tests.php | searchcode

/custom/include/social/facebook/facebook_sdk/tests/tests.php

https://github.com/BarnetikKoop/SuiteCRM
PHP | 2125 lines | 1837 code | 214 blank | 74 comment | 8 complexity | ae9cc21f0c90dd921e69f680334709b5 MD5 | raw file
Possible License(s): AGPL-3.0, LGPL-2.1, MPL-2.0-no-copyleft-exception

<?php
/**
 * Copyright 2011 Facebook, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License. You may obtain
 * a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.
 */

class PHPSDKTestCase extends PHPUnit_Framework_TestCase {
  const APP_ID = '117743971608120';
  const SECRET = '9c8ea2071859659bea1246d33a9207cf';

  const MIGRATED_APP_ID = '174236045938435';
  const MIGRATED_SECRET = '0073dce2d95c4a5c2922d1827ea0cca6';

  const TEST_USER   = 499834690;
  const TEST_USER_2 = 499835484;

  private static $kExpiredAccessToken = 'AAABrFmeaJjgBAIshbq5ZBqZBICsmveZCZBi6O4w9HSTkFI73VMtmkL9jLuWsZBZC9QMHvJFtSulZAqonZBRIByzGooCZC8DWr0t1M4BL9FARdQwPWPnIqCiFQ';

  private static function kValidSignedRequest($id = self::TEST_USER, $oauth_token = null) {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    return $facebook->publicMakeSignedRequest(
      array(
        'user_id' => $id,
        'oauth_token' => $oauth_token
      )
    );
  }

  private static function kNonTosedSignedRequest() {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    return $facebook->publicMakeSignedRequest(array());
  }

  private static function kSignedRequestWithEmptyValue() {
    return '';
  }

  private static function kSignedRequestWithBogusSignature() {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => 'bogus',
    ));
    return $facebook->publicMakeSignedRequest(
      array(
        'algorithm' => 'HMAC-SHA256',
      )
    );
  }

  private static function kSignedRequestWithWrongAlgo() {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $data['algorithm'] = 'foo';
    $json = json_encode($data);
    $b64 = $facebook->publicBase64UrlEncode($json);
    $raw_sig = hash_hmac('sha256', $b64, self::SECRET, $raw = true);
    $sig = $facebook->publicBase64UrlEncode($raw_sig);
    return $sig.'.'.$b64;
  }

  public function testConstructor() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $this->assertEquals($facebook->getAppId(), self::APP_ID,
                        'Expect the App ID to be set.');
    $this->assertEquals($facebook->getAppSecret(), self::SECRET,
                        'Expect the API secret to be set.');
  }

  public function testConstructorWithFileUpload() {
    $facebook = new TransientFacebook(array(
      'appId'      => self::APP_ID,
      'secret'     => self::SECRET,
      'fileUpload' => true,
    ));
    $this->assertEquals($facebook->getAppId(), self::APP_ID,
                        'Expect the App ID to be set.');
    $this->assertEquals($facebook->getAppSecret(), self::SECRET,
                        'Expect the API secret to be set.');
    $this->assertTrue($facebook->getFileUploadSupport(),
                      'Expect file upload support to be on.');
    // alias (depricated) for getFileUploadSupport -- test until removed
    $this->assertTrue($facebook->useFileUploadSupport(),
                      'Expect file upload support to be on.');
  }

  public function testSetAppId() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $facebook->setAppId('dummy');
    $this->assertEquals($facebook->getAppId(), 'dummy',
                        'Expect the App ID to be dummy.');
  }

  public function testSetAPISecret() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $facebook->setApiSecret('dummy');
    $this->assertEquals($facebook->getApiSecret(), 'dummy',
                        'Expect the API secret to be dummy.');
  }

  public function testSetAPPSecret() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $facebook->setAppSecret('dummy');
    $this->assertEquals($facebook->getAppSecret(), 'dummy',
                        'Expect the API secret to be dummy.');
  }

  public function testSetAccessToken() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setAccessToken('saltydog');
    $this->assertEquals($facebook->getAccessToken(), 'saltydog',
                        'Expect installed access token to remain \'saltydog\'');
  }

  public function testSetFileUploadSupport() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $this->assertFalse($facebook->getFileUploadSupport(),
                       'Expect file upload support to be off.');
    // alias for getFileUploadSupport (depricated), testing until removed
    $this->assertFalse($facebook->useFileUploadSupport(),
                       'Expect file upload support to be off.');
    $facebook->setFileUploadSupport(true);
    $this->assertTrue($facebook->getFileUploadSupport(),
                      'Expect file upload support to be on.');
    // alias for getFileUploadSupport (depricated), testing until removed
    $this->assertTrue($facebook->useFileUploadSupport(),
                      'Expect file upload support to be on.');
  }

  public function testGetCurrentURL() {
    $facebook = new FBGetCurrentURLFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    // fake the HPHP $_SERVER globals
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=one&two=two&three=three';
    $current_url = $facebook->publicGetCurrentUrl();
    $this->assertEquals(
      'http://www.test.com/unit-tests.php?one=one&two=two&three=three',
      $current_url,
      'getCurrentUrl function is changing the current URL');

    // ensure structure of valueless GET params is retained (sometimes
    // an = sign was present, and sometimes it was not)
    // first test when equal signs are present
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php?one=&two=&three=';
    $current_url = $facebook->publicGetCurrentUrl();
    $this->assertEquals(
      'http://www.test.com/unit-tests.php?one=&two=&three=',
      $current_url,
      'getCurrentUrl function is changing the current URL');

    // now confirm that
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php?one&two&three';
    $current_url = $facebook->publicGetCurrentUrl();
    $this->assertEquals(
      'http://www.test.com/unit-tests.php?one&two&three',
      $current_url,
      'getCurrentUrl function is changing the current URL');
  }

  public function testGetLoginURL() {
    $facebook = new Facebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    // fake the HPHP $_SERVER globals
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php';
    $login_url = parse_url($facebook->getLoginUrl());
    $this->assertEquals($login_url['scheme'], 'https');
    $this->assertEquals($login_url['host'], 'www.facebook.com');
    $this->assertEquals($login_url['path'], '/dialog/oauth');
    $expected_login_params =
      array('client_id' => self::APP_ID,
            'redirect_uri' => 'http://www.test.com/unit-tests.php');

