diff --git a/changelog.md b/changelog.md deleted file mode 100644 index 16728fe..0000000 --- a/changelog.md +++ /dev/null @@ -1,28 +0,0 @@ -Facebook PHP SDK (v.3.0.0) -========================== - -The new PHP SDK (v3.0.0) is a major upgrade to the older one (v2.2.x): - -- Uses OAuth authentication flows instead of our legacy authentication flow -- Consists of two classes. The first (class BaseFacebook) maintains the core of the upgrade, and the second one (class Facebook) is a small subclass that uses PHP sessions to store the user id and access token. - -If you’re currently using the PHP SDK (v2.2.x) for authentication, you will recall that the login code looked like this: - - $facebook = new Facebook(…); - $session = $facebook->getSession(); - if ($session) { - // proceed knowing you have a valid user session - } else { - // proceed knowing you require user login and/or authentication - } - -The login code is now: - - $facebook = new Facebook(…); - $user = $facebook->getUser(); - if ($user) { - // proceed knowing you have a logged in user who's authenticated - } else { - // proceed knowing you require user login and/or authentication - } - diff --git a/examples/example.php b/examples/example.php deleted file mode 100644 index cd0b378..0000000 --- a/examples/example.php +++ /dev/null @@ -1,102 +0,0 @@ - '344617158898614', - 'secret' => '6dc8ac871858b34798bc2488200e503d', -)); - -// Get User ID -$user = $facebook->getUser(); - -// We may or may not have this data based on whether the user is logged in. -// -// If we have a $user id here, it means we know the user is logged into -// Facebook, but we don't know if the access token is valid. An access -// token is invalid if the user logged out of Facebook. - -if ($user) { - try { - // Proceed knowing you have a logged in user who's authenticated. - $user_profile = $facebook->api('/me'); - } catch (FacebookApiException $e) { - error_log($e); - $user = null; - } -} - -// Login or logout url will be needed depending on current user state. -if ($user) { - $logoutUrl = $facebook->getLogoutUrl(); -} else { - $loginUrl = $facebook->getLoginUrl(); -} - -// This call will always work since we are fetching public data. -$naitik = $facebook->api('/naitik'); - -?> - - - - php-sdk - - - -

php-sdk

- - - Logout - -
- Login using OAuth 2.0 handled by the PHP SDK: - Login with Facebook -
- - -

PHP Session

-
- - -

You

- - -

Your User Object (/me)

-
- - You are not Connected. - - -

Public profile of Naitik

- - - - diff --git a/examples/with_js_sdk.php b/examples/with_js_sdk.php deleted file mode 100644 index 4255a35..0000000 --- a/examples/with_js_sdk.php +++ /dev/null @@ -1,59 +0,0 @@ - '344617158898614', - 'secret' => '6dc8ac871858b34798bc2488200e503d', -)); - -// See if there is a user from a cookie -$user = $facebook->getUser(); - -if ($user) { - try { - // Proceed knowing you have a logged in user who's authenticated. - $user_profile = $facebook->api('/me'); - } catch (FacebookApiException $e) { - echo '
'.htmlspecialchars(print_r($e, true)).'
'; - $user = null; - } -} - -?> - - - - - Your user profile is - 
-        
-
- - - -
- - - diff --git a/readme.md b/readme.md index 885fdc4..34b7980 100644 --- a/readme.md +++ b/readme.md @@ -1,85 +1,9 @@ -We have created a new repository for this project: https://github.com/facebook/facebook-php-sdk. Please update anything you have pointing at this repostory to this location before April 1, 2012. +-------- +-------- +This version of the PHP SDK has been deprecated. -Facebook PHP SDK (v.3.1.1) -========================== - -The [Facebook Platform](http://developers.facebook.com/) is -a set of APIs that make your app more social - -This repository contains the open source PHP SDK that allows you to access Facebook Platform from your PHP app. Except as otherwise noted, the Facebook PHP SDK -is licensed under the Apache Licence, Version 2.0 -(http://www.apache.org/licenses/LICENSE-2.0.html) - - -Usage ------ - -The [examples][examples] are a good place to start. The minimal you'll need to -have is: - - require 'facebook-php-sdk/src/facebook.php'; - - $facebook = new Facebook(array( - 'appId' => 'YOUR_APP_ID', - 'secret' => 'YOUR_APP_SECRET', - )); - - // Get User ID - $user = $facebook->getUser(); - -To make [API][API] calls: - - if ($user) { - try { - // Proceed knowing you have a logged in user who's authenticated. - $user_profile = $facebook->api('/me'); - } catch (FacebookApiException $e) { - error_log($e); - $user = null; - } - } - -Login or logout url will be needed depending on current user state. - - if ($user) { - $logoutUrl = $facebook->getLogoutUrl(); - } else { - $loginUrl = $facebook->getLoginUrl(); - } - -[examples]: http://github.com/facebook/facebook-php-sdk/blob/master/examples/example.php -[API]: http://developers.facebook.com/docs/api - - -Tests ------ - -In order to keep us nimble and allow us to bring you new functionality, without -compromising on stability, we have ensured full test coverage of the SDK. -We are including this in the open source repository to assure you of our -commitment to quality, but also with the hopes that you will contribute back to -help keep it stable. The easiest way to do so is to file bugs and include a -test case. - -The tests can be executed by using this command from the base directory: - - phpunit --stderr --bootstrap tests/bootstrap.php tests/tests.php - - -Contributing -=========== -For us to accept contributions you will have to first have signed the [Contributor License Agreement](https://developers.facebook.com/opensource/cla). - -When commiting, keep all lines to less than 80 characters, and try to follow the existing style. - -Before creating a pull request, squash your commits into a single commit. - -Add the comments where needed, and provide ample explanation in the commit message. - - -Report Issues/Bugs -=============== -[Bugs](https://developers.facebook.com/bugs) - -[Questions](http://facebook.stackoverflow.com) +We have created a new repository for this project: https://github.com/facebook/facebook-php-sdk. +To see the repository in its previously published state, please see the [deprecated](https://github.com/facebook/php-sdk/tree/deprecated) branch. +-------- +-------- diff --git a/src/base_facebook.php b/src/base_facebook.php deleted file mode 100644 index 772cc97..0000000 --- a/src/base_facebook.php +++ /dev/null @@ -1,1269 +0,0 @@ - - */ -class FacebookApiException extends Exception -{ - /** - * The result from the API server that represents the exception information. - */ - protected $result; - - /** - * Make a new API Exception with the given result. - * - * @param array $result The result from the API server - */ - public function __construct($result) { - $this->result = $result; - - $code = isset($result['error_code']) ? $result['error_code'] : 0; - - if (isset($result['error_description'])) { - // OAuth 2.0 Draft 10 style - $msg = $result['error_description']; - } else if (isset($result['error']) && is_array($result['error'])) { - // OAuth 2.0 Draft 00 style - $msg = $result['error']['message']; - } else if (isset($result['error_msg'])) { - // Rest server style - $msg = $result['error_msg']; - } else { - $msg = 'Unknown Error. Check getResult()'; - } - - parent::__construct($msg, $code); - } - - /** - * Return the associated result object returned by the API server. - * - * @return array The result from the API server - */ - public function getResult() { - return $this->result; - } - - /** - * Returns the associated type for the error. This will default to - * 'Exception' when a type is not available. - * - * @return string - */ - public function getType() { - if (isset($this->result['error'])) { - $error = $this->result['error']; - if (is_string($error)) { - // OAuth 2.0 Draft 10 style - return $error; - } else if (is_array($error)) { - // OAuth 2.0 Draft 00 style - if (isset($error['type'])) { - return $error['type']; - } - } - } - - return 'Exception'; - } - - /** - * To make debugging easier. - * - * @return string The string representation of the error - */ - public function __toString() { - $str = $this->getType() . ': '; - if ($this->code != 0) { - $str .