From alan.larkin at gmail.com  Thu Jan  1 19:51:15 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Fri, 02 Jan 2009 00:51:15 +0000
Subject: [Facebooker-talk] e_a_i_i_b_f_u halting and redirecting to
	canvas
In-Reply-To: <8d992eff0812311229h3edd43c9k490e7a21b30f44c9@mail.gmail.com>
References: <495B8452.90902@gmail.com>
	<8d992eff0812311229h3edd43c9k490e7a21b30f44c9@mail.gmail.com>
Message-ID: <495D6503.2000401@gmail.com>

No its set to IFrame alright. Or at least it was ... this problem has forced me 
back into FBML.

Bosco So wrote:
> In the Facebook Developer app, did you configure your app as IFrame or 
> FBML? From your description, it seems like you have it set for FBML.
> 
> 
> On Wed, Dec 31, 2008 at 6:40 AM, Alan Larkin <alan.larkin at gmail.com 
> <mailto:alan.larkin at gmail.com>> wrote:
> 
>     Hi all,
> 
>     I'd appreciate a little help getting the ball rolling here ...
> 
>     I'm trying to develop an IFrame app. When I visit my canvas page it
>     renders fine. It contains a link:
> 
>     <%= link_to 'Edit', edit_team_url(1) %>
> 
>     If the user clicks that link they will need to have authorised the
>     app so the TeamsController uses
> 
>     ensure_application_is_installed_by_facebook_user
> 
>     Now, if the app has not yet been authorised, the Facebook
>     authorisation page appears, and after allowing the app, the user is
>     redirected back to the canvas page (not forwarded on to the edit
>     page as I would have liked).
> 
>     Further, if a user who has already authorised the app clicks the
>     'Edit' link, Facebook loads again inside the IFrame (so I have
>     Facebook within Facebook) and displays the canvas page.
> 
>     The logs show the before filter is halting and then there is a
>     redirect back to the canvas:
> 
>     Processing TeamsController#edit (for XX.XX.XXX.XXX at 2008-12-31
>     14:22:31) [GET]
>      Session ID: XXXXXXXXXXXXXXXXXXXXXXXXXXX
>      Parameters: {"id"=>"1"}
>     Redirected to
>     http://www.facebook.com/install.php?api_key=XXXXXXXXXXXXXXX&v=1.0
>     <http://www.facebook.com/install.php?api_key=XXXXXXXXXXXXXXX&v=1.0>
>     Filter chain halted as
>     [:ensure_application_is_installed_by_facebook_user]
>     rendered_or_redirected.
>     Completed in 0ms (DB: 0) | 302 Found [http://XXXXXXXXXXX/teams/1/edit]
> 
> 
>     Processing CanvassesController#show (for XX.XX.XXX.XXX at 2008-12-31
>     14:22:33) [GET]
>      Session ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
>      Parameters: {"fb_sig_time"=>"1230733218.5856",
>     "fb_sig_in_iframe"=>"1", "fb_sig_in_new_facebook"=>"1",
>     "fb_sig"=>"XXXXXXXXXXXXXXXX", "fb_sig_locale"=>"en_GB",
>     "fb_sig_session_key"=>"XXXXXXXXXXXXXXXXXX",
>     "auth_token"=>"XXXXXXXXXXXXXXXXXXXXX",
>     "fb_sig_expires"=>"1230822000", "fb_sig_added"=>"1",
>     "fb_sig_api_key"=>"XXXXXXXXXXXXXXXXXXXXXXXXXXX",
>     "fb_sig_profile_update_time"=>"1222028229",
>     "fb_sig_user"=>"XXXXXXX", "fb_sig_ss"=>"XXXXXXXXXXXXXXXX"}
>     Rendering template within layouts/application
>     Rendering canvasses/show
>     Completed in 17ms (View: 15, DB: 0) | 200 OK
> 
>     Perhaps I have just configured the app incorrectly? Anyone got a
>     clue for me?
> 
>     Thanks,
>     Alan.
> 
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From mmangino at elevatedrails.com  Fri Jan  2 13:56:10 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 2 Jan 2009 13:56:10 -0500
Subject: [Facebooker-talk] Announcing Facebook Connect support
Message-ID: <389B20C8-4930-48EF-B1C6-AE974DEEE305@elevatedrails.com>

Thanks to a New Years Eve patch from Kevin Lochner, I'm happy to  
announce Facebook Connect support for Facebooker. I've been able to  
run a basic FBConnect application including login and displaying  
information from the REST api. You can read a very basic overview at http://www.elevatedrails.com/articles/2009/01/02/announcing-facebooker-support-for-facebook-connect/

Have a happy new year!

Mike
--
Mike Mangino
http://www.elevatedrails.com




From bhatti_shahzad at yahoo.com  Sat Jan  3 16:15:46 2009
From: bhatti_shahzad at yahoo.com (shahzad bhatti)
Date: Sat, 3 Jan 2009 13:15:46 -0800 (PST)
Subject: [Facebooker-talk] link_to_remote with 401 error code
Message-ID: <40395.62837.qm@web81104.mail.mud.yahoo.com>

I am trying to use link_to_remote to send ajax request to my server, where my code looks like: 

<%= link_to_remote( image_tag(?image?),
                    :update => div_id,
                    :url => my_url(post, :canvas => false),
                    :method => :get,
                    :html => {:class => ?button?},
                    :before => ?$(?spinner?).show()?,
                    :complete => ?$(?spinner?).hide()? 
                        ) %>




	However,
since canvas is false, facebook doesn?t send authorization the
facebooker filters rejects the request with 401 error. I don?t want to
skip ensure_authenticated_to_facebook filter, but how do I fix this?


	Thanks.
-Shahzad


      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090103/59a15c50/attachment.html>

From tres.wong-godfrey at saniq.com  Sat Jan  3 17:26:16 2009
From: tres.wong-godfrey at saniq.com (Tres Wong-Godfrey)
Date: Sat, 3 Jan 2009 14:26:16 -0800
Subject: [Facebooker-talk] link_to_remote with 401 error code
In-Reply-To: <40395.62837.qm@web81104.mail.mud.yahoo.com>
References: <40395.62837.qm@web81104.mail.mud.yahoo.com>
Message-ID: <069FE2FD-025A-4528-9255-4E1A9EF3CD35@saniq.com>


link_to_remote doesn't work with Facebooker. You can use  
remote_form_for and some CSS magic to get the same outcome.


On Jan 3, 2009, at 1:15 PM, shahzad bhatti wrote:

> I am trying to use link_to_remote to send ajax request to my server,  
> where my code looks like:
>
>
>
> <%= link_to_remote( image_tag(?image?), :update => div_id, :url =>  
> my_url(post, :canvas => false), :method => :get, :html => {:class =>  
> ?button?}, :before => ?$(?spinner?).show()?, :complete => ?$ 
> (?spinner?).hide()? ) %>
>
>
>
>
>
> However, since canvas is false, facebook doesn?t send authorization  
> the facebooker filters rejects the request with 401 error. I don?t  
> want to skip ensure_authenticated_to_facebook filter, but how do I  
> fix this?
>
> Thanks.
>
>
>
> -Shahzad
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk


From josh.m.sharpe at gmail.com  Sat Jan  3 19:39:48 2009
From: josh.m.sharpe at gmail.com (Josh Sharpe)
Date: Sat, 3 Jan 2009 19:39:48 -0500
Subject: [Facebooker-talk] link_to_remote with 401 error code
In-Reply-To: <069FE2FD-025A-4528-9255-4E1A9EF3CD35@saniq.com>
References: <40395.62837.qm@web81104.mail.mud.yahoo.com>
	<069FE2FD-025A-4528-9255-4E1A9EF3CD35@saniq.com>
Message-ID: <6a7129610901031639l46852a5fv83ad34386656f6e9@mail.gmail.com>

link_to_remote works just fine.  You need to make sure that the URL you are
hitting is a fully qualified url since the facebook API doesn't play nice
with AJAX calls.  The URL should be hitting your app directly.

On Sat, Jan 3, 2009 at 5:26 PM, Tres Wong-Godfrey <
tres.wong-godfrey at saniq.com> wrote:

>
> link_to_remote doesn't work with Facebooker. You can use remote_form_for
> and some CSS magic to get the same outcome.
>
>
>
> On Jan 3, 2009, at 1:15 PM, shahzad bhatti wrote:
>
>  I am trying to use link_to_remote to send ajax request to my server, where
>> my code looks like:
>>
>>
>>
>> <%= link_to_remote( image_tag("image"), :update => div_id, :url =>
>> my_url(post, :canvas => false), :method => :get, :html => {:class =>
>> "button"}, :before => "$('spinner').show()", :complete =>
>> "$('spinner').hide()" ) %>
>>
>>
>>
>>
>>
>> However, since canvas is false, facebook doesn't send authorization the
>> facebooker filters rejects the request with 401 error. I don't want to skip
>> ensure_authenticated_to_facebook filter, but how do I fix this?
>>
>> Thanks.
>>
>>
>>
>> -Shahzad
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090103/997d5be9/attachment.html>

From tres.wong-godfrey at saniq.com  Sat Jan  3 20:48:05 2009
From: tres.wong-godfrey at saniq.com (Tres Wong-Godfrey)
Date: Sat, 3 Jan 2009 17:48:05 -0800
Subject: [Facebooker-talk] link_to_remote with 401 error code
In-Reply-To: <6a7129610901031639l46852a5fv83ad34386656f6e9@mail.gmail.com>
References: <40395.62837.qm@web81104.mail.mud.yahoo.com>
	<069FE2FD-025A-4528-9255-4E1A9EF3CD35@saniq.com>
	<6a7129610901031639l46852a5fv83ad34386656f6e9@mail.gmail.com>
Message-ID: <C806AC01-D4E7-4540-9A0F-8E0E14AA51D7@saniq.com>


link_to_remote works -- in the sense that it will pass data to the  
server; however, the parameters for the original question were to use  
Facebook authentication. Your solution bypasses the Facebook AJAX  
proxy and also authentication -- which I believe the original question  
already implies knowledge of.

If you can use link_to_remote through Facebook's AJAX proxy, then this  
is something new & I was unable to use during months of development  
with facebooker.



On Jan 3, 2009, at 4:39 PM, Josh Sharpe wrote:

> link_to_remote works just fine.  You need to make sure that the URL  
> you are hitting is a fully qualified url since the facebook API  
> doesn't play nice with AJAX calls.  The URL should be hitting your  
> app directly.
>
> On Sat, Jan 3, 2009 at 5:26 PM, Tres Wong-Godfrey <tres.wong-godfrey at saniq.com 
> > wrote:
>
> link_to_remote doesn't work with Facebooker. You can use  
> remote_form_for and some CSS magic to get the same outcome.
>
>
>
> On Jan 3, 2009, at 1:15 PM, shahzad bhatti wrote:
>
> I am trying to use link_to_remote to send ajax request to my server,  
> where my code looks like:
>
>
>
> <%= link_to_remote( image_tag("image"), :update => div_id, :url =>  
> my_url(post, :canvas => false), :method => :get, :html => {:class =>  
> "button"}, :before => "$('spinner').show()", :complete => "$ 
> ('spinner').hide()" ) %>
>
>
>
>
>
> However, since canvas is false, facebook doesn't send authorization  
> the facebooker filters rejects the request with 401 error. I don't  
> want to skip ensure_authenticated_to_facebook filter, but how do I  
> fix this?
>
> Thanks.
>
>
>
> -Shahzad
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk


From mmangino at elevatedrails.com  Mon Jan  5 08:46:11 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Mon, 5 Jan 2009 08:46:11 -0500
Subject: [Facebooker-talk] link_to_remote with 401 error code
In-Reply-To: <C806AC01-D4E7-4540-9A0F-8E0E14AA51D7@saniq.com>
References: <40395.62837.qm@web81104.mail.mud.yahoo.com>
	<069FE2FD-025A-4528-9255-4E1A9EF3CD35@saniq.com>
	<6a7129610901031639l46852a5fv83ad34386656f6e9@mail.gmail.com>
	<C806AC01-D4E7-4540-9A0F-8E0E14AA51D7@saniq.com>
Message-ID: <3CA49808-4C1A-4EC8-BF23-EED390017422@elevatedrails.com>

Link to remote with a direct server path used to use the facebook  
proxy. Facebook would re-write the request to go through their  
servers. It would then include the sig parameters. You can call  
facebook_session_parameters to get a list of those params for  
inclusion in your URL.

Mike

On Jan 3, 2009, at 8:48 PM, Tres Wong-Godfrey wrote:

>
> link_to_remote works -- in the sense that it will pass data to the  
> server; however, the parameters for the original question were to  
> use Facebook authentication. Your solution bypasses the Facebook  
> AJAX proxy and also authentication -- which I believe the original  
> question already implies knowledge of.
>
> If you can use link_to_remote through Facebook's AJAX proxy, then  
> this is something new & I was unable to use during months of  
> development with facebooker.
>
>
>
> On Jan 3, 2009, at 4:39 PM, Josh Sharpe wrote:
>
>> link_to_remote works just fine.  You need to make sure that the URL  
>> you are hitting is a fully qualified url since the facebook API  
>> doesn't play nice with AJAX calls.  The URL should be hitting your  
>> app directly.
>>
>> On Sat, Jan 3, 2009 at 5:26 PM, Tres Wong-Godfrey <tres.wong-godfrey at saniq.com 
>> > wrote:
>>
>> link_to_remote doesn't work with Facebooker. You can use  
>> remote_form_for and some CSS magic to get the same outcome.
>>
>>
>>
>> On Jan 3, 2009, at 1:15 PM, shahzad bhatti wrote:
>>
>> I am trying to use link_to_remote to send ajax request to my  
>> server, where my code looks like:
>>
>>
>>
>> <%= link_to_remote( image_tag("image"), :update => div_id, :url =>  
>> my_url(post, :canvas => false), :method => :get, :html => {:class  
>> => "button"}, :before => "$('spinner').show()", :complete => "$ 
>> ('spinner').hide()" ) %>
>>
>>
>>
>>
>>
>> However, since canvas is false, facebook doesn't send authorization  
>> the facebooker filters rejects the request with 401 error. I don't  
>> want to skip ensure_authenticated_to_facebook filter, but how do I  
>> fix this?
>>
>> Thanks.
>>
>>
>>
>> -Shahzad
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From pietromas at gmail.com  Mon Jan  5 09:40:12 2009
From: pietromas at gmail.com (Pietro Mascagni)
Date: Mon, 5 Jan 2009 14:40:12 +0000
Subject: [Facebooker-talk] will_paginate abstractions?
Message-ID: <aa69c80b0901050640v4bacfe4cif7edf6503b7294d7@mail.gmail.com>

Is it possible to use will_paginate with Facebooker abstractions?