    $query_map = array();
    parse_str($login_url['query'], $query_map);
    $this->assertIsSubset($expected_login_params, $query_map);
    // we don't know what the state is, but we know it's an md5 and should
    // be 32 characters long.
    $this->assertEquals(strlen($query_map['state']), $num_characters = 32);
  }

  public function testGetLoginURLWithExtraParams() {
    $facebook = new Facebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    // fake the HPHP $_SERVER globals
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php';
    $extra_params = array('scope' => 'email, sms',
                          'nonsense' => 'nonsense');
    $login_url = parse_url($facebook->getLoginUrl($extra_params));
    $this->assertEquals($login_url['scheme'], 'https');
    $this->assertEquals($login_url['host'], 'www.facebook.com');
    $this->assertEquals($login_url['path'], '/dialog/oauth');
    $expected_login_params =
      array_merge(
        array('client_id' => self::APP_ID,
              'redirect_uri' => 'http://www.test.com/unit-tests.php'),
        $extra_params);
    $query_map = array();
    parse_str($login_url['query'], $query_map);
    $this->assertIsSubset($expected_login_params, $query_map);
    // we don't know what the state is, but we know it's an md5 and should
    // be 32 characters long.
    $this->assertEquals(strlen($query_map['state']), $num_characters = 32);
  }

  public function testGetLoginURLWithScopeParamsAsArray() {
    $facebook = new Facebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    // fake the HPHP $_SERVER globals
    $_SERVER['HTTP_HOST'] = 'www.test.com';
    $_SERVER['REQUEST_URI'] = '/unit-tests.php';
    $scope_params_as_array = array('email','sms','read_stream');
    $extra_params = array('scope' => $scope_params_as_array,
                          'nonsense' => 'nonsense');
    $login_url = parse_url($facebook->getLoginUrl($extra_params));
    $this->assertEquals($login_url['scheme'], 'https');
    $this->assertEquals($login_url['host'], 'www.facebook.com');
    $this->assertEquals($login_url['path'], '/dialog/oauth');
    // expect api to flatten array params to comma separated list
    // should do the same here before asserting to make sure API is behaving
    // correctly;
    $extra_params['scope'] = implode(',', $scope_params_as_array);
    $expected_login_params =
      array_merge(
        array('client_id' => self::APP_ID,
              'redirect_uri' => 'http://www.test.com/unit-tests.php'),
        $extra_params);
    $query_map = array();
    parse_str($login_url['query'], $query_map);
    $this->assertIsSubset($expected_login_params, $query_map);
    // we don't know what the state is, but we know it's an md5 and should
    // be 32 characters long.
    $this->assertEquals(strlen($query_map['state']), $num_characters = 32);
  }

  public function testGetCodeWithValidCSRFState() {
    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setCSRFStateToken();
    $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue();
    $_REQUEST['state'] = $facebook->getCSRFStateToken();
    $this->assertEquals($code,
                        $facebook->publicGetCode(),
                        'Expect code to be pulled from $_REQUEST[\'code\']');
  }

  public function testGetCodeWithInvalidCSRFState() {
    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setCSRFStateToken();
    $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue();
    $_REQUEST['state'] = $facebook->getCSRFStateToken().'forgery!!!';
    $this->assertFalse($facebook->publicGetCode(),
                       'Expect getCode to fail, CSRF state should not match.');
  }

  public function testGetCodeWithMissingCSRFState() {
    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $code = $_REQUEST['code'] = $this->generateMD5HashOfRandomValue();
    // intentionally don't set CSRF token at all
    $this->assertFalse($facebook->publicGetCode(),
                       'Expect getCode to fail, CSRF state not sent back.');
  }

  public function testPersistentCSRFState()
  {
    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $facebook->setCSRFStateToken();
    $code = $facebook->getCSRFStateToken();

    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $this->assertEquals($code, $facebook->publicGetState(),
            'Persisted CSRF state token not loaded correctly');
  }

  public function testPersistentCSRFStateWithSharedSession()
  {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $facebook->setCSRFStateToken();
    $code = $facebook->getCSRFStateToken();

    $facebook = new FBCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));

    $this->assertEquals($code, $facebook->publicGetState(),
            'Persisted CSRF state token not loaded correctly with shared session');
  }

  public function testGetUserFromSignedRequest() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $_REQUEST['signed_request'] = self::kValidSignedRequest();
    $this->assertEquals('499834690', $facebook->getUser(),
                        'Failed to get user ID from a valid signed request.');
  }

  public function testDisallowSignedRequest() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'allowSignedRequest' => false
    ));

    $_REQUEST['signed_request'] = self::kValidSignedRequest();
    $this->assertEquals(0, $facebook->getUser(),
        'Should not have received valid user from signed_request.');
  }


    public function testSignedRequestRewrite(){
    $facebook = new FBRewrite(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $_REQUEST['signed_request'] = self::kValidSignedRequest(self::TEST_USER, 'Hello sweetie');

    $this->assertEquals(self::TEST_USER, $facebook->getUser(),
                        'Failed to get user ID from a valid signed request.');

    $this->assertEquals('Hello sweetie', $facebook->getAccessToken(),
                        'Failed to get access token from signed request');

    $facebook->uncache();

    $_REQUEST['signed_request'] = self::kValidSignedRequest(self::TEST_USER_2, 'spoilers');

    $this->assertEquals(self::TEST_USER_2, $facebook->getUser(),
                        'Failed to get user ID from a valid signed request.');

    $_REQUEST['signed_request'] = null;
    $facebook ->uncacheSignedRequest();

    $this->assertNotEquals('Hello sweetie', $facebook->getAccessToken(),
                        'Failed to clear access token');
  }

  public function testGetSignedRequestFromCookie() {
    $facebook = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $_COOKIE[$facebook->publicGetSignedRequestCookieName()] =
      self::kValidSignedRequest();
    $this->assertNotNull($facebook->publicGetSignedRequest());
    $this->assertEquals('499834690', $facebook->getUser(),
                        'Failed to get user ID from a valid signed request.');
  }

  public function testGetSignedRequestWithIncorrectSignature() {
    $facebook = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $_COOKIE[$facebook->publicGetSignedRequestCookieName()] =
      self::kSignedRequestWithBogusSignature();
    $this->assertNull($facebook->publicGetSignedRequest());
  }

  public function testNonUserAccessToken() {
    $facebook = new FBAccessToken(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    // no cookies, and no request params, so no user or code,
    // so no user access token (even with cookie support)
    $this->assertEquals($facebook->publicGetApplicationAccessToken(),
                        $facebook->getAccessToken(),
                        'Access token should be that for logged out users.');
  }