= $this->code . ': '; - } - return $str . $this->message; - } -} - -/** - * Provides access to the Facebook Platform. This class provides - * a majority of the functionality needed, but the class is abstract - * because it is designed to be sub-classed. The subclass must - * implement the four abstract methods listed at the bottom of - * the file. - * - * @author Naitik Shah - */ -abstract class BaseFacebook -{ - /** - * Version. - */ - const VERSION = '3.1.1'; - - /** - * Default options for curl. - */ - public static $CURL_OPTS = array( - CURLOPT_CONNECTTIMEOUT => 10, - CURLOPT_RETURNTRANSFER => true, - CURLOPT_TIMEOUT => 60, - CURLOPT_USERAGENT => 'facebook-php-3.1', - ); - - /** - * List of query parameters that get automatically dropped when rebuilding - * the current URL. - */ - protected static $DROP_QUERY_PARAMS = array( - 'code', - 'state', - 'signed_request', - ); - - /** - * Maps aliases to Facebook domains. - */ - public static $DOMAIN_MAP = array( - 'api' => 'https://api.facebook.com/', - 'api_video' => 'https://api-video.facebook.com/', - 'api_read' => 'https://api-read.facebook.com/', - 'graph' => 'https://graph.facebook.com/', - 'graph_video' => 'https://graph-video.facebook.com/', - 'www' => 'https://www.facebook.com/', - ); - - /** - * The Application ID. - * - * @var string - */ - protected $appId; - - /** - * The Application App Secret. - * - * @var string - */ - protected $appSecret; - - /** - * The ID of the Facebook user, or 0 if the user is logged out. - * - * @var integer - */ - protected $user; - - /** - * The data from the signed_request token. - */ - protected $signedRequest; - - /** - * A CSRF state variable to assist in the defense against CSRF attacks. - */ - protected $state; - - /** - * The OAuth access token received in exchange for a valid authorization - * code. null means the access token has yet to be determined. - * - * @var string - */ - protected $accessToken = null; - - /** - * Indicates if the CURL based @ syntax for file uploads is enabled. - * - * @var boolean - */ - protected $fileUploadSupport = false; - - /** - * Initialize a Facebook Application. - * - * The configuration: - * - appId: the application ID - * - secret: the application secret - * - fileUpload: (optional) boolean indicating if file uploads are enabled - * - * @param array $config The application configuration - */ - public function __construct($config) { - $this->setAppId($config['appId']); - $this->setAppSecret($config['secret']); - if (isset($config['fileUpload'])) { - $this->setFileUploadSupport($config['fileUpload']); - } - - $state = $this->getPersistentData('state'); - if (!empty($state)) { - $this->state = $this->getPersistentData('state'); - } - } - - /** - * Set the Application ID. - * - * @param string $appId The Application ID - * @return BaseFacebook - */ - public function setAppId($appId) { - $this->appId = $appId; - return $this; - } - - /** - * Get the Application ID. - * - * @return string the Application ID - */ - public function getAppId() { - return $this->appId; - } - - /** - * Set the App Secret. - * - * @param string $apiSecret The App Secret - * @return BaseFacebook - * @deprecated - */ - public function setApiSecret($apiSecret) { - $this->setAppSecret($apiSecret); - return $this; - } - - /** - * Set the App Secret. - * - * @param string $appSecret The App Secret - * @return BaseFacebook - */ - public function setAppSecret($appSecret) { - $this->appSecret = $appSecret; - return $this; - } - - /** - * Get the App Secret. - * - * @return string the App Secret - * @deprecated - */ - public function getApiSecret() { - return $this->getAppSecret(); - } - - /** - * Get the App Secret. - * - * @return string the App Secret - */ - public function getAppSecret() { - return $this->appSecret; - } - - /** - * Set the file upload support status. - * - * @param boolean $fileUploadSupport The file upload support status. - * @return BaseFacebook - */ - public function setFileUploadSupport($fileUploadSupport) { - $this->fileUploadSupport = $fileUploadSupport; - return $this; - } - - /** - * Get the file upload support status. - * - * @return boolean true if and only if the server supports file upload. - */ - public function getFileUploadSupport() { - return $this->fileUploadSupport; - } - - /** - * DEPRECATED! Please use getFileUploadSupport instead. - * - * Get the file upload support status. - * - * @return boolean true if and only if the server supports file upload. - */ - public function useFileUploadSupport() { - return $this->getFileUploadSupport(); - } - - /** - * Sets the access token for api calls. Use this if you get - * your access token by other means and just want the SDK - * to use it. - * - * @param string $access_token an access token. - * @return BaseFacebook - */ - public function setAccessToken($access_token) { - $this->accessToken = $access_token; - return $this; - } - - /** - * Determines the access token that should be used for API calls. - * The first time this is called, $this->accessToken is set equal - * to either a valid user access token, or it's set to the application - * access token if a valid user access token wasn't available. Subsequent - * calls return whatever the first call returned. - * - * @return string The access token - */ - public function getAccessToken() { - if ($this->accessToken !== null) { - // we've done this already and cached it. Just return. - return $this->accessToken; - } - - // first establish access token to be the application - // access token, in case we navigate to the /oauth/access_token - // endpoint, where SOME access token is required. - $this->setAccessToken($this->getApplicationAccessToken()); - $user_access_token = $this->getUserAccessToken(); - if ($user_access_token) { - $this->setAccessToken($user_access_token); - } - - return $this->accessToken; - } - - /** - * Determines and returns the user access token, first using - * the signed request if present, and then falling back on - * the authorization code if present. The intent is to - * return a valid user access token, or false if one is determined - * to not be available. - * - * @return string A valid user access token, or false if one - * could not be determined. - */ - protected function getUserAccessToken() { - // first, consider a signed request if it's supplied. - // if there is a signed request, then it alone determines - // the access token. - $signed_request = $this->getSignedRequest(); - if ($signed_request) { - // apps.facebook.com hands the access_token in the signed_request - if (array_key_exists('oauth_token', $signed_request)) { - $access_token = $signed_request['oauth_token']; - $this->setPersistentData('access_token', $access_token); - return $access_token; - } - - // the JS SDK puts a code in with the redirect_uri of '' - if (array_key_exists('code', $signed_request)) { - $code = $signed_request['code']; - $access_token = $this->getAccessTokenFromCode($code, ''); - if ($access_token) { - $this->setPersistentData('code', $code); - $this->setPersistentData('access_token', $access_token); - return $access_token; - } - } - - // signed request states there's no access token, so anything - // stored should be cleared. - $this->clearAllPersistentData(); - return false; // respect the signed request's data, even - // if there's an authorization code or something else - } - - $code = $this->getCode(); - if ($code && $code != $this->getPersistentData('code')) { - $access_token = $this->getAccessTokenFromCode($code); - if ($access_token) { - $this->setPersistentData('code', $code); - $this->setPersistentData('access_token', $access_token); - return $access_token; - } - - // code was bogus, so everything based on it should be invalidated. - $this->clearAllPersistentData(); - return false; - } - - // as a fallback, just return whatever is in the persistent - // store, knowing nothing explicit (signed request, authorization - // code, etc.) was present to shadow it (or we saw a code in $_REQUEST, - // but it's the same as what's in the persistent store) - return $this->getPersistentData('access_token'); - } - - /** - * Retrieve the signed request, either from a request parameter or, - * if not present, from a cookie. - * - * @return string the signed request, if available, or null otherwise. - */ - public function getSignedRequest() { - if (!$this->signedRequest) { - if (isset($_REQUEST['signed_request'])) { - $this->signedRequest = $this->parseSignedRequest( - $_REQUEST['signed_request']); - } else if (isset($_COOKIE[$this->getSignedRequestCookieName()])) { - $this->signedRequest = $this->parseSignedRequest( - $_COOKIE[$this->getSignedRequestCookieName()]); - } - } - return $this->signedRequest; - } - - /** - * Get the UID of the connected user, or 0 - * if the Facebook user is not connected. - * - * @return string the UID if available. - */ - public function getUser() { - if ($this->user !== null) { - // we've already determined this and cached the value. - return $this->user; - } - - return $this->user = $this->getUserFromAvailableData(); - } - - /** - * Determines the connected user by first examining any signed - * requests, then considering an authorization code, and then - * falling back to any persistent store storing the user. - * - * @return integer The id of the connected Facebook user, - * or 0 if no such user exists. - */ - protected function getUserFromAvailableData() { - // if a signed request is supplied, then it solely determines - // who the user is. - $signed_request = $this->getSignedRequest(); - if ($signed_request) { - if (array_key_exists('user_id', $signed_request)) { - $user = $signed_request['user_id']; - $this->setPersistentData('user_id', $signed_request['user_id']); - return $user; - } - - // if the signed request didn't present a user id, then invalidate - // all entries in any persistent store. - $this->clearAllPersistentData(); - return 0; - } - - $user = $this->getPersistentData('user_id', $default = 0); - $persisted_access_token = $this->getPersistentData('access_token'); - - // use access_token to fetch user id if we have a user access_token, or if - // the cached access token has changed. - $access_token = $this->getAccessToken(); - if ($access_token && - $access_token != $this->getApplicationAccessToken() && - !