Specifically I want to paginate the photos in a users photo album
(later I will probably want to paginate friends, events, etc.). I
suppose its possible to retrieve all the Photos into an array and
paginate that, but is this the best way to go? Are there more elegant
and/or efficient methods?

Thanks

From alan.larkin at gmail.com  Mon Jan  5 16:25:20 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Mon, 05 Jan 2009 21:25:20 +0000
Subject: [Facebooker-talk] respond_to format
Message-ID: <49627AC0.1060206@gmail.com>

There was a short thread in March 08 about how the format param is always reset 
to fbml, preventing the use of respond_to 
(http://rubyforge.org/pipermail/facebooker-talk/2008-March/000464.html). I am 
experiencing this issue now.

As a matter of taste I would rather use

formatted_..._url(:format => :json)

and

respond_to do |format|
   format.json { ... }
end

over request.xhr?. Is this just not possible with Facebooker?

Alan.

-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From alan.larkin at gmail.com  Tue Jan  6 18:46:28 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Tue, 06 Jan 2009 23:46:28 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
Message-ID: <4963ED54.9000201@gmail.com>

So I have been at this all day. I am trying to trigger an Ajax request and 
subsequent dialog popup in response to a change in a Select box. Heres what Ive got:

<%= select_tag :player, options_for_select(...),
     :onchange => "Ajax.Request(this.getValue(),
       { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return false;\" 
});" %>

(the values of the select items are URLs)

The logs show the query runs and returns successfully, but I cannot get anything 
to happen beyond that. There is nothing in the JS error console.

Can anyone see whats wrong with the above?

Alan.

-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From klochner at gmail.com  Tue Jan  6 20:07:30 2009
From: klochner at gmail.com (kevin lochner)
Date: Tue, 6 Jan 2009 20:07:30 -0500
Subject: [Facebooker-talk] request_comes_from_facebook
Message-ID: <9E2C9BB9-EA3E-4FE2-BC5C-3224E5C098C9@gmail.com>

In handling the post-authorize callback for fbconnect apps, i'm  
running into
a problem with securing the session.  It should be handled by
secure_with_fb_params, but request_comes_from_facebook fails due to the
absence of fb_sig_is_ajax or fb_sig_in_canvas in the params hash.

We could modify this function to include fb_sig_authorize as a valid
identifier, as I'm seeing that included in the params in the post-auth  
ping.
Before I follow that route, any better ideas?



From george at xapblog.com  Tue Jan  6 22:24:27 2009
From: george at xapblog.com (George Deglin)
Date: Tue, 6 Jan 2009 19:24:27 -0800
Subject: [Facebooker-talk] Random authenticity token failures
Message-ID: <dddc322d0901061924k220ea447w753eedf948982c71@mail.gmail.com>

For quite a while now users on my application have seemingly randomly
experienced authenticity token failures. I think I may have seen them a
couple times myself.

The error is as follows:
ActionController::InvalidAuthenticityToken
 /home/deploy/.gem/ruby/1.8/gems/actionpack-2.2.2/lib/action_controller/request_forgery_protection.rb:86:in
`verify_authenticity_token'

There does not appear to be any specific action that causes them, and
usually users get through on their second attempt.

After looking through the error and request logs I am completely at a loss
to how this could happen. All parameters seem to be correct and users do get
through after trying again. There is a minimal delay between when the form
is generated and the user submits it.

Here is a sample of the parameters of one of the failing requests. (Some
parameters have been obfuscated). As you can see, the authenticity_token is
present.
Parameters: {"format"=>"fbml", "commit"=>"Continue",
"fb_sig_time"=>"1231261212.664",
"fb_sig"=>"828a350a3b6ade0223b0eeb911a51248", "fb_sig_in_new_facebook"=>"1",
"authenticity_token"=>"87149fbbb58318eb7b85f20b5b0cf2a75fa78a47",
"fb_sig_locale"=>"en_US", "action"=>"create",
"object1"=>{"prameter1"=>"***", "parameter2"=>"***"},
"fb_sig_position_fix"=>"1", "fb_sig_in_canvas"=>"1",
"fb_sig_session_key"=>"2.gvXYwPbU_5_RNd3GQLjg9A__.86400.1231351200-***",
"fb_sig_request_method"=>"POST", "controller"=>"***",
"fb_sig_expires"=>"1231351200", "fb_sig_friends"=>"***",
"fb_sig_added"=>"1", "fb_sig_api_key"=>"4ea2871be8fb71d66673d3692d94c6bc",
"fb_sig_user"=>"***", "fb_sig_profile_update_time"=>"1230057986"}

Does anyone have any idea how this could happen? After considering things
for a while I am wondering if CSRF protection is even necessary on Facebook
applications since users could be validated through the fb_sig_session_key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090106/d4e459f2/attachment.html>

From alan.larkin at gmail.com  Wed Jan  7 05:07:00 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Wed, 07 Jan 2009 10:07:00 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
In-Reply-To: <8d992eff0901061941h7026c826sa8a5b3b47751e409@mail.gmail.com>
References: <4963ED54.9000201@gmail.com>
	<8d992eff0901061941h7026c826sa8a5b3b47751e409@mail.gmail.com>
Message-ID: <49647EC4.30309@gmail.com>

It's supposed to be FBJS ... alert doesn't work in FBJS (AFAIK) so I see people 
recommending dialogs as a replacement.

Alan.

Bosco So wrote:
> Is the following line supposed to be JavaScript? If so, try changing it 
> to */alert('Ok'); return false;/*
> 
>     new Dialog().showMessage('Dialog', 'Ok'); return false;
> 
> 
> -- Bosco
> 
> 
> On Tue, Jan 6, 2009 at 3:46 PM, Alan Larkin <alan.larkin at gmail.com 
> <mailto:alan.larkin at gmail.com>> wrote:
> 
>     So I have been at this all day. I am trying to trigger an Ajax
>     request and subsequent dialog popup in response to a change in a
>     Select box. Heres what Ive got:
> 
>     <%= select_tag :player, options_for_select(...),
>        :onchange => "Ajax.Request(this.getValue(),
>          { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return
>     false;\" });" %>
> 
>     (the values of the select items are URLs)
> 
>     The logs show the query runs and returns successfully, but I cannot
>     get anything to happen beyond that. There is nothing in the JS error
>     console.
> 
>     Can anyone see whats wrong with the above?
> 
>     Alan.
> 
>     -- 
>     <a href="http://wikimediafoundation.org/wiki/Donate/en"><img
>     border="0" alt="Wikipedia Affiliate Button"
>     src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png"
>     /></a>
>     _______________________________________________
>     Facebooker-talk mailing list
>     Facebooker-talk at rubyforge.org <mailto:Facebooker-talk at rubyforge.org>
>     http://rubyforge.org/mailman/listinfo/facebooker-talk
> 
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From alan.larkin at gmail.com  Wed Jan  7 05:51:01 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Wed, 07 Jan 2009 10:51:01 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
In-Reply-To: <4963ED54.9000201@gmail.com>
References: <4963ED54.9000201@gmail.com>
Message-ID: <49648915.7060207@gmail.com>

Im thinking that this might be less wrong.

<fb:js-string var="successCallback">
   new Dialog().showMessage('Dialog', 'Ok');
   return false;
</fb:js-string>

<%= select_tag :player, options_for_select(...),
     :onchange => "Ajax.Request(this.getValue(), { onSuccess: successCallback 
});" %>

because I dont think the variables and functions in my original onSuccess code 
were being subjected to FBJS renaming. I am _guessing_ that using fb:js-string 
to prepare the code takes care of this, but there is still nothing happening in 
response to a successful Ajax request.

Alan Larkin wrote:
> So I have been at this all day. I am trying to trigger an Ajax request 
> and subsequent dialog popup in response to a change in a Select box. 
> Heres what Ive got:
> 
> <%= select_tag :player, options_for_select(...),
>     :onchange => "Ajax.Request(this.getValue(),
>       { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return 
> false;\" });" %>
> 
> (the values of the select items are URLs)
> 
> The logs show the query runs and returns successfully, but I cannot get 
> anything to happen beyond that. There is nothing in the JS error console.
> 
> Can anyone see whats wrong with the above?
> 
> Alan.
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From lee at crossbonesystems.com  Wed Jan  7 05:46:25 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Wed, 7 Jan 2009 10:46:25 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
In-Reply-To: <4963ED54.9000201@gmail.com>
References: <4963ED54.9000201@gmail.com>
Message-ID: <e8c2bee00901070246t73a836efge6439de81db7e15e@mail.gmail.com>

You don't seem to be using the FBJS ajax calls, is that intentional?
http://wiki.developers.facebook.com/index.php/FBJS#AJAX

Lee.


2009/1/6 Alan Larkin <alan.larkin at gmail.com>:
> So I have been at this all day. I am trying to trigger an Ajax request and
> subsequent dialog popup in response to a change in a Select box. Heres what
> Ive got:
>
> <%= select_tag :player, options_for_select(...),
>    :onchange => "Ajax.Request(this.getValue(),
>      { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return
> false;\" });" %>
>
> (the values of the select items are URLs)
>
> The logs show the query runs and returns successfully, but I cannot get
> anything to happen beyond that. There is nothing in the JS error console.
>
> Can anyone see whats wrong with the above?
>
> Alan.
>
> --
> <a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0"
> alt="Wikipedia Affiliate Button"
> src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png"
> /></a>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>



-- 
Lee Mallabone.
Crossbone Systems Ltd.

http://www.crossbonesystems.com/
http://www.fonicmonkey.net/
http://CambridgeWebHeads.ning.com/

From alan.larkin at gmail.com  Wed Jan  7 06:02:47 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Wed, 07 Jan 2009 11:02:47 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
In-Reply-To: <e8c2bee00901070246t73a836efge6439de81db7e15e@mail.gmail.com>
References: <4963ED54.9000201@gmail.com>
	<e8c2bee00901070246t73a836efge6439de81db7e15e@mail.gmail.com>
Message-ID: <49648BD7.1030504@gmail.com>

Emmm ... Im using the stuff in facebooker.js 
(http://github.com/mmangino/facebooker/tree/master/generators/facebook/templates/public/javascripts/facebooker.js) 
which uses the FBJS stuff ... just because its there, and it shields me a bit 
from the javascript, which is not my strong suit.

Alan.


Lee Mallabone wrote:
> You don't seem to be using the FBJS ajax calls, is that intentional?
> http://wiki.developers.facebook.com/index.php/FBJS#AJAX
> 
> Lee.
> 
> 
> 2009/1/6 Alan Larkin <alan.larkin at gmail.com>:
>> So I have been at this all day. I am trying to trigger an Ajax request and
>> subsequent dialog popup in response to a change in a Select box. Heres what
>> Ive got:
>>
>> <%= select_tag :player, options_for_select(...),
>>    :onchange => "Ajax.Request(this.getValue(),
>>      { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return
>> false;\" });" %>
>>
>> (the values of the select items are URLs)
>>
>> The logs show the query runs and returns successfully, but I cannot get
>> anything to happen beyond that. There is nothing in the JS error console.
>>
>> Can anyone see whats wrong with the above?
>>
>> Alan.
>>
>> --
>> <a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0"
>> alt="Wikipedia Affiliate Button"
>> src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png"
>> /></a>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
> 
> 
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From alan.larkin at gmail.com  Wed Jan  7 06:26:09 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Wed, 07 Jan 2009 11:26:09 +0000
Subject: [Facebooker-talk] FBJS, Ajax, Select box, Dialog
In-Reply-To: <49648915.7060207@gmail.com>
References: <4963ED54.9000201@gmail.com> <49648915.7060207@gmail.com>
Message-ID: <49649151.1050208@gmail.com>

Sigh ... facebooker.js#Ajax.Updater expects a function for onSuccess, not a 
String ...

<%= select_tag :player, options_for_select(...),
     :onchange => "Ajax.Request(this.getValue(), { onSuccess: function(data) {
       new Dialog().showMessage('Dialog', 'Hello World.');
       return false;
     }});" %>

does it XO

Alan.

Alan Larkin wrote:
> Im thinking that this might be less wrong.
> 
> <fb:js-string var="successCallback">
>   new Dialog().showMessage('Dialog', 'Ok');
>   return false;
> </fb:js-string>
> 
> <%= select_tag :player, options_for_select(...),
>     :onchange => "Ajax.Request(this.getValue(), { onSuccess: 
> successCallback });" %>
> 
> because I dont think the variables and functions in my original 
> onSuccess code were being subjected to FBJS renaming. I am _guessing_ 
> that using fb:js-string to prepare the code takes care of this, but 
> there is still nothing happening in response to a successful Ajax request.
> 
> Alan Larkin wrote:
>> So I have been at this all day. I am trying to trigger an Ajax request 
>> and subsequent dialog popup in response to a change in a Select box. 
>> Heres what Ive got:
>>
>> <%= select_tag :player, options_for_select(...),
>>     :onchange => "Ajax.Request(this.getValue(),
>>       { onSuccess: \"new Dialog().showMessage('Dialog', 'Ok'); return 
>> false;\" });" %>
>>
>> (the values of the select items are URLs)
>>
>> The logs show the query runs and returns successfully, but I cannot 
>> get anything to happen beyond that. There is nothing in the JS error 
>> console.
>>
>> Can anyone see whats wrong with the above?
>>
>> Alan.
>>
> 
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From klochner at gmail.com  Wed Jan  7 12:04:48 2009
From: klochner at gmail.com (kevin lochner)
Date: Wed, 7 Jan 2009 12:04:48 -0500
Subject: [Facebooker-talk] Random authenticity token failures *
In-Reply-To: <898597185.2137.1231314839807.JavaMail.prod@app004.boxbe.com>
References: <898597185.2137.1231314839807.JavaMail.prod@app004.boxbe.com>
Message-ID: <84ADC985-75C3-4254-8B2F-89970B3F7306@gmail.com>

This is related to the message I sent yesterday.  You're probably  
getting
the error when facebook pings your post-auth url.

stumbling around a little, I found this discussion from march, which  
advocated
skipping the verify_authenticity_token for your callback url from  
facebook:

http://rubyforge.org/pipermail/facebooker-talk/2008-March/000456.html

I didn't have any problem taking the standard approach in my controller:
    skip_before_filter :verify_authenticity_token, :only=>[:post-auth- 
url, :post-remove-url]

and as you said, as long as you're verifying the signature in these  
functions,
it shouldn't be a security concern.