  public function testMissingMetadataCookie() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $this->assertEmpty($fb->publicGetMetadataCookie());
  }

  public function testEmptyMetadataCookie() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $_COOKIE[$fb->publicGetMetadataCookieName()] = '';
    $this->assertEmpty($fb->publicGetMetadataCookie());
  }

  public function testMetadataCookie() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = 'foo';
    $val = '42';
    $_COOKIE[$fb->publicGetMetadataCookieName()] = "$key=$val";
    $this->assertEquals(array($key => $val), $fb->publicGetMetadataCookie());
  }

  public function testQuotedMetadataCookie() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = 'foo';
    $val = '42';
    $_COOKIE[$fb->publicGetMetadataCookieName()] = "\"$key=$val\"";
    $this->assertEquals(array($key => $val), $fb->publicGetMetadataCookie());
  }

  public function testAPIForLoggedOutUsers() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $response = $facebook->api(array(
      'method' => 'fql.query',
      'query' => 'SELECT name FROM user WHERE uid=4',
    ));
    $this->assertEquals(count($response), 1,
                        'Expect one row back.');
    $this->assertEquals($response[0]['name'], 'Mark Zuckerberg',
                        'Expect the name back.');
  }

  public function testAPIWithBogusAccessToken() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setAccessToken('this-is-not-really-an-access-token');
    // if we don't set an access token and there's no way to
    // get one, then the FQL query below works beautifully, handing
    // over Zuck's public data.  But if you specify a bogus access
    // token as I have right here, then the FQL query should fail.
    // We could return just Zuck's public data, but that wouldn't
    // advertise the issue that the access token is at worst broken
    // and at best expired.
    try {
      $response = $facebook->api(array(
        'method' => 'fql.query',
        'query' => 'SELECT name FROM profile WHERE id=4',
      ));
      $this->fail('Should not get here.');
    } catch(FacebookApiException $e) {
      $result = $e->getResult();
      $this->assertTrue(is_array($result), 'expect a result object');
      $this->assertEquals('190', $result['error_code'], 'expect code');
    }
  }

  public function testAPIGraphPublicData() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $response = $facebook->api('/jerry');
    $this->assertEquals(
      $response['id'], '214707', 'should get expected id.');
  }

  public function testGraphAPIWithBogusAccessToken() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setAccessToken('this-is-not-really-an-access-token');
    try {
      $response = $facebook->api('/me');
      $this->fail('Should not get here.');
    } catch(FacebookApiException $e) {
      // means the server got the access token and didn't like it
      $msg = 'OAuthException: Invalid OAuth access token.';
      $this->assertEquals($msg, (string) $e,
                          'Expect the invalid OAuth token message.');
    }
  }

  public function testGraphAPIWithExpiredAccessToken() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $facebook->setAccessToken(self::$kExpiredAccessToken);
    try {
      $response = $facebook->api('/me');
      $this->fail('Should not get here.');
    } catch(FacebookApiException $e) {
      // means the server got the access token and didn't like it
      $error_msg_start = 'OAuthException: Error validating access token:';
      $this->assertTrue(strpos((string) $e, $error_msg_start) === 0,
                        'Expect the token validation error message.');
    }
  }

  public function testGraphAPIOAuthSpecError() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::MIGRATED_APP_ID,
      'secret' => self::MIGRATED_SECRET,
    ));

    try {
      $response = $facebook->api('/me', array(
        'client_id' => self::MIGRATED_APP_ID));

      $this->fail('Should not get here.');
    } catch(FacebookApiException $e) {
      // means the server got the access token
      $msg = 'invalid_request: An active access token must be used '.
             'to query information about the current user.';
      $this->assertEquals($msg, (string) $e,
                          'Expect the invalid session message.');
    }
  }

  public function testGraphAPIMethodOAuthSpecError() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::MIGRATED_APP_ID,
      'secret' => self::MIGRATED_SECRET,
    ));

    try {
      $response = $facebook->api('/daaku.shah', 'DELETE', array(
        'client_id' => self::MIGRATED_APP_ID));
      $this->fail('Should not get here.');
    } catch(FacebookApiException $e) {
      $this->assertEquals(strpos($e, 'invalid_request'), 0);
    }
  }

  public function testCurlFailure() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    if (!defined('CURLOPT_TIMEOUT_MS')) {
      // can't test it if we don't have millisecond timeouts
      return;
    }

    $exception = null;
    try {
      // we dont expect facebook will ever return in 1ms
      Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS] = 50;
      $facebook->api('/naitik');
    } catch(FacebookApiException $e) {
      $exception = $e;
    }
    unset(Facebook::$CURL_OPTS[CURLOPT_TIMEOUT_MS]);
    if (!$exception) {
      $this->fail('no exception was thrown on timeout.');
    }

    $code = $exception->getCode();
    if ($code != CURLE_OPERATION_TIMEOUTED && $code != CURLE_COULDNT_CONNECT) {
      $this->fail("Expected curl error code 7 or 28 but got: $code");
    }
    $this->assertEquals('CurlException', $exception->getType(), 'expect type');
  }

  public function testGraphAPIWithOnlyParams() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));

    $response = $facebook->api('/jerry');
    $this->assertTrue(isset($response['id']),
                      'User ID should be public.');
    $this->assertTrue(isset($response['name']),
                      'User\'s name should be public.');
    $this->assertTrue(isset($response['first_name']),
                      'User\'s first name should be public.');
    $this->assertTrue(isset($response['last_name']),
                      'User\'s last name should be public.');
    $this->assertFalse(isset($response['work']),
                       'User\'s work history should only be available with '.
                       'a valid access token.');
    $this->assertFalse(isset($response['education']),
                       'User\'s education history should only be '.
                       'available with a valid access token.');
    $this->assertFalse(isset($response['verified']),
                       'User\'s verification status should only be '.
                       'available with a valid access token.');
  }

  public function testLoginURLDefaults() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl),
                         'Expect the current url to exist.');
  }

  public function testLoginURLDefaultsDropStateQueryParam() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples?state=xx42xx';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $expectEncodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1,
                      'Expect the current url to exist.');
    $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'),
                       'Expect the session param to be dropped.');
  }

  public function testLoginURLDefaultsDropCodeQueryParam() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples?code=xx42xx';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $expectEncodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertTrue(strpos($facebook->getLoginUrl(), $expectEncodedUrl) > -1,
                      'Expect the current url to exist.');
    $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'),
                       'Expect the session param to be dropped.');
  }

