Codebase list ruby-omniauth-facebook / d37bd04
Merge tag 'upstream/2.0.1' Upstream version 2.0.1 nitesh jain 8 years ago
8 changed file(s) with 106 addition(s) and 44 deletion(s). Raw diff Collapse all Expand all
0 ## 2.0.1 (2015-02-21)
1
2 Bugfixes:
3
4 - Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
5 - Allow the image_size option to be set as a symbol. (#182, @jgrau)
6
07 ## 2.0.0 (2014-08-07)
8
9 Changes:
10
11 - remove support for canvas app flow (765ed9, @mkdynamic)
112
213 Bugfixes:
314
415 - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
16 - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
17 - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
518
619 ## 1.6.0 (2014-01-13)
720
5858 end
5959 ```
6060
61 ### API Version
62
63 OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
64
65 ```ruby
66 use OmniAuth::Builder do
67 provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
68 :client_options => {
69 :site => 'https://graph.facebook.com/v2.0',
70 :authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
71 }
72 end
73 ```
6174 ### Per-Request Options
6275
6376 If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.
checksums.yaml.gz less more
Binary diff not shown
00 PATH
11 remote: ../
22 specs:
3 omniauth-facebook (2.0.0.pre1)
4 omniauth-oauth2 (~> 1.1)
3 omniauth-facebook (2.0.0)
4 omniauth-oauth2 (~> 1.2)
55
66 GEM
77 remote: https://rubygems.org/
99 backports (3.3.5)
1010 faraday (0.9.0)
1111 multipart-post (>= 1.2, < 3)
12 hashie (2.1.1)
13 jwt (0.1.13)
14 multi_json (>= 1.5)
12 hashie (3.2.0)
13 jwt (1.0.0)
1514 multi_json (1.8.2)
1615 multi_xml (0.5.5)
1716 multipart-post (2.0.0)
18 oauth2 (0.9.3)
17 oauth2 (1.0.0)
1918 faraday (>= 0.8, < 0.10)
20 jwt (~> 0.1.8)
19 jwt (~> 1.0)
2120 multi_json (~> 1.3)
2221 multi_xml (~> 0.5)
2322 rack (~> 1.2)
24 omniauth (1.2.1)
25 hashie (>= 1.2, < 3)
23 omniauth (1.2.2)
24 hashie (>= 1.2, < 4)
2625 rack (~> 1.0)
27 omniauth-oauth2 (1.1.2)
26 omniauth-oauth2 (1.2.0)
2827 faraday (>= 0.8, < 0.10)
2928 multi_json (~> 1.3)
30 oauth2 (~> 0.9.3)
29 oauth2 (~> 1.0)
3130 omniauth (~> 1.2)
3231 rack (1.5.2)
3332 rack-protection (1.5.1)
00 module OmniAuth
11 module Facebook
2 VERSION = "2.0.0"
2 VERSION = "2.0.1"
33 end
44 end
1010 class UnknownSignatureAlgorithmError < NotImplementedError; end
1111
1212 DEFAULT_SCOPE = 'email'
13 SUPPORTED_ALGORITHM = 'HMAC-SHA256'
1314
1415 option :client_options, {
1516 :site => 'https://graph.facebook.com',
1617 :authorize_url => "https://www.facebook.com/dialog/oauth",
17 :token_url => '/oauth/access_token'
18 :token_url => 'oauth/access_token'
1819 }
1920
2021 option :token_params, {
5556 end
5657
5758 def raw_info
58 @raw_info ||= access_token.get('/me', info_options).parsed || {}
59 @raw_info ||= access_token.get('me', info_options).parsed || {}
5960 end
6061
6162 def info_options
7374 rescue NoAuthorizationCodeError => e
7475 fail!(:no_authorization_code, e)
7576 rescue UnknownSignatureAlgorithmError => e
76 fail!(:unknown_signature_algoruthm, e)
77 fail!(:unknown_signature_algorithm, e)
7778 end
7879
7980 # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize
165166 decoded_hex_signature = base64_decode_url(signature)
166167 decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
167168
168 unless decoded_payload['algorithm'] == 'HMAC-SHA256'
169 unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
169170 raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
170171 end
171172
185186
186187 def image_url(uid, options)
187188 uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
188 url = uri_class.build({:host => 'graph.facebook.com', :path => "/#{uid}/picture"})
189
190 query = if options[:image_size].is_a?(String)
189 site_uri = URI.parse(client.site)
190 url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
191
192 query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
191193 { :type => options[:image_size] }
192194 elsif options[:image_size].is_a?(Hash)
193195 options[:image_size]
00 --- !ruby/object:Gem::Specification
11 name: omniauth-facebook
22 version: !ruby/object:Gem::Version
3 version: 2.0.0
3 version: 2.0.1
44 platform: ruby
55 authors:
66 - Mark Dodwell
88 autorequire:
99 bindir: bin
1010 cert_chain: []
11 date: 2014-08-07 00:00:00.000000000 Z
11 date: 2015-02-21 00:00:00.000000000 Z
1212 dependencies:
1313 - !ruby/object:Gem::Dependency
1414 name: omniauth-oauth2
1515 requirement: !ruby/object:Gem::Requirement
1616 requirements:
17 - - ~>
17 - - "~>"
1818 - !ruby/object:Gem::Version
1919 version: '1.2'
2020 type: :runtime
2121 prerelease: false
2222 version_requirements: !ruby/object:Gem::Requirement
2323 requirements:
24 - - ~>
24 - - "~>"
2525 - !ruby/object:Gem::Version
2626 version: '1.2'
2727 - !ruby/object:Gem::Dependency
2828 name: minitest
2929 requirement: !ruby/object:Gem::Requirement
3030 requirements:
31 - - '>='
31 - - ">="
3232 - !ruby/object:Gem::Version
3333 version: '0'
3434 type: :development
3535 prerelease: false
3636 version_requirements: !ruby/object:Gem::Requirement
3737 requirements:
38 - - '>='
38 - - ">="
3939 - !ruby/object:Gem::Version
4040 version: '0'
4141 - !ruby/object:Gem::Dependency
4242 name: mocha
4343 requirement: !ruby/object:Gem::Requirement
4444 requirements:
45 - - '>='
45 - - ">="
4646 - !ruby/object:Gem::Version
4747 version: '0'
4848 type: :development
4949 prerelease: false
5050 version_requirements: !ruby/object:Gem::Requirement
5151 requirements:
52 - - '>='
52 - - ">="
5353 - !ruby/object:Gem::Version
5454 version: '0'
5555 - !ruby/object:Gem::Dependency