On Jan 6, 2009, at 10:24 PM, George Deglin wrote:

> George Deglin (george at xapblog.com) requested to be added to your  
> Guest List | Approve sender
> For quite a while now users on my application have seemingly  
> randomly experienced authenticity token failures. I think I may have  
> seen them a couple times myself.
>
> The error is as follows:
> ActionController::
> InvalidAuthenticityToken
>  /home/deploy/.gem/ruby/1.8/gems/actionpack-2.2.2/lib/ 
> action_controller/request_forgery_protection.rb:86:in  
> `verify_authenticity_token'
>
> There does not appear to be any specific action that causes them,  
> and usually users get through on their second attempt.
>
> After looking through the error and request logs I am completely at  
> a loss to how this could happen. All parameters seem to be correct  
> and users do get through after trying again. There is a minimal  
> delay between when the form is generated and the user submits it.
>
> Here is a sample of the parameters of one of the failing requests.  
> (Some parameters have been obfuscated). As you can see, the  
> authenticity_token is present.
> Parameters: {"format"=>"fbml", "commit"=>"Continue",  
> "fb_sig_time"=>"1231261212.664",  
> "fb_sig"=>"828a350a3b6ade0223b0eeb911a51248",  
> "fb_sig_in_new_facebook"=>"1",  
> "authenticity_token"=>"87149fbbb58318eb7b85f20b5b0cf2a75fa78a47",  
> "fb_sig_locale"=>"en_US", "action"=>"create",  
> "object1"=>{"prameter1"=>"***", "parameter2"=>"***"},  
> "fb_sig_position_fix"=>"1", "fb_sig_in_canvas"=>"1",  
> "fb_sig_session_key"=>"2.gvXYwPbU_5_RNd3GQLjg9A__.86400.1231351200- 
> ***", "fb_sig_request_method"=>"POST", "controller"=>"***",  
> "fb_sig_expires"=>"1231351200", "fb_sig_friends"=>"***",  
> "fb_sig_added"=>"1",  
> "fb_sig_api_key"=>"4ea2871be8fb71d66673d3692d94c6bc",  
> "fb_sig_user"=>"***", "fb_sig_profile_update_time"=>"1230057986"}
>
> Does anyone have any idea how this could happen? After considering  
> things for a while I am wondering if CSRF protection is even  
> necessary on Facebook applications since users could be validated  
> through the fb_sig_session_key.
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090107/f254bfca/attachment.html>

From jesse at jesseclark.com  Wed Jan  7 17:38:06 2009
From: jesse at jesseclark.com (Jesse Clark)
Date: Wed, 7 Jan 2009 14:38:06 -0800
Subject: [Facebooker-talk] Facebook app as part of a larger rails app
	handled by one controller
Message-ID: <EB9D3D05-A20F-4BBD-A183-59F87046271F@jesseclark.com>

Hi all,

I found this thread from a while back which discusses the situation  
where one wants to implement a Facebooker app that is handled by one  
controller of a rails app: http://rubyforge.org/pipermail/facebooker-talk/2008-January/000093.html

I am in this situation with my app. Is the suggested best practice to  
handle this still to change relative_url_root as David describes and  
then add a route for:

map 
.canvas_page_base 
( "#{ENV["FACEBOOK_APP_NAME"]}/:action/:id", :controller => 'facebook' )

? Or, has Facebooker been modified to allow this configuration without  
hacking relative_url_root?

What is the current suggestion for handling this situation?

Thanks in advance,
-Jesse

  

From mmangino at elevatedrails.com  Fri Jan  9 09:16:15 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 9 Jan 2009 09:16:15 -0500
Subject: [Facebooker-talk] What a great community!
Message-ID: <D960FDEE-D41F-49CA-BCB1-E8EA958ABFD3@elevatedrails.com>

I just pulled in a couple of patches on GitHub and wanted to say a big  
thank you to everybody. I'm amazed at the number of people that have  
contributed to Facebooker recently.

There are two notable recent patches. First, HiroProt provided  
bindings for the curb gem. If you have curb installed, Facebooker will  
now use that instead of net::http. This allows you to specify a  
timeout in your api calls (by setting timeout in your facebooker.yml  
file) and should work much better in threaded environments. If you  
don't have curb installed, net::http will be used.

Second, Kevin Lochner added a configuration option that stops  
Facebooker from setting your AssetHost. By default, we still set the  
asset host to the callback url. You can disable this by adding
   set_asset_host_to_callback_url: false
to your facebooker.yml file

If you've got a github repo with other useful changes, let me know.

Mike

--
Mike Mangino
http://www.elevatedrails.com




From alan.larkin at gmail.com  Sat Jan 10 08:10:20 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Sat, 10 Jan 2009 13:10:20 +0000
Subject: [Facebooker-talk] Showing updated facebook_messages after Ajax
	failure
Message-ID: <49689E3C.7040102@gmail.com>

I'm trying to work out how to update facebook_messages when an Ajax request fails.

I thought I would do something based on the Ajax/JSON example in Mangino's book. 
  So I created a created a partial which simply renders facebook_messages:

# views/shared/_messages.fbml.erb
<div id="messages">
   <%= facebook_messages %>
</div>

In my controller's error handling section I do something like:

respond_to do |format|
   format.json do
     flash[:error] = 'An error message'
     render :json => { :ids => [:messages],
                       :fbml_messages => render_to_string(:partial => 
'shared/messages.fbml.erb')
     }, :status => 500
   end
end

And in my view use:

"function(data) {
   for(var i = 0; i < data["ids"].length; i++) {
     var id = data["ids"][i];
     $(id).setInnerFBML(data["fbml_" + id]);
   }
}"

as the failure callback.

However, unlike the success callback, the failure callback does not receive any 
arguments, so the message partial which was rendered to string is unavailable 
and thus cannot be used to update the page!

If instead I try to use fb:js-string to convert the FBML for displaying the 
facebook_messages to a Javascript variable, it will only be evaluated once, when 
the page loads, and thus not show any subsequent updates of the flash variables 
due to Ajax requests.

So what the hell does one do??

-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From digidigo at gmail.com  Mon Jan 12 16:23:17 2009
From: digidigo at gmail.com (David Clements)
Date: Mon, 12 Jan 2009 14:23:17 -0700
Subject: [Facebooker-talk] Desktop Apps?
Message-ID: <ea9161c50901121323w2a5cf904hfbba2005cf774975@mail.gmail.com>

Anyone still using Facebooker for Desktop apps?   I am looking at building a
photo upload script.
Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090112/cec88318/attachment.html>

From digidigo at gmail.com  Mon Jan 12 17:14:32 2009
From: digidigo at gmail.com (David Clements)
Date: Mon, 12 Jan 2009 15:14:32 -0700
Subject: [Facebooker-talk] Desktop Apps?
In-Reply-To: <ea9161c50901121323w2a5cf904hfbba2005cf774975@mail.gmail.com>
References: <ea9161c50901121323w2a5cf904hfbba2005cf774975@mail.gmail.com>
Message-ID: <ea9161c50901121414n6688dd4dl293da5a1242608f8@mail.gmail.com>

Looks like Desktop App designation has been deprecated.  They say you can
use Facebook Connect now.

On Mon, Jan 12, 2009 at 2:23 PM, David Clements <digidigo at gmail.com> wrote:

> Anyone still using Facebooker for Desktop apps?   I am looking at building
> a photo upload script.
> Dave
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090112/8500d1e3/attachment-0001.html>

From klochner at gmail.com  Mon Jan 12 17:42:54 2009
From: klochner at gmail.com (kevin lochner)
Date: Mon, 12 Jan 2009 17:42:54 -0500
Subject: [Facebooker-talk] Desktop Apps?
In-Reply-To: <ea9161c50901121414n6688dd4dl293da5a1242608f8@mail.gmail.com>
References: <ea9161c50901121323w2a5cf904hfbba2005cf774975@mail.gmail.com>
	<ea9161c50901121414n6688dd4dl293da5a1242608f8@mail.gmail.com>
Message-ID: <8AC12B1C-3651-4A7D-ADC7-6ACE16EB5FBA@gmail.com>

Time to refactor?

On Jan 12, 2009, at 5:14 PM, David Clements wrote:

> Looks like Desktop App designation has been deprecated.  They say  
> you can use Facebook Connect now.
>
> On Mon, Jan 12, 2009 at 2:23 PM, David Clements <digidigo at gmail.com>  
> wrote:
> Anyone still using Facebooker for Desktop apps?   I am looking at  
> building a photo upload script.
> Dave
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090112/a0329d91/attachment.html>

From digidigo at gmail.com  Mon Jan 12 19:36:10 2009
From: digidigo at gmail.com (David Clements)
Date: Mon, 12 Jan 2009 17:36:10 -0700
Subject: [Facebooker-talk] Desktop Apps.
Message-ID: <ea9161c50901121636h763702a5wa494dd85b6f93381@mail.gmail.com>

So here is an interesting code snippet that works for getting access for a
desktop application.  Note:  I think you still need to send people to a
browser to get permissions.  And I can't see yet how to make sure that
people grant offline access.


require File.dirname(__FILE__) + '/../config/environment'

ENV['FACEBOOK_API_KEY'] = 'd426e210e1253c5cd7d86d6683cef056'

ENV['FACEBOOK_SECRET_KEY'] = 'SECRET'
session = Facebooker::Session.create( 'd426e210e1253c5cd7d86d6683cef056',
'SECRET' )

puts session.auth_token  #this makes the call to get auth token


puts "Paste the URL into your web browser and login:"
puts session.login_url + "&auth_token=#{session.auth_token}";

puts "Hit return to continue..."
gets



puts "What are you doing?"
puts "#{session.user.name} #{session.user.status.message}"

puts "Session  " + session.inspect
puts "Key " + session.instance_variable_get("@session_key").to_s;
puts "Expires " + session.instance_variable_get("@expires").to_s;
puts "User" + session.user.id.to_s
puts "Session Secret " +
session.instance_variable_get("@secret_from_session").to_s;

# Now you could save the session key and expiry to make more calls later.
But only for an hour.

 file = Net::HTTP::MultipartPostFile.new(
             "test.png",
             "",
             File.read("/Users/dclements/Desktop/screen0.png")
           )


session.user.upload_photo(file,:caption => "just messing around")
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090112/ee758025/attachment.html>

From lee at crossbonesystems.com  Tue Jan 13 09:53:42 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Tue, 13 Jan 2009 14:53:42 +0000
Subject: [Facebooker-talk] call queuing
Message-ID: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>

Hi all,

I'm using profile.setFBML for an app I'm working on and in development
I'm seeing fairly lengthy response times. It normally seems to return
well within 1-3 seconds but occasionally seems to spike at around 20
seconds.

As I'm calling setFBML in response to a user action (on a canvas
page), this could give a really bad user experience. I don't think my
FBML pages are especially large so I'm wondering, are these sorts of
timings normal?

If so, is anyone already using an asynchronous queuing system to cope
with this issue that they'd be willing to point me at? I could roll my
own, but if setFBML typically takes a while it seems like something
that would be useful for a large number of facebooker users.

Regards,
Lee.


-- 
Lee Mallabone.
Crossbone Systems Ltd.

http://www.crossbonesystems.com/
http://www.fonicmonkey.net/
http://CambridgeWebHeads.ning.com/

From mmangino at elevatedrails.com  Tue Jan 13 10:05:31 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Tue, 13 Jan 2009 10:05:31 -0500
Subject: [Facebooker-talk] call queuing
In-Reply-To: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
Message-ID: <B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>

We process all API calls through a set of starling queues. We have a  
ProfileUpdate object so our flow looks like:

class User
   def refresh_profile
     ProfileUpdate.new(self.faceook_id).enqueue
   end
end

We then have a job that pulls Profile Update messages off of the queue  
and calls execute on them. The execute method does the profile update.

My using the command pattern we know we can throw any object the  
implements execute onto the queue and the processing daemons will  
handle it.

Mike

On Jan 13, 2009, at 9:53 AM, Lee Mallabone wrote:

> Hi all,
>
> I'm using profile.setFBML for an app I'm working on and in development
> I'm seeing fairly lengthy response times. It normally seems to return
> well within 1-3 seconds but occasionally seems to spike at around 20
> seconds.
>
> As I'm calling setFBML in response to a user action (on a canvas
> page), this could give a really bad user experience. I don't think my
> FBML pages are especially large so I'm wondering, are these sorts of
> timings normal?
>
> If so, is anyone already using an asynchronous queuing system to cope
> with this issue that they'd be willing to point me at? I could roll my
> own, but if setFBML typically takes a while it seems like something
> that would be useful for a large number of facebooker users.
>
> Regards,
> Lee.
>
>
> -- 
> Lee Mallabone.
> Crossbone Systems Ltd.
>
> http://www.crossbonesystems.com/
> http://www.fonicmonkey.net/
> http://CambridgeWebHeads.ning.com/
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From alan.larkin at gmail.com  Tue Jan 13 10:16:54 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Tue, 13 Jan 2009 15:16:54 +0000
Subject: [Facebooker-talk] call queuing
In-Reply-To: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
Message-ID: <496CB066.9080208@gmail.com>

Did you see Ryan Bs screencast on Starling and Workling? Its probably a suitable 
solution for "out-lining" API calls.

Alan.

Lee Mallabone wrote:
> Hi all,
> 
> I'm using profile.setFBML for an app I'm working on and in development
> I'm seeing fairly lengthy response times. It normally seems to return
> well within 1-3 seconds but occasionally seems to spike at around 20
> seconds.
> 
> As I'm calling setFBML in response to a user action (on a canvas
> page), this could give a really bad user experience. I don't think my
> FBML pages are especially large so I'm wondering, are these sorts of
> timings normal?
> 
> If so, is anyone already using an asynchronous queuing system to cope
> with this issue that they'd be willing to point me at? I could roll my
> own, but if setFBML typically takes a while it seems like something
> that would be useful for a large number of facebooker users.
> 
> Regards,
> Lee.
> 
> 


-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From jacob.refstrup at hp.com  Wed Jan 14 00:35:37 2009
From: jacob.refstrup at hp.com (Jacob Refstrup)
Date: Tue, 13 Jan 2009 21:35:37 -0800
Subject: [Facebooker-talk] No 'secret' returned by facebook.auth.getSession
Message-ID: <496D79A9.1090908@hp.com>

(also posted at http://forum.developers.facebook.com/viewtopic.php?id=26779)

Hi,

Caveat:- New to facebook apps so it's possible that I've made some 
silly/obvious (except to me) mistakes...

