use custom error class vs. regexp on string. use less terse fail names
Mark Dodwell
10 years ago
| 6 | 6 |
module Strategies
|
| 7 | 7 |
class Facebook < OmniAuth::Strategies::OAuth2
|
| 8 | 8 |
class NoAuthorizationCodeError < StandardError; end
|
|
9 |
class UnknownSignatureAlgorithmError < NotImplementedError; end
|
| 9 | 10 |
|
| 10 | 11 |
DEFAULT_SCOPE = 'email'
|
| 11 | 12 |
|
|
| 82 | 83 |
def callback_phase
|
| 83 | 84 |
super
|
| 84 | 85 |
rescue NoAuthorizationCodeError => e
|
| 85 | |
fail!(:no_authz_code, e)
|
| 86 | |
rescue NotImplementedError => e
|
| 87 | |
if e.message =~ /unknown algorithm/i
|
| 88 | |
fail!(:algo_not_impl, e)
|
| 89 | |
else
|
| 90 | |
raise e
|
| 91 | |
end
|
|
86 |
fail!(:no_authorization_code, e)
|
|
87 |
rescue UnknownSignatureAlgorithmError => e
|
|
88 |
fail!(:unknown_signature_algoruthm, e)
|
| 92 | 89 |
end
|
| 93 | 90 |
|
| 94 | 91 |
def request_phase
|
|
| 212 | 209 |
decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
|
| 213 | 210 |
|
| 214 | 211 |
unless decoded_payload['algorithm'] == 'HMAC-SHA256'
|
| 215 | |
raise NotImplementedError, "unknown algorithm: #{decoded_payload['algorithm']}"
|
|
212 |
raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
|
| 216 | 213 |
end
|
| 217 | 214 |
|
| 218 | 215 |
if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)
|
| 425 | 425 |
|
| 426 | 426 |
test 'throws an error if the algorithm is unknown' do
|
| 427 | 427 |
setup('UNKNOWN-ALGO')
|
| 428 | |
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
|
|
428 |
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError) { strategy.send(:signed_request) }.message
|
| 429 | 429 |
end
|
| 430 | 430 |
end
|
| 431 | 431 |
|
|
| 448 | 448 |
|
| 449 | 449 |
test 'throws an error if the algorithm is unknown' do
|
| 450 | 450 |
setup('UNKNOWN-ALGO')
|
| 451 | |
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
|
|
451 |
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError) { strategy.send(:signed_request) }.message
|
| 452 | 452 |
end
|
| 453 | 453 |
end
|
| 454 | 454 |
|