'foo_token', 'algorithm' => 'HMAC-SHA256', 'issued_at' => 321, 'code' => 'foo_code', 'state' => 'foo_state', 'user_id' => 123, 'foo' => 'bar', ); public function testValidSignedRequestsWillPassFormattingValidation() { $sr = SignedRequest::make($this->payloadData, $this->appSecret); SignedRequest::validateFormat($sr); } /** * @expectedException \Facebook\FacebookSDKException */ public function testInvalidSignedRequestsWillFailFormattingValidation() { SignedRequest::validateFormat('invalid_signed_request'); } public function testSignatureAndPayloadCanBeSeparatedInSignedRequests() { list($sig, $payload) = SignedRequest::split('sig.payload'); $this->assertEquals('sig', $sig); $this->assertEquals('payload', $payload); } public function testBase64EncodingIsUrlSafe() { $encodedData = SignedRequest::base64UrlEncode('aijkoprstADIJKLOPQTUVX1256!)]-:;"<>?.|~'); $this->assertEquals('YWlqa29wcnN0QURJSktMT1BRVFVWWDEyNTYhKV0tOjsiPD4_Lnx-', $encodedData); } public function testAUrlSafeBase64EncodedStringCanBeDecoded() { $decodedData = SignedRequest::base64UrlDecode('YWlqa29wcnN0QURJSktMT1BRVFVWWDEyNTYhKV0tOjsiPD4/Lnx+'); $this->assertEquals('aijkoprstADIJKLOPQTUVX1256!)]-:;"<>?.|~', $decodedData); } public function testAValidEncodedSignatureCanBeDecoded() { $decodedSig = SignedRequest::decodeSignature('c2ln'); $this->assertEquals('sig', $decodedSig); } /** * @expectedException \Facebook\FacebookSDKException */ public function testAnImproperlyEncodedSignatureWillThrowAnException() { SignedRequest::decodeSignature('foo!'); } public function testAValidEncodedPayloadCanBeDecoded() { $decodedPayload = SignedRequest::decodePayload('WyJwYXlsb2FkIl0='); $this->assertEquals(array('payload'), $decodedPayload); } /** * @expectedException \Facebook\FacebookSDKException */ public function testAnImproperlyEncodedPayloadWillThrowAnException() { SignedRequest::decodePayload('foo!'); } public function testSignedRequestDataMustContainTheHmacSha256Algorithm() { SignedRequest::validateAlgorithm($this->payloadData); } /** * @expectedException \Facebook\FacebookSDKException */ public function testNonApprovedAlgorithmsWillThrowAnException() { $signedRequestData = $this->payloadData; $signedRequestData['algorithm'] = 'FOO-ALGORITHM'; SignedRequest::validateAlgorithm($signedRequestData); } public function testASignatureHashCanBeGeneratedFromBase64EncodedData() { $hashedSig = SignedRequest::hashSignature('WyJwYXlsb2FkIl0=', $this->appSecret); $expectedSig = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s='); $this->assertEquals($expectedSig, $hashedSig); } public function testTwoBinaryStringsCanBeComparedForSignatureValidation() { $hashedSig = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s='); SignedRequest::validateSignature($hashedSig, $hashedSig); } /** * @expectedException \Facebook\FacebookSDKException */ public function testNonSameBinaryStringsWillThrowAnExceptionForSignatureValidation() { $hashedSig1 = base64_decode('bFofyO2sERX73y8uvuX26SLodv0mZ+Zk18d8b3zhD+s='); $hashedSig2 = base64_decode('GJy4HzkRtCeZA0cJjdZJtGfovcdxgl/AERI20S4MY7c='); SignedRequest::validateSignature($hashedSig1, $hashedSig2); } public function testASignedRequestWillPassCsrfValidation() { SignedRequest::validateCsrf($this->payloadData, 'foo_state'); } /** * @expectedException \Facebook\FacebookSDKException */ public function testASignedRequestWithIncorrectCsrfDataWillThrowAnException() { SignedRequest::validateCsrf($this->payloadData, 'invalid_foo_state'); } public function testARawSignedRequestCanBeValidatedAndDecoded() { $payload = SignedRequest::parse($this->rawSignedRequest, 'foo_state', $this->appSecret); $this->assertEquals($this->payloadData, $payload); } public function testARawSignedRequestCanBeInjectedIntoTheConstructorToInstantiateANewEntity() { $signedRequest = new SignedRequest($this->rawSignedRequest, 'foo_state', $this->appSecret); $rawSignedRequest = $signedRequest->getRawSignedRequest(); $payloadData = $signedRequest->getPayload(); $userId = $signedRequest->getUserId(); $hasOAuthData = $signedRequest->hasOAuthData(); $this->assertInstanceOf('\Facebook\Entities\SignedRequest', $signedRequest); $this->assertEquals($this->rawSignedRequest, $rawSignedRequest); $this->assertEquals($this->payloadData, $payloadData); $this->assertEquals(123, $userId); $this->assertTrue($hasOAuthData); } }