Downloaded facebooker (ruby gem) and followed instructions to get write 
a simple desktop app.

I manage to authorize the app as my facebook user (i.e. 
facebook.auth.createToken worked and 
login.php?api_key=xxx&v=1.0&auth_token=xxx also worked).

Now when the desktop app continues I try a facebook.auth.getSession and 
I get back session_key, uid and expires. But I don't get back a secret 
which is what I'm supposed to sign future requests.

In theory getSession is supposed to be done with https - but right now 
facebooker doesn't support that. Is that the cause of my troubles or is 
there something else I should try?

If the facebook.auth.getSession includes a generate_session_secret=true 
then I do get back a secret; but subsequent authentication fails 
(signature invalid).

Any help is appreciated,
- Jacob

From kig at infectious.com  Wed Jan 14 17:33:00 2009
From: kig at infectious.com (Konstantin Gredeskoul)
Date: Wed, 14 Jan 2009 14:33:00 -0800
Subject: [Facebooker-talk] Announcing Facebook Connect support
Message-ID: <67216c430901141433h781ae3d8j33b938fd2d5fe9e5@mail.gmail.com>

Thanks all for adding Facebook Connect support to facebooker plugin.

I am looking integrating FBC into our site, and have a couple of
questions, pardon if they are noobish, but I am new to Facebook
platform.

My main goal is to streamline registration process for users of FB,
and to allow posting stories back to FB. I understand that I can
integrate FbC javascript, and in conjunction with xd_receiver file,
the javascript loaded from FB will be able to modify HTML page based
on user information, logged in state, etc. The example with Javascript
I saw, has a static HTML site, and all the connect stuff happens on
the client in Javascript.

It is my understanding that Facebooker plugin supports rich REST API
to Facebook, so what I am not clear on is how is information passed
between my site and facebook.

1) Initially, I believe it is javascript that establishes connection
and sets the cookie - inside <%= init_fb_connect "XFBML"%>
2) after that I can now use this in my view:

<% if facebook_session %>
  <%= facebook_session.user.hometown_location.city %>
<% else %>

My question is: does this helper require a REST API call to FB
servers?  Or is that data cached in the cookie/session? Or is that
data obtained by generating javascript that updates HTML when it
loads?

If I was to register someone from Facebook on my website, I would like
to capture their first name, last name and email in order to create a
proper account on our site. If this information is available at the
controller level, then I have no problem with this.

if, however, it's only available in the client javascript layer, I
will probably have to construct an ajax call to send this information
back to the server, so that I can register the user.

Any clarification on how FB connect + Facebooker actually works, and
whether the data is available at the controller level is much
appreciated.  If I am off track completely, please feel free to chime
in.

Thanks
Konstantin

From mmangino at elevatedrails.com  Wed Jan 14 18:02:06 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Wed, 14 Jan 2009 18:02:06 -0500
Subject: [Facebooker-talk] Announcing Facebook Connect support
In-Reply-To: <67216c430901141433h781ae3d8j33b938fd2d5fe9e5@mail.gmail.com>
References: <67216c430901141433h781ae3d8j33b938fd2d5fe9e5@mail.gmail.com>
Message-ID: <A28AEF4E-278C-4B19-88DC-3F990EC0DCFE@elevatedrails.com>


On Jan 14, 2009, at 5:33 PM, Konstantin Gredeskoul wrote:

>
>
> My question is: does this helper require a REST API call to FB
> servers?  Or is that data cached in the cookie/session? Or is that
> data obtained by generating javascript that updates HTML when it
> loads?

That will require a REST call. The only things handled by javascript  
are the XFBML tags

>
>
> If I was to register someone from Facebook on my website, I would like
> to capture their first name, last name and email in order to create a
> proper account on our site. If this information is available at the
> controller level, then I have no problem with this.

You should read the Facebook TOS. You can't capture any of this. The  
name is available, but can't be stored.

>
>
> if, however, it's only available in the client javascript layer, I
> will probably have to construct an ajax call to send this information
> back to the server, so that I can register the user.
>
> Any clarification on how FB connect + Facebooker actually works, and
> whether the data is available at the controller level is much
> appreciated.  If I am off track completely, please feel free to chime
> in.

Once you log in, you should get a Facebook session object. From there,  
your application works just like a Facebook canvas application. You  
can check out http://www.pragprog.com/titles/mmfacer to learn more.  
The book shows how to get data using the REST API on the server side.  
There are screencasts available that show similar information.

Mike

>
>
> Thanks
> Konstantin
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From alan.larkin at gmail.com  Tue Jan 20 09:22:28 2009
From: alan.larkin at gmail.com (Alan Larkin)
Date: Tue, 20 Jan 2009 14:22:28 +0000
Subject: [Facebooker-talk] Bug when empty result set from fql_query within
	batch.
Message-ID: <4975DE24.5000702@gmail.com>

I think I've found a bug.

Try this for a user who is a fan of 0 pages (also happens for 0 listings, 0 
notes, etc.).

pages = nil
facebook_session.batch do
   pages = facebook_session.fql_query("SELECT page_id FROM page_fan WHERE uid = 
#{facebook_id}", 'XML')
end
p pages

You would expect an empty array but what actually happens is an "unexpected 
return" error.

I guess it must be something to do with the way #batch turns the body into a 
block, but I don't really understand it.

Anyway, a fix is to rewrite #fql_query like:

if type.nil?
   []
else
   ...
end

rather than using an explicit return. I would stick this fix into my fork and 
request a pull but perhaps someone will understand better and have a nicer fix?

Alan.

P.S.

Is anyone working on a JSON parser for fql_query? I hate to waste bandwidth on 
bloated XML.

-- 
<a href="http://wikimediafoundation.org/wiki/Donate/en"><img border="0" 
alt="Wikipedia Affiliate Button" 
src="http://upload.wikimedia.org/wikipedia/foundation/5/58/2008_fundraiser_micro_button-en.png" 
/></a>

From daklaw at gmail.com  Tue Jan 20 16:11:07 2009
From: daklaw at gmail.com (David Law)
Date: Tue, 20 Jan 2009 13:11:07 -0800
Subject: [Facebooker-talk] alias_method_chain in Facebooker Causing Stack
	Level Too Deep
Message-ID: <9ed60450901201311l5e5ee58ufbc476066ed4c04d@mail.gmail.com>

I installed the Facebooker plugin and upon placing it on a staging server, I
keep running into stack level too deep errors.  It seems to stem from
Facebooker using alias_method_chain to override some of the
ActionController methods.  I believe it's getting loaded twice causing
confusion.  I've tried various methods include wrapping a unless
respond_to?(:method) around the alias_method_chain call to keep it
from being called twice.  However, none of this has worked?  Has anyone run
into this problem and found a remedy?  I know alias_method_chain is a pretty
popular way to override methods, so I
can't imagine this being the first instance of alias_method_chain causing
this problem.  Here is some of the sample code I'm looking to fix:

module ::ActionController
  class Base
    def self.inherited_with_facebooker(subclass)
      inherited_without_facebooker(subclass)
      if subclass.to_s == "ApplicationController"
        subclass.send(:include,Facebooker::Rails::Controller)
        subclass.helper Facebooker::Rails::Helpers
      end
    end
    class << self
      unless ActionController::Base.respond_to?
(:inherited_with_facebooker)
        alias_method_chain :inherited, :facebooker
      end

    end
  end
end
Here you can see the method inherited has been aliased to
inherited_with_facebooker and inherited_without_facebooker has been aliased
to inherited.  However, when the method is called
inherited_without_facebooker goes into an endless recursive call which
results in a stack level too deep error.  I tried to prevent
alias_method_chain from being called twice (which is what I suspect the
problem being) by checking if inherited_with_facebooker already exists.  It
has not seemed to fix the problem.  Does anyone else have a possible
solution I may try.  Thanks again!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090120/6c5ba37e/attachment.html>

From aurelien.malisart.mailinglists at gmail.com  Wed Jan 21 07:30:43 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Wed, 21 Jan 2009 13:30:43 +0100
Subject: [Facebooker-talk] autocompletion inside facebook?
Message-ID: <99DB6DCE-4878-420D-B005-88278FBADA54@gmail.com>

Hi, I just finished the book from Mike Mangino.
It looks like the ability to use ?high level javascript? inside the  
canvas is quite hard. FBJS is painful for developers I think.

I?m trying to have a simple autocompletion for a text field in my app.  
Was someone able to use this:
http://wiki.developers.facebook.com/index.php/FBJS/Examples/Typeahead/AJAX 
  ?
The ajax call is well done on my server but nothing happens client  
side (no error neither).

Does someone have another solution to implement basic autocompletions  
inside Facebook? I don?t especially want to use Facebook?s one. Most  
packages of course use Prototype or jQuery.

Thanks!

Aur?lien

From aurelien.malisart.mailinglists at gmail.com  Wed Jan 21 12:20:19 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Wed, 21 Jan 2009 18:20:19 +0100
Subject: [Facebooker-talk] autocompletion inside facebook?
In-Reply-To: <c1861420901210904g7dee395bqbe15d35e299d680b@mail.gmail.com>
References: <99DB6DCE-4878-420D-B005-88278FBADA54@gmail.com>
	<c1861420901210904g7dee395bqbe15d35e299d680b@mail.gmail.com>
Message-ID: <1175EB95-6254-404A-BC33-DD8EE0A63ECF@gmail.com>

Thanks Zhao,

I should have said I was trying to do an AJAX autocompletion.

Your solution should work but what if I have 1000 items to search or  
more?
I cannot include all searchable items into the FBML, isn't it?

Aur?lien

On 21 Jan 2009, at 18:04, Zhao Lu wrote:

> Aurelien,
>
> I have implemented typeahead in my facebook app without much  
> difficulty:
>
>               <fb:fbml version="1.1">
>                 <fb:typeahead-input name="contact_search"  
> autocomplete="off" onselect="updateAccountOptions()">
>                   <% current_user.contacts.each do |contact| %>
>                     <% id = contact.id %>
>                     <% fullname = contact.name %>
>                     <fb:typeahead-option value="<%= id %>"><%=  
> fullname %></fb:typeahead-option>
>                   <% end %>
>                 </fb:typeahead-input>
>               </fb:fbml>
>
> The typeahead is used to suggest the contacts of the current user.
>
> Zhao
>
> On Wed, Jan 21, 2009 at 4:30 AM, Malisart Aur?lien <aurelien.malisart.mailinglists at gmail.com 
> > wrote:
> Hi, I just finished the book from Mike Mangino.
> It looks like the ability to use "high level javascript" inside the  
> canvas is quite hard. FBJS is painful for developers I think.
>
> I'm trying to have a simple autocompletion for a text field in my  
> app. Was someone able to use this:
> http://wiki.developers.facebook.com/index.php/FBJS/Examples/Typeahead/AJAX 
>  ?
> The ajax call is well done on my server but nothing happens client  
> side (no error neither).
>
> Does someone have another solution to implement basic  
> autocompletions inside Facebook? I don't especially want to use  
> Facebook's one. Most packages of course use Prototype or jQuery.
>
> Thanks!
>
> Aur?lien
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
>
>
> -- 
> Zhao

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090121/8706b8bf/attachment.html>

From mmangino at elevatedrails.com  Wed Jan 21 12:47:04 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Wed, 21 Jan 2009 12:47:04 -0500
Subject: [Facebooker-talk] autocompletion inside facebook?
In-Reply-To: <1175EB95-6254-404A-BC33-DD8EE0A63ECF@gmail.com>
References: <99DB6DCE-4878-420D-B005-88278FBADA54@gmail.com>
	<c1861420901210904g7dee395bqbe15d35e299d680b@mail.gmail.com>
	<1175EB95-6254-404A-BC33-DD8EE0A63ECF@gmail.com>
Message-ID: <9A5C9F98-20D1-45DD-ACC9-11D82C1DB32A@elevatedrails.com>

There's a typeahead helper in the facebook form builder, but it  
doesn't do ajax. I would try this solution first though. Depending  
upon the size of the items, 1000 items is only about 10k. It might not  
be that bad.

Mike

On Jan 21, 2009, at 12:20 PM, Malisart Aur?lien wrote:

> Thanks Zhao,
>
> I should have said I was trying to do an AJAX autocompletion.
>
> Your solution should work but what if I have 1000 items to search or  
> more?
> I cannot include all searchable items into the FBML, isn't it?
>
> Aur?lien
>
> On 21 Jan 2009, at 18:04, Zhao Lu wrote:
>
>> Aurelien,
>>
>> I have implemented typeahead in my facebook app without much  
>> difficulty:
>>
>>               <fb:fbml version="1.1">
>>                 <fb:typeahead-input name="contact_search"  
>> autocomplete="off" onselect="updateAccountOptions()">
>>                   <% current_user.contacts.each do |contact| %>
>>                     <% id = contact.id %>
>>                     <% fullname = contact.name %>
>>                     <fb:typeahead-option value="<%= id %>"><%=  
>> fullname %></fb:typeahead-option>
>>                   <% end %>
>>                 </fb:typeahead-input>
>>               </fb:fbml>
>>
>> The typeahead is used to suggest the contacts of the current user.
>>
>> Zhao
>>
>> On Wed, Jan 21, 2009 at 4:30 AM, Malisart Aur?lien <aurelien.malisart.mailinglists at gmail.com 
>> > wrote:
>> Hi, I just finished the book from Mike Mangino.
>> It looks like the ability to use "high level javascript" inside the  
>> canvas is quite hard. FBJS is painful for developers I think.
>>
>> I'm trying to have a simple autocompletion for a text field in my  
>> app. Was someone able to use this:
>> http://wiki.developers.facebook.com/index.php/FBJS/Examples/Typeahead/AJAX 
>>  ?
>> The ajax call is well done on my server but nothing happens client  
>> side (no error neither).
>>
>> Does someone have another solution to implement basic  
>> autocompletions inside Facebook? I don't especially want to use  
>> Facebook's one. Most packages of course use Prototype or jQuery.
>>
>> Thanks!
>>
>> Aur?lien
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>>
>>
>> -- 
>> Zhao
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From aurelien.malisart.mailinglists at gmail.com  Wed Jan 21 16:51:26 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Wed, 21 Jan 2009 22:51:26 +0100
Subject: [Facebooker-talk] autocompletion inside facebook?
In-Reply-To: <9A5C9F98-20D1-45DD-ACC9-11D82C1DB32A@elevatedrails.com>
References: <99DB6DCE-4878-420D-B005-88278FBADA54@gmail.com>
	<c1861420901210904g7dee395bqbe15d35e299d680b@mail.gmail.com>
	<1175EB95-6254-404A-BC33-DD8EE0A63ECF@gmail.com>
	<9A5C9F98-20D1-45DD-ACC9-11D82C1DB32A@elevatedrails.com>
Message-ID: <635F1F3D-D3AE-4740-9D79-1C57507937D4@gmail.com>


On 21 Jan 2009, at 18:47, Mike Mangino wrote:

> There's a typeahead helper in the facebook form builder, but it  
> doesn't do ajax. I would try this solution first though. Depending  
> upon the size of the items, 1000 items is only about 10k. It might  
> not be that bad.

