Revision: 3006
Author: comel.ah
Date: Wed Jan 4 04:30:54 2012
Log: authfacebook: update base_facebook.php to 3.1.1.
http://code.google.com/p/simplesamlphp/source/detail?r=3006
Modified:
/trunk/modules/authfacebook/extlibinc/base_facebook.php
/trunk/modules/authfacebook/lib/Auth/Source/Facebook.php
/trunk/modules/authfacebook/lib/Facebook.php
=======================================
--- /trunk/modules/authfacebook/extlibinc/base_facebook.php Tue Jul 5
04:29:06 2011
+++ /trunk/modules/authfacebook/extlibinc/base_facebook.php Wed Jan 4
04:30:54 2012
@@ -110,7 +110,7 @@
* Provides access to the Facebook Platform. This class provides
* a majority of the functionality needed, but the class is abstract
* because it is designed to be sub-classed. The subclass must
- * implement the three abstract methods listed at the bottom of
+ * implement the four abstract methods listed at the bottom of
* the file.
*
* @author Naitik Shah <nai...@facebook.com>
@@ -120,7 +120,7 @@
/**
* Version.
*/
- const VERSION = '3.0.1';
+ const VERSION = '3.1.1';
/**
* Default options for curl.
@@ -129,7 +129,7 @@
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
- CURLOPT_USERAGENT => 'facebook-php-3.0',
+ CURLOPT_USERAGENT => 'facebook-php-3.1',
);
/**
@@ -314,7 +314,8 @@
// access token, in case we navigate to the /oauth/access_token
// endpoint, where SOME access token is required.
$this->setAccessToken($this->getApplicationAccessToken());
- if ($user_access_token = $this->getUserAccessToken()) {
+ $user_access_token = $this->getUserAccessToken();
+ if ($user_access_token) {
$this->setAccessToken($user_access_token);
}
@@ -337,11 +338,23 @@
// the access token.
$signed_request = $this->getSignedRequest();
if ($signed_request) {
+ // apps.facebook.com hands the access_token in the signed_request
if (array_key_exists('oauth_token', $signed_request)) {
$access_token = $signed_request['oauth_token'];
$this->setPersistentData('access_token', $access_token);
return $access_token;
}
+
+ // the JS SDK puts a code in with the redirect_uri of ''
+ if (array_key_exists('code', $signed_request)) {
+ $code = $signed_request['code'];
+ $access_token = $this->getAccessTokenFromCode($code, '');
+ if ($access_token) {
+ $this->setPersistentData('code', $code);
+ $this->setPersistentData('access_token', $access_token);
+ return $access_token;
+ }
+ }
// signed request states there's no access token, so anything
// stored should be cleared.
@@ -372,15 +385,19 @@
}
/**
- * Get the data from a signed_request token.
+ * Retrieve the signed request, either from a request parameter or,
+ * if not present, from a cookie.
*
- * @return string The base domain
+ * @return string the signed request, if available, or null otherwise.
*/
public function getSignedRequest() {
if (!$this->signedRequest) {
if (isset($_REQUEST['signed_request'])) {
$this->signedRequest = $this->parseSignedRequest(
$_REQUEST['signed_request']);
+ } else if (isset($_COOKIE[$this->getSignedRequestCookieName()])) {
+ $this->signedRequest = $this->parseSignedRequest(
+ $_COOKIE[$this->getSignedRequestCookieName()]);
}
}
return $this->signedRequest;
@@ -461,6 +478,13 @@
public function getLoginUrl($params=array()) {
$this->establishCSRFTokenState();
$currentUrl = $this->getCurrentUrl();
+
+ // if 'scope' is passed as an array, convert to comma separated list
+ $scopeParams = isset($params['scope']) ? $params['scope'] : null;
+ if ($scopeParams && is_array($scopeParams)) {
+ $params['scope'] = implode(',', $scopeParams);
+ }
+
return $this->getUrl(
'www',
'dialog/oauth',
@@ -529,6 +553,19 @@
return call_user_func_array(array($this, '_graph'), $args);
}
}
+
+ /**
+ * Constructs and returns the name of the cookie that
+ * potentially houses the signed request for the app user.
+ * The cookie is not set by the BaseFacebook class, but
+ * it may be set by the JavaScript SDK.
+ *
+ * @return string the name of the cookie that would house
+ * the signed request value.
