cirandas.net

ref: master

plugins/fb_app/models/fb_app_plugin/auth.rb

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

class FbAppPlugin::Auth < OauthClientPlugin::Auth

  module Status
    Connected = 'connected'
    NotAuthorized = 'not_authorized'
    Unknown = 'unknown'
  end

  settings_items :signed_request
  settings_items :fb_user

  attr_accessible :provider_user_id, :signed_request

  before_create :update_user
  before_create :exchange_token
  after_create :schedule_exchange_token
  after_destroy :destroy_page_tabs
  before_validation :set_enabled

  validates_presence_of :provider_user_id
  validates_uniqueness_of :provider_user_id, scope: :profile_id

  def self.parse_signed_request signed_request, credentials = FbAppPlugin.page_tab_app_credentials
    secret = credentials[:secret] rescue ''
    request = Facebook::SignedRequest.new signed_request, secret: secret
    request.data
  end

  def status
    if self.access_token.present? and self.not_expired? then Status::Connected else Status::NotAuthorized end
  end
  def not_authorized?
    self.status == Status::NotAuthorized
  end
  def connected?
    self.status == Status::Connected
  end

  def exchange_token
    app_id = FbAppPlugin.timeline_app_credentials[:id]
    app_secret = FbAppPlugin.timeline_app_credentials[:secret]
    fb_auth = FbGraph2::Auth.new app_id, app_secret
    fb_auth.fb_exchange_token = self.access_token

    access_token = fb_auth.access_token!
    self.access_token = access_token.access_token
    self.expires_in = access_token.expires_in
    # refresh user and its stored access token
    self.fetch_user
  end

  def exchange_token!
    self.exchange_token
    self.save!
  end

  def signed_request_data
    self.class.parse_signed_request self.signed_request
  end

  def fetch_user
    fb_user = FbGraph2::User.me self.access_token
    self.fb_user = fb_user.fetch
  end
  def update_user
    self.fb_user = self.fetch_user
  end

  protected

  def destroy_page_tabs
    self.profile.fb_app_page_tabs.destroy_all
  end

  def exchange_token_and_reschedule!
    self.exchange_token!
    self.schedule_exchange_token
  end

  def schedule_exchange_token
    return unless self.expires_at < Time.now
    self.delay(run_at: self.expires_at - 2.weeks).exchange_token_and_reschedule!
  end

  def set_enabled
    self.enabled = self.not_expired?
  end

end