Yes indeed...
I'll try to see if this number is borned or not in practice for my  
actual case.

Thanks.


From vincentchu at gmail.com  Wed Jan 21 17:36:55 2009
From: vincentchu at gmail.com (vincent chu)
Date: Wed, 21 Jan 2009 14:36:55 -0800
Subject: [Facebooker-talk] Possible Bug in Facebooker's Connect support
	(secure_with_cookies!) ?
Message-ID: <ddc18b3e0901211436u425b9bffr2627e89b14986a61@mail.gmail.com>

Facebooker folks ---

I was having trouble running the facebook-connect tutorial (
http://www.elevatedrails.com/articles/2009/01/02/announcing-facebooker-support-for-facebook-connect/
) --- I could log my test-account in, but I couldn't get a valid
facebook_session to show up.

I've traced the problem to Facebooker's "secure_with_cookies!" method
and realized that if the user happens to have an infinite session, his
'expires' cookie is set to "0", which means that Facebooker will think
that his cookie expired in 1969 -- hence no facebook_session for
anybody with a persistent session key.

I've gotten the tutorial to run successfully if I check for a
persistent session_key in the method:

return unless (Time.at(parsed['expires'].to_f) > Time.now) ||
(parsed['expires'] == "0")

Don't know if the method is written this way for a reason, but I
thought I'd let you all now anyway ...

Cheers,

Vince


----
Vincent Chu
Department of Applied Physics
Geballe Laboratory of Advanced Materials
McCullough Bldg. 318
476 Lomita Mall
Stanford, CA, 94305

vchu AT post.harvard.edu
vincentchu AT gmail.com

http://www.stanford.edu/~vincentc (homepage, updated sporadically)

Consider this:
"The smallest positive integer not definable in under eleven words."

From mmangino at elevatedrails.com  Wed Jan 21 19:26:08 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Wed, 21 Jan 2009 19:26:08 -0500
Subject: [Facebooker-talk] Possible Bug in Facebooker's Connect support
	(secure_with_cookies!) ?
In-Reply-To: <ddc18b3e0901211436u425b9bffr2627e89b14986a61@mail.gmail.com>
References: <ddc18b3e0901211436u425b9bffr2627e89b14986a61@mail.gmail.com>
Message-ID: <D15E5521-CC4F-4E25-B4C8-F1748102EE9F@elevatedrails.com>

Thanks! I pulled this in along with another fix from Kevin Lochner. I  
also bumped the version number to generate new gems.

Mike

On Jan 21, 2009, at 5:36 PM, vincent chu wrote:

> Facebooker folks ---
>
> I was having trouble running the facebook-connect tutorial (
> http://www.elevatedrails.com/articles/2009/01/02/announcing-facebooker-support-for-facebook-connect/
> ) --- I could log my test-account in, but I couldn't get a valid
> facebook_session to show up.
>
> I've traced the problem to Facebooker's "secure_with_cookies!" method
> and realized that if the user happens to have an infinite session, his
> 'expires' cookie is set to "0", which means that Facebooker will think
> that his cookie expired in 1969 -- hence no facebook_session for
> anybody with a persistent session key.
>
> I've gotten the tutorial to run successfully if I check for a
> persistent session_key in the method:
>
> return unless (Time.at(parsed['expires'].to_f) > Time.now) ||
> (parsed['expires'] == "0")
>
> Don't know if the method is written this way for a reason, but I
> thought I'd let you all now anyway ...
>
> Cheers,
>
> Vince
>
>
> ----
> Vincent Chu
> Department of Applied Physics
> Geballe Laboratory of Advanced Materials
> McCullough Bldg. 318
> 476 Lomita Mall
> Stanford, CA, 94305
>
> vchu AT post.harvard.edu
> vincentchu AT gmail.com
>
> http://www.stanford.edu/~vincentc (homepage, updated sporadically)
>
> Consider this:
> "The smallest positive integer not definable in under eleven words."
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From adeel at proletariandesign.com  Thu Jan 22 03:46:43 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 00:46:43 -0800
Subject: [Facebooker-talk] convert_options_to_javascript_without_facebooker
	breaking link_to?
Message-ID: <168ef1510901220046q615b5e0bj4e98eb76820fc149@mail.gmail.com>

I've got Facebooker installed on my app but as soon as I start my app and go
to localhost:3000 I get the following error:

.../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
`convert_options_to_javascript_without_facebooker!'
.../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
`convert_options_to_javascript!'
.../vendor/rails/actionpack/lib/action_view/helpers/url_helper.rb:69:in
`link_to'
.../app/views/main/index.rhtml:18:in
`_run_rhtml_47app47views47main47index46rhtml'

The line in the view template it's talking about is: <%= link_to "(view
all)", {:controller => "products", :action => "index"}, :style => "float:
right;") %>

When I remove the style hash it's fine with this line but then it catches an
error on the very next link_to that has an html_option.

Can someone explain why this is happening, and whether html_option is really
incompatible with facebooker?


-a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/42d9d868/attachment.html>

From jesse.ikonen at kaseygroup.com  Thu Jan 22 16:02:59 2009
From: jesse.ikonen at kaseygroup.com (Jesse Ikonen)
Date: Thu, 22 Jan 2009 16:02:59 -0500
Subject: [Facebooker-talk] hashed_content method problem in short and full
	stories
In-Reply-To: <mailman.48.1232574764.22196.facebooker-talk@rubyforge.org>
References: <mailman.48.1232574764.22196.facebooker-talk@rubyforge.org>
Message-ID: <34657628-BAA1-4967-B748-629CC5AD22E0@kaseygroup.com>

Hello,

afaik I'm having issue with publisher.rb method called hashed_content.

This is my UserPublisher template stuff:

   def question_template
     one_line_story_template "{*actor*} asked a question in  
{*app_link*}"
     full_story_template "{*actor*} asked '{*body*}' in  
{*app_link*}.", "Voting expires {*date*}."
   end

Following happens:

 >> UserPublisher.register_question
NoMethodError: undefined method `<=>' for :template_title:Symbol
	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
180:in `sort_by'
	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
180:in `hashed_content'
	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
131:in `register'
	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
451:in `method_missing'
	from (irb):1

If I have short_story_template it will break on line number 179.

I think this has something to do with this commit @ github:

	-            Digest::MD5.hexdigest  
[publisher.one_line_story_templates, publisher.short_story_templates,  
publisher.full_story_template].to_json
	+            # sort the Hash elements (in the short_story and  
full_story) before generating MD5
	+            Digest::MD5.hexdigest [publisher.one_line_story_templates,
	+               (publisher.short_story_templates and  
publisher.short_story_templates.collect{|ss| ss.to_a.sort_by{|e|  
e[0]}}),
	+               (publisher.full_story_template and  
publisher.full_story_template.to_a.sort_by{|e| e[0]})
	+               ].to_json

Has anyone experienced same or any clue of what I'm doing wrong?

Thanks!



From mmangino at elevatedrails.com  Thu Jan 22 09:21:03 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Thu, 22 Jan 2009 09:21:03 -0500
Subject: [Facebooker-talk] hashed_content method problem in short and
	full stories
In-Reply-To: <34657628-BAA1-4967-B748-629CC5AD22E0@kaseygroup.com>
References: <mailman.48.1232574764.22196.facebooker-talk@rubyforge.org>
	<34657628-BAA1-4967-B748-629CC5AD22E0@kaseygroup.com>
Message-ID: <6A1B1F12-97CB-4157-8EF3-E0F67F0EF027@elevatedrails.com>

I just added a fix for that. Try pulling down the latest version.

Mike

On Jan 22, 2009, at 4:02 PM, Jesse Ikonen wrote:

> Hello,
>
> afaik I'm having issue with publisher.rb method called hashed_content.
>
> This is my UserPublisher template stuff:
>
>  def question_template
>    one_line_story_template "{*actor*} asked a question in  
> {*app_link*}"
>    full_story_template "{*actor*} asked '{*body*}' in  
> {*app_link*}.", "Voting expires {*date*}."
>  end
>
> Following happens:
>
> >> UserPublisher.register_question
> NoMethodError: undefined method `<=>' for :template_title:Symbol
> 	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
> 180:in `sort_by'
> 	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
> 180:in `hashed_content'
> 	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
> 131:in `register'
> 	from ...vendor/plugins/facebooker/lib/facebooker/rails/publisher.rb: 
> 451:in `method_missing'
> 	from (irb):1
>
> If I have short_story_template it will break on line number 179.
>
> I think this has something to do with this commit @ github:
>
> 	-            Digest::MD5.hexdigest  
> [publisher.one_line_story_templates,  
> publisher.short_story_templates,  
> publisher.full_story_template].to_json
> 	+            # sort the Hash elements (in the short_story and  
> full_story) before generating MD5
> 	+            Digest::MD5.hexdigest  
> [publisher.one_line_story_templates,
> 	+               (publisher.short_story_templates and  
> publisher.short_story_templates.collect{|ss| ss.to_a.sort_by{|e|  
> e[0]}}),
> 	+               (publisher.full_story_template and  
> publisher.full_story_template.to_a.sort_by{|e| e[0]})
> 	+               ].to_json
>
> Has anyone experienced same or any clue of what I'm doing wrong?
>
> Thanks!
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From lee at crossbonesystems.com  Thu Jan 22 09:59:57 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Thu, 22 Jan 2009 14:59:57 +0000
Subject: [Facebooker-talk] [OT] New app built with facebooker launched
Message-ID: <e8c2bee00901220659p64a82cd7mc6560382060ad354@mail.gmail.com>

Hi all,

I just launched my new facebooker-based app into public beta. It's
called Head Hunting and is designed to help recruiters, job hunters
and employees with access to a "refer a friend" employment scheme. You
can take a look and post jobs to your profile at:

http://apps.facebook.com/headhunting/

I'd like to say a big thanks to Mike and all the facebooker
contributors for a fantastic library.

Cheers,
Lee.

>From Head Hunting's info page:
Are you or your company trying to recruit a great new employee? Head
Hunting can help!

Post job vacancies to your profile and share them with your friends on
your feed or blog. Read the complete benefits of hiring with Head
Hunting without adding the app:
http://apps.facebook.com/headhunting/pages/recruiter

Does your employer have a "refer a friend" or a "finders fee" scheme?
Post a job listing on Head Hunting today and share it with your
friends.

During our public beta period, all listings are FREE!

From jordanr at cs.washington.edu  Thu Jan 22 11:37:29 2009
From: jordanr at cs.washington.edu (Richard Jordan)
Date: Thu, 22 Jan 2009 08:37:29 -0800 (PST)
Subject: [Facebooker-talk]
 convert_options_to_javascript_without_facebooker breaking link_to?
Message-ID: <Pine.LNX.4.64N.0901220820110.18170@attu3.cs.washington.edu>

Dear Adeel,

No, if you're hitting localhost, everything Rails should work.

What error exactly do you get?  I tried your code but must've done it 
differently.  I have a view:

# index.html.erb
<%= link_to "(view all)", {:controller => "products", :action => "index"}, 
:style => "float: right;" %>

I go to my localhost:port, and the link_to floats to the right. This 
should completely bypass Facebooker.  It does for me.

I can nail down the problem if you post your (1) full error trace and (2) 
exact code for view.html.erb.

And what Rails version? (though it shouldn't matter).

