Sha256: e66719ba8fa3c3065ed81bc3f75cccef0b3b592ac18cfa4f772a97a477527ea5

Contents?: true

Size: 1.18 KB

Versions: 6

Compression:

Stored size: 1.18 KB

Contents

require 'digest/md5'

module FbGraph
  class Auth
    # NOTE:
    # If you want access token, use FbGraph::Auth.new(APP_ID, APP_SECRET, :cookie => {..}) instead
    class Cookie
      def self.parse(client, cookie)
        fb_cookie_string = case cookie
        when String
          cookie
        else
          cookie["fbs_#{client.identifier}"]
        end

        raise VerificationFailed.new(401, 'Facebook cookie not found') if fb_cookie_string.blank?

        fb_cookie_string.gsub!(/[\\"]/, '')
        signature, fb_cookie = '', {}
        fb_cookie_string.split('&').each do |kv|
          k, v = kv.split('=')
          if k == 'sig'
            signature = v
          else
            v = v.to_i if k == 'expires'
            fb_cookie[k] = v
          end
        end

        signature_base_string = fb_cookie.to_a.sort do |a, b|
          a[0] <=> b[0] || a[1] <=> b[1]
        end.map do |(k, v)|
          "#{k}=#{v}"
        end.join

        unless Digest::MD5.hexdigest("#{signature_base_string}#{client.secret}") == signature
          raise VerificationFailed.new(401, 'Facebook cookie signature invalid')
        end

        fb_cookie.with_indifferent_access
      end
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
fb_graph-1.9.5 lib/fb_graph/auth/cookie.rb
fb_graph-1.9.4 lib/fb_graph/auth/cookie.rb
fb_graph-1.9.3 lib/fb_graph/auth/cookie.rb
fb_graph-1.9.2 lib/fb_graph/auth/cookie.rb
fb_graph-1.9.1 lib/fb_graph/auth/cookie.rb
fb_graph-1.9.0 lib/fb_graph/auth/cookie.rb