Hello Leon, I am finding difficult to keep track. Could you post the entire Facebook.py that you are using? Is there any change required to web2py libraries or only in Facebook.py?
On Feb 8, 2013, at 9:14 AM, Leonel Câmara wrote: > Hey web2py_tn, > > I don't know if you still need this but I recently battled this problem > myself and here is a solution I'd like to leave here so others don't need to > battle with this too. > > If you're using the web2py_multiauth first apply this patch: > > http://code.google.com/p/cfhowes/issues/detail?id=2 > > > Then overwrite these 2 functions in facebook.py to: > > def parse_signed_request(signed_request, application_secret_key): > """Parse a signed request, returning a dictionary describing its > payload.""" > def decode(encoded): > padding = '=' * (len(encoded) % 4) > return base64.urlsafe_b64decode(encoded + padding) > > try: > encoded_signature, encoded_payload = (str(string) for string in > signed_request.split('.', 2)) > signature = decode(encoded_signature) > signed_request_data = json.loads(decode(encoded_payload)) > except (TypeError, ValueError): > raise Exception("Signed request had a corrupt payload") > > if signed_request_data.get('algorithm', '').upper() != 'HMAC-SHA256': > raise Exception("Signed request is using an unknown algorithm") > > expected_signature = hmac.new(application_secret_key, > msg=encoded_payload, digestmod=hashlib.sha256).digest() > if signature != expected_signature: > raise Exception("Signed request signature mismatch") > > return signed_request_data > > > > def get_user_from_cookie(cookies, app_id, app_secret): > """Parses the cookie set by the official Facebook JavaScript SDK. > > cookies should be a dictionary-like object mapping cookie names to > cookie values. > > If the user is logged in via Facebook, we return a dictionary with the > keys "uid" and "access_token". The former is the user's Facebook ID, > and the latter can be used to make authenticated requests to the Graph > API. > If the user is not logged in, we return None. > > Download the official Facebook JavaScript SDK at > http://github.com/facebook/connect-js/. Read more about Facebook > authentication at http://developers.facebook.com/docs/authentication/. > """ > > cookie = cookies.get("fbsr_" + app_id, "") > if not cookie: > return None > > response = parse_signed_request(cookie.value, app_secret) > if not response: > return None > > args = dict( > code = response['code'], > client_id = app_id, > client_secret = app_secret, > redirect_uri = '', > ) > > file = urllib.urlopen("https://graph.facebook.com/oauth/access_token?"; + > urllib.urlencode(args)) > try: > token_response = file.read() > finally: > file.close() > > access_token = cgi.parse_qs(token_response)["access_token"][-1] > > return dict( > uid = response["user_id"], > access_token = access_token, > ) > > > > The key change here is in get_user_from cookie where > "parse_signed_request(cookie, app_secret)" changed to > "parse_signed_request(cookie.value, app_secret)" > > > Sexta-feira, 1 de Fevereiro de 2013 22:00:40 UTC, web2py_tn escreveu: > Hey Ben- > Can you share your version of facebook.py? > > On Wednesday, February 1, 2012 2:24:29 PM UTC+1, Ben Tammetta wrote: > It seemed that version of facebook.py that I was using is just incompatible > and/or outdated > get_user_from_cookie() was trying to parse a cookie variable out that did not > exist from facebook. > > I ended up passing the correct cookie variable directly in and changing a > couple lines to prove that that was the problem. > When I ran into other issues it seemed best just to write my own version of > facebook.py as I needed certain functions. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to web2py+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