Sincerely,
Richard


On Thu, 22 Jan 2009, Adeel Ahmad wrote:

> I've got Facebooker installed on my app but as soon as I start my app 
and go
> to localhost:3000 I get the following error:
>
> 
.../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
> `convert_options_to_javascript_without_facebooker!'
> 
.../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
> `convert_options_to_javascript!'
> .../vendor/rails/actionpack/lib/action_view/helpers/url_helper.rb:69:in
> `link_to'
> .../app/views/main/index.rhtml:18:in
> `_run_rhtml_47app47views47main47index46rhtml'
>
> The line in the view template it's talking about is: <%= link_to "(view
> all)", {:controller => "products", :action => "index"}, :style => 
"float:
> right;") %>
>
> When I remove the style hash it's fine with this line but then it 
catches an
> error on the very next link_to that has an html_option.
>
> Can someone explain why this is happening, and whether html_option is 
really
> incompatible with facebooker?
>
>
> -a
>


From adeel at proletariandesign.com  Thu Jan 22 13:26:27 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 10:26:27 -0800
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <Pine.LNX.4.64N.0901220820110.18170@attu3.cs.washington.edu>
References: <Pine.LNX.4.64N.0901220820110.18170@attu3.cs.washington.edu>
Message-ID: <168ef1510901221026i6334611bg5cf51906533b272e@mail.gmail.com>

Hello Richard,

Thanks so much for your help. I'm using Rails 1.2.5. Here are the trace and
index.rhtml:


Full trace:

/Users/macmini/Projects/Git/myapp/vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
`convert_options_to_javascript_without_facebooker!'
/Users/macmini/Projects/Git/myapp/vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
`convert_options_to_javascript!'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_view/helpers/url_helper.rb:69:in
`link_to'
/Users/macmini/Projects/Git/myapp/app/views/main/index.rhtml:18:in
`_run_rhtml_47app47views47main47index46rhtml'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_view/base.rb:325:in
`send'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_view/base.rb:325:in
`compile_and_render_template'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_view/base.rb:301:in
`render_template'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_view/base.rb:260:in
`render_file'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:812:in
`render_file'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:717:in
`render_with_no_layout'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/layout.rb:247:in
`render_without_benchmark'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:50:in
`render_without_trace_View____determine_metric_path__Rendering'
/usr/local/lib/ruby/1.8/benchmark.rb:293:in `measure'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:50:in
`render_without_trace_View____determine_metric_path__Rendering'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/method_tracer.rb:118:in
`render'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/method_tracer.rb:38:in
`trace_method_execution'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/method_tracer.rb:117:in
`render'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:1102:in
`perform_action_without_filters'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/filters.rb:696:in
`call_filters'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/filters.rb:688:in
`perform_action_without_benchmark'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:66:in
`perform_action_without_rescue'
/usr/local/lib/ruby/1.8/benchmark.rb:293:in `measure'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/benchmarking.rb:66:in
`perform_action_without_rescue'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/rescue.rb:83:in
`perform_action_without_newrelic_trace'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/instrumentation/action_controller.rb:63:in
`perform_action'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/method_tracer.rb:38:in
`trace_method_execution'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/instrumentation/action_controller.rb:52:in
`perform_action'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/method_tracer.rb:38:in
`trace_method_execution'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/instrumentation/action_controller.rb:46:in
`perform_action'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:435:in
`send'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:435:in
`process_without_filters'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/filters.rb:684:in
`process_without_session_management_support'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/session_management.rb:114:in
`process'
/Users/macmini/Projects/Git/myapp/vendor/rails/actionpack/lib/action_controller/base.rb:334:in
`process'
/Users/macmini/Projects/Git/myapp/vendor/rails/railties/lib/dispatcher.rb:41:in
`dispatch_without_newrelic'
/Users/macmini/Projects/Git/myapp/vendor/plugins/newrelic_rpm/lib/newrelic/agent/instrumentation/dispatcher.rb:73:in
`dispatch'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/rails.rb:76:in
`process'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/rails.rb:74:in
`synchronize'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/rails.rb:74:in
`process'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:159:in
`process_client'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:158:in `each'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:158:in
`process_client'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in
`initialize'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `new'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:285:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in
`initialize'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in `new'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel.rb:268:in `run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/configurator.rb:282:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/configurator.rb:281:in
`each'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/configurator.rb:281:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:128:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/lib/mongrel/command.rb:212:in
`run'
/usr/local/lib/ruby/gems/1.8/gems/mongrel-1.1.5/bin/mongrel_rails:281
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:488:in
`load'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:488:in
`load'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:342:in
`new_constants_in'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:488:in
`load'
/Users/macmini/Projects/Git/myapp/vendor/rails/railties/lib/commands/servers/mongrel.rb:60
/usr/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in
`gem_original_require'
/usr/local/lib/ruby/site_ruby/1.8/rubygems/custom_require.rb:31:in `require'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:495:in
`require'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:342:in
`new_constants_in'
/Users/macmini/Projects/Git/myapp/vendor/rails/activesupport/lib/active_support/dependencies.rb:495:in
`require'
/Users/macmini/Projects/Git/myapp/vendor/rails/railties/lib/commands/server.rb:39
script/server:3:in `require'
script/server:3


Index.rhtml:

<% unless logged_in? %>
    <div>
        <%= render :partial => 'explain' %>
    </div>
<% end %>
<div id="colOne">
    <%= link_to image_tag("blog_small_1.jpg", :alt => "myapp Blog"), :action
=> "myapp", :controller => "blogs" %>
</div>
<div id="colTwo">
  <div class="section_title">
    <span style="float: right">
            <%= link_to image_tag("postobj.png", :alt => "Submit new
product", :class => 'post'), :action => "new",
                      :controller => "products" %>
    </span>
    <%= image_tag("7151238_6.png", :alt => ' ', :style => 'padding: 3px 3px
0 0;') %>
    <span style = "vertical-align: top">Latest products</span>
  </div>
    <%= link_to "(view all)", {:controller => "products", :action =>
"index"}, :style => "float: right;") %><br/>
  <%= render :partial => 'product', :collection => @products %>
  <br clear="all"/>
    <br/>
  <div class="section_title">
    <span style = "vertical-align: top">Newest</span>
  </div>
    <%= render :partial => 'users/people' %>
</div>
<div id="colThree">
  <div class="section_title">
    <span style="float: right">
        <%= link_to image_tag("postobj.png", :alt => "Submit new event",
:class => 'post'), :action => "new",
                      :controller => "events" %>
    </span>
      <%= image_tag("7151238_3.png", :alt => ' ', :style => 'padding: 3px
3px 0 0;') %>
    <span style = "vertical-align: top">New events</span>
  </div>
  <div id="eventlist">
        <%= link_to '(view all)', {:controller => 'events', :action =>
'index'}, :style => 'float: right;' %><br/>
    <%= render :partial => 'event', :collection => @events %>
  </div>
  <br clear="all"/>
</div>


- Adeel



On Thu, Jan 22, 2009 at 8:37 AM, Richard Jordan
<jordanr at cs.washington.edu>wrote:

> Dear Adeel,
>
> No, if you're hitting localhost, everything Rails should work.
>
> What error exactly do you get?  I tried your code but must've done it
> differently.  I have a view:
>
> # index.html.erb
> <%= link_to "(view all)", {:controller => "products", :action => "index"},
> :style => "float: right;" %>
>
> I go to my localhost:port, and the link_to floats to the right. This should
> completely bypass Facebooker.  It does for me.
>
> I can nail down the problem if you post your (1) full error trace and (2)
> exact code for view.html.erb.
>
> And what Rails version? (though it shouldn't matter).
>
> Sincerely,
> Richard
>
>
>
> On Thu, 22 Jan 2009, Adeel Ahmad wrote:
>
>  I've got Facebooker installed on my app but as soon as I start my app
>>
> and go
>
>> to localhost:3000 I get the following error:
>>
>>
>> .../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
>
>> `convert_options_to_javascript_without_facebooker!'
>>
>> .../vendor/plugins/facebooker/lib/facebooker/rails/facebook_url_helper.rb:94:in
>
>> `convert_options_to_javascript!'
>> .../vendor/rails/actionpack/lib/action_view/helpers/url_helper.rb:69:in
>> `link_to'
>> .../app/views/main/index.rhtml:18:in
>> `_run_rhtml_47app47views47main47index46rhtml'
>>
>> The line in the view template it's talking about is: <%= link_to "(view
>> all)", {:controller => "products", :action => "index"}, :style =>
>>
> "float:
>
>> right;") %>
>>
>> When I remove the style hash it's fine with this line but then it
>>
> catches an
>
>> error on the very next link_to that has an html_option.
>>
>> Can someone explain why this is happening, and whether html_option is
>>
> really
>
>> incompatible with facebooker?
>>
>>
>> -a
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/f9c4f675/attachment-0001.html>

From jordanr at cs.washington.edu  Thu Jan 22 14:48:13 2009
From: jordanr at cs.washington.edu (Richard Jordan)
Date: Thu, 22 Jan 2009 11:48:13 -0800 (PST)
Subject: [Facebooker-talk]
 convert_options_to_javascript_without_facebooker breaking link_to?
Message-ID: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>

Dear Adeel,

For one thing, you have a syntax error.  Remove the last paren after 
"float:right;" on your first link_to.

Change,
<%= link_to "(view all)", {:controller => "products", :action => "index"}, 
:style => "float: right;") %>

To,
<%= link_to "(view all)", {:controller => "products", :action => "index"}, 
:style => "float: right;" %>

I think you'll still have an error.  What's the error type? (ex. 
ActionController::RoutingError, MethodError, etc.).  You see it right 
above the trace.

Sincerely,
Richard

From adeel at proletariandesign.com  Thu Jan 22 14:51:55 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 11:51:55 -0800
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
References: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
Message-ID: <168ef1510901221151n5f8114fbw1ca2e0b007fe6277@mail.gmail.com>

Hi Richard,

Sorry that parentheses was not there when I ran the code... it was leftover
from some experimentation I was doing right after to try and figure it out.

Here is the top of the error notice:

ArgumentError in Main#index

Showing *app/views/main/index.rhtml* where line *#18* raised:

wrong number of arguments (2 for 1)


Thanks,

- Adeel

Founder/President
Proletarian Design LLC
1066 47th Ave., Suite 19
Oakland, CA 94601
t: 415.205.0274
f: 415.871.2200
skype: a2ahmad
twitter: _adeel
www.proletariandesign.com


On Thu, Jan 22, 2009 at 11:48 AM, Richard Jordan
<jordanr at cs.washington.edu>wrote:

> Dear Adeel,
>
> For one thing, you have a syntax error.  Remove the last paren after
> "float:right;" on your first link_to.
>
> Change,
> <%= link_to "(view all)", {:controller => "products", :action => "index"},
> :style => "float: right;") %>
>
> To,
> <%= link_to "(view all)", {:controller => "products", :action => "index"},
> :style => "float: right;" %>
>
> I think you'll still have an error.  What's the error type? (ex.
> ActionController::RoutingError, MethodError, etc.).  You see it right above
> the trace.
>
> Sincerely,
> Richard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/f6631183/attachment.html>

From jordanr at cs.washington.edu  Thu Jan 22 15:14:47 2009
From: jordanr at cs.washington.edu (Richard Jordan)
Date: Thu, 22 Jan 2009 12:14:47 -0800 (PST)
Subject: [Facebooker-talk]
 convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
References: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
Message-ID: <Pine.LNX.4.64N.0901221209570.8020@attu4.cs.washington.edu>

Ok, I have it.  I'll fix it and send a pull request to Mike.  It is your 
Rails version!  The old convert_options_to_javascript took only one 
arguement.  Now-a-days, it takes two.

Until then, if you update to Rails 2.0, it'll go away.  I'm sure.

Sincerely,
Richard

On Thu, 22 Jan 2009, Adeel Ahmad wrote:

> Hi Richard,
>
> Sorry that parentheses was not there when I ran the code... it was 
leftover
> from some experimentation I was doing right after to try and figure it 
out.
>
> Here is the top of the error notice:
>
> ArgumentError in Main#index
>
> Showing *app/views/main/index.rhtml* where line *#18* raised:
>
> wrong number of arguments (2 for 1)
>
>
> Thanks,
>
> - Adeel


From adeel at proletariandesign.com  Thu Jan 22 15:33:38 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 12:33:38 -0800
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <Pine.LNX.4.64N.0901221209570.8020@attu4.cs.washington.edu>
References: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
	<Pine.LNX.4.64N.0901221209570.8020@attu4.cs.washington.edu>
Message-ID: <168ef1510901221233l355442e2g97101405b28039ee@mail.gmail.com>

Ah interesting, thanks!The only reference I saw to Rails versions
dependencies was the need to have the JSON gem so I hoped I would be ok. I'm
planning to migrate up eventually but for now I'll look for the fix on
Github.

Thanks again.

- Adeel

Founder/President
Proletarian Design LLC
1066 47th Ave., Suite 19
Oakland, CA 94601
t: 415.205.0274
f: 415.871.2200
skype: a2ahmad
twitter: _adeel
www.proletariandesign.com


On Thu, Jan 22, 2009 at 12:14 PM, Richard Jordan
<jordanr at cs.washington.edu>wrote:

> Ok, I have it.  I'll fix it and send a pull request to Mike.  It is your
> Rails version!  The old convert_options_to_javascript took only one
> arguement.  Now-a-days, it takes two.
>
> Until then, if you update to Rails 2.0, it'll go away.  I'm sure.
>
> Sincerely,
> Richard
>
> On Thu, 22 Jan 2009, Adeel Ahmad wrote:
>
>  Hi Richard,
>>
>> Sorry that parentheses was not there when I ran the code... it was
>>
> leftover
>
>> from some experimentation I was doing right after to try and figure it
>>
> out.
>
>>
>> Here is the top of the error notice:
>>
>> ArgumentError in Main#index
>>
>> Showing *app/views/main/index.rhtml* where line *#18* raised:
>>
>> wrong number of arguments (2 for 1)
>>
>>
>> Thanks,
>>
>> - Adeel
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/06614fd7/attachment.html>

From mmangino at elevatedrails.com  Thu Jan 22 16:23:55 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Thu, 22 Jan 2009 16:23:55 -0500
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <168ef1510901221233l355442e2g97101405b28039ee@mail.gmail.com>
References: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
	<Pine.LNX.4.64N.0901221209570.8020@attu4.cs.washington.edu>
	<168ef1510901221233l355442e2g97101405b28039ee@mail.gmail.com>
Message-ID: <ACB29EA4-572F-47D7-95AB-F8270A9F1A1A@elevatedrails.com>

I'm not going to take any patches for 1.2 compatibility. I'm happy to  
support 2 major versions. Any more than that is a nightmare.

Mike

On Jan 22, 2009, at 3:33 PM, Adeel Ahmad wrote:

> Ah interesting, thanks!
> The only reference I saw to Rails versions dependencies was the need  
> to have the JSON gem so I hoped I would be ok. I'm planning to  
> migrate up eventually but for now I'll look for the fix on Github.
>
> Thanks again.
>
> - Adeel
>
> Founder/President
> Proletarian Design LLC
> 1066 47th Ave., Suite 19
> Oakland, CA 94601
> t: 415.205.0274
> f: 415.871.2200
> skype: a2ahmad
> twitter: _adeel
> www.proletariandesign.com
>
>
> On Thu, Jan 22, 2009 at 12:14 PM, Richard Jordan <jordanr at cs.washington.edu 
> > wrote:
> Ok, I have it.  I'll fix it and send a pull request to Mike.  It is  
> your Rails version!  The old convert_options_to_javascript took only  
> one arguement.  Now-a-days, it takes two.
>
> Until then, if you update to Rails 2.0, it'll go away.  I'm sure.
>
>
> Sincerely,
> Richard
>
> On Thu, 22 Jan 2009, Adeel Ahmad wrote:
>
> Hi Richard,
>
> Sorry that parentheses was not there when I ran the code... it was
> leftover
> from some experimentation I was doing right after to try and figure it
> out.
>
> Here is the top of the error notice:
>
> ArgumentError in Main#index
>
> Showing *app/views/main/index.rhtml* where line *#18* raised:
>
> wrong number of arguments (2 for 1)
>
>
> Thanks,
>
> - Adeel
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From adeel at proletariandesign.com  Thu Jan 22 16:31:01 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 13:31:01 -0800
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <ACB29EA4-572F-47D7-95AB-F8270A9F1A1A@elevatedrails.com>
References: <Pine.LNX.4.64N.0901221118550.8020@attu4.cs.washington.edu>
	<Pine.LNX.4.64N.0901221209570.8020@attu4.cs.washington.edu>
	<168ef1510901221233l355442e2g97101405b28039ee@mail.gmail.com>
	<ACB29EA4-572F-47D7-95AB-F8270A9F1A1A@elevatedrails.com>
Message-ID: <168ef1510901221331q2e165779kd14d6e23dfec08fc@mail.gmail.com>

Gotcha, understood.
Richard, could I take a look at the fix to see if I can work with it until
I'm able to update to 2.0?

