def test_generate_signed_request(): signed_request = SignedRequest( signed_request = TEST_SIGNED_REQUEST, application_secret_key = TEST_FACEBOOK_APPLICATION_SECRET_KEY ) signed_request = signed_request.generate()
def test_signed_request_user_has_authorized_application(): oauth_token = SignedRequest.User.OAuthToken(token='<token>', issued_at=datetime.now(), expires_at=None) user = SignedRequest.User(id=1, oauth_token=oauth_token) assert user.has_authorized_application is True user = SignedRequest.User(id=1, oauth_token=None) assert user.has_authorized_application is False
def test_signed_request_renewal(self): """ Verify that users are redirected to renew their signed requests once they expire. """ client = Client() signed_request = SignedRequest(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET) signed_request.user.oauth_token.expires_at = now() - timedelta(days=1) response = client.get(path=reverse("home"), data={"signed_request": signed_request.generate()}) # There's no way to derive the view the response originated from in Django, # so verifying its status code will have to suffice. assert response.status_code == 401
def facebook_show(request, app_id): try: fb_Access = Facebook_access.objects.get(facebook_app_id=app_id) except: hitting(request, 1501) # Stats return redirect('/error/1501') if 'signed_request' in request.REQUEST: signed_request = SignedRequest.parse(request.REQUEST.get('signed_request'), str(fb_Access.facebook_app_secret_key)) ################ Get Structure try: app = App.objects.get(facebook_access=fb_Access.id, campaign__facebook_page_id=signed_request['page']['id']) campaign = Campaign.objects.get(id=app.campaign_id) except: hitting(request, 1502) # Stats return redirect('/error/1502') liked = signed_request['page']['liked'] if not liked: if app.like_page == 1 and campaign.membership.like_page: return redirect(reverse('clients:app_show', args=[app.id, 'facebook', -1, -1])) return redirect(reverse('clients:app_show', args=[app.id, 'facebook'])) else: hitting(request, 1504) # Stats return redirect('/error/1504')
def test_registration(): """ Verify that authorizing the application will register a new user. """ client = Client() client.post( path = reverse('home'), data = { 'signed_request': TEST_SIGNED_REQUEST } ) user = User.objects.get(id=1) assert user.first_name == user.graph.get('me')['first_name'] assert user.middle_name == user.graph.get('me')['middle_name'] assert user.last_name == user.graph.get('me')['last_name'] assert user.url == user.graph.get('me')['link'] token = OAuthToken.objects.get(id=1) signed_request = SignedRequest.parse(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET) assert token.token == signed_request.oauth_token.token assert token.issued_at == signed_request.oauth_token.issued_at assert token.expires_at == signed_request.oauth_token.expires_at
def teardown_module(module): """ Delete the Facebook test user. """ GraphAPI('%s|%s' % (TEST_APPLICATION_ID, TEST_APPLICATION_SECRET)).delete( path = SignedRequest.parse(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET).user.id )
def teardown_module(module): """ Delete the Facebook test user. """ GraphAPI('%s|%s' % (TEST_APPLICATION_ID, TEST_APPLICATION_SECRET)).delete( path=SignedRequest.parse(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET).user.id)
def test_generate_signed_request(): signed_request = SignedRequest.parse( signed_request=TEST_SIGNED_REQUEST, application_secret_key=TEST_FACEBOOK_APPLICATION_SECRET_KEY ) assert ( signed_request.user.oauth_token.token == "181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk" ) assert signed_request.user.oauth_token.expires_at == None assert signed_request.user.oauth_token.issued_at assert signed_request.user.locale == "en_US" assert signed_request.user.country == "no" assert signed_request.user.age == range(21, 100) assert signed_request.user.id == "499729129" signed_request = signed_request.generate(TEST_FACEBOOK_APPLICATION_SECRET_KEY) assert ( signed_request == "_BI1k2IFKMlIqbUdtr85034LlIZxMu7iS1xF-K8pYkE=." "eyJ1c2VyX2lkIjoiNDk5NzI5MTI5IiwiYWxnb3JpdGhtI" "joiSE1BQy1TSEEyNTYiLCJleHBpcmVzIjowLCJvYXV0aF" "90b2tlbiI6IjE4MTI1OTcxMTkyNTI3MHwxNTcwYTU1M2F" "kNjYwNTcwNWQxYjdhNWYuMS00OTk3MjkxMjl8OFhxTVJo" "Q1dES3RwRy1pX3pSa0hCRFNzcXFrIiwidXNlciI6eyJsb" "2NhbGUiOiJlbl9VUyIsImNvdW50cnkiOiJubyIsImFnZS" "I6eyJtYXgiOjk5LCJtaW4iOjIxfX0sImlzc3VlZF9hdCI" "6MTMwNjE3OTkwNH0=" ) signed_request = SignedRequest.parse( signed_request=signed_request, application_secret_key=TEST_FACEBOOK_APPLICATION_SECRET_KEY ) assert ( signed_request.user.oauth_token.token == "181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk" ) assert signed_request.user.oauth_token.expires_at == None assert signed_request.user.oauth_token.has_expired == False assert signed_request.user.oauth_token.issued_at assert signed_request.user.locale == "en_US" assert signed_request.user.country == "no" assert signed_request.user.age == range(21, 100) assert signed_request.user.id == "499729129" assert signed_request.user.has_authorized_application == True
def test_signed_request_renewal(self): """ Verify that users are redirected to renew their signed requests once they expire. """ client = Client() signed_request = SignedRequest(TEST_SIGNED_REQUEST, TEST_APPLICATION_SECRET) signed_request.user.oauth_token.expires_at = now() - timedelta(days=1) response = client.get( path=reverse('home'), data={'signed_request': signed_request.generate()}) # There's no way to derive the view the response originated from in Django, # so verifying its status code will have to suffice. assert response.status_code == 401
def test_parse_signed_request(): signed_request = SignedRequest.parse( signed_request=TEST_SIGNED_REQUEST, application_secret_key=TEST_FACEBOOK_APPLICATION_SECRET_KEY ) assert signed_request.user.id == "499729129" assert signed_request.user.oauth_token.token == TEST_ACCESS_TOKEN assert signed_request.user.oauth_token.expires_at == None assert signed_request.user.oauth_token.issued_at
def test_parse_signed_request(): from facepy import SignedRequest from datetime import datetime signed_request = SignedRequest.parse(TEST_SIGNED_REQUEST, TEST_FACEBOOK_APPLICATION_SECRET_KEY) assert signed_request.user.id == '499729129' assert signed_request.oauth_token.token == TEST_ACCESS_TOKEN assert signed_request.oauth_token.expires_at == None assert signed_request.oauth_token.issued_at == datetime(2011, 5, 23, 21, 45, 4)
def setup_module(module): """ Create a Facebook test user. """ global TEST_SIGNED_REQUEST graph = GraphAPI('%s|%s' % (TEST_APPLICATION_ID, TEST_APPLICATION_SECRET)) user = graph.post('%s/accounts/test-users' % TEST_APPLICATION_ID, installed=True, permissions=['publish_stream, read_stream']) TEST_SIGNED_REQUEST = SignedRequest( user=SignedRequest.User(id=user['id'], age=range(0, 100), locale='en_US', country='Norway'), oauth_token=SignedRequest.OAuthToken( token=user['access_token'], issued_at=datetime.now(), expires_at=None)).generate(TEST_APPLICATION_SECRET)
def post(self, request, *args, **kwargs): signed_request = request.POST.get("signed_request") signed_request = SignedRequest.parse(signed_request, FACEBOOK_APP_SECRET) self.data["fb"] = signed_request if "oauth_token" not in signed_request: self.data["oauth_url"] = get_auth_url() else: self.data["page_install_url"] = get_page_install_url() oauth_token = signed_request["oauth_token"] graph = GraphAPI(oauth_token) self.data["fb"]["user"] = graph.get("me") return self.render_to_response(self.data)
def test_create_signed_request(): from facepy import SignedRequest from datetime import datetime parsed_signed_request = SignedRequest.parse(TEST_SIGNED_REQUEST, TEST_FACEBOOK_APPLICATION_SECRET_KEY) assert parsed_signed_request.oauth_token.token == '181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk' assert parsed_signed_request.oauth_token.expires_at == None assert parsed_signed_request.oauth_token.issued_at == datetime(2011, 5, 23, 21, 45, 4) assert parsed_signed_request.user.locale == 'en_US' assert parsed_signed_request.user.country == 'no' assert parsed_signed_request.user.age == range(21, 100) assert parsed_signed_request.user.id == '499729129' reverse_engineered_signed_request = parsed_signed_request.generate(TEST_FACEBOOK_APPLICATION_SECRET_KEY) assert reverse_engineered_signed_request == '_BI1k2IFKMlIqbUdtr85034LlIZxMu7iS1xF-K8pYkE=.' \ 