  public function testLoginURLDefaultsDropSignedRequestParamButNotOthers() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] =
      '/examples?signed_request=xx42xx&do_not_drop=xx43xx';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $expectEncodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertFalse(strpos($facebook->getLoginUrl(), 'xx42xx'),
                       'Expect the session param to be dropped.');
    $this->assertTrue(strpos($facebook->getLoginUrl(), 'xx43xx') > -1,
                      'Expect the do_not_drop param to exist.');
  }

  public function testLoginURLCustomNext() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $next = 'http://fbrell.com/custom';
    $loginUrl = $facebook->getLoginUrl(array(
      'redirect_uri' => $next,
      'cancel_url' => $next
    ));
    $currentEncodedUrl = rawurlencode('http://fbrell.com/examples');
    $expectedEncodedUrl = rawurlencode($next);
    $this->assertNotNull(strpos($loginUrl, $expectedEncodedUrl),
                         'Expect the custom url to exist.');
    $this->assertFalse(strpos($loginUrl, $currentEncodedUrl),
                      'Expect the current url to not exist.');
  }

  public function testLogoutURLDefaults() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertNotNull(strpos($facebook->getLogoutUrl(), $encodedUrl),
                         'Expect the current url to exist.');
    $this->assertFalse(strpos($facebook->getLogoutUrl(), self::SECRET));
  }

  public function testLoginStatusURLDefaults() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('http://fbrell.com/examples');
    $this->assertNotNull(strpos($facebook->getLoginStatusUrl(), $encodedUrl),
                         'Expect the current url to exist.');
  }

  public function testLoginStatusURLCustom() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl1 = rawurlencode('http://fbrell.com/examples');
    $okUrl = 'http://fbrell.com/here1';
    $encodedUrl2 = rawurlencode($okUrl);
    $loginStatusUrl = $facebook->getLoginStatusUrl(array(
      'ok_session' => $okUrl,
    ));
    $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl1),
                         'Expect the current url to exist.');
    $this->assertNotNull(strpos($loginStatusUrl, $encodedUrl2),
                         'Expect the custom url to exist.');
  }

  public function testNonDefaultPort() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com:8080';
    $_SERVER['REQUEST_URI'] = '/examples';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('http://fbrell.com:8080/examples');
    $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl),
                         'Expect the current url to exist.');
  }

  public function testSecureCurrentUrl() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $_SERVER['REQUEST_URI'] = '/examples';
    $_SERVER['HTTPS'] = 'on';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('https://fbrell.com/examples');
    $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl),
                         'Expect the current url to exist.');
  }

  public function testSecureCurrentUrlWithNonDefaultPort() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com:8080';
    $_SERVER['REQUEST_URI'] = '/examples';
    $_SERVER['HTTPS'] = 'on';
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $encodedUrl = rawurlencode('https://fbrell.com:8080/examples');
    $this->assertNotNull(strpos($facebook->getLoginUrl(), $encodedUrl),
                         'Expect the current url to exist.');
  }

  public function testBase64UrlEncode() {
    $input = 'Facebook rocks';
    $output = 'RmFjZWJvb2sgcm9ja3M';

    $this->assertEquals(FBPublic::publicBase64UrlDecode($output), $input);
  }

  public function testSignedToken() {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $sr = self::kValidSignedRequest();
    $payload = $facebook->publicParseSignedRequest($sr);
    $this->assertNotNull($payload, 'Expected token to parse');
    $this->assertEquals($facebook->getSignedRequest(), null);
    $_REQUEST['signed_request'] = $sr;
    $this->assertEquals($facebook->getSignedRequest(), $payload);
  }

  public function testNonTossedSignedtoken() {
    $facebook = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $payload = $facebook->publicParseSignedRequest(
      self::kNonTosedSignedRequest());
    $this->assertNotNull($payload, 'Expected token to parse');
    $this->assertNull($facebook->getSignedRequest());
    $_REQUEST['signed_request'] = self::kNonTosedSignedRequest();
    $sr = $facebook->getSignedRequest();
    $this->assertTrue(isset($sr['algorithm']));
  }

  public function testSignedRequestWithEmptyValue() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $_REQUEST['signed_request'] = self::kSignedRequestWithEmptyValue();
    $this->assertNull($fb->getSignedRequest());
    $_COOKIE[$fb->publicGetSignedRequestCookieName()] =
      self::kSignedRequestWithEmptyValue();
    $this->assertNull($fb->getSignedRequest());
  }

  public function testSignedRequestWithWrongAlgo() {
    $fb = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $payload = $fb->publicParseSignedRequest(
      self::kSignedRequestWithWrongAlgo());
    $this->assertNull($payload, 'Expected nothing back.');
  }

  public function testMakeAndParse() {
    $fb = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $data = array('foo' => 42);
    $sr = $fb->publicMakeSignedRequest($data);
    $decoded = $fb->publicParseSignedRequest($sr);
    $this->assertEquals($data['foo'], $decoded['foo']);
  }

  /**
   * @expectedException InvalidArgumentException
   */
  public function testMakeSignedRequestExpectsArray() {
    $fb = new FBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $sr = $fb->publicMakeSignedRequest('');
  }

  public function testBundledCACert() {
    $facebook = new TransientFacebook(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));

      // use the bundled cert from the start
    Facebook::$CURL_OPTS[CURLOPT_CAINFO] =
      dirname(__FILE__) . '/../src/fb_ca_chain_bundle.crt';
    $response = $facebook->api('/naitik');

    unset(Facebook::$CURL_OPTS[CURLOPT_CAINFO]);
    $this->assertEquals(
      $response['id'], '5526183', 'should get expected id.');
  }

  public function testVideoUpload() {
    $facebook = new FBRecordURL(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));

    $facebook->api(array('method' => 'video.upload'));
    $this->assertContains('//api-video.', $facebook->getRequestedURL(),
                          'video.upload should go against api-video');
  }

  public function testVideoUploadGraph() {
    $facebook = new FBRecordURL(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));

    $facebook->api('/me/videos', 'POST');
    $this->assertContains('//graph-video.', $facebook->getRequestedURL(),
                          '/me/videos should go against graph-video');
  }

  public function testGetUserAndAccessTokenFromSession() {
    $facebook = new PersistentFBPublic(array(
                                         'appId'  => self::APP_ID,
                                         'secret' => self::SECRET
                                       ));

