const QString FB_LOGIN_SUCCESS_URL = "http://www.facebook.com/connect/login_success.html";
const QString FB_LOGIN_URL = "https://www.facebook.com/login.php";
+const QString URL_SESSION_PARAMETER_BEGIN("session={");
+
FacebookAuthentication::FacebookAuthentication(MainWindow *mainWindow, QObject *parent)
: QObject(parent),
m_loggedIn(false),
{
qWarning() << __PRETTY_FUNCTION__;
- const QString BEGIN("session={");
const QString END("}");
QString urlString = url.toString();
- int begin = urlString.indexOf(BEGIN);
+ int begin = urlString.indexOf(URL_SESSION_PARAMETER_BEGIN);
int end = urlString.indexOf(END, begin);
if ((begin > -1) && (end > -1))
{
qWarning() << __PRETTY_FUNCTION__ << url.toString();
+ const QString WALL_POST_PERMISSION = "publish_stream";
+
/*
- Redirects:
+ URL changes in different use cases:
* Login with cookie failed:
1) http://m.facebook.com/login.php?api_key=cf77865a5070f2c2ba3b52cbf3371579&cancel_url=http://www.facebook.com/connect/login_failure.html&display=touch&fbconnect=1&next=http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=touch&cancel_url=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_failure.html&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&return_session=1&session_version=3&v=1.0&req_perms=publish_stream&app_id=286811277465&refsrc=http://www.facebook.com/login.php&fbb=ra985c5e9
- * Login with cookie succeeded:
+ * Login without cookie, not allowed to publish:
+ 1) http://m.facebook.com/login.php?api_key=cf77865a5070f2c2ba3b52cbf3371579&display=touch&fbconnect=1&next=http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=touch&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&return_session=1&session_version=3&v=1.0&req_perms=publish_stream&app_id=286811277465&refsrc=http://www.facebook.com/login.php&fbb=r03cdf104"
+ --> browser dialog is invoked, user enters correct username and password
+ 2) http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http://www.facebook.com/connect/login_success.html&display=touch&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&session={"session_key":"2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973","uid":100001006647973,"expires":1289394000,"secret":"PWiqZ9_aJjfKKJT4hJMTqA__","sig":"8f054aeca3c4d81e7efce3b90fb17d7e"}&installed=1&refsrc=http://www.facebook.com/login.php&fbb=rff1cc1be&refid=9&m_sess=sozzGNi5-SOBSb3AU
+ --> click allow
+ 3) http://www.facebook.com/connect/uiserver.php
+ 4) http://www.facebook.com/connect/login_success.html?perms=publish_stream&selected_profiles=100001006647973&session={"session_key":"2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973","uid":"100001006647973","expires":1289394000,"secret":"PWiqZ9_aJjfKKJT4hJMTqA__","access_token":"286811277465|2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973|bo9YniMczKY7PwlUEy9f40w3v5I","sig":"6b80d6928cf8f61b4c0c59d33d3127b6"}
+
+ * Login without cookie, not allowed to publish:
+ 1) http://m.facebook.com/login.php?api_key=cf77865a5070f2c2ba3b52cbf3371579&display=touch&fbconnect=1&next=http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http%3A%2F%2Fwww.facebook.com%2Fconnect%2Flogin_success.html&display=touch&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&return_session=1&session_version=3&v=1.0&req_perms=publish_stream&app_id=286811277465&refsrc=http://www.facebook.com/login.php&fbb=r3fa0d31d
+ --> browser dialog is invoked, user enters correct username and password
+ 2) http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http://www.facebook.com/connect/login_success.html&display=touch&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&session={"session_key":"2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973","uid":100001006647973,"expires":1289394000,"secret":"PWiqZ9_aJjfKKJT4hJMTqA__","sig":"8f054aeca3c4d81e7efce3b90fb17d7e"}&installed=1&refsrc=http://www.facebook.com/login.php&fbb=r29076109&refid=9&m_sess=sozzGNi5-SOBSb3AU
+ --> click deny
+ 3) http://www.facebook.com/connect/uiserver.php
+ 4) http://www.facebook.com/connect/login_success.html?perms&selected_profiles=100001006647973&session={"session_key":"2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973","uid":"100001006647973","expires":1289394000,"secret":"PWiqZ9_aJjfKKJT4hJMTqA__","access_token":"286811277465|2.isKv9bMtGmylvP1N6Il3IQ__.3600.1289394000-100001006647973|bo9YniMczKY7PwlUEy9f40w3v5I","sig":"6b80d6928cf8f61b4c0c59d33d3127b6"}
+
+ * Login with cookie succeeded, already allowed to publish:
1) http://www.facebook.com/connect/uiserver.php?app_id=286811277465&next=http://www.facebook.com/connect/login_success.html&display=touch&cancel_url=http://www.facebook.com/connect/login_failure.html&perms=publish_stream&return_session=1&session_version=3&fbconnect=1&canvas=0&legacy_return=1&method=permissions.request&session={"session_key":"2.iHXi5fLKlHktva2R71xSAw__.3600.1289228400-100001006647973","uid":100001006647973,"expires":1289228400,"secret":"q4_Hn5qRdxnVT_qh3ztv5w__","sig":"c9d29ca857bacec48b952e7d2826a3ca"}&fbb=rb28f24e5
2) http://www.facebook.com/connect/login_success.html?perms=publish_stream&selected_profiles=100001006647973&session={"session_key":"2.iHXi5fLKlHktva2R71xSAw__.3600.1289228400-100001006647973","uid":"100001006647973","expires":1289228400,"secret":"q4_Hn5qRdxnVT_qh3ztv5w__","access_token":"286811277465|2.iHXi5fLKlHktva2R71xSAw__.3600.1289228400-100001006647973|LVTHGW82A98SGvv6Fl43DlCrFT0","sig":"8edd8d611047bcd162abbe9983b25a56"}
*/
- if (!url.toString().contains("session={")) {
- // url parameter doesn't contain session data, so login with cookies failed
- qWarning() << __PRETTY_FUNCTION__ << "working credentials required";
+ const QString urlString = url.toString();
+ if (!urlString.contains(URL_SESSION_PARAMETER_BEGIN)) {
+ // login page url doesn't contain session
+ /// @todo INVOKE DIALOG ALSO WHEN STOPPED TO PERMISSION PAGE
+ /// @todo case: set cookie, remove situare app, re-login, 1 extra allow page before permissions, redirect from extra page when denying?
m_mainWindow->buildLoginDialog(m_browser);
- } else if (url.toString().startsWith(FB_LOGIN_SUCCESS_URL)) {
- // login succeeded
+ } else if (urlString.startsWith(FB_LOGIN_SUCCESS_URL)) {
+ // login succeeded, permissions granted/declined
const QString session = parseSession(url);
qWarning() << __PRETTY_FUNCTION__ << "login finished, parsed session:" << session;
if (!session.isEmpty()) {
destroyLogin();
m_loggedIn = true;
- emit loggedIn(session);
+ emit loggedIn(session, urlString.contains(WALL_POST_PERMISSION));
}
}
else {
- qWarning() << __PRETTY_FUNCTION__ << "credentials accepted, getting the access_token";
+ qCritical() << __PRETTY_FUNCTION__ << "new url was not recognised, url:" << urlString;
}
}
projects / situare / blobdiff