'eyJ1c2VyX2lkIjoiNDk5NzI5MTI5IiwiYWxnb3JpdGhtI' \ 'joiSE1BQy1TSEEyNTYiLCJleHBpcmVzIjowLCJvYXV0aF' \ '90b2tlbiI6IjE4MTI1OTcxMTkyNTI3MHwxNTcwYTU1M2F' \ 'kNjYwNTcwNWQxYjdhNWYuMS00OTk3MjkxMjl8OFhxTVJo' \ 'Q1dES3RwRy1pX3pSa0hCRFNzcXFrIiwidXNlciI6eyJsb' \ '2NhbGUiOiJlbl9VUyIsImNvdW50cnkiOiJubyIsImFnZS' \ 'I6eyJtYXgiOjk5LCJtaW4iOjIxfX0sImlzc3VlZF9hdCI' \ '6MTMwNjE3OTkwNH0=' parsed_reverse_engineered_signed_request = SignedRequest.parse( signed_request = reverse_engineered_signed_request, application_secret_key = TEST_FACEBOOK_APPLICATION_SECRET_KEY ) assert parsed_reverse_engineered_signed_request.oauth_token.token == '181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk' assert parsed_reverse_engineered_signed_request.oauth_token.expires_at == None assert parsed_reverse_engineered_signed_request.oauth_token.has_expired == False assert parsed_reverse_engineered_signed_request.oauth_token.issued_at == datetime(2011, 5, 23, 21, 45, 4) assert parsed_reverse_engineered_signed_request.user.locale == 'en_US' assert parsed_reverse_engineered_signed_request.user.country == 'no' assert parsed_reverse_engineered_signed_request.user.age == range(21, 100) assert parsed_reverse_engineered_signed_request.user.id == '499729129' assert parsed_reverse_engineered_signed_request.user.has_authorized_application == True
def post(self): args = self.reqparse.parse_args() signed_request_data = SignedRequest(args['signed_req'], FB_KEY, application_id=FB_CLIENT) # print(signed_request_data.user.id) user, _ = User.get_or_create(user_id=signed_request_data.user.id, user_type="facebook") return make_response( jsonify({ "message": "Login successful!", "token": user.generate_auth_token().decode('ascii') }), 200)
def post(self, request, *args, **kwargs): signed_request = request.POST.get("signed_request") signed_request = SignedRequest.parse(signed_request, FACEBOOK_APP_SECRET) self.data["fb"] = signed_request self.data["sig_rec"] = signed_request if "oauth_token" not in signed_request: self.data["oauth_url"] = get_auth_url() else: oauth_token = signed_request["oauth_token"] graph = GraphAPI(oauth_token) self.data["fb"]["user"] = graph.get(signed_request.get("page").get("id", 0)) request.session["admin"] = True request.session["token"] = oauth_token request.session["page_id"] = signed_request.get("page").get("id", 0) return self.render_to_response(self.data)
def post(self, request, *args, **kwargs): try: signed_request = request.POST['signed_request'] except (KeyError): return HttpResponse(status=400, content='Invalid request') try: signed_request_data = SignedRequest.parse( signed_request, settings.SOCIAL_AUTH_FACEBOOK_SECRET) except (SignedRequestError): return HttpResponse(status=400, content='Invalid request') user_id = signed_request_data['user_id'] try: user = UserSocialAuth.objects.get(uid=user_id, provider=facebook).user except (UserSocialAuth.DoesNotExist): return HttpResponse(status=400, content='Invalid request') user.update(is_active=False) return HttpResponse(status=201)
def test_parse_signed_request(): signed_request = SignedRequest.parse( signed_request = TEST_SIGNED_REQUEST, application_secret_key = TEST_FACEBOOK_APPLICATION_SECRET_KEY ) assert signed_request == { 'user_id': '499729129', 'algorithm': 'HMAC-SHA256', 'expires': 0, 'oauth_token': '181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk', 'user': { 'locale': 'en_US', 'country': 'no', 'age': { 'min': 21 } }, 'issued_at': 1306179904 }
def compartilhar(request): dados = request.POST token = request.POST['token'] nome_time = request.POST['nome_time'] imagem = montar_imagem(dados, nome_time) if imagem == False: return HttpResponse("Nome de time invalido") tags = montar_marcacao(dados) tags = json.dumps(tags) signed_request = SignedRequest.parse(token, settings.FACEBOOK_APPLICATION_SECRET_KEY) graph = GraphAPI(signed_request['oauth_token']) post = graph.post(path="me/photos", tags=tags, message="Monte seu time de futebol com seus amigos!!! acesse: http://apps.facebook.com/maketeam", source=open(imagem)) return HttpResponse(json.dumps(post))
def _message_from_sr(self, token: Text, payload: Any) \ -> Optional[BaseMessage]: """ Tries to verify the signed request """ page = self.settings() secret = page['app_secret'] try: sr_data = SignedRequest.parse(token, secret) except (TypeError, ValueError, SignedRequestError) as e: return return self._make_fake_message( sr_data['psid'], page['page_id'], payload, )
def test_parse_signed_request(): signed_request = SignedRequest.parse( signed_request=TEST_SIGNED_REQUEST, application_secret_key=TEST_FACEBOOK_APPLICATION_SECRET_KEY) assert signed_request == { 'user_id': '499729129', 'algorithm': 'HMAC-SHA256', 'expires': 0, 'oauth_token': '181259711925270|1570a553ad6605705d1b7a5f.1-499729129|8XqMRhCWDKtpG-i_zRkHBDSsqqk', 'user': { 'locale': 'en_US', 'country': 'no', 'age': { 'min': 21 } }, 'issued_at': 1306179904 }
def post(self, request, format=None): try: signed_request = json.loads(request.body)['signed_request'] signed_request_data = SignedRequest.parse(signed_request, settings.FB_APP_SECRET) except: return Response(status=status.HTTP_401_UNAUTHORIZED) try: user = models.User.objects.get( username=signed_request_data['psid']) except models.User.DoesNotExist: return Response(status=status.HTTP_401_UNAUTHORIZED) jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user) token = jwt_encode_handler(payload) token = {'token': token} return Response(data=token, status=status.HTTP_200_OK)
def process_request(self, request): """Process the signed request.""" if ENABLED_PATHS and DISABLED_PATHS: raise ImproperlyConfigured('You may configure either FANDJANGO_ENABLED_PATHS or FANDJANGO_DISABLED_PATHS, but not both.') if DISABLED_PATHS and is_disabled_path(request.path): return if ENABLED_PATHS and not is_enabled_path(request.path): return # An error occured during authorization... if 'error' in request.GET: error = request.GET['error'] # The user refused to authorize the application... if error == 'access_denied': return authorization_denied_view(request) # Signed request found in either GET, POST or COOKIES... if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES: request.facebook = Facebook() # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == 'POST' and 'signed_request' in request.POST: request.POST = QueryDict('') request.method = 'GET' request.facebook.signed_request = SignedRequest.parse( signed_request = request.REQUEST.get('signed_request') or request.COOKIES.get('signed_request'), application_secret_key = FACEBOOK_APPLICATION_SECRET_KEY ) # User has authorized the application... if request.facebook.signed_request.user.has_authorized_application: # Redirect to Facebook Authorization if the OAuth token has expired if request.facebook.signed_request.oauth_token.has_expired: return authorize_application( request = request, redirect_uri = get_post_authorization_redirect_url(request) ) # Initialize a User object and its corresponding OAuth token try: user = User.objects.get(facebook_id=request.facebook.signed_request.user.id) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token = request.facebook.signed_request.oauth_token.token, issued_at = request.facebook.signed_request.oauth_token.issued_at, expires_at = request.facebook.signed_request.oauth_token.expires_at ) user = User.objects.create( facebook_id = request.facebook.signed_request.user.id, oauth_token = oauth_token ) user.synchronize() # Update the user's details and OAuth token else: user.last_seen_at = datetime.now() user.authorized = True if request.facebook.signed_request.oauth_token: user.oauth_token.token = request.facebook.signed_request.oauth_token.token user.oauth_token.issued_at = request.facebook.signed_request.oauth_token.issued_at user.oauth_token.expires_at = request.facebook.signed_request.oauth_token.expires_at user.oauth_token.save() user.save() # Attempt to extend the OAuth token, but ignore exceptions raised by # bug #102727766518358 in the Facebook Platform. # # http://developers.facebook.com/bugs/102727766518358/ try: user.oauth_token.extend() except: pass request.facebook.user = user # ... no signed request found. else: request.facebook = False
def test_signed_request_missing_page_data(): try: SignedRequest(TEST_SIGNED_REQUEST_MISSING_PAGE_DATA, TEST_FACEBOOK_APPLICATION_SECRET_KEY) except KeyError: raise AssertionError('Missing page data in signed request')