5656 name: rake
5757 requirement: !ruby/object:Gem::Requirement
5858 requirements:
59 - - '>='
59 - - ">="
6060 - !ruby/object:Gem::Version
6161 version: '0'
6262 type: :development
6363 prerelease: false
6464 version_requirements: !ruby/object:Gem::Requirement
6565 requirements:
66 - - '>='
66 - - ">="
6767 - !ruby/object:Gem::Version
6868 version: '0'
6969 description:
7474 extensions: []
7575 extra_rdoc_files: []
7676 files:
77 - .gitignore
78 - .travis.yml
77 - ".gitignore"
78 - ".travis.yml"
7979 - CHANGELOG.md
8080 - Gemfile
8181 - README.md
102102 - lib
103103 required_ruby_version: !ruby/object:Gem::Requirement
104104 requirements:
105 - - '>='
105 - - ">="
106106 - !ruby/object:Gem::Version
107107 version: '0'
108108 required_rubygems_version: !ruby/object:Gem::Requirement
109109 requirements:
110 - - '>='
110 - - ">="
111111 - !ruby/object:Gem::Version
112112 version: '0'
113113 requirements: []
114114 rubyforge_project:
115 rubygems_version: 2.2.2
115 rubygems_version: 2.4.5
116116 signing_key:
117117 specification_version: 4
118118 summary: Facebook OAuth2 Strategy for OmniAuth
1515 assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
1616 end
1717
18 test 'has correct token url' do
19 assert_equal '/oauth/access_token', strategy.client.options[:token_url]
18 test 'has correct token url with versioning' do
19 @options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
20 assert_equal 'oauth/access_token', strategy.client.options[:token_url]
21 assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
2022 end
2123 end
2224
103105 assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
104106 end
105107
108 test 'returns the image_url based of the client site' do
109 @options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
110 raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
111 strategy.stubs(:raw_info).returns(raw_info)
112 assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
113 end
114
106115 test 'returns the image with size specified in the `image_size` option' do
107116 @options = { :image_size => 'normal' }
117 raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
118 strategy.stubs(:raw_info).returns(raw_info)
119 assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
120 end
121
122 test 'returns the image with size specified as a symbol in the `image_size` option' do
123 @options = { :image_size => :normal }
108124 raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
109125 strategy.stubs(:raw_info).returns(raw_info)
110126 assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
249265 strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
250266 strategy.stubs(:access_token).returns(@access_token)
251267 params = {:params => @options}
252 @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
268 @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
253269 strategy.raw_info
254270 end
255271
258274 strategy.stubs(:access_token).returns(@access_token)
259275 strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
260276 params = {:params => @options}
261 @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
277 @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
262278 strategy.raw_info
263279 end
264280
267283 strategy.stubs(:access_token).returns(@access_token)
268284 strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
269285 params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
270 @access_token.expects(:get).with('/me', params).returns(stub_everything('OAuth2::Response'))
286 @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
271287 strategy.raw_info
272288 end
273289
280296 raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
281297 oauth2_response = OAuth2::Response.new(raw_response)
282298 params = {:params => @options}
283 @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
299 @access_token.stubs(:get).with('me', params).returns(oauth2_response)
284300 assert_kind_of Hash, strategy.raw_info
285301 assert_equal 'thar', strategy.raw_info['ohai']
286302 end
290306 strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
291307 oauth2_response = stub('OAuth2::Response', :parsed => false)
292308 params = {:params => @options}
293 @access_token.stubs(:get).with('/me', params).returns(oauth2_response)
309 @access_token.stubs(:get).with('me', params).returns(oauth2_response)
294310 assert_kind_of Hash, strategy.raw_info
295311 assert_equal({}, strategy.raw_info)
296312 end
442458 end
443459
444460 test 'calls fail! when a code is not included in the params' do
445 strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
461 strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
446462 strategy.callback_phase
447463 end
448464 end
461477 end
462478
463479 test 'calls fail! when a code is not included in the cookie' do
464 strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
480 strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
465481 strategy.callback_phase
466482 end
467483 end
468 end
484
485 class UnknownAlgorithmInCookieRequestTest < TestCase
486 def setup
487 super()
488 @payload = {
489 'algorithm' => 'UNKNOWN-ALGO',
490 'code' => nil,
491 'issued_at' => Time.now.to_i,
492 'user_id' => '123456'
493 }
494
495 @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
496 end
497
498 test 'calls fail! when an algorithm is unknown' do
499 strategy.expects(:fail!).times(1).with(:unknown_signature_algorithm, kind_of(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError))
500 strategy.callback_phase
501 end
502 end
503 end