def test_invalid_request(self):
"""If the request is invalid, return None."""
eq_(decode_signed_request('invalid()', 'secret'), None)
eq_(decode_signed_request('invalid().withdot', 'secret'), None)
signature = modified_url_b64encode('secret')
payload = modified_url_b64encode('notjson')
eq_(decode_signed_request('.'.join((signature, payload)), 's'), None)
def test_invalid_request(self):
"""If the request is invalid, return None."""
eq_(decode_signed_request('invalid()', 'secret'), None)
eq_(decode_signed_request('invalid().withdot', 'secret'), None)
signature = modified_url_b64encode('secret')
payload = modified_url_b64encode('notjson')
eq_(decode_signed_request('.'.join((signature, payload)), 's'), None)
def test_invalid_secret(self):
"""
If the secret used for decoding doesn't match the secret used for
encoding, return None.
"""
payload = create_payload()
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'other_secret'), None)
def test_invalid_secret(self):
"""
If the secret used for decoding doesn't match the secret used for
encoding, return None.
"""
payload = create_payload()
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'other_secret'), None)
def deauthorize(request):
"""
Callback that is pinged by Facebook when a user de-authorizes the app.
Deletes the associated user and all their data. Returns a 400 if the signed
request is missing or malformed, a 404 if the specified user could not be
found, and a 200 if the removal was successful.
"""
signed_request = request.POST.get('signed_request', None)
if signed_request is None:
return JSONResponseBadRequest({'error': 'No signed_request parameter '
'found.'})
decoded_request = decode_signed_request(signed_request,
settings.FACEBOOK_APP_SECRET)
if decoded_request is None or 'user_id' not in decoded_request:
return JSONResponseBadRequest({'error': 'signed_request invalid.'})
user = get_object_or_404(FacebookUser, id=decoded_request['user_id'])
FacebookUser.objects.purge_user_data(user)
return JSONResponse({'success': 'User data purged successfully.'})
def load_app(request):
"""
Create or authenticate the Facebook user and direct them to the correct
area of the app upon their entry.
"""
signed_request = request.POST.get('signed_request', None)
if signed_request is None:
# App wasn't loaded within a canvas, redirect to the home page.
return redirect('base.home')
decoded_request = decode_signed_request(signed_request,
settings.FACEBOOK_APP_SECRET)
if decoded_request is None:
return redirect('base.home')
# If user is using Safari, we need to apply the cookie workaround.
useragent = request.META.get('HTTP_USER_AGENT', '')
using_safari = 'Safari' in useragent and not 'Chrome' in useragent
workaround_applied = SAFARI_WORKAROUND_KEY in request.COOKIES
if using_safari and not workaround_applied:
return fb_redirect(request,
absolutify(reverse('facebook.safari_workaround')),
top_window=True)
user, created = (FacebookUser.objects.
get_or_create_user_from_decoded_request(decoded_request))
if user is None:
# User has yet to authorize the app, redirect to the pre-auth promo.
return fb_redirect(request,
absolutify(reverse('facebook.pre_auth_promo')))
# Attach country data to the user object. This can only be retrieved from
# the decoded request, so we add it here and login saves it.
user.country = decoded_request['user'].get('country', user.country)
# User has been authed, let's log them in.
login(request, user)
return fb_redirect(request, absolutify(reverse('facebook.banner_list')))
def deauthorize(request):
"""
Callback that is pinged by Facebook when a user de-authorizes the app.
Deletes the associated user and all their data. Returns a 400 if the signed
request is missing or malformed, a 404 if the specified user could not be
found, and a 200 if the removal was successful.
"""
signed_request = request.POST.get('signed_request', None)
if signed_request is None:
return JSONResponseBadRequest(
{'error': 'No signed_request parameter '
'found.'})
decoded_request = decode_signed_request(signed_request,
settings.FACEBOOK_APP_SECRET)
if decoded_request is None or 'user_id' not in decoded_request:
return JSONResponseBadRequest({'error': 'signed_request invalid.'})
user = get_object_or_404(FacebookUser, id=decoded_request['user_id'])
FacebookUser.objects.purge_user_data(user)
return JSONResponse({'success': 'User data purged successfully.'})
def load_app(request):
"""
Create or authenticate the Facebook user and direct them to the correct
area of the app upon their entry.
"""
signed_request = request.POST.get('signed_request', None)
if signed_request is None:
# App wasn't loaded within a canvas, redirect to the home page.
return redirect('base.home')
decoded_request = decode_signed_request(signed_request,
settings.FACEBOOK_APP_SECRET)
if decoded_request is None:
return redirect('base.home')
# If user is using Safari, we need to apply the cookie workaround.
useragent = request.META.get('HTTP_USER_AGENT', '')
using_safari = 'Safari' in useragent and not 'Chrome' in useragent
workaround_applied = SAFARI_WORKAROUND_KEY in request.COOKIES
if using_safari and not workaround_applied:
return fb_redirect(request,
absolutify(reverse('facebook.safari_workaround')),
top_window=True)
user, created = (FacebookUser.objects.
get_or_create_user_from_decoded_request(decoded_request))
if user is None:
# User has yet to authorize the app, redirect to the pre-auth promo.
return fb_redirect(request,
absolutify(reverse('facebook.pre_auth_promo')))
# Attach country data to the user object. This can only be retrieved from
# the decoded request, so we add it here and login saves it.
user.country = decoded_request['user'].get('country', user.country)
# User has been authed, let's log them in.
login(request, user)
return fb_redirect(request, absolutify(reverse('facebook.banner_list')))
def test_valid_request(self):
"""If the signed request is valid, return the decoded payload."""
payload = create_payload()
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'secret'), payload)
def test_invalid_algorithm(self):
"""If the declared algorithm isn't supported, return None."""
payload = create_payload(algorithm='not-supported')
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'secret'), None)
def test_valid_request(self):
"""If the signed request is valid, return the decoded payload."""
payload = create_payload()
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'secret'), payload)
def test_invalid_algorithm(self):
"""If the declared algorithm isn't supported, return None."""
payload = create_payload(algorithm='not-supported')
signed_request = self.create_signed_request(payload, 'secret')
eq_(decode_signed_request(signed_request, 'secret'), None)
