Source of file tests.php
Size: 34,282 Bytes - Last Modified: 2021-12-23T10:10:07+00:00
/var/www/docs.ssmods.com/process/src/thirdparty/tests/tests.php
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921 | <?php /** * Copyright 2011 Facebook, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. You may obtain * a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. */ class PHPSDKTestCase extends PHPUnit_Framework_TestCase { const APP_ID = '117743971608120'; const SECRET = '943716006e74d9b9283d4d5d8ab93204'; const MIGRATED_APP_ID = '174236045938435'; const MIGRATED_SECRET = '0073dce2d95c4a5c2922d1827ea0cca6'; private static $kExpiredAccessToken = '206492729383450|2.N4RKywNPuHAey7CK56_wmg__.3600.1304560800.1-214707|6Q14AfpYi_XJB26aRQumouzJiGA'; private static $kValidSignedRequest = '1sxR88U4SW9m6QnSxwCEw_CObqsllXhnpP5j2pxD97c.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyODEwNTI4MDAsIm9hdXRoX3Rva2VuIjoiMTE3NzQzOTcxNjA4MTIwfDIuVlNUUWpub3hYVVNYd1RzcDB1U2g5d19fLjg2NDAwLjEyODEwNTI4MDAtMTY3Nzg0NjM4NXx4NURORHBtcy1nMUM0dUJHQVYzSVdRX2pYV0kuIiwidXNlcl9pZCI6IjE2Nzc4NDYzODUifQ'; private static $kNonTosedSignedRequest = 'c0Ih6vYvauDwncv0n0pndr0hP0mvZaJPQDPt6Z43O0k.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiJ9'; private static $kSignedRequestWithBogusSignature = '1sxR32U4SW9m6QnSxwCEw_CObqsllXhnpP5j2pxD97c.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImV4cGlyZXMiOjEyODEwNTI4MDAsIm9hdXRoX3Rva2VuIjoiMTE3NzQzOTcxNjA4MTIwfDIuVlNUUWpub3hYVVNYd1RzcDB1U2g5d19fLjg2NDAwLjEyODEwNTI4MDAtMTY3Nzg0NjM4NXx4NURORHBtcy1nMUM0dUJHQVYzSVdRX2pYV0kuIiwidXNlcl9pZCI6IjE2Nzc4NDYzODUifQ'; public function testConstructor() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $this->assertEquals($facebook->getAppId(), self::APP_ID, 'Expect the App ID to be set.'); $this->assertEquals($facebook->getApiSecret(), self::SECRET, 'Expect the API secret to be set.'); } public function testConstructorWithFileUpload() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, 'fileUpload' => true, )); $this->assertEquals($facebook->getAppId(), self::APP_ID, 'Expect the App ID to be set.'); $this->assertEquals($facebook->getApiSecret(), self::SECRET, 'Expect the API secret to be set.'); $this->assertTrue($facebook->useFileUploadSupport(), 'Expect file upload support to be on.'); } public function testSetAppId() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setAppId('dummy'); $this->assertEquals($facebook->getAppId(), 'dummy', 'Expect the App ID to be dummy.'); } public function testSetAPISecret() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setApiSecret('dummy'); $this->assertEquals($facebook->getApiSecret(), 'dummy', 'Expect the API secret to be dummy.'); } public function testSetAccessToken() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setAccessToken('saltydog'); $this->assertEquals($facebook->getAccessToken(), 'saltydog', 'Expect installed access token to remain \'saltydog\''); } public function testSetFileUploadSupport() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $this->assertFalse($facebook->useFileUploadSupport(), 'Expect file upload support to be off.'); $facebook->setFileUploadSupport(true); $this->assertTrue($facebook->useFileUploadSupport(), 'Expect file upload support to be on.'); } public function testGetCurrentURL() { $facebook = new FBGetCurrentURLFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); // fake the HPHP $_SERVER globals $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=one&two=two&three=three'; $current_url = $facebook->publicGetCurrentUrl(); $this->assertEquals( 'http://www.test.com/unit-tests.php?one=one&two=two&three=three', $current_url, 'getCurrentUrl function is changing the current URL'); // ensure structure of valueless GET params is retained (sometimes // an = sign was present, and sometimes it was not) // first test when equal signs are present $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=&two=&three='; $current_url = $facebook->publicGetCurrentUrl(); $this->assertEquals( 'http://www.test.com/unit-tests.php?one=&two=&three=', $current_url, 'getCurrentUrl function is changing the current URL'); // now confirm that $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php?one&two&three'; $current_url = $facebook->publicGetCurrentUrl(); $this->assertEquals( 