($user && $persisted_access_token == $access_token)) { - $user = $this->getUserFromAccessToken(); - if ($user) { - $this->setPersistentData('user_id', $user); - } else { - $this->clearAllPersistentData(); - } - } - - return $user; - } - - /** - * Get a Login URL for use with redirects. By default, full page redirect is - * assumed. If you are using the generated URL with a window.open() call in - * JavaScript, you can pass in display=popup as part of the $params. - * - * The parameters: - * - redirect_uri: the url to go to after a successful login - * - scope: comma separated list of requested extended perms - * - * @param array $params Provide custom parameters - * @return string The URL for the login flow - */ - public function getLoginUrl($params=array()) { - $this->establishCSRFTokenState(); - $currentUrl = $this->getCurrentUrl(); - - // if 'scope' is passed as an array, convert to comma separated list - $scopeParams = isset($params['scope']) ? $params['scope'] : null; - if ($scopeParams && is_array($scopeParams)) { - $params['scope'] = implode(',', $scopeParams); - } - - return $this->getUrl( - 'www', - 'dialog/oauth', - array_merge(array( - 'client_id' => $this->getAppId(), - 'redirect_uri' => $currentUrl, // possibly overwritten - 'state' => $this->state), - $params)); - } - - /** - * Get a Logout URL suitable for use with redirects. - * - * The parameters: - * - next: the url to go to after a successful logout - * - * @param array $params Provide custom parameters - * @return string The URL for the logout flow - */ - public function getLogoutUrl($params=array()) { - return $this->getUrl( - 'www', - 'logout.php', - array_merge(array( - 'next' => $this->getCurrentUrl(), - 'access_token' => $this->getAccessToken(), - ), $params) - ); - } - - /** - * Get a login status URL to fetch the status from Facebook. - * - * The parameters: - * - ok_session: the URL to go to if a session is found - * - no_session: the URL to go to if the user is not connected - * - no_user: the URL to go to if the user is not signed into facebook - * - * @param array $params Provide custom parameters - * @return string The URL for the logout flow - */ - public function getLoginStatusUrl($params=array()) { - return $this->getUrl( - 'www', - 'extern/login_status.php', - array_merge(array( - 'api_key' => $this->getAppId(), - 'no_session' => $this->getCurrentUrl(), - 'no_user' => $this->getCurrentUrl(), - 'ok_session' => $this->getCurrentUrl(), - 'session_version' => 3, - ), $params) - ); - } - - /** - * Make an API call. - * - * @return mixed The decoded response - */ - public function api(/* polymorphic */) { - $args = func_get_args(); - if (is_array($args[0])) { - return $this->_restserver($args[0]); - } else { - return call_user_func_array(array($this, '_graph'), $args); - } - } - - /** - * Constructs and returns the name of the cookie that - * potentially houses the signed request for the app user. - * The cookie is not set by the BaseFacebook class, but - * it may be set by the JavaScript SDK. - * - * @return string the name of the cookie that would house - * the signed request value. - */ - protected function getSignedRequestCookieName() { - return 'fbsr_'.$this->getAppId(); - } - - /** - * Constructs and returns the name of the coookie that potentially contain - * metadata. The cookie is not set by the BaseFacebook class, but it may be - * set by the JavaScript SDK. - * - * @return string the name of the cookie that would house metadata. - */ - protected function getMetadataCookieName() { - return 'fbm_'.$this->getAppId(); - } - - /** - * Get the authorization code from the query parameters, if it exists, - * and otherwise return false to signal no authorization code was - * discoverable. - * - * @return mixed The authorization code, or false if the authorization - * code could not be determined. - */ - protected function getCode() { - if (isset($_REQUEST['code'])) { - if ($this->state !== null && - isset($_REQUEST['state']) && - $this->state === $_REQUEST['state']) { - - // CSRF state has done its job, so clear it - $this->state = null; - $this->clearPersistentData('state'); - return $_REQUEST['code']; - } else { - self::errorLog('CSRF state token does not match one provided.'); - return false; - } - } - - return false; - } - - /** - * Retrieves the UID with the understanding that - * $this->accessToken has already been set and is - * seemingly legitimate. It relies on Facebook's Graph API - * to retrieve user information and then extract - * the user ID. - * - * @return integer Returns the UID of the Facebook user, or 0 - * if the Facebook user could not be determined. - */ - protected function getUserFromAccessToken() { - try { - $user_info = $this->api('/me'); - return $user_info['id']; - } catch (FacebookApiException $e) { - return 0; - } - } - - /** - * Returns the access token that should be used for logged out - * users when no authorization code is available. - * - * @return string The application access token, useful for gathering - * public information about users and applications. - */ - protected function getApplicationAccessToken() { - return $this->appId.'|'.$this->appSecret; - } - - /** - * Lays down a CSRF state token for this process. - * - * @return void - */ - protected function establishCSRFTokenState() { - if ($this->state === null) { - $this->state = md5(uniqid(mt_rand(), true)); - $this->setPersistentData('state', $this->state); - } - } - - /** - * Retrieves an access token for the given authorization code - * (previously generated from www.facebook.com on behalf of - * a specific user). The authorization code is sent to graph.facebook.com - * and a legitimate access token is generated provided the access token - * and the user for which it was generated all match, and the user is - * either logged in to Facebook or has granted an offline access permission. - * - * @param string $code An authorization code. - * @return mixed An access token exchanged for the authorization code, or - * false if an access token could not be generated. - */ - protected function getAccessTokenFromCode($code, $redirect_uri = null) { - if (empty($code)) { - return false; - } - - if ($redirect_uri === null) { - $redirect_uri = $this->getCurrentUrl(); - } - - try { - // need to circumvent json_decode by calling _oauthRequest - // directly, since response isn't JSON format. - $access_token_response = - $this->_oauthRequest( - $this->getUrl('graph', '/oauth/access_token'), - $params = array('client_id' => $this->getAppId(), - 'client_secret' => $this->getAppSecret(), - 'redirect_uri' => $redirect_uri, - 'code' => $code)); - } catch (FacebookApiException $e) { - // most likely that user very recently revoked authorization. - // In any event, we don't have an access token, so say so. - return false; - } - - if (empty($access_token_response)) { - return false; - } - - $response_params = array(); - parse_str($access_token_response, $response_params); - if (!isset($response_params['access_token'])) { - return false; - } - - return $response_params['access_token']; - } - - /** - * Invoke the old restserver.php endpoint. - * - * @param array $params Method call object - * - * @return mixed The decoded response object - * @throws FacebookApiException - */ - protected function _restserver($params) { - // generic application level parameters - $params['api_key'] = $this->getAppId(); - $params['format'] = 'json-strings'; - - $result = json_decode($this->_oauthRequest( - $this->getApiUrl($params['method']), - $params - ), true); - - // results are returned, errors are thrown - if (is_array($result) && isset($result['error_code'])) { - $this->throwAPIException($result); - } - - if ($params['method'] === 'auth.expireSession' || - $params['method'] === 'auth.revokeAuthorization') { - $this->destroySession(); - } - - return $result; - } - - /** - * Return true if this is video post. - * - * @param string $path The path - * @param string $method The http method (default 'GET') - * - * @return boolean true if this is video post - */ - protected function isVideoPost($path, $method = 'GET') { - if ($method == 'POST' && preg_match("/^(\/)(.+)(\/)(videos)$/", $path)) { - return true; - } - return false; - } - - /** - * Invoke the Graph API. - * - * @param string $path The path (required) - * @param string $method The http method (default 'GET') - * @param array $params The query/post data - * - * @return mixed The decoded response object - * @throws FacebookApiException - */ - protected function _graph($path, $method = 'GET', $params = array()) { - if (is_array($method) && empty($params)) { - $params = $method; - $method = 'GET'; - } - $params['method'] = $method; // method override as we always do a POST - - if ($this->isVideoPost($path, $method)) { - $domainKey = 'graph_video'; - } else { - $domainKey = 'graph'; - } - - $result = json_decode($this->_oauthRequest( - $this->getUrl($domainKey, $path), - $params - ), true); - - // results are returned, errors are thrown - if (is_array($result) && isset($result['error'])) { - $this->throwAPIException($result); - } - - return $result; - } - - /** - * Make a OAuth Request. - * - * @param string $url The path (required) - * @param array $params The query/post data - * - * @return string The decoded response object - * @throws FacebookApiException - */ - protected function _oauthRequest($url, $params) { - if (!isset($params['access_token'])) { - $params['access_token'] = $this->getAccessToken(); - } - - // json_encode all params values that are not strings - foreach ($params as $key => $value) { - if (!is_string($value)) { - $params[$key] = json_encode($value); - } - } - - return $this->makeRequest($url, $params); - } - - /** - * Makes an HTTP request. This method can be overridden by subclasses if - * developers want to do fancier things or use something other than curl to - * make the request. - * - * @param string $url The URL to make the request to - * @param array $params The parameters to use for the POST body - * @param CurlHandler $ch Initialized curl handle - * - * @return string The response text - */ - protected function makeRequest($url, $params, $ch=null) { - if (!