def process_request(self, request): """Process the signed request.""" # User has already been authed by alternate middleware if hasattr(request, "facebook") and request.facebook: return request.facebook = False if not self.is_valid_path(request): return if self.is_access_denied(request): return authorization_denied_view(request) # No signed request found in either GET, POST nor COOKIES... if 'signed_request' not in request.REQUEST and 'signed_request' not in request.COOKIES: return # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == 'POST' and 'signed_request' in request.POST: request.POST = QueryDict('') request.method = 'GET' request.facebook = Facebook() try: request.facebook.signed_request = SignedRequest( signed_request=request.REQUEST.get('signed_request') or request.COOKIES.get('signed_request'), application_secret_key=FACEBOOK_APPLICATION_SECRET_KEY) except SignedRequest.Error: request.facebook = False # Valid signed request and user has authorized the application if request.facebook \ and request.facebook.signed_request.user.has_authorized_application \ and not request.facebook.signed_request.user.oauth_token.has_expired: # Initialize a User object and its corresponding OAuth token try: user = User.objects.get( facebook_id=request.facebook.signed_request.user.id) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token=request.facebook.signed_request.user.oauth_token. token, issued_at=request.facebook.signed_request.user.oauth_token. issued_at.replace(tzinfo=tzlocal()), expires_at=request.facebook.signed_request.user. oauth_token.expires_at.replace(tzinfo=tzlocal())) user = User.objects.create( facebook_id=request.facebook.signed_request.user.id, oauth_token=oauth_token) user.synchronize() # Update the user's details and OAuth token else: user.last_seen_at = now() if 'signed_request' in request.REQUEST: user.authorized = True if request.facebook.signed_request.user.oauth_token: user.oauth_token.token = request.facebook.signed_request.user.oauth_token.token user.oauth_token.issued_at = request.facebook.signed_request.user.oauth_token.issued_at.replace( tzinfo=tzlocal()) user.oauth_token.expires_at = request.facebook.signed_request.user.oauth_token.expires_at.replace( tzinfo=tzlocal()) user.oauth_token.save() user.save() if not user.oauth_token.extended: # Attempt to extend the OAuth token, but ignore exceptions raised by # bug #102727766518358 in the Facebook Platform. # # http://developers.facebook.com/bugs/102727766518358/ try: user.oauth_token.extend() except: pass request.facebook.user = user
def loginExternal(self, externalType): ret = {} ret["status"] = "error" ret["errors"] = [] users = self.db['user'] progress = self.db['progress'] if externalType == "facebook": signedRequestToken = request.json.get("signedRequest") data = SignedRequest.parse(signedRequestToken, FACEBOOK_APP["secret"]) if not data or not "user_id" in data: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret externalId = request.json.get("externalId") if externalId != data['user_id']: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret accessToken = request.json.get("accessToken") if not accessToken: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret graph = GraphAPI(accessToken) if not graph: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret facebookUser = graph.get("me?fields=id,name,email") if not facebookUser or not "id" in facebookUser or not "name" in facebookUser or not "email" in facebookUser: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret if facebookUser['id'] != externalId: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) if ret["errors"]: return ret # okay, validation successful! user = users.find_one({ "$and": [{ "externalType": externalType }, { "externalId": externalId }] }) if not user: exists = users.find_one({"email": email}) if exists: ret["errors"].append({ "code": "ErrExistsEmailDifferentMethod", "target": False }) if ret["errors"]: return ret penName = facebookUser['name'] user = { "email": email, "penName": penName, "externalType": externalType, "externalId": externalId, "confirmed": True, "confirmDate": datetime.utcnow(), "subscribed": True, "insertDate": datetime.utcnow() } userId = users.insert_one(user).inserted_id if not userId: ret["errors"].append({ "code": "ErrInsertFailed", "target": False }) if ret["errors"]: return ret user = users.find_one({"_id": ObjectId(userId)}) else: ret["errors"].append({ "code": "ErrInvalidCredentials", "target": False }) return ret