'http://www.test.com/unit-tests.php?one&two&three', $current_url, 'getCurrentUrl function is changing the current URL'); } public function testGetLoginURL() { $facebook = new Facebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); // fake the HPHP $_SERVER globals $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php'; $login_url = parse_url($facebook->getLoginUrl()); $this->assertEquals($login_url['scheme'], 'https'); $this->assertEquals($login_url['host'], 'www.facebook.com'); $this->assertEquals($login_url['path'], '/dialog/oauth'); $expected_login_params = array('client_id' => self::APP_ID, 'redirect_uri' => 'http://www.test.com/unit-tests.php'); $query_map = array(); parse_str($login_url['query'], $query_map); $this->assertIsSubset($expected_login_params, $query_map); // we don't know what the state is, but we know it's an md5 and should // be 32 characters long. $this->assertEquals(strlen($query_map['state']), $num_characters = 32); } public function testGetLoginURLWithExtraParams() { $facebook = new Facebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); // fake the HPHP $_SERVER globals $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php'; $extra_params = array('scope' => 'email, sms', 'nonsense' => 'nonsense'); $login_url = parse_url($facebook->getLoginUrl($extra_params)); $this->assertEquals($login_url['scheme'], 'https'); $this->assertEquals($login_url['host'], 'www.facebook.com'); $this->assertEquals($login_url['path'], '/dialog/oauth'); $expected_login_params = array_merge( array('client_id' => self::APP_ID, 'redirect_uri' => 'http://www.test.com/unit-tests.php'), $extra_params); $query_map = array(); parse_str($login_url['query'], $query_map); $this->assertIsSubset($expected_login_params, $query_map); // we don't know what the state is, but we know it's an md5 and should // be 32 characters long. $this->assertEquals(strlen($query_map['state']), $num_characters = 32); } public function testGetLoginURLWithScopeParamsAsArray() { $facebook = new Facebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); // fake the HPHP $_SERVER globals $_SERVER['HTTP_HOST'] = 'www.test.com'; $_SERVER['REQUEST_URI'] = '/unit-tests.php'; $scope_params_as_array = array('email','sms','read_stream'); $extra_params = array('scope' => $scope_params_as_array, 'nonsense' => 'nonsense'); $login_url = parse_url($facebook->getLoginUrl($extra_params)); $this->assertEquals($login_url['scheme'], 'https'); $this->assertEquals($login_url['host'], 'www.facebook.com'); $this->assertEquals($login_url['path'], '/dialog/oauth'); // expect api to flatten array params to comma separated list // should do the same here before asserting to make sure API is behaving // correctly; $extra_params['scope'] = implode(',', $scope_params_as_array); $expected_login_params = array_merge( array('client_id' => self::APP_ID, 'redirect_uri' => 'http://www.test.com/unit-tests.php'), $extra_params); $query_map = array(); parse_str($login_url['query'], $query_map); $this->assertIsSubset($expected_login_params, $query_map); // we don't know what the state is, but we know it's an md5 and should // be 32 characters long. $this->assertEquals(strlen($query_map['state']), $num_characters = 32); } public function testGetCodeWithValidCSRFState() { $facebook = new FBCode(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setCSRFStateToken(); $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); $_REQUEST['state'] = $facebook->getCSRFStateToken(); $this->assertEquals($code, $facebook->publicGetCode(), 'Expect code to be pulled from $_REQUEST[\'code\']'); } public function testGetCodeWithInvalidCSRFState() { $facebook = new FBCode(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setCSRFStateToken(); $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); $_REQUEST['state'] = $facebook->getCSRFStateToken().'forgery!!!'; $this->assertFalse($facebook->publicGetCode(), 'Expect getCode to fail, CSRF state should not match.'); } public function testGetCodeWithMissingCSRFState() { $facebook = new FBCode(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue(); // intentionally don't set CSRF token at all $this->assertFalse($facebook->publicGetCode(), 'Expect getCode to fail, CSRF state not sent back.'); } public function testGetUserFromSignedRequest() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $_REQUEST['signed_request'] = self::$kValidSignedRequest; $this->assertEquals('1677846385', $facebook->getUser(), 'Failed to get user ID from a valid signed request.'); } public function testGetSignedRequestFromCookie() { $facebook = new FBGetSignedRequestCookieFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $_COOKIE[$facebook->publicGetSignedRequestCookieName()] = self::$kValidSignedRequest; $this->assertNotNull($facebook->publicGetSignedRequest()); $this->assertEquals('1677846385', $facebook->getUser(), 'Failed to get user ID from a valid signed request.'); } public function testGetSignedRequestWithIncorrectSignature() { $facebook = new FBGetSignedRequestCookieFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $_COOKIE[$facebook->publicGetSignedRequestCookieName()] = self::$kSignedRequestWithBogusSignature; $this->assertNull($facebook->publicGetSignedRequest()); } public function testNonUserAccessToken() { $facebook = new FBAccessToken(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); // no cookies, and no request params, so no user or code, // so no user access token (even with cookie support) $this->assertEquals($facebook->publicGetApplicationAccessToken(), $facebook->getAccessToken(), 'Access token should be that for logged out users.'); } public function testAPIForLoggedOutUsers() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $response = $facebook->api(array( 'method' => 'fql.query', 'query' => 'SELECT name FROM user WHERE uid=4', )); $this->assertEquals(count($response), 1, 'Expect one row back.'); $this->assertEquals($response[0]['name'], 'Mark Zuckerberg', 'Expect the name back.'); } public function testAPIWithBogusAccessToken() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setAccessToken('this-is-not-really-an-access-token'); // if we don't set an access token and there's no way to // get one, then the FQL query below works beautifully, handing // over Zuck's public data. But if you specify a bogus access // token as I have right here, then the FQL query should fail. // We could return just Zuck's public data, but that wouldn't // advertise the issue that the access token is at worst broken // and at best expired. try { $response = $facebook->api(array( 'method' => 'fql.query', 'query' => 'SELECT name FROM profile WHERE id=4', )); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { $result = $e->getResult(); $this->assertTrue(is_array($result), 'expect a result object'); $this->assertEquals('190', $result['error_code'], 'expect code'); } } public function testAPIGraphPublicData() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $response = $facebook->api('/jerry'); $this->assertEquals( $response['id'], '214707', 'should get expected id.'); } public function testGraphAPIWithBogusAccessToken() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setAccessToken('this-is-not-really-an-access-token'); try { $response = $facebook->api('/me'); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { // means the server got the access token and didn't like it $msg = 'OAuthException: Invalid OAuth access token.'; $this->assertEquals($msg, (string) $e, 'Expect the invalid OAuth token message.'); } } public function testGraphAPIWithExpiredAccessToken() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $facebook->setAccessToken(self::$kExpiredAccessToken); try { $response = $facebook->api('/me'); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { // means the server got the access token and didn't like it $error_msg_start = 'OAuthException: Error validating access token:'; $this->assertTrue(strpos((string) $e, $error_msg_start) === 0, 'Expect the token validation error message.'); } } public function testGraphAPIMethod() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); try { // naitik being bold about deleting his entire record.... // let's hope this never actually passes. $response = $facebook->api('/naitik', $method = 'DELETE'); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { // ProfileDelete means the server understood the DELETE $msg = 'OAuthException: A user access token is required to request this resource.'; $this->assertEquals($msg, (string) $e, 'Expect the invalid session message.'); } } public function testGraphAPIOAuthSpecError() { $facebook = new TransientFacebook(array( 'appId' => self::MIGRATED_APP_ID, 'secret' => self::MIGRATED_SECRET, )); try { $response = $facebook->api('/me', array( 'client_id' => self::MIGRATED_APP_ID)); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { // means the server got the access token $msg = 'invalid_request: An active access token must be used '. 