Changeset 1408

Timestamp:

04/22/11 17:55:25 (2 years ago)

Author:

Torben Brodt

Message:

update facebook php api from 2.0.6 to 2.1.2

Location:

facebook/files/lib

Files:

• data/facebook/Facebook.class.php (modified) (26 diffs)
• data/facebook/fb_ca_chain_bundle.crt (added)
• util/FacebookUtil.class.php (modified) (2 diffs)

facebook/files/lib/data/facebook/Facebook.class.php

@@ -1 +1 @@
 <?php
+/**
+ *
+ * Copyright 2011 Facebook, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License. You may obtain
+ * a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
 
 if (!function_exists('curl_init')) {
@@ -29 +45 @@
 
     $code = isset($result['error_code']) ? $result['error_code'] : 0;
-    $msg  = isset($result['error'])
-              ? $result['error']['message'] : $result['error_msg'];
+
+    if (isset($result['error_description'])) {
+      // OAuth 2.0 Draft 10 style
+      $msg = $result['error_description'];
+    } else if (isset($result['error']) && is_array($result['error'])) {
+      // OAuth 2.0 Draft 00 style
+      $msg = $result['error']['message'];
+    } else if (isset($result['error_msg'])) {
+      // Rest server style
+      $msg = $result['error_msg'];
+    } else {
+      $msg = 'Unknown Error. Check getResult()';
+    }
+
     parent::__construct($msg, $code);
   }
@@ -50 +78 @@
    */
   public function getType() {
-    return
-      isset($this->result['error']) && isset($this->result['error']['type'])
-      ? $this->result['error']['type']
-      : 'Exception';
+    if (isset($this->result['error'])) {
+      $error = $this->result['error'];
+      if (is_string($error)) {
+        // OAuth 2.0 Draft 10 style
+        return $error;
+      } else if (is_array($error)) {
+        // OAuth 2.0 Draft 00 style
+        if (isset($error['type'])) {
+          return $error['type'];
+        }
+      }
+    }
+    return 'Exception';
   }
 
@@ -80 +117 @@
    * Version.
    */
-  const VERSION = '2.0.6';
+  const VERSION = '2.1.2';
 
   /**
@@ -98 +135 @@
   protected static $DROP_QUERY_PARAMS = array(
     'session',
+    'signed_request',
   );
 
@@ -104 +142 @@
    */
   public static $DOMAIN_MAP = array(
-    'api'      => 'https://api.facebook.com/',
-    'api_read' => 'https://api-read.facebook.com/',
-    'graph'    => 'https://graph.facebook.com/',
-    'www'      => 'https://www.facebook.com/',
+    'api'       => 'https://api.facebook.com/',
+    'api_video' => 'https://api-video.facebook.com/',
+    'api_read'  => 'https://api-read.facebook.com/',
+    'graph'     => 'https://graph.facebook.com/',
+    'www'       => 'https://www.facebook.com/',
   );
 
@@ -126 +165 @@
 
   /**
+   * The data from the signed_request token.
+   */
+  protected $signedRequest;
+
+  /**
    * Indicates that we already loaded the session as best as we could.
    */
@@ -139 +183 @@
    */
   protected $baseDomain = '';
+
+  /**
+   * Indicates if the CURL based @ syntax for file uploads is enabled.
+   */
+  protected $fileUploadSupport = false;
 
   /**
@@ -148 +197 @@
    * - cookie: (optional) boolean true to enable cookie support
    * - domain: (optional) domain for the cookie
+   * - fileUpload: (optional) boolean indicating if file uploads are enabled
    *
    * @param Array $config the application configuration
@@ -160 +210 @@
       $this->setBaseDomain($config['domain']);
     }
+    if (isset($config['fileUpload'])) {
+      $this->setFileUploadSupport($config['fileUpload']);
+    }
   }
 
@@ -236 +289 @@
   public function getBaseDomain() {
     return $this->baseDomain;
+  }
+
+  /**
+   * Set the file upload support status.
+   *
+   * @param String $domain the base domain
+   */
+  public function setFileUploadSupport($fileUploadSupport) {
+    $this->fileUploadSupport = $fileUploadSupport;
+    return $this;
+  }
+
+  /**
+   * Get the file upload support status.
+   *
+   * @return String the base domain
+   */
+  public function useFileUploadSupport() {
+    return $this->fileUploadSupport;
+  }
+
+  /**
+   * Get the data from a signed_request token
+   *
+   * @return String the base domain
+   */
+  public function getSignedRequest() {
+    if (!$this->signedRequest) {
+      if (isset($_REQUEST['signed_request'])) {
+        $this->signedRequest = $this->parseSignedRequest(
+          $_REQUEST['signed_request']);
+      }
+    }
+    return $this->signedRequest;
   }
 
@@ -257 +344 @@
   /**
    * Get the session object. This will automatically look for a signed session
-   * sent via the Cookie or Query Parameters if needed.
+   * sent via the signed_request, Cookie or Query Parameters if needed.
    *
    * @return Array the session
@@ -266 +353 @@
       $write_cookie = true;
 
+      // try loading session from signed_request in $_REQUEST
+      $signedRequest = $this->getSignedRequest();
+      if ($signedRequest) {
+        // sig is good, use the signedRequest
+        $session = $this->createSessionFromSignedRequest($signedRequest);
+      }
+
       // try loading session from $_REQUEST
-      if (isset($_REQUEST['session'])) {
+      if (!$session && isset($_REQUEST['session'])) {
         $session = json_decode(
           get_magic_quotes_gpc()
@@ -308 +402 @@
     $session = $this->getSession();
     return $session ? $session['uid'] : null;
+  }
+
+  /**
+   * Gets a OAuth access token.
+   *
+   * @return String the access token
+   */
+  public function getAccessToken() {
+    $session = $this->getSession();
+    // either user session signed, or app signed
+    if ($session) {
+      return $session['access_token'];
+    } else {
+      return $this->getAppId() .'|'. $this->getApiSecret();
+    }
   }
 
@@ -352 +461 @@
    */
   public function getLogoutUrl($params=array()) {
-    $session = $this->getSession();
     return $this->getUrl(
       'www',
       'logout.php',
       array_merge(array(
-        'api_key'     => $this->getAppId(),
-        'next'        => $this->getCurrentUrl(),
-        'session_key' => $session['session_key'],
+        'next'         => $this->getCurrentUrl(),
+        'access_token' => $this->getAccessToken(),
       ), $params)
     );
@@ -452 +559 @@
     if (is_array($result) && isset($result['error'])) {
       $e = new FacebookApiException($result);
-      if ($e->getType() === 'OAuthException') {
-        $this->setSession(null);
+      switch ($e->getType()) {
+        // OAuth 2.0 Draft 00 style
+        case 'OAuthException':
+        // OAuth 2.0 Draft 10 style
+        case 'invalid_token':
+          $this->setSession(null);
       }
       throw $e;
@@ -470 +581 @@
   protected function _oauthRequest($url, $params) {
     if (!isset($params['access_token'])) {
-      $session = $this->getSession();
-      // either user session signed, or app signed
-      if ($session) {
-        $params['access_token'] = $session['access_token'];
-      } else {
-        $params['access_token'] = $this->getAppId() .'|'. $this->getApiSecret();
-      }
+      $params['access_token'] = $this->getAccessToken();
     }
 
@@ -504 +609 @@
 
     $opts = self::$CURL_OPTS;
-    $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
+    if ($this->useFileUploadSupport()) {
+      $opts[CURLOPT_POSTFIELDS] = $params;
+    } else {
+      $opts[CURLOPT_POSTFIELDS] = http_build_query($params, null, '&');
+    }
     $opts[CURLOPT_URL] = $url;
 
@@ -519 +628 @@
     curl_setopt_array($ch, $opts);
     $result = curl_exec($ch);
+
+    if (curl_errno($ch) == 60) { // CURLE_SSL_CACERT
+      self::errorLog('Invalid or no certificate authority found, using bundled information');
+      curl_setopt($ch, CURLOPT_CAINFO,
+                  dirname(__FILE__) . '/fb_ca_chain_bundle.crt');
+      $result = curl_exec($ch);
+    }
+
     if ($result === false) {
       $e = new FacebookApiException(array(
@@ -577 +694 @@
 
     if (headers_sent()) {
-      self::error_log('Could not set cookie. Headers already sent.');
+      self::errorLog('Could not set cookie. Headers already sent.');
 