Thanks guys.

- Adeel


On Thu, Jan 22, 2009 at 1:23 PM, Mike Mangino <mmangino at elevatedrails.com>wrote:

> I'm not going to take any patches for 1.2 compatibility. I'm happy to
> support 2 major versions. Any more than that is a nightmare.
>
> Mike
>
>
> On Jan 22, 2009, at 3:33 PM, Adeel Ahmad wrote:
>
>  Ah interesting, thanks!
>> The only reference I saw to Rails versions dependencies was the need to
>> have the JSON gem so I hoped I would be ok. I'm planning to migrate up
>> eventually but for now I'll look for the fix on Github.
>>
>> Thanks again.
>>
>> - Adeel
>>
>> Founder/President
>> Proletarian Design LLC
>> 1066 47th Ave., Suite 19
>> Oakland, CA 94601
>> t: 415.205.0274
>> f: 415.871.2200
>> skype: a2ahmad
>> twitter: _adeel
>> www.proletariandesign.com
>>
>>
>> On Thu, Jan 22, 2009 at 12:14 PM, Richard Jordan <
>> jordanr at cs.washington.edu> wrote:
>> Ok, I have it.  I'll fix it and send a pull request to Mike.  It is your
>> Rails version!  The old convert_options_to_javascript took only one
>> arguement.  Now-a-days, it takes two.
>>
>> Until then, if you update to Rails 2.0, it'll go away.  I'm sure.
>>
>>
>> Sincerely,
>> Richard
>>
>> On Thu, 22 Jan 2009, Adeel Ahmad wrote:
>>
>> Hi Richard,
>>
>> Sorry that parentheses was not there when I ran the code... it was
>> leftover
>> from some experimentation I was doing right after to try and figure it
>> out.
>>
>> Here is the top of the error notice:
>>
>> ArgumentError in Main#index
>>
>> Showing *app/views/main/index.rhtml* where line *#18* raised:
>>
>> wrong number of arguments (2 for 1)
>>
>>
>> Thanks,
>>
>> - Adeel
>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/54ae9a7e/attachment.html>

From jordanr at cs.washington.edu  Thu Jan 22 16:49:55 2009
From: jordanr at cs.washington.edu (Richard Jordan)
Date: Thu, 22 Jan 2009 13:49:55 -0800 (PST)
Subject: [Facebooker-talk]
 convert_options_to_javascript_without_facebooker breaking link_to?
Message-ID: <Pine.LNX.4.64N.0901221343001.31493@attu4.cs.washington.edu>

Ok, I pushed it to my git hub fork.  Checkout:
http://github.com/jordanr/facebooker/commit/762829c00cef760db24fe8484eed791c3a454911

And, tell me if it works for you.

Sincerely,
Richard

On Thu, 22 Jan 2009, Adeel Ahmad wrote:

> Gotcha, understood.
> Richard, could I take a look at the fix to see if I can work with it until
> I'm able to update to 2.0?
>
> Thanks guys.
>
> - Adeel
>
>
> On Thu, Jan 22, 2009 at 1:23 PM, Mike Mangino 
<mmangino at elevatedrails.com>wrote:
>
>> I'm not going to take any patches for 1.2 compatibility. I'm happy to
>> support 2 major versions. Any more than that is a nightmare.
>>
>> Mike
>>
>>


From adeel at proletariandesign.com  Thu Jan 22 17:55:58 2009
From: adeel at proletariandesign.com (Adeel Ahmad)
Date: Thu, 22 Jan 2009 14:55:58 -0800
Subject: [Facebooker-talk]
	convert_options_to_javascript_without_facebooker breaking link_to?
In-Reply-To: <Pine.LNX.4.64N.0901221343001.31493@attu4.cs.washington.edu>
References: <Pine.LNX.4.64N.0901221343001.31493@attu4.cs.washington.edu>
Message-ID: <168ef1510901221455g46038d7bx1132417d53b63d35@mail.gmail.com>

Yes seems to get past this issue. In the meantime we'll work on migrating
this old app.... thanks again!


- Adeel

On Thu, Jan 22, 2009 at 1:49 PM, Richard Jordan
<jordanr at cs.washington.edu>wrote:

> Ok, I pushed it to my git hub fork.  Checkout:
>
> http://github.com/jordanr/facebooker/commit/762829c00cef760db24fe8484eed791c3a454911
>
> And, tell me if it works for you.
>
> Sincerely,
> Richard
>
> On Thu, 22 Jan 2009, Adeel Ahmad wrote:
>
>  Gotcha, understood.
>> Richard, could I take a look at the fix to see if I can work with it until
>> I'm able to update to 2.0?
>>
>> Thanks guys.
>>
>> - Adeel
>>
>>
>> On Thu, Jan 22, 2009 at 1:23 PM, Mike Mangino
>>
> <mmangino at elevatedrails.com>wrote:
>
>>
>>  I'm not going to take any patches for 1.2 compatibility. I'm happy to
>>> support 2 major versions. Any more than that is a nightmare.
>>>
>>> Mike
>>>
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090122/098a226a/attachment-0001.html>

From digidigo at gmail.com  Fri Jan 23 12:45:09 2009
From: digidigo at gmail.com (David Clements)
Date: Fri, 23 Jan 2009 10:45:09 -0700
Subject: [Facebooker-talk] Help with Facebooker Tutorial
Message-ID: <ea9161c50901230945qd229ac7hbcff5eef32adb2a1@mail.gmail.com>

Anyone out there up for helping me get the Facebooker Tutorial Application
back on track.  It has languished in the last couple of months since I have
been swamped with work.

If you haven't seen it

http://apps.facebook.com/facebooker_tutorial


Main thing that needs to be done is a rework of the publishing stuff, since
it is misleading now.  I could put it out on  github and then anyone could
contribute lessons to it.

Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090123/d155075f/attachment.html>

From klochner at gmail.com  Fri Jan 23 13:08:16 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 13:08:16 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
Message-ID: <612BD38F-DC17-4625-A226-D493732546CB@gmail.com>

See below for a message I picked this up on the rfacebook google group  
mailing list.

I'm concerned with whether session_already_secured? is an accurate  
indicator
of facebook connection status.    Bear with me while I step through  
the logic, where
I've included just the meat of the functions below:

session_already_secured?
 > (@facebook_session = session[:facebook_session]) &&  
session[:facebook_session].secured? if valid_session_key_in_session?

session.secured?
 >  !@session_key.nil? && !expired?

valid_session_key_in_session?
  >  !session[:facebook_session].blank? &&
  >  (params[:fb_sig_session_key].blank? ||  
session[:facebook_session].session_key == facebook_params[:session_key])

The problem for connect is if the following sequence happens:
    - user comes to your site and logs in via facebook,
    - user goes to facebook in another browser tab and logs out
    - user returns to your site

The connect app will have the following state:
   - session[:facebook_session]
   - @session_key && !expired?
   - params[:fb_sig_session_key].blank?

So they're technically still logged in and your app will throw an  
exception when trying to access user info.

One solution for a pure connect app is that the session is invalid if  
the cookies aren't present.  They don't
need to be verified on each request, but they should be checked for  
existence.

I don't know the best way to handle this because I don't know what  
would cause the params[:fb_sig_session_key]
to be blank in non-connect apps while the user is still logged in.   
Can someone fill me in?

- kevin


Begin forwarded message:

> From: Aaron Nemoyten <swivelmaster at gmail.com>
> Date: January 21, 2009 6:23:51 PM EST
> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
> Subject: [rfacebook] Re: How exactly are session cookies supposed to  
> work? Will  ensure_authenticated use them?
> Reply-To: rfacebook at googlegroups.com
>
>
> Well, I've got an update yet again!
>
> Seems that it's possible that new sessions aren't created when they
> should be sometimes because of the order that Facebooker checks for
> valid session info.
>
> If you check out ensure_authenticated_to_facebook, you'll see this:
> def set_facebook_session
>        returning session_set = session_already_secured? ||
> secure_with_facebook_params! || secure_with_cookies! ||
> secure_with_token!
> (etc.)
>
> Grabbing the old session if there is new session info available from
> the facebook_params seems to cause some problems, as well as trying to
> secure with cookies if there's an auth token available (usually
> involving my Safari iframe fix - we can pop out of the iframe with the
> auth token but no params, and Facebooker will grab the old cookie,
> thus rendering the iframe fix potentially useless.
>
> So my preferred order is params, session, auth token, cookies.
>
> Another issue I ran into (which may not be relevant since I moved the
> cookie auth method last) is that cookies from invalid sessions will
> make Facebooker throw an error when all I'd really want to do is just
> ignore them and make a new session, so I rescued secure_with_cookies!
> for Facebooker::Session::IncorrectSignature and just returned false.
>
> Not sure if I mentioned this before, but it's also necessary to modify
> request_comes_from_facebook? to make sure it doesn't incorrectly
> return false because it's looking for canvas-specific parameters.
>
> This seems to have fixed some problems for now.
>
> -Aaron
>
>
>
>
> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>> Aaron your posts are highly appreciated, keep up
>> We also hope to post a few hints, unfortunately IFrames are badly
>> supported though they are superior technology compared to the limited
>> plain FBML apps
> --~--~---------~--~----~------------~-------~--~----~
> You received this message because you are subscribed to the Google  
> Groups "All Things Facebook and Ruby" group.
> To post to this group, send email to rfacebook at googlegroups.com
> To unsubscribe from this group, send email to rfacebook+unsubscribe at googlegroups.com
> For more options, visit this group at http://groups.google.com/group/rfacebook?hl=en
> -~----------~----~----~----~------~----~------~--~---
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090123/7cc8b26a/attachment.html>

From mmangino at elevatedrails.com  Fri Jan 23 13:49:20 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 23 Jan 2009 13:49:20 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
Message-ID: <EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>

We could go back to not storing the facebook session in the session  
when it comes from a cookie. That seems reasonable to me.

Mike
On Jan 23, 2009, at 1:08 PM, kevin lochner wrote:

> See below for a message I picked this up on the rfacebook google  
> group mailing list.
>
> I'm concerned with whether session_already_secured? is an accurate  
> indicator
> of facebook connection status.    Bear with me while I step through  
> the logic, where
> I've included just the meat of the functions below:
>
> session_already_secured?
> > (@facebook_session = session[:facebook_session]) &&  
> session[:facebook_session].secured? if valid_session_key_in_session?
>
> session.secured?
> >  !@session_key.nil? && !expired?
>
> valid_session_key_in_session?
>  >  !session[:facebook_session].blank? &&
>  >  (params[:fb_sig_session_key].blank? ||  
> session[:facebook_session].session_key ==  
> facebook_params[:session_key])
>
> The problem for connect is if the following sequence happens:
>    - user comes to your site and logs in via facebook,
>    - user goes to facebook in another browser tab and logs out
>    - user returns to your site
>
> The connect app will have the following state:
>   - session[:facebook_session]
>   - @session_key && !expired?
>   - params[:fb_sig_session_key].blank?
>
> So they're technically still logged in and your app will throw an  
> exception when trying to access user info.
>
> One solution for a pure connect app is that the session is invalid  
> if the cookies aren't present.  They don't
> need to be verified on each request, but they should be checked for  
> existence.
>
> I don't know the best way to handle this because I don't know what  
> would cause the params[:fb_sig_session_key]
> to be blank in non-connect apps while the user is still logged in.   
> Can someone fill me in?
>
> - kevin
>
>
> Begin forwarded message:
>
>> From: Aaron Nemoyten <swivelmaster at gmail.com>
>> Date: January 21, 2009 6:23:51 PM EST
>> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
>> Subject: [rfacebook] Re: How exactly are session cookies supposed  
>> to work? Will  ensure_authenticated use them?
>> Reply-To: rfacebook at googlegroups.com
>>
>>
>> Well, I've got an update yet again!
>>
>> Seems that it's possible that new sessions aren't created when they
>> should be sometimes because of the order that Facebooker checks for
>> valid session info.
>>
>> If you check out ensure_authenticated_to_facebook, you'll see this:
>> def set_facebook_session
>>        returning session_set = session_already_secured? ||
>> secure_with_facebook_params! || secure_with_cookies! ||
>> secure_with_token!
>> (etc.)
>>
>> Grabbing the old session if there is new session info available from
>> the facebook_params seems to cause some problems, as well as trying  
>> to
>> secure with cookies if there's an auth token available (usually
>> involving my Safari iframe fix - we can pop out of the iframe with  
>> the
>> auth token but no params, and Facebooker will grab the old cookie,
>> thus rendering the iframe fix potentially useless.
>>
>> So my preferred order is params, session, auth token, cookies.
>>
>> Another issue I ran into (which may not be relevant since I moved the
>> cookie auth method last) is that cookies from invalid sessions will
>> make Facebooker throw an error when all I'd really want to do is just
>> ignore them and make a new session, so I rescued secure_with_cookies!
>> for Facebooker::Session::IncorrectSignature and just returned false.
>>
>> Not sure if I mentioned this before, but it's also necessary to  
>> modify
>> request_comes_from_facebook? to make sure it doesn't incorrectly
>> return false because it's looking for canvas-specific parameters.
>>
>> This seems to have fixed some problems for now.
>>
>> -Aaron
>>
>>
>>
>>
>> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>>> Aaron your posts are highly appreciated, keep up
>>> We also hope to post a few hints, unfortunately IFrames are badly
>>> supported though they are superior technology compared to the  
>>> limited
>>> plain FBML apps
>> --~--~---------~--~----~------------~-------~--~----~
>> You received this message because you are subscribed to the Google  
>> Groups "All Things Facebook and Ruby" group.
>> To post to this group, send email to rfacebook at googlegroups.com
>> To unsubscribe from this group, send email to rfacebook+unsubscribe at googlegroups.com
>> For more options, visit this group at http://groups.google.com/group/rfacebook?hl=en
>> -~----------~----~----~----~------~----~------~--~---
>>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From klochner at gmail.com  Fri Jan 23 15:21:40 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 15:21:40 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
	<EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
Message-ID: <786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>

I agree with that - validating the cookies is an inexpensive call to  
make, and
the fields that get serialized are in the cookies anyway.