'to query information about the current user.'; $this->assertEquals($msg, (string) $e, 'Expect the invalid session message.'); } } public function testGraphAPIMethodOAuthSpecError() { $facebook = new TransientFacebook(array( 'appId' => self::MIGRATED_APP_ID, 'secret' => self::MIGRATED_SECRET, )); try { $response = $facebook->api('/daaku.shah', 'DELETE', array( 'client_id' => self::MIGRATED_APP_ID)); $this->fail('Should not get here.'); } catch(FacebookApiException $e) { $this->assertEquals(strpos($e, 'invalid_request'), 0); } } public function testCurlFailure() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); if (!defined('CURLOPT_TIMEOUT_MS')) { // can't test it if we don't have millisecond timeouts return; } $exception = null; try { // we dont expect facebook will ever return in 1ms Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS] = 50; $facebook->api('/naitik'); } catch(FacebookApiException $e) { $exception = $e; } unset(Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS]); if (!$exception) { $this->fail('no exception was thrown on timeout.'); } $this->assertEquals( CURLE_OPERATION_TIMEOUTED, $exception->getCode(), 'expect timeout'); $this->assertEquals('CurlException', $exception->getType(), 'expect type'); } public function testGraphAPIWithOnlyParams() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $response = $facebook->api('/jerry'); $this->assertTrue(isset($response['id']), 'User ID should be public.'); $this->assertTrue(isset($response['name']), 'User\'s name should be public.'); $this->assertTrue(isset($response['first_name']), 'User\'s first name should be public.'); $this->assertTrue(isset($response['last_name']), 'User\'s last name should be public.'); $this->assertFalse(isset($response['work']), 'User\'s work history should only be available with '. 'a valid access token.'); $this->assertFalse(isset($response['education']), 'User\'s education history should only be '. 'available with a valid access token.'); $this->assertFalse(isset($response['verified']), 'User\'s verification status should only be '. 'available with a valid access token.'); } public function testLoginURLDefaults() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testLoginURLDefaultsDropStateQueryParam() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples?state=xx42xx'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1, 'Expect the current url to exist.'); $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), 'Expect the session param to be dropped.'); } public function testLoginURLDefaultsDropCodeQueryParam() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples?code=xx42xx'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1, 'Expect the current url to exist.'); $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), 'Expect the session param to be dropped.'); } public function testLoginURLDefaultsDropSignedRequestParamButNotOthers() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples?signed_request=xx42xx&do_not_drop=xx43xx'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $expectEncodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'), 'Expect the session param to be dropped.'); $this->assertTrue(strpos($facebook->getLoginUrl(), 'xx43xx') > -1, 'Expect the do_not_drop param to exist.'); } public function testLoginURLCustomNext() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $next = 'http://fbrell.com/custom'; $loginUrl = $facebook->getLoginUrl(array( 'redirect_uri' => $next, 'cancel_url' => $next )); $currentEncodedUrl = rawurlencode('http://fbrell.com/examples'); $expectedEncodedUrl = rawurlencode($next); $this->assertNotNull(strpos($loginUrl, $expectedEncodedUrl), 'Expect the custom url to exist.'); $this->assertFalse(strpos($loginUrl, $currentEncodedUrl), 'Expect the current url to not exist.'); } public function