$ch) { - $ch = curl_init(); - } - - $opts = self::$CURL_OPTS; - if ($this->getFileUploadSupport()) { - $opts[CURLOPT_POSTFIELDS] = $params; - } else { - $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&'); - } - $opts[CURLOPT_URL] = $url; - - // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait - // for 2 seconds if the server does not support this header. - if (isset($opts[CURLOPT_HTTPHEADER])) { - $existing_headers = $opts[CURLOPT_HTTPHEADER]; - $existing_headers[] = 'Expect:'; - $opts[CURLOPT_HTTPHEADER] = $existing_headers; - } else { - $opts[CURLOPT_HTTPHEADER] = array('Expect:'); - } - - curl_setopt_array($ch, $opts); - $result = curl_exec($ch); - - if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT - self::errorLog('Invalid or no certificate authority found, '. - 'using bundled information'); - curl_setopt($ch, CURLOPT_CAINFO, - dirname(__FILE__) . '/fb_ca_chain_bundle.crt'); - $result = curl_exec($ch); - } - - if ($result === false) { - $e = new FacebookApiException(array( - 'error_code' => curl_errno($ch), - 'error' => array( - 'message' => curl_error($ch), - 'type' => 'CurlException', - ), - )); - curl_close($ch); - throw $e; - } - curl_close($ch); - return $result; - } - - /** - * Parses a signed_request and validates the signature. - * - * @param string $signed_request A signed token - * @return array The payload inside it or null if the sig is wrong - */ - protected function parseSignedRequest($signed_request) { - list($encoded_sig, $payload) = explode('.', $signed_request, 2); - - // decode the data - $sig = self::base64UrlDecode($encoded_sig); - $data = json_decode(self::base64UrlDecode($payload), true); - - if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { - self::errorLog('Unknown algorithm. Expected HMAC-SHA256'); - return null; - } - - // check sig - $expected_sig = hash_hmac('sha256', $payload, - $this->getAppSecret(), $raw = true); - if ($sig !== $expected_sig) { - self::errorLog('Bad Signed JSON signature!'); - return null; - } - - return $data; - } - - /** - * Build the URL for api given parameters. - * - * @param $method String the method name. - * @return string The URL for the given parameters - */ - protected function getApiUrl($method) { - static $READ_ONLY_CALLS = - array('admin.getallocation' => 1, - 'admin.getappproperties' => 1, - 'admin.getbannedusers' => 1, - 'admin.getlivestreamvialink' => 1, - 'admin.getmetrics' => 1, - 'admin.getrestrictioninfo' => 1, - 'application.getpublicinfo' => 1, - 'auth.getapppublickey' => 1, - 'auth.getsession' => 1, - 'auth.getsignedpublicsessiondata' => 1, - 'comments.get' => 1, - 'connect.getunconnectedfriendscount' => 1, - 'dashboard.getactivity' => 1, - 'dashboard.getcount' => 1, - 'dashboard.getglobalnews' => 1, - 'dashboard.getnews' => 1, - 'dashboard.multigetcount' => 1, - 'dashboard.multigetnews' => 1, - 'data.getcookies' => 1, - 'events.get' => 1, - 'events.getmembers' => 1, - 'fbml.getcustomtags' => 1, - 'feed.getappfriendstories' => 1, - 'feed.getregisteredtemplatebundlebyid' => 1, - 'feed.getregisteredtemplatebundles' => 1, - 'fql.multiquery' => 1, - 'fql.query' => 1, - 'friends.arefriends' => 1, - 'friends.get' => 1, - 'friends.getappusers' => 1, - 'friends.getlists' => 1, - 'friends.getmutualfriends' => 1, - 'gifts.get' => 1, - 'groups.get' => 1, - 'groups.getmembers' => 1, - 'intl.gettranslations' => 1, - 'links.get' => 1, - 'notes.get' => 1, - 'notifications.get' => 1, - 'pages.getinfo' => 1, - 'pages.isadmin' => 1, - 'pages.isappadded' => 1, - 'pages.isfan' => 1, - 'permissions.checkavailableapiaccess' => 1, - 'permissions.checkgrantedapiaccess' => 1, - 'photos.get' => 1, - 'photos.getalbums' => 1, - 'photos.gettags' => 1, - 'profile.getinfo' => 1, - 'profile.getinfooptions' => 1, - 'stream.get' => 1, - 'stream.getcomments' => 1, - 'stream.getfilters' => 1, - 'users.getinfo' => 1, - 'users.getloggedinuser' => 1, - 'users.getstandardinfo' => 1, - 'users.hasapppermission' => 1, - 'users.isappuser' => 1, - 'users.isverified' => 1, - 'video.getuploadlimits' => 1); - $name = 'api'; - if (isset($READ_ONLY_CALLS[strtolower($method)])) { - $name = 'api_read'; - } else if (strtolower($method) == 'video.upload') { - $name = 'api_video'; - } - return self::getUrl($name, 'restserver.php'); - } - - /** - * Build the URL for given domain alias, path and parameters. - * - * @param $name string The name of the domain - * @param $path string Optional path (without a leading slash) - * @param $params array Optional query parameters - * - * @return string The URL for the given parameters - */ - protected function getUrl($name, $path='', $params=array()) { - $url = self::$DOMAIN_MAP[$name]; - if ($path) { - if ($path[0] === '/') { - $path = substr($path, 1); - } - $url .= $path; - } - if ($params) { - $url .= '?' . http_build_query($params, null, '&'); - } - - return $url; - } - - /** - * Returns the Current URL, stripping it of known FB parameters that should - * not persist. - * - * @return string The current URL - */ - protected function getCurrentUrl() { - if (isset($_SERVER['HTTPS']) && - ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) || - isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && - $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { - $protocol = 'https://'; - } - else { - $protocol = 'http://'; - } - $currentUrl = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; - $parts = parse_url(https://github.com/$currentUrl); - - $query = ''; - if (!empty($parts['query'])) { - // drop known fb params - $params = explode('&', $parts['query']); - $retained_params = array(); - foreach ($params as $param) { - if ($this->shouldRetainParam($param)) { - $retained_params[] = $param; - } - } - - if (!empty($retained_params)) { - $query = '?'.implode($retained_params, '&'); - } - } - - // use port if non default - $port = - isset($parts['port']) && - (($protocol === 'http://' && $parts['port'] !== 80) || - ($protocol === 'https://' && $parts['port'] !== 443)) - ? ':' . $parts['port'] : ''; - - // rebuild - return $protocol . $parts['host'] . $port . $parts['path'] . $query; - } - - /** - * Returns true if and only if the key or key/value pair should - * be retained as part of the query string. This amounts to - * a brute-force search of the very small list of Facebook-specific - * params that should be stripped out. - * - * @param string $param A key or key/value pair within a URL's query (e.g. - * 'foo=a', 'foo=', or 'foo'. - * - * @return boolean - */ - protected function shouldRetainParam($param) { - foreach (self::$DROP_QUERY_PARAMS as $drop_query_param) { - if (strpos($param, $drop_query_param.'=') === 0) { - return false; - } - } - - return true; - } - - /** - * Analyzes the supplied result to see if it was thrown - * because the access token is no longer valid. If that is - * the case, then we destroy the session. - * - * @param $result array A record storing the error message returned - * by a failed API call. - */ - protected function throwAPIException($result) { - $e = new FacebookApiException($result); - switch ($e->getType()) { - // OAuth 2.0 Draft 00 style - case 'OAuthException': - // OAuth 2.0 Draft 10 style - case 'invalid_token': - // REST server errors are just Exceptions - case 'Exception': - $message = $e->getMessage(); - if ((strpos($message, 'Error validating access token') !== false) || - (strpos($message, 'Invalid OAuth access token') !== false) || - (strpos($message, 'An active access token must be used') !== false) - ) { - $this->destroySession(); - } - break; - } - - throw $e; - } - - - /** - * Prints to the error log if you aren't in command line mode. - * - * @param string $msg Log message - */ - protected static function errorLog($msg) { - // disable error log if we are running in a CLI environment - // @codeCoverageIgnoreStart - if (php_sapi_name() != 'cli') { - error_log($msg); - } - // uncomment this if you want to see the errors on the page - // print 'error_log: '.$msg."\n"; - // @codeCoverageIgnoreEnd - } - - /** - * Base64 encoding that doesn't need to be urlencode()ed. - * Exactly the same as base64_encode except it uses - * - instead of + - * _ instead of / - * - * @param string $input base64UrlEncoded string - * @return string - */ - protected static function base64UrlDecode($input) { - return base64_decode(strtr($input, '-_', '+/')); - } - - /** - * Destroy the current session - */ - public function destroySession() { - $this->accessToken = null; - $this->signedRequest = null; - $this->user = null; - $this->clearAllPersistentData(); - - // Javascript sets a cookie that will be used in getSignedRequest that we - // need to clear if we can - $cookie_name = $this->getSignedRequestCookieName(); - if (array_key_exists($cookie_name, $_COOKIE)) { - unset($_COOKIE[$cookie_name]); - if (!headers_sent()) { - // The base domain is stored in the metadata cookie if not we fallback - // to the current hostname - $base_domain = '.'