fields' do
293	287	strategy.stubs(:access_token).returns(@access_token)
294	288	strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
295		params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}}
	289	params = {params: {appsecret_proof: @appsecret_proof, fields: 'name,email'}}
296	290	@access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
297	291	strategy.raw_info
298	292	end

305	299	raw_response.stubs(:status).returns(200)
306	300	raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
307	301	oauth2_response = OAuth2::Response.new(raw_response)
308		params = {:params => @options}
	302	params = {params: @options}
309	303	@access_token.stubs(:get).with('me', params).returns(oauth2_response)
310	304	assert_kind_of Hash, strategy.raw_info
311	305	assert_equal 'thar', strategy.raw_info['ohai']

314	308	test 'returns an empty hash when the response is false' do
315	309	strategy.stubs(:access_token).returns(@access_token)
316	310	strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
317		oauth2_response = stub('OAuth2::Response', :parsed => false)
318		params = {:params => @options}
	311	oauth2_response = stub('OAuth2::Response', parsed: false)
	312	params = {params: @options}
319	313	@access_token.stubs(:get).with('me', params).returns(oauth2_response)
320	314	assert_kind_of Hash, strategy.raw_info
321	315	assert_equal({}, strategy.raw_info)
322	316	end
323	317
324	318	test 'should not include raw_info in extras hash when skip_info is specified' do
325		@options = { :skip_info => true }
326		strategy.stubs(:raw_info).returns({:foo => 'bar' })
	319	@options = { skip_info: true }
	320	strategy.stubs(:raw_info).returns({foo: 'bar' })
327	321	refute_has_key 'raw_info', strategy.extra
328	322	end
329	323	end

+7

-7

test/support/shared_examples.rb less more

12	12	extend BlockTestHelper
13	13
14	14	test 'should be initialized with symbolized client_options' do
15		@options = { :client_options => { 'authorize_url' => 'https://example.com' } }
	15	@options = { client_options: { 'authorize_url' => 'https://example.com' } }
16	16	assert_equal 'https://example.com', strategy.client.options[:authorize_url]
17	17	end
18	18	end

21	21	extend BlockTestHelper
22	22
23	23	test 'should include any authorize params passed in the :authorize_params option' do
24		@options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
	24	@options = { authorize_params: { foo: 'bar', baz: 'zip' } }
25	25	assert_equal 'bar', strategy.authorize_params['foo']
26	26	assert_equal 'zip', strategy.authorize_params['baz']
27	27	end
28	28
29	29	test 'should include top-level options that are marked as :authorize_options' do
30		@options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
	30	@options = { authorize_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
31	31	assert_equal 'bar', strategy.authorize_params['scope']
32	32	assert_equal 'baz', strategy.authorize_params['foo']
33	33	end
34	34
35	35	test 'should exclude top-level options that are not passed' do
36		@options = { :authorize_options => [:bar] }
	36	@options = { authorize_options: [:bar] }
37	37	refute_has_key :bar, strategy.authorize_params
38	38	refute_has_key 'bar', strategy.authorize_params
39	39	end

50	50	end
51	51
52	52	test 'should not store state in the session when present in authorize params vs. a random one' do
53		@options = { :authorize_params => { :state => 'bar' } }
	53	@options = { authorize_params: { state: 'bar' } }
54	54	refute_empty strategy.authorize_params['state']
55	55	refute_equal 'bar', strategy.authorize_params[:state]
56	56	refute_empty strategy.session['omniauth.state']

70	70	extend BlockTestHelper
71	71
72	72	test 'should include any authorize params passed in the :token_params option' do
73		@options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
	73	@options = { token_params: { foo: 'bar', baz: 'zip' } }
74	74	assert_equal 'bar', strategy.token_params['foo']
75	75	assert_equal 'zip', strategy.token_params['baz']
76	76	end
77	77
78	78	test 'should include top-level options that are marked as :token_options' do
79		@options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
	79	@options = { token_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
80	80	assert_equal 'bar', strategy.token_params['scope']
81	81	assert_equal 'baz', strategy.token_params['foo']
82	82	end