     // ignore for code coverage as we will never be able to setcookie in a CLI
@@ -598 +715 @@
     if (is_array($session) &&
         isset($session['uid']) &&
-        isset($session['session_key']) &&
-        isset($session['secret']) &&
         isset($session['access_token']) &&
         isset($session['sig'])) {
@@ -610 +725 @@
       );
       if ($session['sig'] != $expected_sig) {
-        self::error_log('Got invalid session signature in cookie.');
+        self::errorLog('Got invalid session signature in cookie.');
         $session = null;
       }
@@ -618 +733 @@
     }
     return $session;
+  }
+
+  /**
+   * Returns something that looks like our JS session object from the
+   * signed token's data
+   *
+   * TODO: Nuke this once the login flow uses OAuth2
+   *
+   * @param Array the output of getSignedRequest
+   * @return Array Something that will work as a session
+   */
+  protected function createSessionFromSignedRequest($data) {
+    if (!isset($data['oauth_token'])) {
+      return null;
+    }
+
+    $session = array(
+      'uid'          => $data['user_id'],
+      'access_token' => $data['oauth_token'],
+      'expires'      => $data['expires'],
+    );
+
+    // put a real sig, so that validateSignature works
+    $session['sig'] = self::generateSignature(
+      $session,
+      $this->getApiSecret()
+    );
+
+    return $session;
+  }
+
+  /**
+   * Parses a signed_request and validates the signature.
+   * Then saves it in $this->signed_data
+   *
+   * @param String A signed token
+   * @param Boolean Should we remove the parts of the payload that
+   *                are used by the algorithm?
+   * @return Array the payload inside it or null if the sig is wrong
+   */
+  protected function parseSignedRequest($signed_request) {
+    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
+
+    // decode the data
+    $sig = self::base64UrlDecode($encoded_sig);
+    $data = json_decode(self::base64UrlDecode($payload), true);
+
+    if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
+      self::errorLog('Unknown algorithm. Expected HMAC-SHA256');
+      return null;
+    }
+
+    // check sig
+    $expected_sig = hash_hmac('sha256', $payload,
+                              $this->getApiSecret(), $raw = true);
+    if ($sig !== $expected_sig) {
+      self::errorLog('Bad Signed JSON signature!');
+      return null;
+    }
+
+    return $data;
   }
 
@@ -691 +867 @@
     if (isset($READ_ONLY_CALLS[strtolower($method)])) {
       $name = 'api_read';
+    } else if (strtolower($method) == 'video.upload') {
+      $name = 'api_video';
     }
     return self::getUrl($name, 'restserver.php');
@@ -776 +954 @@
 
   /**
-   * Prints to the error log if you aren't in command line mode. 
+   * Prints to the error log if you aren't in command line mode.
    *
    * @param String log message
    */
-  protected static function error_log($msg) {
+  protected static function errorLog($msg) {
     // disable error log if we are running in a CLI environment
     // @codeCoverageIgnoreStart
@@ -790 +968 @@
     // @codeCoverageIgnoreEnd
   }
+
+  /**
+   * Base64 encoding that doesn't need to be urlencode()ed.
+   * Exactly the same as base64_encode except it uses
+   *   - instead of +
+   *   _ instead of /
+   *
+   * @param String base64UrlEncodeded string
+   */
+  protected static function base64UrlDecode($input) {
+    return base64_decode(strtr($input, '-_', '+/'));
+  }
 }

facebook/files/lib/util/FacebookUtil.class.php

@@ -172 +172 @@
 
                         // update avatar (only if avatar is not given)
-                        self::updateAvatar('https://graph.facebook.com/'.$me['id'].'/picture', $user);
+                        self::updateAvatar('https://graph.facebook.com/'.$me['id'].'/picture?type=large', $user);
 
                         // either user is new, oder just got a link, but add a facebook link
@@ -273 +273 @@
 
                         // update avatar
-                        self::updateAvatar('https://graph.facebook.com/'.$me['id'].'/picture', $user);
+                        self::updateAvatar('https://graph.facebook.com/'.$me['id'].'/picture?type=large', $user);
 
                         // either user is new, oder just got a link, but add a facebook link