Skip to content

Commit

Permalink
Change secure_image_url default from false to true (#346)
Browse files Browse the repository at this point in the history
* default secure_image_url to true
* Update Readme
* Adds and adjusts tests
  • Loading branch information
swiknaba authored Feb 9, 2021
1 parent eda4427 commit 853dce6
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 6 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Option name | Default | Explanation
`info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
`locale` | | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
`auth_type` | | Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/facebook-login/reauthentication/. Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Use 'rerequest' when you want to request premissions. Default is `nil`.
`secure_image_url` | `false` | Set to `true` to use https for the avatar image url returned in the auth hash.
`secure_image_url` | `true` | Set to `true` to use https for the avatar image url returned in the auth hash. SSL is mandatory as per https://developers.facebook.com/docs/facebook-login/security#surfacearea.
`callback_url` / `callback_path` | | Specify a custom callback URL used during the server-side flow. Note this must be allowed by your app configuration on Facebook (see 'Valid OAuth redirect URIs' under the 'Advanced' settings section in the configuration for your Facebook app for more details).

For example, to request `email`, `user_birthday` and `read_stream` permissions and display the authentication page in a popup window:
Expand Down
2 changes: 2 additions & 0 deletions lib/omniauth/strategies/facebook.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ class NoAuthorizationCodeError < StandardError; end

option :authorize_options, [:scope, :display, :auth_type]

option :secure_image_url, true

uid { raw_info['id'] }

info do
Expand Down
25 changes: 20 additions & 5 deletions test/strategy_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -101,14 +101,29 @@ def setup
@access_token.stubs(:token).returns('test_access_token')
end

test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
test 'returns the secure facebook avatar url when `secure_image_url` option is set to true' do
@options = { secure_image_url: true }
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
strategy.stubs(:raw_info).returns(raw_info)
strategy.stubs(:access_token).returns(@access_token)
assert_equal 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
end

test 'returns the non-ssl facebook avatar url when `secure_image_url` option is set to false' do
@options = { secure_image_url: false }
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
strategy.stubs(:raw_info).returns(raw_info)
strategy.stubs(:access_token).returns(@access_token)
assert_equal 'http://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
end

test 'returns the secure facebook avatar url when `secure_image_url` option is omitted' do
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
strategy.stubs(:raw_info).returns(raw_info)
strategy.stubs(:access_token).returns(@access_token)
assert_equal 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
end

test 'returns the image_url based of the client site' do
@options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
Expand All @@ -122,15 +137,15 @@ def setup
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
strategy.stubs(:raw_info).returns(raw_info)
strategy.stubs(:access_token).returns(@access_token)
assert_equal 'http://graph.facebook.com/v4.0/321/picture?access_token=test_access_token&type=normal', strategy.info['image']
assert_equal 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token&type=normal', strategy.info['image']
end

test 'returns the image with size specified as a symbol in the `image_size` option' do
@options = { image_size: :normal }
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
strategy.stubs(:raw_info).returns(raw_info)
strategy.stubs(:access_token).returns(@access_token)
assert_equal 'http://graph.facebook.com/v4.0/321/picture?access_token=test_access_token&type=normal', strategy.info['image']
assert_equal 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token&type=normal', strategy.info['image']
end

test 'returns the image with width and height specified in the `image_size` option' do
Expand All @@ -140,7 +155,7 @@ def setup
strategy.stubs(:access_token).returns(@access_token)
assert_match 'width=123', strategy.info['image']
assert_match 'height=987', strategy.info['image']
assert_match 'http://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
assert_match 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
end
end

Expand Down Expand Up @@ -191,7 +206,7 @@ def setup

test 'returns the facebook avatar url' do
@raw_info['id'] = '321'
assert_equal 'http://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
assert_equal 'https://graph.facebook.com/v4.0/321/picture?access_token=test_access_token', strategy.info['image']
end

test 'returns the Facebook link as the Facebook url' do
Expand Down

0 comments on commit 853dce6

Please sign in to comment.