Merge pull request simi#173 from mkdynamic/fix-algo-typo

Fix algo typo and improve tests.
gouravmodi · Dec 2, 2014 · f37f24b · f37f24b
2 parents ee4fb4d + 5b6b6a0
commit f37f24b
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 4 deletions.
diff --git a/lib/omniauth/strategies/facebook.rb b/lib/omniauth/strategies/facebook.rb
@@ -11,6 +11,7 @@ class NoAuthorizationCodeError < StandardError; end
       class UnknownSignatureAlgorithmError < NotImplementedError; end
 
       DEFAULT_SCOPE = 'email'
+      SUPPORTED_ALGORITHM = 'HMAC-SHA256'
 
       option :client_options, {
         :site => 'https://graph.facebook.com',
@@ -74,7 +75,7 @@ def callback_phase
       rescue NoAuthorizationCodeError => e
         fail!(:no_authorization_code, e)
       rescue UnknownSignatureAlgorithmError => e
-        fail!(:unknown_signature_algoruthm, e)
+        fail!(:unknown_signature_algorithm, e)
       end
 
       # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize
@@ -166,7 +167,7 @@ def parse_signed_request(value)
         decoded_hex_signature = base64_decode_url(signature)
         decoded_payload = MultiJson.decode(base64_decode_url(encoded_payload))
 
-        unless decoded_payload['algorithm'] == 'HMAC-SHA256'
+        unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
           raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
         end
 

diff --git a/test/test.rb b/test/test.rb
@@ -443,7 +443,7 @@ def setup
     end
 
     test 'calls fail! when a code is not included in the params' do
-      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
       strategy.callback_phase
     end
   end
@@ -462,7 +462,26 @@ def setup(algo = nil)
     end
 
     test 'calls fail! when a code is not included in the cookie' do
-      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(Exception))
+      strategy.expects(:fail!).times(1).with(:no_authorization_code, kind_of(OmniAuth::Strategies::Facebook::NoAuthorizationCodeError))
+      strategy.callback_phase
+    end
+  end
+
+  class UnknownAlgorithmInCookieRequestTest < TestCase
+    def setup
+      super()
+      @payload = {
+        'algorithm' => 'UNKNOWN-ALGO',
+        'code' => nil,
+        'issued_at' => Time.now.to_i,
+        'user_id' => '123456'
+      }
+
+      @request.stubs(:cookies).returns({"fbsr_#{@client_id}" => signed_request(@payload, @client_secret)})
+    end
+
+    test 'calls fail! when an algorithm is unknown' do
+      strategy.expects(:fail!).times(1).with(:unknown_signature_algorithm, kind_of(OmniAuth::Strategies::Facebook::UnknownSignatureAlgorithmError))
       strategy.callback_phase
     end
   end