    $facebook->publicSetPersistentData('access_token',
                                       self::$kExpiredAccessToken);
    $facebook->publicSetPersistentData('user_id', 12345);
    $this->assertEquals(self::$kExpiredAccessToken,
                        $facebook->getAccessToken(),
                        'Get access token from persistent store.');
    $this->assertEquals('12345',
                        $facebook->getUser(),
                        'Get user id from persistent store.');
  }

  public function testGetUserAndAccessTokenFromSignedRequestNotSession() {
    $facebook = new PersistentFBPublic(array(
                                         'appId'  => self::APP_ID,
                                         'secret' => self::SECRET
                                       ));

    $_REQUEST['signed_request'] = self::kValidSignedRequest();
    $facebook->publicSetPersistentData('user_id', 41572);
    $facebook->publicSetPersistentData('access_token',
                                       self::$kExpiredAccessToken);
    $this->assertNotEquals('41572', $facebook->getUser(),
                           'Got user from session instead of signed request.');
    $this->assertEquals('499834690', $facebook->getUser(),
                        'Failed to get correct user ID from signed request.');
    $this->assertNotEquals(
      self::$kExpiredAccessToken,
      $facebook->getAccessToken(),
      'Got access token from session instead of signed request.');
    $this->assertNotEmpty(
      $facebook->getAccessToken(),
      'Failed to extract an access token from the signed request.');
  }

  public function testGetUserWithoutCodeOrSignedRequestOrSession() {
    $facebook = new PersistentFBPublic(array(
                                         'appId'  => self::APP_ID,
                                         'secret' => self::SECRET
                                       ));

    // deliberately leave $_REQUEST and _$SESSION empty
    $this->assertEmpty($_REQUEST,
                       'GET, POST, and COOKIE params exist even though '.
                       'they should.  Test cannot succeed unless all of '.
                       '$_REQUEST is empty.');
    $this->assertEmpty($_SESSION,
                       'Session is carrying state and should not be.');
    $this->assertEmpty($facebook->getUser(),
                       'Got a user id, even without a signed request, '.
                       'access token, or session variable.');
    $this->assertEmpty($_SESSION,
                       'Session superglobal incorrectly populated by getUser.');
  }

  public function testGetAccessTokenUsingCodeInJsSdkCookie() {
    $code = 'code1';
    $access_token = 'at1';
    $methods_to_stub = array('getSignedRequest', 'getAccessTokenFromCode');
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getSignedRequest')
      ->will($this->returnValue(array('code' => $code)));
    $stub
      ->expects($this->once())
      ->method('getAccessTokenFromCode')
      ->will($this->returnValueMap(array(array($code, '', $access_token))));
    $this->assertEquals($stub->getAccessToken(), $access_token);
  }

  public function testSignedRequestWithoutAuthClearsData() {
    $methods_to_stub = array('getSignedRequest', 'clearAllPersistentData');
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getSignedRequest')
      ->will($this->returnValue(array('foo' => 1)));
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(self::APP_ID.'|'.self::SECRET, $stub->getAccessToken());
  }

  public function testInvalidCodeInSignedRequestWillClearData() {
    $code = 'code1';
    $methods_to_stub = array(
      'getSignedRequest',
      'getAccessTokenFromCode',
      'clearAllPersistentData',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getSignedRequest')
      ->will($this->returnValue(array('code' => $code)));
    $stub
      ->expects($this->once())
      ->method('getAccessTokenFromCode')
      ->will($this->returnValue(null));
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(self::APP_ID.'|'.self::SECRET, $stub->getAccessToken());
  }

  public function testInvalidCodeWillClearData() {
    $code = 'code1';
    $methods_to_stub = array(
      'getCode',
      'getAccessTokenFromCode',
      'clearAllPersistentData',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getCode')
      ->will($this->returnValue($code));
    $stub
      ->expects($this->once())
      ->method('getAccessTokenFromCode')
      ->will($this->returnValue(null));
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(self::APP_ID.'|'.self::SECRET, $stub->getAccessToken());
  }

  public function testValidCodeToToken() {
    $code = 'code1';
    $access_token = 'at1';
    $methods_to_stub = array(
      'getSignedRequest',
      'getCode',
      'getAccessTokenFromCode',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getCode')
      ->will($this->returnValue($code));
    $stub
      ->expects($this->once())
      ->method('getAccessTokenFromCode')
      ->will($this->returnValueMap(array(array($code, null, $access_token))));
    $this->assertEquals($stub->getAccessToken(), $access_token);
  }

  public function testSignedRequestWithoutAuthClearsDataInAvailData() {
    $methods_to_stub = array('getSignedRequest', 'clearAllPersistentData');
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getSignedRequest')
      ->will($this->returnValue(array('foo' => 1)));
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(0, $stub->getUser());
  }

  public function testFailedToGetUserFromAccessTokenClearsData() {
    $methods_to_stub = array(
      'getAccessToken',
      'getUserFromAccessToken',
      'clearAllPersistentData',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getAccessToken')
      ->will($this->returnValue('at1'));
    $stub
      ->expects($this->once())
      ->method('getUserFromAccessToken');
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(0, $stub->getUser());
  }

  public function testUserFromAccessTokenIsStored() {
    $methods_to_stub = array(
      'getAccessToken',
      'getUserFromAccessToken',
      'setPersistentData',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $user = 42;
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getAccessToken')
      ->will($this->returnValue('at1'));
    $stub
      ->expects($this->once())
      ->method('getUserFromAccessToken')
      ->will($this->returnValue($user));
    $stub
      ->expects($this->once())
      ->method('setPersistentData');
    $this->assertEquals($user, $stub->getUser());
  }

  public function testUserFromAccessTokenPullsID() {
    $methods_to_stub = array(
      'getAccessToken',
      'api',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $user = 42;
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getAccessToken')
      ->will($this->returnValue('at1'));
    $stub
      ->expects($this->once())
      ->method('api')
      ->will($this->returnValue(array('id' => $user)));
    $this->assertEquals($user, $stub->getUser());
  }

  public function testUserFromAccessTokenResetsOnApiException() {
    $methods_to_stub = array(
      'getAccessToken',
      'clearAllPersistentData',
      'api',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('getAccessToken')
      ->will($this->returnValue('at1'));
    $stub
      ->expects($this->once())
      ->method('api')
      ->will($this->throwException(new FacebookApiException(false)));
    $stub
      ->expects($this->once())
      ->method('clearAllPersistentData');
    $this->assertEquals(0, $stub->getUser());
  }