+ */
+ protected function getSignedRequestCookieName() {
+ return 'fbsr_'.$this->getAppId();
+ }
/**
* Get the authorization code from the query parameters, if it exists,
@@ -611,10 +648,14 @@
* @return mixed An access token exchanged for the authorization code, or
* false if an access token could not be generated.
*/
- protected function getAccessTokenFromCode($code) {
+ protected function getAccessTokenFromCode($code, $redirect_uri = null) {
if (empty($code)) {
return false;
}
+
+ if ($redirect_uri === null) {
+ $redirect_uri = $this->getCurrentUrl();
+ }
try {
// need to circumvent json_decode by calling _oauthRequest
@@ -624,7 +665,7 @@
$this->getUrl('graph', '/oauth/access_token'),
$params = array('client_id' => $this->getAppId(),
'client_secret' => $this->getApiSecret(),
- 'redirect_uri' => $this->getCurrentUrl(),
+ 'redirect_uri' => $redirect_uri,
'code' => $code));
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
@@ -665,7 +706,12 @@
// results are returned, errors are thrown
if (is_array($result) && isset($result['error_code'])) {
- throw new FacebookApiException($result);
+ $this->throwAPIException($result);
+ }
+
+ if ($params['method'] === 'auth.expireSession' ||
+ $params['method'] === 'auth.revokeAuthorization') {
+ $this->destroySession();
}
return $result;
@@ -922,9 +968,14 @@
* @return string The current URL
*/
protected function getCurrentUrl() {
- $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'
- ? 'https://'
- : 'http://';
+ if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' ||
$_SERVER['HTTPS'] == 1)
+ || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'
+ ) {
+ $protocol = 'https://';
+ }
+ else {
+ $protocol = 'http://';
+ }
$currentUrl = $protocol . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'];
$parts = parse_url($currentUrl);
@@ -991,6 +1042,8 @@
case 'OAuthException':
// OAuth 2.0 Draft 10 style
case 'invalid_token':
+ // REST server errors are just Exceptions
+ case 'Exception':
$message = $e->getMessage();
if ((strpos($message, 'Error validating access token') !== false) ||
(strpos($message, 'Invalid OAuth access token') !== false)) {
@@ -1032,6 +1085,15 @@
protected static function base64UrlDecode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
+
+ /**
+ * Destroy the current session
+ */
+ public function destroySession() {
+ $this->setAccessToken(null);
+ $this->user = 0;
+ $this->clearAllPersistentData();
+ }
/**
* Each of the following four methods should be overridden in
=======================================
--- /trunk/modules/authfacebook/lib/Auth/Source/Facebook.php Tue Jul 5
04:29:06 2011
+++ /trunk/modules/authfacebook/lib/Auth/Source/Facebook.php Wed Jan 4
04:30:54 2012
@@ -74,7 +74,7 @@
$stateID = SimpleSAML_Auth_State::saveState($state,
self::STAGE_INIT);
$facebook = new sspmod_authfacebook_Facebook(array('appId' =>
$this->api_key, 'secret' => $this->secret), $state);
- $facebook->clearAllPersistentData();
+ $facebook->destroySession();
$linkback = SimpleSAML_Module::getModuleURL('authfacebook/linkback.php',
array('AuthState' => $stateID));
$url = $facebook->getLoginUrl(array('redirect_uri' => $linkback, 'scope'
=> $this->req_perms));
@@ -122,7 +122,7 @@
$state['Attributes'] = $attributes;
- $facebook->clearAllPersistentData();
+ $facebook->destroySession();
}
}
=======================================
--- /trunk/modules/authfacebook/lib/Facebook.php Tue Jul 5 04:29:06 2011
+++ /trunk/modules/authfacebook/lib/Facebook.php Wed Jan 4 04:30:54 2012
@@ -71,7 +71,7 @@
}
}
- public function clearAllPersistentData() {
+ protected function clearAllPersistentData() {
foreach (self::$kSupportedKeys as $key) {
$this->clearPersistentData($key);
}
--
You received this message because you are subscribed to the Google Groups
"simpleSAMLphp commits" group.
To post to this group, send email to simplesamlphp-commits@googlegroups.com.
To unsubscribe from this group, send email to
simplesamlphp-commits+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/simplesamlphp-commits?hl=en.
