Apologies for not chaning the subject line. :(
Hi all,
I wanted to test requests from internal facebook apps, so I''ve been
mimicking FBML requests from facebook in my tests using the following:
def test_can_facebook_internal_app_login
fb_login_as :facebooker
num_of_members = Member.count
facebook_request :get, :home
assert_response :success
assert_equal num_of_members, Member.count
assert_session_user_data_exists
end
The code is fairly simple:
module Facebooker
module Rails
module TestHelpers
# user facebook id for facebook_request
def set_user_facebook_id(fb_id)
@fb_id = fb_id
end
# makes a request as if it was from facebook. Need to
set_user_facebook_id() first
# so it knows whom to send the request as.
def facebook_request(http_verb, action, params = { })
fb_params = { "fb_sig_time" => Time.now.to_f,
"fb_sig_locale" => "en_US",
"fb_sig_session_key" =>
"d82ebe8648254d4cef7d993a-1953401",
"fb_sig_position_fix" => "1",
"fb_sig_in_canvas" => "1",
"fb_sig_request_method" => http_verb.to_s.upcase,
"fb_sig_expires" => "0",
"fb_sig_added" => "1",
"fb_sig_api_key" => Facebooker::Session.api_key,
"fb_sig_profile_update_time" => "1203267404",
"fb_sig_user" => @fb_id }
fb_params.merge!("fb_sig" => signature_for(fb_params))
@request.accept = "text/fbml"
send(http_verb, action, params.merge(fb_params))
@request.accept = "text/html"
end
private
# TODO this is copied from session.rb MUST REFACTOR
def signature_for(params)
facebook_sig_params = params.inject({}) do |collection, pair|
collection[pair.first.sub(/^fb_sig_/, '''')] =
pair.last if
pair.first[0,7] == ''fb_sig_''
collection
end
raw_string = facebook_sig_params.map{ |*args|
args.join(''='') }.sort.join
actual_sig = Digest::MD5.hexdigest([raw_string,
Facebooker::Session.secret_key].join)
Digest::MD5.hexdigest([raw_string, Facebooker::Session.secret_key].join)
end
end
end
end
I had wanted to submit the code as a patch, but, there are two or
three glaring flaws with the code:
1) signature_for is duplicated here, because it''s a private/protected
method in Facebooker::Session. Would it be a bad idea to call
send(:singature_for) to call the protected method? Or is there
another way around it?
2) One has to call set_user_facebook_id in the setup of your tests in
order for facebook_request to work.
3) fb_sig_session_key expires over time, and I have to get another one
from a real facebook request. This is tedious. Is there a way to
generate a session key, or request a new one from facebook while
you''re in the unit tests?
I was wondering if anyone had good opinions or solutions to this, so
that they can be generic enough and clean enough for others to use.
Thanks.
