def test_invalid_request(self): """If the request is invalid, return None.""" eq_(decode_signed_request("invalid()", "secret"), None) eq_(decode_signed_request("invalid().withdot", "secret"), None) signature = modified_url_b64encode("secret") payload = modified_url_b64encode("notjson") eq_(decode_signed_request(".".join((signature, payload)), "s"), None)
def test_invalid_request(self): """If the request is invalid, return None.""" eq_(decode_signed_request('invalid()', 'secret'), None) eq_(decode_signed_request('invalid().withdot', 'secret'), None) signature = modified_url_b64encode('secret') payload = modified_url_b64encode('notjson') eq_(decode_signed_request('.'.join((signature, payload)), 's'), None)
def test_invalid_request(self): """If the request is invalid, return None.""" eq_(decode_signed_request('invalid()', 'secret'), None) eq_(decode_signed_request('invalid().withdot', 'secret'), None) signature = modified_url_b64encode('secret') payload = modified_url_b64encode('notjson') eq_(decode_signed_request('.'.join((signature, payload)), 's'), None)
def test_invalid_secret(self): """ If the secret used for decoding doesn't match the secret used for encoding, return None. """ payload = create_payload() signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'other_secret'), None)
def test_invalid_secret(self): """ If the secret used for decoding doesn't match the secret used for encoding, return None. """ payload = create_payload() signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'other_secret'), None)
def load_app(request): """ Create or authenticate the Facebook user and direct them to the correct area of the app upon their entry. """ # Temporary measure to handle when Facebook does a GET to the main URL when # a logged-out user views the app. In the future we should show a promo # page instead. if request.method != "POST": return request_authorization(request) signed_request = request.POST.get("signed_request", None) if signed_request is None: # App wasn't loaded within a canvas, redirect to the home page. return redirect("home") decoded_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET) if decoded_request is None: return redirect("home") # If user is using Safari, we need to apply the cookie workaround. useragent = request.META.get("HTTP_USER_AGENT", "") using_safari = "Safari" in useragent and not "Chrome" in useragent workaround_applied = SAFARI_WORKAROUND_KEY in request.COOKIES if using_safari and not workaround_applied: return fb_redirect(request, absolutify(reverse("facebook.safari_workaround"))) user, created = FacebookUser.objects.get_or_create_user_from_decoded_request(decoded_request) if user is None: # User has yet to authorize the app, offer authorization. return request_authorization(request) # Attach country data to the user object. This can only be retrieved from # the decoded request, so we add it here and login saves it. user.country = decoded_request["user"].get("country", user.country) # User has been authed, let's log them in. login(request, user) # Normally the FacebookAuthenticationMiddleware activates the locale for # the user, but since it does not run for this view, we need to activate it # manually. activate_locale(request, user.locale) return banner_list(request)
def deauthorize(request): """ Callback that is pinged by Facebook when a user de-authorizes the app. Deletes the associated user and all their data. Returns a 400 if the signed request is missing or malformed, a 404 if the specified user could not be found, and a 200 if the removal was successful. """ signed_request = request.POST.get("signed_request", None) if signed_request is None: return JSONResponseBadRequest({"error": "No signed_request parameter " "found."}) decoded_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET) if decoded_request is None or "user_id" not in decoded_request: return JSONResponseBadRequest({"error": "signed_request invalid."}) user = get_object_or_404(FacebookUser, id=decoded_request["user_id"]) FacebookUser.objects.purge_user_data(user) return JSONResponse({"success": "User data purged successfully."})
def load_app(request): """ Create or authenticate the Facebook user and direct them to the correct area of the app upon their entry. """ signed_request = request.POST.get('signed_request', None) if signed_request is None: # App wasn't loaded within a canvas, redirect to the home page. return redirect('home') decoded_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET) if decoded_request is None: return redirect('home') # If user is using Safari, we need to apply the cookie workaround. useragent = request.META.get('HTTP_USER_AGENT', '') using_safari = 'Safari' in useragent and not 'Chrome' in useragent workaround_applied = SAFARI_WORKAROUND_KEY in request.COOKIES if using_safari and not workaround_applied: return fb_redirect(request, absolutify(reverse('facebook.safari_workaround')), top_window=True) user, created = (FacebookUser.objects. get_or_create_user_from_decoded_request(decoded_request)) if user is None: # User has yet to authorize the app, redirect to the pre-auth promo. return fb_redirect(request, absolutify(reverse('facebook.pre_auth_promo'))) # Attach country data to the user object. This can only be retrieved from # the decoded request, so we add it here and login saves it. user.country = decoded_request['user'].get('country', user.country) # User has been authed, let's log them in. login(request, user) return fb_redirect(request, absolutify(reverse('facebook.banner_list')))
def deauthorize(request): """ Callback that is pinged by Facebook when a user de-authorizes the app. Deletes the associated user and all their data. Returns a 400 if the signed request is missing or malformed, a 404 if the specified user could not be found, and a 200 if the removal was successful. """ signed_request = request.POST.get('signed_request', None) if signed_request is None: return JSONResponseBadRequest( {'error': 'No signed_request parameter ' 'found.'}) decoded_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET) if decoded_request is None or 'user_id' not in decoded_request: return JSONResponseBadRequest({'error': 'signed_request invalid.'}) user = get_object_or_404(FacebookUser, id=decoded_request['user_id']) FacebookUser.objects.purge_user_data(user) return JSONResponse({'success': 'User data purged successfully.'})
def load_app(request): """ Create or authenticate the Facebook user and direct them to the correct area of the app upon their entry. """ signed_request = request.POST.get('signed_request', None) if signed_request is None: # App wasn't loaded within a canvas, redirect to the home page. return redirect('home') decoded_request = decode_signed_request(signed_request, settings.FACEBOOK_APP_SECRET) if decoded_request is None: return redirect('home') # If user is using Safari, we need to apply the cookie workaround. useragent = request.META.get('HTTP_USER_AGENT', '') using_safari = 'Safari' in useragent and not 'Chrome' in useragent workaround_applied = SAFARI_WORKAROUND_KEY in request.COOKIES if using_safari and not workaround_applied: return fb_redirect(request, absolutify(reverse('facebook.safari_workaround')), top_window=True) user, created = (FacebookUser.objects. get_or_create_user_from_decoded_request(decoded_request)) if user is None: # User has yet to authorize the app, redirect to the pre-auth promo. return fb_redirect(request, absolutify(reverse('facebook.pre_auth_promo'))) # Attach country data to the user object. This can only be retrieved from # the decoded request, so we add it here and login saves it. user.country = decoded_request['user'].get('country', user.country) # User has been authed, let's log them in. login(request, user) return fb_redirect(request, absolutify(reverse('facebook.banner_list')))
def test_valid_request(self): """If the signed request is valid, return the decoded payload.""" payload = create_payload() signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'secret'), payload)
def test_invalid_algorithm(self): """If the declared algorithm isn't supported, return None.""" payload = create_payload(algorithm='not-supported') signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'secret'), None)
def test_valid_request(self): """If the signed request is valid, return the decoded payload.""" payload = create_payload() signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'secret'), payload)
def test_invalid_algorithm(self): """If the declared algorithm isn't supported, return None.""" payload = create_payload(algorithm='not-supported') signed_request = self.create_signed_request(payload, 'secret') eq_(decode_signed_request(signed_request, 'secret'), None)