Skip to content

Commit 4518c2c

Browse files
Rubyist007Rubyist007
authored
Remove access token for profile picture URL (#388)
* Remove access token for profile picture URL * update README.md
1 parent 2c0c949 commit 4518c2c

File tree

3 files changed

+13
-36
lines changed

3 files changed

+13
-36
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ Here's an example *Auth Hash* available in `request.env['omniauth.auth']`:
8989
name: 'Joe Bloggs',
9090
first_name: 'Joe',
9191
last_name: 'Bloggs',
92-
image: 'http://graph.facebook.com/1234567/picture?type=square&access_token=...',
92+
image: 'http://graph.facebook.com/1234567/picture?type=square',
9393
verified: true
9494
},
9595
credentials: {

lib/omniauth/strategies/facebook.rb

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -164,15 +164,13 @@ def image_url(uid, options)
164164
uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
165165
site_uri = URI.parse(client.site)
166166
url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
167-
query = { access_token: access_token.token }
168167

169-
if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
170-
query[:type] = options[:image_size]
168+
query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
169+
{ type: options[:image_size] }
171170
elsif options[:image_size].is_a?(Hash)
172-
query.merge!(options[:image_size])
171+
options[:image_size]
173172
end
174-
175-
url.query = Rack::Utils.build_query(query)
173+
url.query = Rack::Utils.build_query(query) if query
176174

177175
url.to_s
178176
end

test/strategy_test.rb

Lines changed: 8 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -102,67 +102,54 @@ def setup
102102
end
103103

104104
class InfoTest < StrategyTestCase
105-
def setup
106-
super
107-
@access_token = stub('OAuth2::AccessToken')
108-
@access_token.stubs(:token).returns('test_access_token')
109-
end
110-
111105
test 'returns the secure facebook avatar url when `secure_image_url` option is set to true' do
112106
@options = { secure_image_url: true }
113107
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
114108
strategy.stubs(:raw_info).returns(raw_info)
115-
strategy.stubs(:access_token).returns(@access_token)
116-
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
109+
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
117110
end
118111

119112
test 'returns the non-ssl facebook avatar url when `secure_image_url` option is set to false' do
120113
@options = { secure_image_url: false }
121114
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
122115
strategy.stubs(:raw_info).returns(raw_info)
123-
strategy.stubs(:access_token).returns(@access_token)
124-
assert_equal "http://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
116+
assert_equal "http://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
125117
end
126118

127119
test 'returns the secure facebook avatar url when `secure_image_url` option is omitted' do
128120
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
129121
strategy.stubs(:raw_info).returns(raw_info)
130-
strategy.stubs(:access_token).returns(@access_token)
131-
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
122+
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
132123
end
133124

134125
test 'returns the image_url based of the client site' do
135126
@options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
136127
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
137128
strategy.stubs(:raw_info).returns(raw_info)
138-
strategy.stubs(:access_token).returns(@access_token)
139-
assert_equal "https://blah.facebook.com/v2.2/321/picture?access_token=test_access_token", strategy.info['image']
129+
assert_equal "https://blah.facebook.com/v2.2/321/picture", strategy.info['image']
140130
end
141131

142132
test 'returns the image with size specified in the `image_size` option' do
143133
@options = { image_size: 'normal' }
144134
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
145135
strategy.stubs(:raw_info).returns(raw_info)
146-
strategy.stubs(:access_token).returns(@access_token)
147-
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
136+
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?type=normal", strategy.info['image']
148137
end
149138

150139
test 'returns the image with size specified as a symbol in the `image_size` option' do
151140
@options = { image_size: :normal }
152141
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
153142
strategy.stubs(:raw_info).returns(raw_info)
154-
strategy.stubs(:access_token).returns(@access_token)
155-
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
143+
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?type=normal", strategy.info['image']
156144
end
157145

158146
test 'returns the image with width and height specified in the `image_size` option' do
159147
@options = { image_size: { width: 123, height: 987 } }
160148
raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
161149
strategy.stubs(:raw_info).returns(raw_info)
162-
strategy.stubs(:access_token).returns(@access_token)
163150
assert_match 'width=123', strategy.info['image']
164151
assert_match 'height=987', strategy.info['image']
165-
assert_match "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
152+
assert_match "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
166153
end
167154
end
168155

@@ -171,10 +158,6 @@ def setup
171158
super
172159
@raw_info ||= { 'name' => 'Fred Smith' }
173160
strategy.stubs(:raw_info).returns(@raw_info)
174-
175-
access_token = stub('OAuth2::AccessToken')
176-
access_token.stubs(:token).returns('test_access_token')
177-
strategy.stubs(:access_token).returns(access_token)
178161
end
179162

180163
test 'returns the name' do
@@ -213,7 +196,7 @@ def setup
213196

214197
test 'returns the facebook avatar url' do
215198
@raw_info['id'] = '321'
216-
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
199+
assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
217200
end
218201

219202
test 'returns the Facebook link as the Facebook url' do
@@ -252,10 +235,6 @@ def setup
252235
super
253236
@raw_info ||= { 'name' => 'Fred Smith' }
254237
strategy.stubs(:raw_info).returns(@raw_info)
255-
256-
access_token = stub('OAuth2::AccessToken')
257-
access_token.stubs(:token).returns('test_access_token')
258-
strategy.stubs(:access_token).returns(access_token)
259238
end
260239

261240
test 'has no email key' do

0 commit comments

Comments
 (0)