Merge pull request facebookarchive#90 from mattynoce/master

If appsecret_proof param is sent in code, do not override in sdk

Author: gfosco

src/base_facebook.php

@@ -930,7 +930,7 @@ protected function _oauthRequest($url, $params) {
       $params['access_token'] = $this->getAccessToken();
     }
 
-    if (isset($params['access_token'])) {
+    if (isset($params['access_token']) && !isset($params['appsecret_proof'])) {
       $params['appsecret_proof'] = $this->getAppSecretProof($params['access_token']);
     }
 

tests/tests.php

@@ -1358,6 +1358,31 @@ public function testMissingAccessTokenInCodeExchangeIsIgnored() {
     $this->assertFalse($stub->publicGetAccessTokenFromCode('c', ''));
   }
 
+  public function testAppsecretProofNoParams() {
+    $fb = new FBRecordMakeRequest(array(
+      'appId'  => self::APP_ID,
+      'secret' => self::SECRET,
+    ));
+    $token = $fb->getAccessToken();
+    $proof = $fb->publicGetAppSecretProof($token);
+    $params = array();
+    $fb->api('/mattynoce', $params);
+    $requests = $fb->publicGetRequests();
+    $this->assertEquals($proof, $requests[0]['params']['appsecret_proof']);
+  }
+
+  public function testAppsecretProofWithParams() {
+    $fb = new FBRecordMakeRequest(array(
+      'appId'  => self::APP_ID,
+      'secret' => self::SECRET,
+    ));
+    $proof = 'foo';
+    $params = array('appsecret_proof' => $proof);
+    $fb->api('/mattynoce', $params);
+    $requests = $fb->publicGetRequests();
+    $this->assertEquals($proof, $requests[0]['params']['appsecret_proof']);
+  }
+
   public function testExceptionConstructorWithErrorCode() {
     $code = 404;
     $e = new FacebookApiException(array('error_code' => $code));
@@ -1949,6 +1974,10 @@ protected function makeRequest($url, $params, $ch=null) {
   public function publicGetRequests() {
     return $this->requests;
   }
+
+  public function publicGetAppSecretProof($access_token) {
+    return $this->getAppSecretProof($access_token);
+  }
 }
 
 class FBPublic extends TransientFacebook {