Session ToFacebookSession(JsonObject data)
{
if (!data.Dictionary.ContainsKey("oauth_token"))
return null;
var expires = data.Dictionary["expires"].Integer;
var sess = new Session
{
UserId = data.Dictionary["user_id"].Integer,
OAuthToken = data.Dictionary["oauth_token"].String,
// if user granted 'offline_access' permission, the 'expires' value is 0.
Expires = expires == 0 ? DateTime.MaxValue : s_unixStart.AddSeconds(expires),
};
sess.Signature = GenerateSignature(sess.ToJsonObject());
return sess;
}
/// <summary>
/// Authenticates current request. Returns <c>true</c> if the request is authenticated and an instance of <see cref="Session"/> is set; otherwise <c>false</c>.
/// </summary>
/// <param name="context">the current request context information.</param>
/// <returns><c>true</c> if the request is authenticated and an instance of <see cref="Session"/> is set; otherwise <c>false</c>.</returns>
/// <exception cref="ArgumentNullException"><paramref name="context"/> is null.</exception>
public bool Authenticate([NotNull] HttpContext context)
{
if (context == null)
throw FacebookApi.Nre("context");
bool saveSession = true;
HttpRequest req = context.Request;
Session session = null;
// try loading session from signed_request
var sr = GetSignedRequest(req.QueryString);
if (sr != null) // sig is good, use the signedRequest
session = ToFacebookSession(sr);
// // try to load unsigned session
string reqSession = req.QueryString["session"];
if (session == null && !String.IsNullOrEmpty(reqSession))
session = ValidateSession(JsonObject.CreateFromString(reqSession, Culture));
ISessionStorage ss = SessionStorage;
if (session == null && ss != null)
{
session = ss.Session;
if (session != null
&& !ss.IsSecure
&& session.Signature != GenerateSignature(session.ToJsonObject()))
{
session = null;
}
saveSession = session == null;
}
_fbSession = session;
if (ss != null && saveSession)
ss.Session = _fbSession;
return _fbSession != null;
}
///<summary>
/// Begin to authenticate current request synchronously. Returns <c>true</c> if the request is authenticated and <see cref="Session"/> is set; otherwise <c>false</c>.
///</summary>
///<param name="context">http context to authenticate.</param>
///<param name="cb">a callback to call upon operation is completed.</param>
///<param name="state">the user state to pass to the callback.</param>
///<exception cref="ArgumentNullException"><paramref name="context"/> is null.</exception>
public IAsyncResult BeginAuthenticateRequest([NotNull] HttpContext context, [CanBeNull] AsyncCallback cb, [CanBeNull] object state)
{
if (context == null)
throw FacebookApi.Nre("context");
bool saveSession = true;
var tar = new TypedAsyncResult<bool>(cb, state);
string code = context.Request.QueryString["code"];
if (!String.IsNullOrEmpty(code))
return BeginAuthenticate(code, GetCurrentUrl(context),
tar.AsSafe(ar =>
{
EndAuthenticate(ar);
SaveSession(context);
tar.Complete(IsAuthenticated, false);
}),
null);
ISessionStorage ss = SessionStorage;
if (ss != null)
{
_fbSession = ss.Session;
if (_fbSession != null
&& !ss.IsSecure
&& _fbSession.Signature != GenerateSignature(_fbSession.ToJsonObject()))
{
_fbSession = null;
}
saveSession = _fbSession == null;
}
if (saveSession)
SaveSession(context);
tar.Complete(true);
return tar;
}
void ParseAuthResult(string contentType, string json)
{
switch (contentType)
{
case "text/plain":
NameValueCollection nvc = HttpUtility.ParseQueryString(json);
_fbSession = new Session
{
OAuthToken = nvc["access_token"],
Expires = DateTime.UtcNow.AddSeconds(Convert.ToInt64(nvc["expires"], CultureInfo.InvariantCulture)),
};
_fbSession.Signature = GenerateSignature(_fbSession.ToJsonObject());
break;
case "text/javascript":
var obj = JsonObject.CreateFromString(json, CultureInfo.InvariantCulture);
if (obj.IsDictionary)
FacebookApi.ThrowIfError(obj);
throw FacebookApi.UnexpectedResponse(json);
default:
throw FacebookApi.UnexpectedResponse(json);
}
}
///<summary>
/// Authenticates current request synchronously. Returns <c>true</c> if the request is authenticated and <see cref="Session"/> is set; otherwise <c>false</c>.
///</summary>
///<param name="context">http context to authenticate.</param>
///<returns></returns>
///<exception cref="ArgumentNullException"><paramref name="context"/> is null.</exception>
///<exception cref="FacebookApiException"></exception>
///<exception cref="TimeoutException">The operation took longer then <see cref="AuthContextBase.Timeout"/>.</exception>
public bool AuthenticateRequest([NotNull] HttpContext context)
{
if (context == null)
throw FacebookApi.Nre("context");
bool saveSession = true;
string code = context.Request.QueryString["code"];
if (!String.IsNullOrEmpty(code))
{
Authenticate(code, GetCurrentUrl(context));
}
else
{
ISessionStorage ss = SessionStorage;
if (ss != null)
{
_fbSession = ss.Session;
if (_fbSession != null
&& !ss.IsSecure
&& _fbSession.Signature != GenerateSignature(_fbSession.ToJsonObject()))
{
_fbSession = null;
}
saveSession = _fbSession == null;
}
}
if (saveSession)
SaveSession(context);
return _fbSession != null;
}