. $_SERVER['HTTP_HOST']; - - $metadata = $this->getMetadataCookie(); - if (array_key_exists('base_domain', $metadata) && - !empty($metadata['base_domain'])) { - $base_domain = $metadata['base_domain']; - } - - setcookie($cookie_name, '', 0, '/', $base_domain); - } else { - self::errorLog( - 'There exists a cookie that we wanted to clear that we couldn\'t '. - 'clear because headers was already sent. Make sure to do the first '. - 'API call before outputing anything' - ); - } - } - } - - /** - * Parses the metadata cookie that our Javascript API set - * - * @return an array mapping key to value - */ - protected function getMetadataCookie() { - $cookie_name = $this->getMetadataCookieName(); - if (!array_key_exists($cookie_name, $_COOKIE)) { - return array(); - } - - // The cookie value can be wrapped in "-characters so remove them - $cookie_value = trim($_COOKIE[$cookie_name], '"'); - - if (empty($cookie_value)) { - return array(); - } - - $parts = explode('&', $cookie_value); - $metadata = array(); - foreach ($parts as $part) { - $pair = explode('=', $part, 2); - if (!empty($pair[0])) { - $metadata[urldecode($pair[0])] = - (count($pair) > 1) ? urldecode($pair[1]) : ''; - } - } - - return $metadata; - } - - /** - * Each of the following four methods should be overridden in - * a concrete subclass, as they are in the provided Facebook class. - * The Facebook class uses PHP sessions to provide a primitive - * persistent store, but another subclass--one that you implement-- - * might use a database, memcache, or an in-memory cache. - * - * @see Facebook - */ - - /** - * Stores the given ($key, $value) pair, so that future calls to - * getPersistentData($key) return $value. This call may be in another request. - * - * @param string $key - * @param array $value - * - * @return void - */ - abstract protected function setPersistentData($key, $value); - - /** - * Get the data for $key, persisted by BaseFacebook::setPersistentData() - * - * @param string $key The key of the data to retrieve - * @param boolean $default The default value to return if $key is not found - * - * @return mixed - */ - abstract protected function getPersistentData($key, $default = false); - - /** - * Clear the data with $key from the persistent storage - * - * @param string $key - * @return void - */ - abstract protected function clearPersistentData($key); - - /** - * Clear all data from the persistent storage - * - * @return void - */ - abstract protected function clearAllPersistentData(); -} diff --git a/src/facebook.php b/src/facebook.php deleted file mode 100644 index c577c2a..0000000 --- a/src/facebook.php +++ /dev/null @@ -1,93 +0,0 @@ -constructSessionVariableName($key); - $_SESSION[$session_var_name] = $value; - } - - protected function getPersistentData($key, $default = false) { - if (!in_array($key, self::$kSupportedKeys)) { - self::errorLog('Unsupported key passed to getPersistentData.'); - return $default; - } - - $session_var_name = $this->constructSessionVariableName($key); - return isset($_SESSION[$session_var_name]) ? - $_SESSION[$session_var_name] : $default; - } - - protected function clearPersistentData($key) { - if (!in_array($key, self::$kSupportedKeys)) { - self::errorLog('Unsupported key passed to clearPersistentData.'); - return; - } - - $session_var_name = $this->constructSessionVariableName($key); - unset($_SESSION[$session_var_name]); - } - - protected function clearAllPersistentData() { - foreach (self::$kSupportedKeys as $key) { - $this->clearPersistentData($key); - } - } - - protected function constructSessionVariableName($key) { - return implode('_', array('fb', - $this->getAppId(), - $key)); - } -} diff --git a/src/fb_ca_chain_bundle.crt b/src/fb_ca_chain_bundle.crt deleted file mode 100644 index b92d719..0000000 --- a/src/fb_ca_chain_bundle.crt +++ /dev/null @@ -1,121 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFgjCCBGqgAwIBAgIQDKKbZcnESGaLDuEaVk6fQjANBgkqhkiG9w0BAQUFADBm -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBDQS0zMB4XDTEwMDExMzAwMDAwMFoXDTEzMDQxMTIzNTk1OVowaDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEX -MBUGA1UEChMORmFjZWJvb2ssIEluYy4xFzAVBgNVBAMUDiouZmFjZWJvb2suY29t -MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9rzj7QIuLM3sdHu1HcI1VcR3g -b5FExKNV646agxSle1aQ/sJev1mh/u91ynwqd2BQmM0brZ1Hc3QrfYyAaiGGgEkp -xbhezyfeYhAyO0TKAYxPnm2cTjB5HICzk6xEIwFbA7SBJ2fSyW1CFhYZyo3tIBjj -19VjKyBfpRaPkzLmRwIDAQABo4ICrDCCAqgwHwYDVR0jBBgwFoAUUOpzidsp+xCP -nuUBINTeeZlIg/cwHQYDVR0OBBYEFPp+tsFBozkjrHlEnZ9J4cFj2eM0MA4GA1Ud -DwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMF8GA1UdHwRYMFYwKaAnoCWGI2h0dHA6 -Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9jYTMtZmIuY3JsMCmgJ6AlhiNodHRwOi8vY3Js -NC5kaWdpY2VydC5jb20vY2EzLWZiLmNybDCCAcYGA1UdIASCAb0wggG5MIIBtQYL -YIZIAYb9bAEDAAEwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0 -LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIB -UgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkA -YwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEA -bgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMA -UABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkA -IABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwA -aQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8A -cgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMA -ZQAuMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQUF -AAOCAQEACOkTIdxMy11+CKrbGNLBSg5xHaTvu/v1wbyn3dO/mf68pPfJnX6ShPYy -4XM4Vk0x4uaFaU4wAGke+nCKGi5dyg0Esg7nemLNKEJaFAJZ9enxZm334lSCeARy -wlDtxULGOFRyGIZZPmbV2eNq5xdU/g3IuBEhL722mTpAye9FU/J8Wsnw54/gANyO -Gzkewigua8ip8Lbs9Cht399yAfbfhUP1DrAm/xEcnHrzPr3cdCtOyJaM6SRPpRqH -ITK5Nc06tat9lXVosSinT3KqydzxBYua9gCFFiR3x3DgZfvXkC6KDdUlDrNcJUub -a1BHnLLP4mxTHL6faAXYd05IxNn/IA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIGVTCCBT2gAwIBAgIQCFH5WYFBRcq94CTiEsnCDjANBgkqhkiG9w0BAQUFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTA3MDQwMzAwMDAwMFoXDTIyMDQwMzAwMDAwMFowZjEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug -Q0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17+NDdR -CPge+yLtYb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcv -KEZmBMcqeSZ6mdWOw21PoF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5 -BUTuJM56H+2MEb0SqPMV9Bx6MWkBG6fmXcCabH4JnudSREoQOiPkm7YDr6ictFuf -1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5+gw6RlgWYw7If48hl66l7XaAs -zPw82W3tzPpLQ4zJ1LilYRyyQLYoEt+5+F/+07LJ7z20Hkt8HEyZNp496+ynaF4d -32duXvsCAwEAAaOCAvcwggLzMA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0w -ggG5MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3 -LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUH -AgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQBy -AHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBj -AGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAg -AEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ -AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBt -AGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBj -AG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBl -AHIAZQBuAGMAZQAuMA8GA1UdEwEB/wQFMAMBAf8wNAYIKwYBBQUHAQEEKDAmMCQG -CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCB -hDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFz -c3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu -Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAW -gBSxPsNpA/i/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTe -eZlIg/cwDQYJKoZIhvcNAQEFBQADggEBAF1PhPGoiNOjsrycbeUpSXfh59bcqdg1 -rslx3OXb3J0kIZCmz7cBHJvUV5eR13UWpRLXuT0uiT05aYrWNTf58SHEW0CtWakv -XzoAKUMncQPkvTAyVab+hA4LmzgZLEN8rEO/dTHlIxxFVbdpCJG1z9fVsV7un5Tk -1nq5GMO41lJjHBC6iy9tXcwFOPRWBW3vnuzoYTYMFEuFFFoMg08iXFnLjIpx2vrF -EIRYzwfu45DC9fkpx1ojcflZtGQriLCnNseaIGHr+k61rmsb5OPs4tk8QUmoIKRU -9ZKNu8BVIASm2LAXFszj0Mi0PeXZhMbT9m5teMl5Q+h6N/9cNUm/ocU= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIEQjCCA6ugAwIBAgIEQoclDjANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC -VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u -ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc -KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u -ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEy -MjIxNTI3MjdaFw0xNDA3MjIxNTU3MjdaMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK -EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV -BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGzOVz5vvUu+UtLTKm3+WBP8nNJUm2cSrD -1ZQ0Z6IKHLBfaaZAscS3so/QmKSpQVk609yU1jzbdDikSsxNJYL3SqVTEjju80lt -cZF+Y7arpl/DpIT4T2JRvvjF7Ns4kuMG5QiRDMQoQVX7y1qJFX5x6DW/TXIJPb46 -OFBbdzEbjbPHJEWap6xtABRaBLe6E+tRCphBQSJOZWGHgUFQpnlcid4ZSlfVLuZd -HFMsfpjNGgYWpGhz0DQEE1yhcdNafFXbXmThN4cwVgTlEbQpgBLxeTmIogIRfCdm -t4i3ePLKCqg4qwpkwr9mXZWEwaElHoddGlALIBLMQbtuC1E4uEvLAgMBAAGjggET -MIIBDzASBgNVHRMBAf8ECDAGAQH/AgEBMCcGA1UdJQQgMB4GCCsGAQUFBwMBBggr -BgEFBQcDAgYIKwYBBQUHAwQwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdo -dHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v -Y3JsLmVudHJ1c3QubmV0L3NlcnZlcjEuY3JsMB0GA1UdDgQWBBSxPsNpA/i/RwHU -mCYaCALvY2QrwzALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8BdiE1U9s/8KAGv7 -UISX8+1i0BowGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCAIEwDQYJKoZIhvcNAQEF -BQADgYEAUuVY7HCc/9EvhaYzC1rAIo348LtGIiMduEl5Xa24G8tmJnDioD2GU06r -1kjLX/ktCdpdBgXadbjtdrZXTP59uN0AXlsdaTiFufsqVLPvkp5yMnqnuI3E2o6p -NpAkoQSbB6kUCNnXcW26valgOjDLZFOnr241QiwdBAJAAE/rRa8= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIE2DCCBEGgAwIBAgIEN0rSQzANBgkqhkiG9w0BAQUFADCBwzELMAkGA1UEBhMC -VVMxFDASBgNVBAoTC0VudHJ1c3QubmV0MTswOQYDVQQLEzJ3d3cuZW50cnVzdC5u -ZXQvQ1BTIGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxpYWIuKTElMCMGA1UECxMc -KGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDE6MDgGA1UEAxMxRW50cnVzdC5u -ZXQgU2VjdXJlIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05OTA1 -MjUxNjA5NDBaFw0xOTA1MjUxNjM5NDBaMIHDMQswCQYDVQQGEwJVUzEUMBIGA1UE -ChMLRW50cnVzdC5uZXQxOzA5BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5j -b3JwLiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBF -bnRydXN0Lm5ldCBMaW1pdGVkMTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUg -U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGdMA0GCSqGSIb3DQEBAQUA -A4GLADCBhwKBgQDNKIM0VBuJ8w+vN5Ex/68xYMmo6LIQaO2f55M28Qpku0f1BBc/ -I0dNxScZgSYMVHINiC3ZH5oSn7yzcdOAGT9HZnuMNSjSuQrfJNqc1lB5gXpa0zf3 -wkrYKZImZNHkmGw6AIr1NJtl+O3jEP/9uElY3KDegjlrgbEWGWG5VLbmQwIBA6OC -AdcwggHTMBEGCWCGSAGG+EIBAQQEAwIABzCCARkGA1UdHwSCARAwggEMMIHeoIHb -oIHYpIHVMIHSMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLRW50cnVzdC5uZXQxOzA5 -BgNVBAsTMnd3dy5lbnRydXN0Lm5ldC9DUFMgaW5jb3JwLiBieSByZWYuIChsaW1p -dHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5ldCBMaW1pdGVk -MTowOAYDVQQDEzFFbnRydXN0Lm5ldCBTZWN1cmUgU2VydmVyIENlcnRpZmljYXRp -b24gQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMCmgJ6AlhiNodHRwOi8vd3d3LmVu -dHJ1c3QubmV0L0NSTC9uZXQxLmNybDArBgNVHRAEJDAigA8xOTk5MDUyNTE2MDk0 -MFqBDzIwMTkwNTI1MTYwOTQwWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAU8Bdi -E1U9s/8KAGv7UISX8+1i0BowHQYDVR0OBBYEFPAXYhNVPbP/CgBr+1CEl/PtYtAa -MAwGA1UdEwQFMAMBAf8wGQYJKoZIhvZ9B0EABAwwChsEVjQuMAMCBJAwDQYJKoZI -hvcNAQEFBQADgYEAkNwwAvpkdMKnCqV8IY00F6j7Rw7/JXyNEwr75Ji174z4xRAN -95K+8cPV1ZVqBLssziY2ZcgxxufuP+NXdYR6Ee9GTxj005i7qIcyunL2POI9n9cd -2cNgQ4xYDiKWL2KjLB+6rQXvqzJ4h6BUcxm1XAX5Uj5tLUUL9wqT6u0G+bI= ------END CERTIFICATE----- diff --git a/tests/bootstrap.php b/tests/bootstrap.php deleted file mode 100644 index e32b9f8..0000000 --- a/tests/bootstrap.php +++ /dev/null @@ -1,5 +0,0 @@ - self::APP_ID, - 'secret' => self::SECRET, - )); - $this->assertEquals($facebook->getAppId(), self::APP_ID, - 'Expect the App ID to be set.'); - $this->assertEquals($facebook->getAppSecret(), self::SECRET, - 'Expect the API secret to be set.'); - } - - public function testConstructorWithFileUpload() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - 'fileUpload' => true, - )); - $this->assertEquals($facebook->getAppId(), self::APP_ID, - 'Expect the App ID to be set.'); - $this->assertEquals($facebook->getAppSecret(), self::SECRET, - 'Expect the API secret to be set.'); - $this->assertTrue($facebook->getFileUploadSupport(), - 'Expect file upload support to be on.'); - // alias (depricated) for getFileUploadSupport -- test until removed - $this->assertTrue($facebook->useFileUploadSupport(), - 'Expect file upload support to be on.'); - } - - public function testSetAppId() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $facebook->setAppId('dummy'); - $this->assertEquals($facebook->getAppId(), 'dummy', - 'Expect the App ID to be dummy.'); - } - - public function testSetAPISecret() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $facebook->setApiSecret('dummy'); - $this->assertEquals($facebook->getApiSecret(), 'dummy', - 'Expect the API secret to be dummy.'); - } - - public function testSetAPPSecret() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $facebook->setAppSecret('dummy'); - $this->assertEquals($facebook->getAppSecret(), 'dummy', - 'Expect the API secret to be dummy.'); - } - - public function testSetAccessToken() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setAccessToken('saltydog'); - $this->assertEquals($facebook->getAccessToken(), 'saltydog', - 'Expect installed access token to remain \'saltydog\''); - } - - public function testSetFileUploadSupport() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $this->assertFalse($facebook->getFileUploadSupport(), - 'Expect file upload support to be off.'); - // alias for getFileUploadSupport (depricated), testing until removed - $this->assertFalse($facebook->useFileUploadSupport(), - 'Expect file upload support to be off.'); - $facebook->setFileUploadSupport(true); - $this->assertTrue($facebook->getFileUploadSupport(), - 'Expect file upload support to be on.'); - // alias for getFileUploadSupport (depricated), testing until removed - $this->assertTrue($facebook->useFileUploadSupport(), - 'Expect file upload support to be on.'); - } - - public function testGetCurrentURL() { - $facebook = new FBGetCurrentURLFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - // fake the HPHP $_SERVER globals - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=one&two=two&three=three'; - $current_url = $facebook->publicGetCurrentUrl(); - $this->assertEquals( - 'http://www.test.com/unit-tests.php?one=one&two=two&three=three', - $current_url, - 'getCurrentUrl function is changing the current URL'); - - // ensure structure of valueless GET params is retained (sometimes - // an = sign was present, and sometimes it was not) - // first test when equal signs are present - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=&two=&three='; - $current_url = $facebook->publicGetCurrentUrl(); - $this->assertEquals( - 'http://www.test.com/unit-tests.php?one=&two=&three=', - $current_url, - 'getCurrentUrl function is changing the current URL'); - - // now confirm that - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php?one&two&three'; - $current_url = $facebook->publicGetCurrentUrl(); - $this->assertEquals( - 'http://www.test.com/unit-tests.php?one&two&three', - $current_url, - 'getCurrentUrl function is changing the current URL'); - } - - public function testGetLoginURL() { - $facebook = new Facebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - // fake the HPHP $_SERVER globals - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php'; - $login_url = parse_url(https://github.com/$facebook-%3EgetLoginUrl()); - $this->assertEquals($login_url['scheme'], 'https'); - $this->assertEquals($login_url['host'], 'www.facebook.com'); - $this->assertEquals($login_url['path'], '/dialog/oauth'); - $expected_login_params = - array('client_id' => self::APP_ID, - 'redirect_uri' => 'http://www.test.com/unit-tests.php'); - - $query_map = array(); - parse_str($login_url['query'], $query_map); - $this->assertIsSubset($expected_login_params, $query_map); - // we don't know what the state is, but we know it's an md5 and should - // be 32 characters long. - $this->assertEquals(strlen($query_map['state']), $num_characters = 32); - } - - public function testGetLoginURLWithExtraParams() { - $facebook = new Facebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - // fake the HPHP $_SERVER globals - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php'; - $extra_params = array('scope' => 'email, sms', - 'nonsense' => 'nonsense'); - $login_url = parse_url(https://github.com/$facebook-%3EgetLoginUrl($extra_params)); - $this->assertEquals($login_url['scheme'], 'https'); - $this->assertEquals($login_url['host'], 'www.facebook.com'); - $this->assertEquals($login_url['path'], '/dialog/oauth'); - $expected_login_params = - array_merge( - array('client_id' => self::APP_ID, - 'redirect_uri' => 'http://www.test.com/unit-tests.php'), - $extra_params); - $query_map = array(); - parse_str($login_url['query'], $query_map); - $this->assertIsSubset($expected_login_params, $query_map); - // we don't know what the state is, but we know it's an md5 and should - // be 32 characters long. - $this->assertEquals(strlen($query_map['state']), $num_characters = 32); - } - - public function testGetLoginURLWithScopeParamsAsArray() { - $facebook = new Facebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - // fake the HPHP $_SERVER globals - $_SERVER['HTTP_HOST'] = 'www.test.com'; - $_SERVER['REQUEST_URI'] = '/unit-tests.php'; - $scope_params_as_array = array('email','sms','read_stream'); - $extra_params = array('scope' => $scope_params_as_array, - 'nonsense' => 'nonsense'); - $login_url = parse_url(https://github.com/$facebook-%3EgetLoginUrl($extra_params)); - $this->assertEquals($login_url['scheme'], 'https'); - $this->assertEquals($login_url['host'], 'www.facebook.com'); - $this->assertEquals($login_url['path'], '/dialog/oauth'); - // expect api to flatten array params to comma separated list - // should do the same here before asserting to make sure API is behaving - // correctly; - $extra_params['scope'] = implode(',', $scope_params_as_array); - $expected_login_params = - array_merge( - array('client_id' => self::APP_ID, - 'redirect_uri' => 'http://www.test.com/unit-tests.php'), - $extra_params); - $query_map = array(); - parse_str($login_url['query'], $query_map); - $this->assertIsSubset($expected_login_params, $query_map); - // we don't know what the state is, but we know it's an md5 and should - // be 32 characters long. - $this->assertEquals(strlen($query_map['state']), $num_characters = 32); - } - - public function testGetCodeWithValidCSRFState() { - $facebook = new FBCode(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setCSRFStateToken(); - $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); - $_REQUEST['state'] = $facebook->getCSRFStateToken(); - $this->assertEquals($code, - $facebook->publicGetCode(), - 'Expect code to be pulled from $_REQUEST[\'code\']'); - } - - public function testGetCodeWithInvalidCSRFState() { - $facebook = new