Class: FbGraph::Auth::Cookie

Inherits:
Object
  • Object
show all
Defined in:
lib/fb_graph/auth/cookie.rb

Overview

NOTE: If you want access token, use FbGraph::Auth.new(APP_ID, APP_SECRET, :cookie => ..) instead

Class Method Summary collapse

Class Method Details

.parse(client, cookie) ⇒ Object

Raises:



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/fb_graph/auth/cookie.rb', line 8

def self.parse(client, cookie)
  fb_cookie_string = case cookie
  when String
    cookie
  else
    cookie["fbs_#{client.identifier}"]
  end

  raise VerificationFailed.new(401, 'Facebook cookie not found') if fb_cookie_string.blank?

  fb_cookie_string.gsub!(/[\\"]/, '')
  signature, fb_cookie = '', {}
  fb_cookie_string.split('&').each do |kv|
    k, v = kv.split('=')
    if k == 'sig'
      signature = v
    else
      v = v.to_i if k == 'expires'
      fb_cookie[k] = v
    end
  end

  signature_base_string = fb_cookie.to_a.sort do |a, b|
    a[0] <=> b[0] || a[1] <=> b[1]
  end.map do |(k, v)|
    "#{k}=#{v}"
  end.join

  unless Digest::MD5.hexdigest("#{signature_base_string}#{client.secret}") == signature
    raise VerificationFailed.new(401, 'Facebook cookie signature invalid')
  end

  fb_cookie.with_indifferent_access
end