public function testSharedSessionBackedFacebookIsNotRestoredWhenCorrupt()
{
$_SERVER['HTTP_HOST'] = 'fbrell.com';
$fb = new PersistentFBPublic(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
$key = 'state';
$val = 'foo';
$shared_session_id = $fb->publicGetSharedSessionID();
$session_var_name = sprintf('%s_fb_%s_%s', $shared_session_id, self::APP_ID, $key);
$fb->publicSetPersistentData($key, $val);
$this->assertEquals($val, $_SESSION[$session_var_name]);
$this->assertEquals($val, $fb->publicGetPersistentData($key));
// break the cookie
$cookie_name = $fb->publicGetSharedSessionCookieName();
$_COOKIE[$cookie_name] = substr($_COOKIE[$cookie_name], 1);
// check the new instance does not have the data
$fb = new PersistentFBPublic(array('appId' => self::APP_ID, 'secret' => self::SECRET, 'sharedSession' => true));
$this->assertFalse($fb->publicGetPersistentData($key));
$this->assertNotEquals($shared_session_id, $fb->publicGetSharedSessionID());
}
public function testGetUserAndAccessTokenFromSignedRequestNotSession() {
$facebook = new PersistentFBPublic(array(
'appId' => self::APP_ID,
'secret' => self::SECRET
));
$_REQUEST['signed_request'] = self::$kValidSignedRequest;
$facebook->publicSetPersistentData('user_id', 41572);
$facebook->publicSetPersistentData('access_token',
self::$kExpiredAccessToken);
$this->assertNotEquals('41572', $facebook->getUser(),
'Got user from session instead of signed request.');
$this->assertEquals('1677846385', $facebook->getUser(),
'Failed to get correct user ID from signed request.');
$this->assertNotEquals(
self::$kExpiredAccessToken,
$facebook->getAccessToken(),
'Got access token from session instead of signed request.');
$this->assertNotEmpty(
$facebook->getAccessToken(),
'Failed to extract an access token from the signed request.');
}