def process_request(self, request): """Process the signed request.""" if ENABLED_PATHS and DISABLED_PATHS: raise ImproperlyConfigured( 'You may configure either FANDJANGO_ENABLED_PATHS ' 'or FANDJANGO_DISABLED_PATHS, but not both.') if DISABLED_PATHS and is_disabled_path(request.path): return if ENABLED_PATHS and not is_enabled_path(request.path): return # An error occured during authorization... if 'error' in request.GET: error = request.GET['error'] # The user refused to authorize the application... if error == 'access_denied': return authorization_denied_view(request) # Signed request found in either GET, POST or COOKIES... if 'signed_request' in request.REQUEST or 'signed_request' in request.COOKIES: request.facebook = Facebook() # If the request method is POST and its body only contains the signed request, # chances are it's a request from the Facebook platform and we'll override # the request method to HTTP GET to rectify their misinterpretation # of the HTTP standard. # # References: # "POST for Canvas" migration at http://developers.facebook.com/docs/canvas/post/ # "Incorrect use of the HTTP protocol" discussion at http://forum.developers.facebook.net/viewtopic.php?id=93554 if request.method == 'POST' and 'signed_request' in request.POST: request.POST = QueryDict('') request.method = 'GET' try: request.facebook.signed_request = SignedRequest( signed_request=request.REQUEST.get('signed_request') or request.COOKIES.get('signed_request'), application_secret_key=FACEBOOK_APPLICATION_SECRET_KEY) except SignedRequest.Error: request.facebook = False # Valid signed request and user has authorized the application if request.facebook and request.facebook.signed_request.user.has_authorized_application: # Redirect to Facebook Authorization if the OAuth token has expired if request.facebook.signed_request.user.oauth_token.has_expired: return authorize_application( request=request, redirect_uri=get_post_authorization_redirect_url( request)) # Initialize a User object and its corresponding OAuth token try: user = User.objects.get( facebook_id=request.facebook.signed_request.user.id) except User.DoesNotExist: oauth_token = OAuthToken.objects.create( token=request.facebook.signed_request.user.oauth_token. token, issued_at=request.facebook.signed_request.user. oauth_token.issued_at, expires_at=request.facebook.signed_request.user. oauth_token.expires_at) user = User.objects.create( facebook_id=request.facebook.signed_request.user.id, oauth_token=oauth_token) user.synchronize() # Update the user's details and OAuth token else: user.last_seen_at = datetime.now() if 'signed_request' in request.REQUEST: user.authorized = True if request.facebook.signed_request.user.oauth_token: user.oauth_token.token = request.facebook.signed_request.user.oauth_token.token user.oauth_token.issued_at = request.facebook.signed_request.user.oauth_token.issued_at user.oauth_token.expires_at = request.facebook.signed_request.user.oauth_token.expires_at user.oauth_token.save() user.save() if not user.oauth_token.extended: # Attempt to extend the OAuth token, but ignore exceptions raised by # bug #102727766518358 in the Facebook Platform. # # http://developers.facebook.com/bugs/102727766518358/ try: user.oauth_token.extend() except: pass request.facebook.user = user # ... no signed request found. else: request.facebook = False
def test_generate_signed_request(): signed_request = SignedRequest( signed_request=TEST_SIGNED_REQUEST, application_secret_key=TEST_FACEBOOK_APPLICATION_SECRET_KEY) signed_request = signed_request.generate()
def test_signed_request_page_url(): page = SignedRequest.Page(id=1) assert page.url == 'http://facebook.com/1'
def test_signed_request_user_profile_url(): user = SignedRequest.User(id=1) assert user.profile_url == 'http://facebook.com/1'