From: Stas Kravets <skravets@applebough.(none)>
Date: Fri, 17 Jun 2011 16:05:45 +0000 (+0400)
Subject: JS API Application authentication added ("session" authentication).
X-Git-Url: https://git.parisson.com/?a=commitdiff_plain;h=ea39a1788f6da3ae54ab689dae1f39c31492c224;p=django-social-auth.git

JS API Application authentication added ("session" authentication).
---

diff --git a/social_auth/backends/facebook.py b/social_auth/backends/facebook.py
index 9f3672c..306f005 100644
--- a/social_auth/backends/facebook.py
+++ b/social_auth/backends/facebook.py
@@ -86,7 +86,22 @@ class FacebookAuth(BaseOAuth):
             
                 if 'expires' in response:
                     expires = response['expires']
-        
+
+        if 'session_key' in self.data:
+            params=['secret', 'uid', 'session_key', 'access_token', 'expires', 'base_domain']
+            params_dict = dict([(p, self.data[p]) for p in params])
+
+            sorted = params_dict.items()
+            sorted.sort(key=lambda x:x[0])
+            
+            check_str = ''.join(["%s=%s"%(x[0], x[1]) for x in sorted]) + settings.FACEBOOK_API_SECRET
+            expected_sig = hashlib.md5(check_str).hexdigest()
+            sig = self.data['sig']
+
+            if sig == expected_sig:
+                access_token = params_dict['access_token']
+                expires = params_dict['expires']
+
         if access_token:
             data = self.user_data(access_token)
             if data is not None: