kotovalexarian-likes-github/simi--omniauth-facebook
1
0
Fork 0
mirror of https://github.com/simi/omniauth-facebook.git synced 2022-11-09 12:32:45 -05:00
Code Releases Activity

fail! if there is no 'code' parameter or 'fbsr_' cookie in the callback.

Browse source 
Includes tests for #signed_request.
This commit is contained in:
Narsimham Chelluri 2013-06-11 03:08:00 -07:00
parent 9e7b85564f
commit 867ff3680c
2 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
lib/omniauth/strategies/facebook.rb
View file

@ -81,6 +81,18 @@ module OmniAuth
end end
end end
def callback_phase
super
rescue NoAuthorizationCodeError => e
fail!(:no_authz_code, e)
rescue NotImplementedError => e
if e.message =~ /unknown algorithm/i
fail!(:algo_not_impl, e)
else
raise e
end
end
def request_phase def request_phase
if signed_request_contains_access_token? if signed_request_contains_access_token?
# if we already have an access token, we can just hit the # if we already have an access token, we can just hit the
@ -205,7 +217,7 @@ module OmniAuth
decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload)) decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
unless decoded_payload['algorithm'] == 'HMAC-SHA256' unless decoded_payload['algorithm'] == 'HMAC-SHA256'
raise NotImplementedError, "unkown algorithm: #{decoded_payload['algorithm']}" raise NotImplementedError, "unknown algorithm: #{decoded_payload['algorithm']}"
end end
if valid_signature?(client.secret, decoded_hex_signature, encoded_payload) if valid_signature?(client.secret, decoded_hex_signature, encoded_payload)

27
test/test.rb
View file

@ -379,13 +379,18 @@ module SignedRequestTests
test 'is nil' do test 'is nil' do
assert_nil strategy.send(:signed_request) assert_nil strategy.send(:signed_request)
end end
test 'throws an error on calling build_access_token' do
assert_equal 'must pass either a `code` parameter or a signed request (via `signed_request` parameter or a `fbsr_XXX` cookie)',
assert_raises(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError) { strategy.send(:build_access_token) }.message
end
end end
class CookiePresentTest < TestCase class CookiePresentTest < TestCase
def setup def setup(algo = nil)
super super()
@payload = { @payload = {
'algorithm' => 'HMAC-SHA256', 'algorithm' => algo || 'HMAC-SHA256',
'code' => 'm4c0d3z', 'code' => 'm4c0d3z',
'issued_at' => Time.now.to_i, 'issued_at' => Time.now.to_i,
'user_id' => '123456' 'user_id' => '123456'
@ -397,13 +402,18 @@ module SignedRequestTests
test 'parses the access code out from the cookie' do test 'parses the access code out from the cookie' do
assert_equal @payload, strategy.send(:signed_request) assert_equal @payload, strategy.send(:signed_request)
end end
test 'throws an error if the algorithm is unknown' do
setup('UNKNOWN-ALGO')
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
end
end end
class ParamPresentTest < TestCase class ParamPresentTest < TestCase
def setup def setup(algo = nil)
super super()
@payload = { @payload = {
'algorithm' => 'HMAC-SHA256', 'algorithm' => algo || 'HMAC-SHA256',
'oauth_token' => 'XXX', 'oauth_token' => 'XXX',
'issued_at' => Time.now.to_i, 'issued_at' => Time.now.to_i,
'user_id' => '123456' 'user_id' => '123456'
@ -415,6 +425,11 @@ module SignedRequestTests
test 'parses the access code out from the param' do test 'parses the access code out from the param' do
assert_equal @payload, strategy.send(:signed_request) assert_equal @payload, strategy.send(:signed_request)
end end
test 'throws an error if the algorithm is unknown' do
setup('UNKNOWN-ALGO')
assert_equal "unknown algorithm: UNKNOWN-ALGO", assert_raises(NotImplementedError) { strategy.send(:signed_request) }.message
end
end end
class CookieAndParamPresentTest < TestCase class CookieAndParamPresentTest < TestCase