  public function testEmptyCodeReturnsFalse() {
    $fb = new FBPublicGetAccessTokenFromCode(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $this->assertFalse($fb->publicGetAccessTokenFromCode(''));
    $this->assertFalse($fb->publicGetAccessTokenFromCode(null));
    $this->assertFalse($fb->publicGetAccessTokenFromCode(false));
  }

  public function testNullRedirectURIUsesCurrentURL() {
    $methods_to_stub = array(
      '_oauthRequest',
      'getCurrentUrl',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $access_token = 'at1';
    $stub = $this->getMock(
      'FBPublicGetAccessTokenFromCode', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue("access_token=$access_token"));
    $stub
      ->expects($this->once())
      ->method('getCurrentUrl');
    $this->assertEquals(
      $access_token, $stub->publicGetAccessTokenFromCode('c'));
  }

  public function testNullRedirectURIAllowsEmptyStringForCookie() {
    $methods_to_stub = array(
      '_oauthRequest',
      'getCurrentUrl',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $access_token = 'at1';
    $stub = $this->getMock(
      'FBPublicGetAccessTokenFromCode', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue("access_token=$access_token"));
    $stub
      ->expects($this->never())
      ->method('getCurrentUrl');
    $this->assertEquals(
      $access_token, $stub->publicGetAccessTokenFromCode('c', ''));
  }

  public function testAPIExceptionDuringCodeExchangeIsIgnored() {
    $methods_to_stub = array(
      '_oauthRequest',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'FBPublicGetAccessTokenFromCode', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->throwException(new FacebookApiException(false)));
    $this->assertFalse($stub->publicGetAccessTokenFromCode('c', ''));
  }

  public function testEmptyResponseInCodeExchangeIsIgnored() {
    $methods_to_stub = array(
      '_oauthRequest',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'FBPublicGetAccessTokenFromCode', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue(''));
    $this->assertFalse($stub->publicGetAccessTokenFromCode('c', ''));
  }

  public function testExistingStateRestoredInConstructor() {
    $fb = new FBPublicState(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $this->assertEquals(FBPublicState::STATE, $fb->publicGetState());
  }

  public function testMissingAccessTokenInCodeExchangeIsIgnored() {
    $methods_to_stub = array(
      '_oauthRequest',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'FBPublicGetAccessTokenFromCode', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue('foo=1'));
    $this->assertFalse($stub->publicGetAccessTokenFromCode('c', ''));
  }

  public function testAppsecretProofNoParams() {
    $fb = new FBRecordMakeRequest(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $token = $fb->getAccessToken();
    $proof = $fb->publicGetAppSecretProof($token);
    $params = array();
    $fb->api('/mattynoce', $params);
    $requests = $fb->publicGetRequests();
    $this->assertEquals($proof, $requests[0]['params']['appsecret_proof']);
  }

  public function testAppsecretProofWithParams() {
    $fb = new FBRecordMakeRequest(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $proof = 'foo';
    $params = array('appsecret_proof' => $proof);
    $fb->api('/mattynoce', $params);
    $requests = $fb->publicGetRequests();
    $this->assertEquals($proof, $requests[0]['params']['appsecret_proof']);
  }

  public function testExceptionConstructorWithErrorCode() {
    $code = 404;
    $e = new FacebookApiException(array('error_code' => $code));
    $this->assertEquals($code, $e->getCode());
  }

  public function testExceptionConstructorWithInvalidErrorCode() {
    $e = new FacebookApiException(array('error_code' => 'not an int'));
    $this->assertEquals(0, $e->getCode());
  }

  // this happens often despite the fact that it is useless
  public function testExceptionTypeFalse() {
    $e = new FacebookApiException(false);
    $this->assertEquals('Exception', $e->getType());
  }

  public function testExceptionTypeMixedDraft00() {
    $e = new FacebookApiException(array('error' => array('message' => 'foo')));
    $this->assertEquals('Exception', $e->getType());
  }

  public function testExceptionTypeDraft00() {
    $error = 'foo';
    $e = new FacebookApiException(
      array('error' => array('type' => $error, 'message' => 'hello world')));
    $this->assertEquals($error, $e->getType());
  }

  public function testExceptionTypeDraft10() {
    $error = 'foo';
    $e = new FacebookApiException(array('error' => $error));
    $this->assertEquals($error, $e->getType());
  }

  public function testExceptionTypeDefault() {
    $e = new FacebookApiException(array('error' => false));
    $this->assertEquals('Exception', $e->getType());
  }

  public function testExceptionToString() {
    $e = new FacebookApiException(array(
      'error_code' => 1,
      'error_description' => 'foo',
    ));
    $this->assertEquals('Exception: 1: foo', (string) $e);
  }

  public function testDestroyClearsCookie() {
    $fb = new FBPublicCookie(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $_COOKIE[$fb->publicGetSignedRequestCookieName()] = 'foo';
    $_COOKIE[$fb->publicGetMetadataCookieName()] = 'base_domain=fbrell.com';
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb->destroySession();
    $this->assertFalse(
      array_key_exists($fb->publicGetSignedRequestCookieName(), $_COOKIE));
  }

  public function testAuthExpireSessionDestroysSession() {
    $methods_to_stub = array(
      '_oauthRequest',
      'destroySession',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $key = 'foo';
    $val = 42;
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue("{\"$key\":$val}"));
    $stub
      ->expects($this->once())
      ->method('destroySession');
    $this->assertEquals(
      array($key => $val),
      $stub->api(array('method' => 'auth.expireSession'))
    );
  }

  public function testLowercaseAuthRevokeAuthDestroysSession() {
    $methods_to_stub = array(
      '_oauthRequest',
      'destroySession',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $key = 'foo';
    $val = 42;
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue("{\"$key\":$val}"));
    $stub
      ->expects($this->once())
      ->method('destroySession');
    $this->assertEquals(
      array($key => $val),
      $stub->api(array('method' => 'auth.revokeauthorization'))
    );
  }

