public function testSharedSessionBackedFacebookIsNotRestoredWhenCorrupt() { $_SERVER['HTTP_HOST'] = 'fbrell.com'; $fb = new PersistentFBPublic(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true)); $key = 'state'; $val = 'foo'; $shared_session_id = $fb->publicGetSharedSessionID(); $session_var_name = sprintf('%s_fb_%s_%s', $shared_session_id, self::APP_ID, $key); $fb->publicSetPersistentData($key, $val); $this->assertEquals($val, $_SESSION[$session_var_name]); $this->assertEquals($val, $fb->publicGetPersistentData($key)); // break the cookie $cookie_name = $fb->publicGetSharedSessionCookieName(); $_COOKIE[$cookie_name] = substr($_COOKIE[$cookie_name], 1); // check the new instance does not have the data $fb = new PersistentFBPublic(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true)); $this->assertFalse($fb->publicGetPersistentData($key)); $this->assertNotEquals($shared_session_id, $fb->publicGetSharedSessionID()); }
public function testGetUserAndAccessTokenFromSignedRequestNotSession() { $facebook = new PersistentFBPublic(array( 'appId' => self::APP_ID, 'secret' => self::SECRET )); $_REQUEST['signed_request'] = self::$kValidSignedRequest; $facebook->publicSetPersistentData('user_id', 41572); $facebook->publicSetPersistentData('access_token', self::$kExpiredAccessToken); $this->assertNotEquals('41572', $facebook->getUser(), 'Got user from session instead of signed request.'); $this->assertEquals('1677846385', $facebook->getUser(), 'Failed to get correct user ID from signed request.'); $this->assertNotEquals( self::$kExpiredAccessToken, $facebook->getAccessToken(), 'Got access token from session instead of signed request.'); $this->assertNotEmpty( $facebook->getAccessToken(), 'Failed to extract an access token from the signed request.'); }