FBCode(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setCSRFStateToken(); - $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); - $_REQUEST['state'] = $facebook->getCSRFStateToken().'forgery!!!'; - $this->assertFalse($facebook->publicGetCode(), - 'Expect getCode to fail, CSRF state should not match.'); - } - - public function testGetCodeWithMissingCSRFState() { - $facebook = new FBCode(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); - // intentionally don't set CSRF token at all - $this->assertFalse($facebook->publicGetCode(), - 'Expect getCode to fail, CSRF state not sent back.'); - - } - - public function testGetUserFromSignedRequest() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $_REQUEST['signed_request'] = self::$kValidSignedRequest; - $this->assertEquals('1677846385', $facebook->getUser(), - 'Failed to get user ID from a valid signed request.'); - } - - public function testGetSignedRequestFromCookie() { - $facebook = new FBGetSignedRequestCookieFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $_COOKIE[$facebook->publicGetSignedRequestCookieName()] = - self::$kValidSignedRequest; - $this->assertNotNull($facebook->publicGetSignedRequest()); - $this->assertEquals('1677846385', $facebook->getUser(), - 'Failed to get user ID from a valid signed request.'); - } - - public function testGetSignedRequestWithIncorrectSignature() { - $facebook = new FBGetSignedRequestCookieFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $_COOKIE[$facebook->publicGetSignedRequestCookieName()] = - self::$kSignedRequestWithBogusSignature; - $this->assertNull($facebook->publicGetSignedRequest()); - } - - public function testNonUserAccessToken() { - $facebook = new FBAccessToken(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - // no cookies, and no request params, so no user or code, - // so no user access token (even with cookie support) - $this->assertEquals($facebook->publicGetApplicationAccessToken(), - $facebook->getAccessToken(), - 'Access token should be that for logged out users.'); - } - - public function testAPIForLoggedOutUsers() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $response = $facebook->api(array( - 'method' => 'fql.query', - 'query' => 'SELECT name FROM user WHERE uid=4', - )); - $this->assertEquals(count($response), 1, - 'Expect one row back.'); - $this->assertEquals($response[0]['name'], 'Mark Zuckerberg', - 'Expect the name back.'); - } - - public function testAPIWithBogusAccessToken() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setAccessToken('this-is-not-really-an-access-token'); - // if we don't set an access token and there's no way to - // get one, then the FQL query below works beautifully, handing - // over Zuck's public data. But if you specify a bogus access - // token as I have right here, then the FQL query should fail. - // We could return just Zuck's public data, but that wouldn't - // advertise the issue that the access token is at worst broken - // and at best expired. - try { - $response = $facebook->api(array( - 'method' => 'fql.query', - 'query' => 'SELECT name FROM profile WHERE id=4', - )); - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - $result = $e->getResult(); - $this->assertTrue(is_array($result), 'expect a result object'); - $this->assertEquals('190', $result['error_code'], 'expect code'); - } - } - - public function testAPIGraphPublicData() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $response = $facebook->api('/jerry'); - $this->assertEquals( - $response['id'], '214707', 'should get expected id.'); - } - - public function testGraphAPIWithBogusAccessToken() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setAccessToken('this-is-not-really-an-access-token'); - try { - $response = $facebook->api('/me'); - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - // means the server got the access token and didn't like it - $msg = 'OAuthException: Invalid OAuth access token.'; - $this->assertEquals($msg, (string) $e, - 'Expect the invalid OAuth token message.'); - } - } - - public function testGraphAPIWithExpiredAccessToken() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $facebook->setAccessToken(self::$kExpiredAccessToken); - try { - $response = $facebook->api('/me'); - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - // means the server got the access token and didn't like it - $error_msg_start = 'OAuthException: Error validating access token:'; - $this->assertTrue(strpos((string) $e, $error_msg_start) === 0, - 'Expect the token validation error message.'); - } - } - - public function testGraphAPIMethod() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - try { - // naitik being bold about deleting his entire record.... - // let's hope this never actually passes. - $response = $facebook->api('/naitik', $method = 'DELETE'); - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - // ProfileDelete means the server understood the DELETE - $msg = - 'OAuthException: (#200) User cannot access this application'; - $this->assertEquals($msg, (string) $e, - 'Expect the invalid session message.'); - } - } - - public function testGraphAPIOAuthSpecError() { - $facebook = new TransientFacebook(array( - 'appId' => self::MIGRATED_APP_ID, - 'secret' => self::MIGRATED_SECRET, - )); - - try { - $response = $facebook->api('/me', array( - 'client_id' => self::MIGRATED_APP_ID)); - - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - // means the server got the access token - $msg = 'invalid_request: An active access token must be used '. - 'to query information about the current user.'; - $this->assertEquals($msg, (string) $e, - 'Expect the invalid session message.'); - } - } - - public function testGraphAPIMethodOAuthSpecError() { - $facebook = new TransientFacebook(array( - 'appId' => self::MIGRATED_APP_ID, - 'secret' => self::MIGRATED_SECRET, - )); - - try { - $response = $facebook->api('/daaku.shah', 'DELETE', array( - 'client_id' => self::MIGRATED_APP_ID)); - $this->fail('Should not get here.'); - } catch(FacebookApiException $e) { - $this->assertEquals(strpos($e, 'invalid_request'), 0); - } - } - - public function testCurlFailure() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - if (!defined('CURLOPT_TIMEOUT_MS')) { - // can't test it if we don't have millisecond timeouts - return; - } - - $exception = null; - try { - // we dont expect facebook will ever return in 1ms - Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS] = 50; - $facebook->api('/naitik'); - } catch(FacebookApiException $e) { - $exception = $e; - } - unset(Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS]); - if (!$exception) { - $this->fail('no exception was thrown on timeout.'); - } - - $this->assertEquals( - CURLE_OPERATION_TIMEOUTED, $exception->getCode(), 'expect timeout'); - $this->assertEquals('CurlException', $exception->getType(), 'expect type'); - } - - public function testGraphAPIWithOnlyParams() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - $response = $facebook->api('/jerry'); - $this->assertTrue(isset($response['id']), - 'User ID should be public.'); - $this->assertTrue(isset($response['name']), - 'User\'s name should be public.'); - $this->assertTrue(isset($response['first_name']), - 'User\'s first name should be public.'); - $this->assertTrue(isset($response['last_name']), - 'User\'s last name should be public.'); - $this->assertFalse(isset($response['work']), - 'User\'s work history should only be available with '. - 'a valid access token.'); - $this->assertFalse(isset($response['education']), - 'User\'s education history should only be '. - 'available with a valid access token.'); - $this->assertFalse(isset($response['verified']), - 'User\'s verification status should only be '. - 'available with a valid access token.'); - } - - public function testLoginURLDefaults() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testLoginURLDefaultsDropStateQueryParam() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples?state=xx42xx'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1, - 'Expect the current url to exist.'); - $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), - 'Expect the session param to be dropped.'); - } - - public function testLoginURLDefaultsDropCodeQueryParam() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples?code=xx42xx'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1, - 'Expect the current url to exist.'); - $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), - 'Expect the session param to be dropped.'); - } - - public function testLoginURLDefaultsDropSignedRequestParamButNotOthers() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = - '/examples?signed_request=xx42xx&do_not_drop=xx43xx'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), - 'Expect the session param to be dropped.'); - $this->assertTrue(strpos($facebook->getLoginUrl(), 'xx43xx') > -1, - 'Expect the do_not_drop param to exist.'); - } - - public function testLoginURLCustomNext() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $next = 'http://fbrell.com/custom'; - $loginUrl = $facebook->getLoginUrl(array( - 'redirect_uri' => $next, - 'cancel_url' => $next - )); - $currentEncodedUrl = rawurlencode('http://fbrell.com/examples'); - $expectedEncodedUrl = rawurlencode($next); - $this->assertNotNull(strpos($loginUrl, $expectedEncodedUrl), - 'Expect the custom url to exist.'); - $this->assertFalse(strpos($loginUrl, $currentEncodedUrl), - 'Expect the current url to not exist.'); - } - - public function