  /**
   * @expectedException FacebookAPIException
   */
  public function testErrorCodeFromRestAPIThrowsException() {
    $methods_to_stub = array(
      '_oauthRequest',
    );
    $constructor_args = array(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET
    ));
    $stub = $this->getMock(
      'TransientFacebook', $methods_to_stub, $constructor_args);
    $stub
      ->expects($this->once())
      ->method('_oauthRequest')
      ->will($this->returnValue('{"error_code": 500}'));
    $stub->api(array('method' => 'foo'));
  }

  public function testJsonEncodeOfNonStringParams() {
    $foo = array(1, 2);
    $params = array(
      'method' => 'get',
      'foo' => $foo,
    );
    $fb = new FBRecordMakeRequest(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $fb->api('/naitik', $params);
    $requests = $fb->publicGetRequests();
    $this->assertEquals(json_encode($foo), $requests[0]['params']['foo']);
  }

  public function testSessionBackedFacebook() {
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = 'state';
    $val = 'foo';
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals(
      $val,
      $_SESSION[sprintf('fb_%s_%s', self::APP_ID, $key)]
    );
    $this->assertEquals(
      $val,
      $fb->publicGetPersistentData($key)
    );
  }

  public function testSessionBackedFacebookIgnoresUnsupportedKey() {
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = '--invalid--';
    $val = 'foo';
    $fb->publicSetPersistentData($key, $val);
    $this->assertFalse(
      array_key_exists(
        sprintf('fb_%s_%s', self::APP_ID, $key),
        $_SESSION
      )
    );
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testClearSessionBackedFacebook() {
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = 'state';
    $val = 'foo';
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals(
      $val,
      $_SESSION[sprintf('fb_%s_%s', self::APP_ID, $key)]
    );
    $this->assertEquals(
      $val,
      $fb->publicGetPersistentData($key)
    );
    $fb->publicClearPersistentData($key);
    $this->assertFalse(
      array_key_exists(
        sprintf('fb_%s_%s', self::APP_ID, $key),
        $_SESSION
      )
    );
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSessionBackedFacebookIgnoresUnsupportedKeyInClear() {
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = '--invalid--';
    $val = 'foo';
    $session_var_name = sprintf('fb_%s_%s', self::APP_ID, $key);
    $_SESSION[$session_var_name] = $val;
    $fb->publicClearPersistentData($key);
    $this->assertTrue(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testClearAllSessionBackedFacebook() {
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $key = 'state';
    $val = 'foo';
    $session_var_name = sprintf('fb_%s_%s', self::APP_ID, $key);
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));
    $fb->publicClearAllPersistentData();
    $this->assertFalse(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSharedSessionBackedFacebook() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = 'state';
    $val = 'foo';
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $fb->publicGetSharedSessionID(),
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));
  }

  public function testSharedSessionBackedFacebookIgnoresUnsupportedKey() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = '--invalid--';
    $val = 'foo';
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $fb->publicGetSharedSessionID(),
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertFalse(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSharedClearSessionBackedFacebook() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = 'state';
    $val = 'foo';
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $fb->publicGetSharedSessionID(),
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));
    $fb->publicClearPersistentData($key);
    $this->assertFalse(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSharedSessionBackedFacebookIgnoresUnsupportedKeyInClear() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = '--invalid--';
    $val = 'foo';
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $fb->publicGetSharedSessionID(),
      self::APP_ID,
      $key
    );
    $_SESSION[$session_var_name] = $val;
    $fb->publicClearPersistentData($key);
    $this->assertTrue(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSharedClearAllSessionBackedFacebook() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = 'state';
    $val = 'foo';
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $fb->publicGetSharedSessionID(),
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));
    $fb->publicClearAllPersistentData();
    $this->assertFalse(array_key_exists($session_var_name, $_SESSION));
    $this->assertFalse($fb->publicGetPersistentData($key));
  }

  public function testSharedSessionBackedFacebookIsRestored() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = 'state';
    $val = 'foo';
    $shared_session_id = $fb->publicGetSharedSessionID();
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $shared_session_id,
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));

    // check the new instance has the same data
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $this->assertEquals(
      $shared_session_id,
      $fb->publicGetSharedSessionID()
    );
    $this->assertEquals($val, $fb->publicGetPersistentData($key));
  }

  public function testSharedSessionBackedFacebookIsNotRestoredWhenCorrupt() {
    $_SERVER['HTTP_HOST'] = 'fbrell.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $key = 'state';
    $val = 'foo';
    $shared_session_id = $fb->publicGetSharedSessionID();
    $session_var_name = sprintf(
      '%s_fb_%s_%s',
      $shared_session_id,
      self::APP_ID,
      $key
    );
    $fb->publicSetPersistentData($key, $val);
    $this->assertEquals($val, $_SESSION[$session_var_name]);
    $this->assertEquals($val, $fb->publicGetPersistentData($key));

    // break the cookie
    $cookie_name = $fb->publicGetSharedSessionCookieName();
    $_COOKIE[$cookie_name] = substr($_COOKIE[$cookie_name], 1);

    // check the new instance does not have the data
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'sharedSession' => true,
    ));
    $this->assertFalse($fb->publicGetPersistentData($key));
    $this->assertNotEquals(
      $shared_session_id,
      $fb->publicGetSharedSessionID()
    );
  }

  public function testHttpHost() {
    $real = 'foo.com';
    $_SERVER['HTTP_HOST'] = $real;
    $_SERVER['HTTP_X_FORWARDED_HOST'] = 'evil.com';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $this->assertEquals($real, $fb->publicGetHttpHost());
  }

  public function testHttpProtocol() {
    $_SERVER['HTTPS'] = 'on';
    $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
    ));
    $this->assertEquals('https', $fb->publicGetHttpProtocol());
  }

  public function testHttpHostForwarded() {
    $real = 'foo.com';
    $_SERVER['HTTP_HOST'] = 'localhost';
    $_SERVER['HTTP_X_FORWARDED_HOST'] = $real;
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'trustForwarded' => true,
    ));
    $this->assertEquals($real, $fb->publicGetHttpHost());
  }

  public function testHttpProtocolForwarded() {
    $_SERVER['HTTPS'] = 'on';
    $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'http';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'trustForwarded' => true,
    ));
    $this->assertEquals('http', $fb->publicGetHttpProtocol());
  }

  public function testHttpProtocolForwardedSecure() {
    $_SERVER['HTTPS'] = 'on';
    $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
    $fb = new PersistentFBPublic(array(
      'appId'  => self::APP_ID,
      'secret' => self::SECRET,
      'trustForwarded' => true,
    ));
    $this->assertEquals('https', $fb->publicGetHttpProtocol());
  }

