Added optional appsecret_proof configuration parameter. #323
Conversation
|
I wouldn't merge this in just yet. I am thinking, it probably makes more sense to pass in the appsecret and have Koala use OpenSSL to add the appsecret_proof param if there is an access token present. But, it should only do this if using the Graph API, since that is the only one that supports it. What do you think? |
|
Better... |
| @@ -45,6 +46,8 @@ def api(path, args = {}, verb = "get", options = {}, &error_checking_block) | |||
| # This is explicitly needed in batch requests so GraphCollection | |||
| # results preserve any specific access tokens provided | |||
| args["access_token"] ||= @access_token || @app_access_token if @access_token || @app_access_token | |||
| args['appsecret_proof'] = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), Koala.config.appsecret, args['access_token']) if options[:appsecret_proof] && args['access_token'] && Koala.config.appsecret | |||
There was a problem hiding this comment.
Perhaps also use double quotes here for consistency?
There was a problem hiding this comment.
I would also break this line up -- it's really long. Putting the if on the line above will be much more readable.
I concur with @nielsomat that we probably don't need to offer overriding on a per-request basis. If someone wants it, they can submit a PR, but for now less code is better code.
There was a problem hiding this comment.
I've changed the quotes -- but the Ruby Style Guide suggests we use single quotes :)
|
+1 from me in principle! I would however set the default config in Koala itself, just like http_service is currently configured (https://github.com/arsduo/koala/blob/master/lib/koala.rb#L26). Further, I would rename the option to use_appsecret_proof for clarity. Not sure if the option needs to remain overridable per-request as in your current implementation. Once you have your app secret configured, what's the benefit of disabling appsecret_proof for individual requests? The only one I see is to save the overhead incurred by generating a hash for every request. IMO using appsecret_proof at all only makes sense though when forbidding non-proofed calls via the app settings. When doing so, you can't send any non-proofed calls anyway, so… should we get rid of the override in order to promote safety? :) |
| Koala.configure do |config| | ||
| config.appsecret = app_secret | ||
| # see lib/koala/api/graph_api.rb | ||
| end |
There was a problem hiding this comment.
I would actually suggest triggering the app secret slightly differently -- there are applications out there that have to work with multiple Facebook applications within the context of the same Ruby app. (A good example is social marketing/brand management, the type of platform I was working on when I started Koala.) A global configuration wouldn't work for that situation.
Instead, what do you think of making the secret be the second parameter for the API initializer? That way, you could easily specify the secret to be used for proofing at the time you create the API. This has two additional bonuses -- it's consistent with the way we pass the secret into other Koala classes, and additionally, many applications don't use the Koala setup block (they just instantiate an API object) so this avoids the need to configure Koala somewhere else on application load for those apps.
# if secret is passed in, proof all the requests that API object makes
api = Koala::Facebook::API.new(token, secret)
|
I really like this -- thanks for a great pull request. Having documentation and tests is a huge help as a maintainer. I've posted some comments -- in particular, I've suggested a different mechanism for passing in the app's secret and enabling the proofing, since the current global approach (while a good solution for most use cases) won't work for Ruby applications that need to manage more than one Facebook app. Let me know what you think about that and my other comments -- I'd love to get this into 1.8. Best, Alex |
|
Hi, sure, I'd be happy to make the changes. What is your timeline for releasing 1.8? I'm a bit busy atm, but can probably fit it in if the release is not too soon. Could make end of October for sure. If I get tired of my day job it might end up happening sooner :) |
- updated readme accordingly - updated tests accordingly - cleaned up some code per code review
|
Made all the changes I could think of; please let me know how you guys feel about this. Thanks for the feedback! |
|
Looks like the tests are failing because |
|
I'll take a look at the Travis tests and get this merged in today; sorry about the delay. Looks great! |
|
The Travis tests were failing for various Ruby 1.8-compatible installations due to underlying gems requiring 1.9+. I think it's time to just cut off support for 1.8. Merging this in now! |
|
Hooray! |
|
Great commit! Looking forward to this merge and the increase in security. Especially since tools like Buffer were hacked. Thanks for your work, @nchelluri! |
|
The code is working, I'll merge it by this weekend and release 1.8rc2. |
|
Huh, I thought I merged this in. I'll take care of this soon, sorry about the delay. |
|
👍 |
|
It seems this PR has not been merged before the 1.8.0 release, it's in the changelog but not in the code |
|
You're right. Not sure how that happened, I thought I merged that in. Fixing now. |
|
The new merged version is in integration testing on Travis -- I'll be releasing it and a few other internal changes as 1.9.0rc1 shortly, and will post here so you can test it. Here's the final behavior for appsecrets:
The readme will be updated as well when this gets merged in. Thanks and sorry about the mistake! |
|
1.90rc1 is released -- let me know if you enounter any issues or have any questions around this! Otherwise I'll release the full gem soon. |
|
Great! I'll try this out and report back if I find any issues. |
|
No issues so far |
|
Great, I'll release it this afternoon. Given the changes I really don't
|
No description provided.