testLogoutURLDefaults() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertNotNull(strpos($facebook->getLogoutUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testLoginStatusURLDefaults() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('http://fbrell.com/examples'); $this->assertNotNull(strpos($facebook->getLoginStatusUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testLoginStatusURLCustom() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl1 = rawurlencode('http://fbrell.com/examples'); $okUrl = 'http://fbrell.com/here1'; $encodedUrl2 = rawurlencode($okUrl); $loginStatusUrl = $facebook->getLoginStatusUrl(array( 'ok_session' => $okUrl, )); $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl1), 'Expect the current url to exist.'); $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl2), 'Expect the custom url to exist.'); } public function testNonDefaultPort() { $_SERVER['HTTP_HOST'] = 'fbrell.com:8080'; $_SERVER['REQUEST_URI'] = '/examples'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('http://fbrell.com:8080/examples'); $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testSecureCurrentUrl() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $_SERVER['REQUEST_URI'] = '/examples'; $_SERVER['HTTPS'] = 'on'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('https://fbrell.com/examples'); $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testSecureCurrentUrlWithNonDefaultPort() { $_SERVER['HTTP_HOST'] = 'fbrell.com:8080'; $_SERVER['REQUEST_URI'] = '/examples'; $_SERVER['HTTPS'] = 'on'; $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $encodedUrl = rawurlencode('https://fbrell.com:8080/examples'); $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl), 'Expect the current url to exist.'); } public function testAppSecretCall() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET, )); $proper_exception_thrown = false; try { $response = $facebook->api('/' . self::APP_ID . '/insights'); $this->fail('Desktop applications need a user token for insights.'); } catch (FacebookApiException $e) { $proper_exception_thrown = strpos($e->getMessage(), 'Requires session when calling from a desktop app') !== false; } catch (Exception $e) {} $this->assertTrue($proper_exception_thrown, 'Incorrect exception type thrown when trying to gain '. 'insights for desktop app without a user access token.'); } public function testBase64UrlEncode() { $input = 'Facebook rocks'; $output = 'RmFjZWJvb2sgcm9ja3M'; $this->assertEquals(FBPublic::publicBase64UrlDecode($output), $input); } public function testSignedToken() { $facebook = new FBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $payload = $facebook->publicParseSignedRequest(self::$kValidSignedRequest); $this->assertNotNull($payload, 'Expected token to parse'); $this->assertEquals($facebook->getSignedRequest(), null); $_REQUEST['signed_request'] = self::$kValidSignedRequest; $this->assertEquals($facebook->getSignedRequest(), $payload); } public function testNonTossedSignedtoken() { $facebook = new FBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $payload = $facebook->publicParseSignedRequest( self::$kNonTosedSignedRequest); $this->assertNotNull($payload, 'Expected token to parse'); $this->assertNull($facebook->getSignedRequest()); $_REQUEST['signed_request'] = self::$kNonTosedSignedRequest; $this->assertEquals($facebook->getSignedRequest(), array('algorithm' => 'HMAC-SHA256')); } public function testBundledCACert() { $facebook = new TransientFacebook(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); // use the bundled cert from the start Facebook::$CURL_OPTS[CURLOPT_CAINFO] = dirname(__FILE__) . '/../src/fb_ca_chain_bundle.crt'; $response = $facebook->api('/naitik'); unset(Facebook::$CURL_OPTS[CURLOPT_CAINFO]); $this->assertEquals( $response['id'], '5526183', 'should get expected id.'); } public function testVideoUpload() { $facebook = new FBRecordURL(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $facebook->api(array('method' => 'video.upload')); $this->assertContains('//api-video.', $facebook->getRequestedURL(), 'video.upload should go against api-video'); } public function testGetUserAndAccessTokenFromSession() { $facebook = new PersistentFBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $facebook->publicSetPersistentData('access_token', self::$kExpiredAccessToken); $facebook->publicSetPersistentData('user_id', 12345); $this->assertEquals(self::$kExpiredAccessToken, $facebook->getAccessToken(), 'Get access token from persistent store.'); $this->assertEquals('12345', $facebook->getUser(), 'Get user id from persistent store.'); } public function testGetUserAndAccessTokenFromSignedRequestNotSession() { $facebook = new PersistentFBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $_REQUEST['signed_request'] = self::$kValidSignedRequest; $facebook->publicSetPersistentData('user_id', 41572); $facebook->publicSetPersistentData('access_token', self::$kExpiredAccessToken); $this->assertNotEquals('41572', $facebook->getUser(), 'Got user from session instead of signed request.'); $this->assertEquals('1677846385', $facebook->getUser(), 'Failed to get correct user ID from signed request.'); $this->assertNotEquals( self::$kExpiredAccessToken, $facebook->getAccessToken(), 'Got access token from session instead of signed request.'); $this->assertNotEmpty( $facebook->getAccessToken(), 'Failed to extract an access token from the signed request.'); } public function testGetUserWithoutCodeOrSignedRequestOrSession() { $facebook = new PersistentFBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); // deliberately leave $_REQUEST and _$SESSION empty $this->assertEmpty($_REQUEST, 'GET, POST, and COOKIE params exist even though '. 'they should. Test cannot succeed unless all of '. '$_REQUEST is empty.'); $this->assertEmpty($_SESSION, 'Session is carrying state and should not be.'); $this->assertEmpty($facebook->getUser(), 'Got a user id, even without a signed request, '. 'access token, or session variable.'); $this->assertEmpty($_SESSION, 'Session superglobal incorrectly populated by getUser.'); } protected function generateMD5HashOfRandomValue() { return md5(uniqid(mt_rand(), true)); } protected function setUp() { parent::setUp(); } protected function tearDown() { $this->clearSuperGlobals(); parent::tearDown(); } protected function clearSuperGlobals() { unset($_SERVER['HTTPS']); unset($_SERVER['HTTP_HOST']); unset($_SERVER['REQUEST_URI']); $_SESSION = array(); $_COOKIE = array(); $_REQUEST = array(); $_POST = array(); $_GET = array(); if (session_id()) { session_destroy(); } } /** * Checks that the correct args are a subset of the returned obj * @param array $correct The correct array values * @param array $actual The values in practice * @param string $message to be shown on failure */ protected function assertIsSubset($correct, $actual, $msg='') { foreach ($correct as $key => $value) { $actual_value = $actual[$key]; $newMsg = (strlen($msg) ? ($msg.' ') : '').'Key: '.$key; $this->assertEquals($value, $actual_value, $newMsg); } } } class TransientFacebook extends BaseFacebook { protected function setPersistentData($key, $value) {} protected function getPersistentData($key, $default = false) { return $default; } protected function clearPersistentData($key) {} protected function clearAllPersistentData() {} } class FBRecordURL extends TransientFacebook { private $url; protected function _oauthRequest($url, $params) { $this->url = $url; } public function getRequestedURL() { return $this->url; } } class FBPublic extends TransientFacebook { public static function publicBase64UrlDecode($input) { return self::base64UrlDecode($input); } public function publicParseSignedRequest($input) { return $this->parseSignedRequest($input); } } class PersistentFBPublic extends Facebook { public function publicParseSignedRequest($input) { return $this->parseSignedRequest($input); } public function publicSetPersistentData($key, $value) { $this->setPersistentData($key, $value); } } class FBCode extends Facebook { public function publicGetCode() { return $this->getCode(); } public function setCSRFStateToken() { $this->establishCSRFTokenState(); } public function getCSRFStateToken() { return $this->getPersistentData('state'); } } class FBAccessToken extends TransientFacebook { public function publicGetApplicationAccessToken() { return $this->getApplicationAccessToken(); } } class FBGetCurrentURLFacebook extends TransientFacebook { public function publicGetCurrentUrl() { return $this->getCurrentUrl(); } } class FBGetSignedRequestCookieFacebook extends TransientFacebook { public function publicGetSignedRequest() { return $this->getSignedRequest(); } public function publicGetSignedRequestCookieName() { return $this->getSignedRequestCookieName(); } } |