  /**
   * @dataProvider provideEndsWith
   */
  public function testEndsWith($big, $small, $result) {
    $this->assertEquals(
      $result,
      PersistentFBPublic::publicEndsWith($big, $small)
    );
  }

  public function provideEndsWith() {
    return array(
      array('', '', true),
      array('', 'a', false),
      array('a', '', true),
      array('a', 'b', false),
      array('a', 'a', true),
      array('aa', 'a', true),
      array('ab', 'a', false),
      array('ba', 'a', true),
    );
  }

  /**
   * @dataProvider provideIsAllowedDomain
   */
  public function testIsAllowedDomain($big, $small, $result) {
    $this->assertEquals(
      $result,
      PersistentFBPublic::publicIsAllowedDomain($big, $small)
    );
  }

  public function provideIsAllowedDomain() {
    return array(
      array('fbrell.com', 'fbrell.com', true),
      array('foo.fbrell.com', 'fbrell.com', true),
      array('foofbrell.com', 'fbrell.com', false),
      array('evil.com', 'fbrell.com', false),
      array('foo.fbrell.com', 'bar.fbrell.com', false),
    );
  }

  protected function generateMD5HashOfRandomValue() {
    return md5(uniqid(mt_rand(), true));
  }

  protected function setUp() {
    parent::setUp();
  }

  protected function tearDown() {
    $this->clearSuperGlobals();
    parent::tearDown();
  }

  protected function clearSuperGlobals() {
    unset($_SERVER['HTTPS']);
    unset($_SERVER['HTTP_HOST']);
    unset($_SERVER['REQUEST_URI']);
    $_SESSION = array();
    $_COOKIE = array();
    $_REQUEST = array();
    $_POST = array();
    $_GET = array();
    if (session_id()) {
      session_destroy();
    }
  }

  /**
   * Checks that the correct args are a subset of the returned obj
   * @param  array $correct The correct array values
   * @param  array $actual  The values in practice
   * @param  string $message to be shown on failure
   */
  protected function assertIsSubset($correct, $actual, $msg='') {
    foreach ($correct as $key => $value) {
      $actual_value = $actual[$key];
      $newMsg = (strlen($msg) ? ($msg.' ') : '').'Key: '.$key;
      $this->assertEquals($value, $actual_value, $newMsg);
    }
  }
}

class TransientFacebook extends BaseFacebook {
  protected function setPersistentData($key, $value) {}
  protected function getPersistentData($key, $default = false) {
    return $default;
  }
  protected function clearPersistentData($key) {}
  protected function clearAllPersistentData() {}
}

class FBRecordURL extends TransientFacebook {
  private $url;

  protected function _oauthRequest($url, $params) {
    $this->url = $url;
  }

  public function getRequestedURL() {
    return $this->url;
  }
}

class FBRecordMakeRequest extends TransientFacebook {
  private $requests = array();

  protected function makeRequest($url, $params, $ch=null) {
    $this->requests[] = array(
      'url' => $url,
      'params' => $params,
    );
    return parent::makeRequest($url, $params, $ch);
  }

  public function publicGetRequests() {
    return $this->requests;
  }

  public function publicGetAppSecretProof($access_token) {
    return $this->getAppSecretProof($access_token);
  }
}

class FBPublic extends TransientFacebook {
  public static function publicBase64UrlDecode($input) {
    return self::base64UrlDecode($input);
  }
  public static function publicBase64UrlEncode($input) {
    return self::base64UrlEncode($input);
  }
  public function publicParseSignedRequest($input) {
    return $this->parseSignedRequest($input);
  }
  public function publicMakeSignedRequest($data) {
    return $this->makeSignedRequest($data);
  }
}

class PersistentFBPublic extends Facebook {
  public function publicParseSignedRequest($input) {
    return $this->parseSignedRequest($input);
  }

  public function publicSetPersistentData($key, $value) {
    $this->setPersistentData($key, $value);
  }

  public function publicGetPersistentData($key, $default = false) {
    return $this->getPersistentData($key, $default);
  }

  public function publicClearPersistentData($key) {
    return $this->clearPersistentData($key);
  }

  public function publicClearAllPersistentData() {
    return $this->clearAllPersistentData();
  }

  public function publicGetSharedSessionID() {
    return $this->sharedSessionID;
  }

  public static function publicIsAllowedDomain($big, $small) {
    return self::isAllowedDomain($big, $small);
  }

  public static function publicEndsWith($big, $small) {
    return self::endsWith($big, $small);
  }

  public function publicGetSharedSessionCookieName() {
    return $this->getSharedSessionCookieName();
  }

  public function publicGetHttpHost() {
    return $this->getHttpHost();
  }

  public function publicGetHttpProtocol() {
    return $this->getHttpProtocol();
  }
}

class FBCode extends Facebook {
  public function publicGetCode() {
    return $this->getCode();
  }

  public function publicGetState() {
    return $this->state;
  }

  public function setCSRFStateToken() {
    $this->establishCSRFTokenState();
  }

  public function getCSRFStateToken() {
    return $this->getPersistentData('state');
  }
}

class FBAccessToken extends TransientFacebook {
  public function publicGetApplicationAccessToken() {
    return $this->getApplicationAccessToken();
  }
}

class FBGetCurrentURLFacebook extends TransientFacebook {
  public function publicGetCurrentUrl() {
    return $this->getCurrentUrl();
  }
}

class FBPublicCookie extends TransientFacebook {
  public function publicGetSignedRequest() {
    return $this->getSignedRequest();
  }

  public function publicGetSignedRequestCookieName() {
    return $this->getSignedRequestCookieName();
  }

  public function publicGetMetadataCookie() {
    return $this->getMetadataCookie();
  }

  public function publicGetMetadataCookieName() {
    return $this->getMetadataCookieName();
  }
}

class FBRewrite extends Facebook{

  public function uncacheSignedRequest(){
    $this->signedRequest = null;
  }

  public function uncache()
  {
    $this->user = null;
    $this->signedRequest = null;
    $this->accessToken = null;
  }
}


class FBPublicGetAccessTokenFromCode extends TransientFacebook {
  public function publicGetAccessTokenFromCode($code, $redirect_uri = null) {
    return $this->getAccessTokenFromCode($code, $redirect_uri);
  }
}

class FBPublicState extends TransientFacebook {
  const STATE = 'foo';
  protected function getPersistentData($key, $default = false) {
    if ($key === 'state') {
      return self::STATE;
    }
    return parent::getPersistentData($key, $default);
  }

  public function publicGetState() {
    return $this->state;
  }
}