JS API Application authentication added ("session" authentication).

author Stas Kravets <skravets@applebough.(none)>

Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)

committer Stas Kravets <skravets@applebough.(none)>

Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)
author Stas Kravets <skravets@applebough.(none)>
Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)
committer Stas Kravets <skravets@applebough.(none)>
Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)
diff --git a/social_auth/backends/facebook.py b/social_auth/backends/facebook.py

index 9f3672cf0cbcb3c0ac7f454c0bb2a94b71501a34..306f005d36ef82c25bdaa755bb5b11567e2218b1 100644 (file)
--- a/social_auth/backends/facebook.py
+++ b/social_auth/backends/facebook.py
@@ -86,7 +86,22 @@ class FacebookAuth(BaseOAuth):
              
                  if 'expires' in response:
                      expires = response['expires']
-        
+
+        if 'session_key' in self.data:
+            params=['secret', 'uid', 'session_key', 'access_token', 'expires', 'base_domain']
+            params_dict = dict([(p, self.data[p]) for p in params])
+
+            sorted = params_dict.items()
+            sorted.sort(key=lambda x:x[0])
+            
+            check_str = ''.join(["%s=%s"%(x[0], x[1]) for x in sorted]) + settings.FACEBOOK_API_SECRET
+            expected_sig = hashlib.md5(check_str).hexdigest()
+            sig = self.data['sig']
+
+            if sig == expected_sig:
+                access_token = params_dict['access_token']
+                expires = params_dict['expires']
+
          if access_token:
              data = self.user_data(access_token)
              if data is not None:
author	Stas Kravets <skravets@applebough.(none)>
	Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)
committer	Stas Kravets <skravets@applebough.(none)>
	Fri, 17 Jun 2011 16:05:45 +0000 (20:05 +0400)