testLogoutURLDefaults() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertNotNull(strpos($facebook->getLogoutUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testLoginStatusURLDefaults() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('http://fbrell.com/examples'); - $this->assertNotNull(strpos($facebook->getLoginStatusUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testLoginStatusURLCustom() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl1 = rawurlencode('http://fbrell.com/examples'); - $okUrl = 'http://fbrell.com/here1'; - $encodedUrl2 = rawurlencode($okUrl); - $loginStatusUrl = $facebook->getLoginStatusUrl(array( - 'ok_session' => $okUrl, - )); - $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl1), - 'Expect the current url to exist.'); - $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl2), - 'Expect the custom url to exist.'); - } - - public function testNonDefaultPort() { - $_SERVER['HTTP_HOST'] = 'fbrell.com:8080'; - $_SERVER['REQUEST_URI'] = '/examples'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('http://fbrell.com:8080/examples'); - $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testSecureCurrentUrl() { - $_SERVER['HTTP_HOST'] = 'fbrell.com'; - $_SERVER['REQUEST_URI'] = '/examples'; - $_SERVER['HTTPS'] = 'on'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('https://fbrell.com/examples'); - $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testSecureCurrentUrlWithNonDefaultPort() { - $_SERVER['HTTP_HOST'] = 'fbrell.com:8080'; - $_SERVER['REQUEST_URI'] = '/examples'; - $_SERVER['HTTPS'] = 'on'; - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - $encodedUrl = rawurlencode('https://fbrell.com:8080/examples'); - $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), - 'Expect the current url to exist.'); - } - - public function testAppSecretCall() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET, - )); - - try { - $response = $facebook->api('/' . self::APP_ID . '/insights'); - $this->fail('Desktop applications need a user token for insights.'); - } catch (FacebookApiException $e) { - // this test is failing as the graph call is returning the wrong - // error message - $this->assertTrue(strpos($e->getMessage(), - 'Requires session when calling from a desktop app') !== false, - 'Incorrect exception type thrown when trying to gain ' . - 'insights for desktop app without a user access token.'); - } catch (Exception $e) { - $this->fail('Incorrect exception type thrown when trying to gain ' . - 'insights for desktop app without a user access token.'); - } - } - - public function testBase64UrlEncode() { - $input = 'Facebook rocks'; - $output = 'RmFjZWJvb2sgcm9ja3M'; - - $this->assertEquals(FBPublic::publicBase64UrlDecode($output), $input); - } - - public function testSignedToken() { - $facebook = new FBPublic(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - $payload = $facebook->publicParseSignedRequest(self::$kValidSignedRequest); - $this->assertNotNull($payload, 'Expected token to parse'); - $this->assertEquals($facebook->getSignedRequest(), null); - $_REQUEST['signed_request'] = self::$kValidSignedRequest; - $this->assertEquals($facebook->getSignedRequest(), $payload); - } - - public function testNonTossedSignedtoken() { - $facebook = new FBPublic(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - $payload = $facebook->publicParseSignedRequest( - self::$kNonTosedSignedRequest); - $this->assertNotNull($payload, 'Expected token to parse'); - $this->assertNull($facebook->getSignedRequest()); - $_REQUEST['signed_request'] = self::$kNonTosedSignedRequest; - $this->assertEquals($facebook->getSignedRequest(), - array('algorithm' => 'HMAC-SHA256')); - } - - public function testBundledCACert() { - $facebook = new TransientFacebook(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - - // use the bundled cert from the start - Facebook::$CURL_OPTS[CURLOPT_CAINFO] = - dirname(__FILE__) . '/../src/fb_ca_chain_bundle.crt'; - $response = $facebook->api('/naitik'); - - unset(Facebook::$CURL_OPTS[CURLOPT_CAINFO]); - $this->assertEquals( - $response['id'], '5526183', 'should get expected id.'); - } - - public function testVideoUpload() { - $facebook = new FBRecordURL(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - - $facebook->api(array('method' => 'video.upload')); - $this->assertContains('//api-video.', $facebook->getRequestedURL(), - 'video.upload should go against api-video'); - } - - public function testGetUserAndAccessTokenFromSession() { - $facebook = new PersistentFBPublic(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - - $facebook->publicSetPersistentData('access_token', - self::$kExpiredAccessToken); - $facebook->publicSetPersistentData('user_id', 12345); - $this->assertEquals(self::$kExpiredAccessToken, - $facebook->getAccessToken(), - 'Get access token from persistent store.'); - $this->assertEquals('12345', - $facebook->getUser(), - 'Get user id from persistent store.'); - } - - public function testGetUserAndAccessTokenFromSignedRequestNotSession() { - $facebook = new PersistentFBPublic(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - - $_REQUEST['signed_request'] = self::$kValidSignedRequest; - $facebook->publicSetPersistentData('user_id', 41572); - $facebook->publicSetPersistentData('access_token', - self::$kExpiredAccessToken); - $this->assertNotEquals('41572', $facebook->getUser(), - 'Got user from session instead of signed request.'); - $this->assertEquals('1677846385', $facebook->getUser(), - 'Failed to get correct user ID from signed request.'); - $this->assertNotEquals( - self::$kExpiredAccessToken, - $facebook->getAccessToken(), - 'Got access token from session instead of signed request.'); - $this->assertNotEmpty( - $facebook->getAccessToken(), - 'Failed to extract an access token from the signed request.'); - } - - public function testGetUserWithoutCodeOrSignedRequestOrSession() { - $facebook = new PersistentFBPublic(array( - 'appId' => self::APP_ID, - 'secret' => self::SECRET - )); - - // deliberately leave $_REQUEST and _$SESSION empty - $this->assertEmpty($_REQUEST, - 'GET, POST, and COOKIE params exist even though '. - 'they should. Test cannot succeed unless all of '. - '$_REQUEST is empty.'); - $this->assertEmpty($_SESSION, - 'Session is carrying state and should not be.'); - $this->assertEmpty($facebook->getUser(), - 'Got a user id, even without a signed request, '. - 'access token, or session variable.'); - $this->assertEmpty($_SESSION, - 'Session superglobal incorrectly populated by getUser.'); - } - - protected function generateMD5HashOfRandomValue() { - return md5(uniqid(mt_rand(), true)); - } - - protected function setUp() { - parent::setUp(); - } - - protected function tearDown() { - $this->clearSuperGlobals(); - parent::tearDown(); - } - - protected function clearSuperGlobals() { - unset($_SERVER['HTTPS']); - unset($_SERVER['HTTP_HOST']); - unset($_SERVER['REQUEST_URI']); - $_SESSION = array(); - $_COOKIE = array(); - $_REQUEST = array(); - $_POST = array(); - $_GET = array(); - if (session_id()) { - session_destroy(); - } - } - - /** - * Checks that the correct args are a subset of the returned obj - * @param array $correct The correct array values - * @param array $actual The values in practice - * @param string $message to be shown on failure - */ - protected function assertIsSubset($correct, $actual, $msg='') { - foreach ($correct as $key => $value) { - $actual_value = $actual[$key]; - $newMsg = (strlen($msg) ? ($msg.' ') : '').'Key: '.$key; - $this->assertEquals($value, $actual_value, $newMsg); - } - } -} - -class TransientFacebook extends BaseFacebook { - protected function setPersistentData($key, $value) {} - protected function getPersistentData($key, $default = false) { - return $default; - } - protected function clearPersistentData($key) {} - protected function clearAllPersistentData() {} -} - -class FBRecordURL extends TransientFacebook { - private $url; - - protected function _oauthRequest($url, $params) { - $this->url = $url; - } - - public function getRequestedURL() { - return $this->url; - } -} - -class FBPublic extends TransientFacebook { - public static function publicBase64UrlDecode($input) { - return self::base64UrlDecode($input); - } - public function publicParseSignedRequest($input) { - return $this->parseSignedRequest($input); - } -} - -class PersistentFBPublic extends Facebook { - public function publicParseSignedRequest($input) { - return $this->parseSignedRequest($input); - } - - public function publicSetPersistentData($key, $value) { - $this->setPersistentData($key, $value); - } -} - -class FBCode extends Facebook { - public function publicGetCode() { - return $this->getCode(); - } - - public function setCSRFStateToken() { - $this->establishCSRFTokenState(); - } - - public function getCSRFStateToken() { - return $this->getPersistentData('state'); - } -} - -class FBAccessToken extends TransientFacebook { - public function publicGetApplicationAccessToken() { - return $this->getApplicationAccessToken(); - } -} - -class FBGetCurrentURLFacebook extends TransientFacebook { - public function publicGetCurrentUrl() { - return $this->getCurrentUrl(); - } -} - -class FBGetSignedRequestCookieFacebook extends TransientFacebook { - public function publicGetSignedRequest() { - return $this->getSignedRequest(); - } - - public function publicGetSignedRequestCookieName() { - return $this->getSignedRequestCookieName(); - } -}