On Jan 23, 2009, at 1:49 PM, Mike Mangino wrote:

> We could go back to not storing the facebook session in the session  
> when it comes from a cookie. That seems reasonable to me.
>
> Mike
> On Jan 23, 2009, at 1:08 PM, kevin lochner wrote:
>
>> See below for a message I picked this up on the rfacebook google  
>> group mailing list.
>>
>> I'm concerned with whether session_already_secured? is an accurate  
>> indicator
>> of facebook connection status.    Bear with me while I step through  
>> the logic, where
>> I've included just the meat of the functions below:
>>
>> session_already_secured?
>> > (@facebook_session = session[:facebook_session]) &&  
>> session[:facebook_session].secured? if valid_session_key_in_session?
>>
>> session.secured?
>> >  !@session_key.nil? && !expired?
>>
>> valid_session_key_in_session?
>> >  !session[:facebook_session].blank? &&
>> >  (params[:fb_sig_session_key].blank? ||  
>> session[:facebook_session].session_key ==  
>> facebook_params[:session_key])
>>
>> The problem for connect is if the following sequence happens:
>>   - user comes to your site and logs in via facebook,
>>   - user goes to facebook in another browser tab and logs out
>>   - user returns to your site
>>
>> The connect app will have the following state:
>>  - session[:facebook_session]
>>  - @session_key && !expired?
>>  - params[:fb_sig_session_key].blank?
>>
>> So they're technically still logged in and your app will throw an  
>> exception when trying to access user info.
>>
>> One solution for a pure connect app is that the session is invalid  
>> if the cookies aren't present.  They don't
>> need to be verified on each request, but they should be checked for  
>> existence.
>>
>> I don't know the best way to handle this because I don't know what  
>> would cause the params[:fb_sig_session_key]
>> to be blank in non-connect apps while the user is still logged in.   
>> Can someone fill me in?
>>
>> - kevin
>>
>>
>> Begin forwarded message:
>>
>>> From: Aaron Nemoyten <swivelmaster at gmail.com>
>>> Date: January 21, 2009 6:23:51 PM EST
>>> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
>>> Subject: [rfacebook] Re: How exactly are session cookies supposed  
>>> to work? Will  ensure_authenticated use them?
>>> Reply-To: rfacebook at googlegroups.com
>>>
>>>
>>> Well, I've got an update yet again!
>>>
>>> Seems that it's possible that new sessions aren't created when they
>>> should be sometimes because of the order that Facebooker checks for
>>> valid session info.
>>>
>>> If you check out ensure_authenticated_to_facebook, you'll see this:
>>> def set_facebook_session
>>>       returning session_set = session_already_secured? ||
>>> secure_with_facebook_params! || secure_with_cookies! ||
>>> secure_with_token!
>>> (etc.)
>>>
>>> Grabbing the old session if there is new session info available from
>>> the facebook_params seems to cause some problems, as well as  
>>> trying to
>>> secure with cookies if there's an auth token available (usually
>>> involving my Safari iframe fix - we can pop out of the iframe with  
>>> the
>>> auth token but no params, and Facebooker will grab the old cookie,
>>> thus rendering the iframe fix potentially useless.
>>>
>>> So my preferred order is params, session, auth token, cookies.
>>>
>>> Another issue I ran into (which may not be relevant since I moved  
>>> the
>>> cookie auth method last) is that cookies from invalid sessions will
>>> make Facebooker throw an error when all I'd really want to do is  
>>> just
>>> ignore them and make a new session, so I rescued  
>>> secure_with_cookies!
>>> for Facebooker::Session::IncorrectSignature and just returned false.
>>>
>>> Not sure if I mentioned this before, but it's also necessary to  
>>> modify
>>> request_comes_from_facebook? to make sure it doesn't incorrectly
>>> return false because it's looking for canvas-specific parameters.
>>>
>>> This seems to have fixed some problems for now.
>>>
>>> -Aaron
>>>
>>>
>>>
>>>
>>> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>>>> Aaron your posts are highly appreciated, keep up
>>>> We also hope to post a few hints, unfortunately IFrames are badly
>>>> supported though they are superior technology compared to the  
>>>> limited
>>>> plain FBML apps
>>> --~--~---------~--~----~------------~-------~--~----~
>>> You received this message because you are subscribed to the Google  
>>> Groups "All Things Facebook and Ruby" group.
>>> To post to this group, send email to rfacebook at googlegroups.com
>>> To unsubscribe from this group, send email to rfacebook+unsubscribe at googlegroups.com
>>> For more options, visit this group at http://groups.google.com/group/rfacebook?hl=en
>>> -~----------~----~----~----~------~----~------~--~---
>>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>


From klochner at gmail.com  Fri Jan 23 16:36:18 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 16:36:18 -0500
Subject: [Facebooker-talk] view problem
Message-ID: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>

i'm trying to print out user locations in my view.  I'd like to just  
pass a user model to the
view and print out the user location as user.location.city

I can access user.location.city in the controller, but in the view  
user.location returns  "#"

Could someone explain what's going on and maybe give an alternative  
solution?


From mmangino at elevatedrails.com  Fri Jan 23 17:26:40 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 23 Jan 2009 17:26:40 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
Message-ID: <275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>

user.location is returning an object, so when to_s is called you get  
the inspect string, like #<Location 34327832>

user.location.city should print the string.

Mike

On Jan 23, 2009, at 4:36 PM, kevin lochner wrote:

> i'm trying to print out user locations in my view.  I'd like to just  
> pass a user model to the
> view and print out the user location as user.location.city
>
> I can access user.location.city in the controller, but in the view  
> user.location returns  "#"
>
> Could someone explain what's going on and maybe give an alternative  
> solution?
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From klochner at gmail.com  Fri Jan 23 17:40:20 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 17:40:20 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
	<275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
Message-ID: <5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>

I was wrong, it's not just in the view, it's a problem in the  
controller as well.

This may be considered a bug - if the user location is empty, the  
object returned by user.location is a string,
so calling user.location.city throws an exception.

In my controller I iterate over users with the following:

 > friends.each do |f|
 >   logger.warn "class: #{f.current_location.class}"
 >   logger.warn "location: #{f.current_location}"
 >    if f.current_location
           logger.warn "city: #{f.current_location.city} \n"
 >    end
 > end

and I get the following output:

 >class: Facebooker::Location
 >location: #<Facebooker::Location:0x7fe614b68eb8>
 >city:

 >class: Facebooker::Location
 >location: #<Facebooker::Location:0x7fe614b67b58>
 >city: Ann Arbor

 >class: String
 >location:
 > NoMethodError (undefined method `city' for "":String):

and for verification i dumped the hash from which the user was  
populated:
 > nameJeff  
SmithuidXXXXXlocaleen_USfirst_nameJeffcurrent_locationlast_nameSmith


On Jan 23, 2009, at 5:26 PM, Mike Mangino wrote:

> user.location is returning an object, so when to_s is called you get  
> the inspect string, like #<Location 34327832>
>
> user.location.city should print the string.
>
> Mike
>
> On Jan 23, 2009, at 4:36 PM, kevin lochner wrote:
>
>> i'm trying to print out user locations in my view.  I'd like to  
>> just pass a user model to the
>> view and print out the user location as user.location.city
>>
>> I can access user.location.city in the controller, but in the view  
>> user.location returns  "#"
>>
>> Could someone explain what's going on and maybe give an alternative  
>> solution?
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>


From klochner at gmail.com  Fri Jan 23 17:52:22 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 17:52:22 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
	<275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
	<5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>
Message-ID: <0214E6AB-CC5F-4D3B-9D98-A4F5A989EB95@gmail.com>

here's the where the breakdown happens, from model.rb.  You can see  
that location gets
set to "" if it's not a hash.

       def hash_settable_writer(symbol, klass)
         define_method("#{symbol}=") do |value|
           instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
klass.from_hash(value) : value)
         end
       end

- kevin

On Jan 23, 2009, at 5:40 PM, kevin lochner wrote:

> I was wrong, it's not just in the view, it's a problem in the  
> controller as well.
>
> This may be considered a bug - if the user location is empty, the  
> object returned by user.location is a string,
> so calling user.location.city throws an exception.
>
> In my controller I iterate over users with the following:
>
> > friends.each do |f|
> >   logger.warn "class: #{f.current_location.class}"
> >   logger.warn "location: #{f.current_location}"
> >    if f.current_location
>          logger.warn "city: #{f.current_location.city} \n"
> >    end
> > end
>
> and I get the following output:
>
> >class: Facebooker::Location
> >location: #<Facebooker::Location:0x7fe614b68eb8>
> >city:
>
> >class: Facebooker::Location
> >location: #<Facebooker::Location:0x7fe614b67b58>
> >city: Ann Arbor
>
> >class: String
> >location:
> > NoMethodError (undefined method `city' for "":String):
>
> and for verification i dumped the hash from which the user was  
> populated:
> > nameJeff  
> SmithuidXXXXXlocaleen_USfirst_nameJeffcurrent_locationlast_nameSmith
>
>
> On Jan 23, 2009, at 5:26 PM, Mike Mangino wrote:
>
>> user.location is returning an object, so when to_s is called you  
>> get the inspect string, like #<Location 34327832>
>>
>> user.location.city should print the string.
>>
>> Mike
>>
>> On Jan 23, 2009, at 4:36 PM, kevin lochner wrote:
>>
>>> i'm trying to print out user locations in my view.  I'd like to  
>>> just pass a user model to the
>>> view and print out the user location as user.location.city
>>>
>>> I can access user.location.city in the controller, but in the view  
>>> user.location returns  "#"
>>>
>>> Could someone explain what's going on and maybe give an  
>>> alternative solution?
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>


From klochner at gmail.com  Fri Jan 23 18:06:41 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 18:06:41 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <0214E6AB-CC5F-4D3B-9D98-A4F5A989EB95@gmail.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
	<275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
	<5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>
	<0214E6AB-CC5F-4D3B-9D98-A4F5A989EB95@gmail.com>
Message-ID: <6737C070-8865-419A-8DC2-01180070A867@gmail.com>

How about setting to nil if value isn't a hash.  The object is  
hash_settable, and it doesn't
seem to make sense to assign it an object of arbitrary class (string)  
if it's not given a hash
from which to populate:

   def hash_settable_writer(symbol, klass)
        define_method("#{symbol}=") do |value|
          instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
klass.from_hash(value) : nil)
        end
      end

On Jan 23, 2009, at 5:52 PM, kevin lochner wrote:

>      def hash_settable_writer(symbol, klass)
>        define_method("#{symbol}=") do |value|
>          instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
> klass.from_hash(value) : value)
>        end
>      end

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090123/efd7218e/attachment.html>

From mmangino at elevatedrails.com  Fri Jan 23 18:33:32 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 23 Jan 2009 18:33:32 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <6737C070-8865-419A-8DC2-01180070A867@gmail.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
	<275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
	<5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>
	<0214E6AB-CC5F-4D3B-9D98-A4F5A989EB95@gmail.com>
	<6737C070-8865-419A-8DC2-01180070A867@gmail.com>
Message-ID: <DAA66927-3E91-4644-B796-A0A0446F1480@elevatedrails.com>

I think that makes sense. I've added you as a committer to the  
project. Feel free to commit a patch with tests!

Mike

On Jan 23, 2009, at 6:06 PM, kevin lochner wrote:

> How about setting to nil if value isn't a hash.  The object is  
> hash_settable, and it doesn't
> seem to make sense to assign it an object of arbitrary class  
> (string) if it's not given a hash
> from which to populate:
>
>   def hash_settable_writer(symbol, klass)
>        define_method("#{symbol}=") do |value|
>          instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
> klass.from_hash(value) : nil)
>        end
>      end
>
> On Jan 23, 2009, at 5:52 PM, kevin lochner wrote:
>
>>      def hash_settable_writer(symbol, klass)
>>        define_method("#{symbol}=") do |value|
>>          instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
>> klass.from_hash(value) : value)
>>        end
>>      end
>

--
Mike Mangino
http://www.elevatedrails.com




From klochner at gmail.com  Fri Jan 23 18:39:16 2009
From: klochner at gmail.com (kevin lochner)
Date: Fri, 23 Jan 2009 18:39:16 -0500
Subject: [Facebooker-talk] view problem
In-Reply-To: <DAA66927-3E91-4644-B796-A0A0446F1480@elevatedrails.com>
References: <A955CDA1-73E0-463F-A6F6-3620695CC0E1@gmail.com>
	<275D2D60-38F0-4191-8800-A421EA3DD4A3@elevatedrails.com>
	<5FDF9C96-2849-4310-A42C-0516B9EF17B8@gmail.com>
	<0214E6AB-CC5F-4D3B-9D98-A4F5A989EB95@gmail.com>
	<6737C070-8865-419A-8DC2-01180070A867@gmail.com>
	<DAA66927-3E91-4644-B796-A0A0446F1480@elevatedrails.com>
Message-ID: <47CE805B-0F69-43E6-A0FB-42BB6FDCC225@gmail.com>

thanks.  There was one problem with that solution - it wouldn't let  
you assign already instantiated
objects to the member variables.  I'm now looking at the following:

       def hash_settable_writer(symbol, klass)
         define_method("#{symbol}=") do |value|
           if value.kind_of?(Hash)
             instance_variable_set("@#{symbol}",klass.from_hash(value))
           elsif value.kind_of?(klass)
             instance_variable_set("@#{symbol}", value)
           end
         end
       end

should be able to get a patch & tests out this weekend.

  - kevin



On Jan 23, 2009, at 6:33 PM, Mike Mangino wrote:

> I think that makes sense. I've added you as a committer to the  
> project. Feel free to commit a patch with tests!
>
> Mike
>
> On Jan 23, 2009, at 6:06 PM, kevin lochner wrote:
>
>> How about setting to nil if value isn't a hash.  The object is  
>> hash_settable, and it doesn't
>> seem to make sense to assign it an object of arbitrary class  
>> (string) if it's not given a hash
>> from which to populate:
>>
>>  def hash_settable_writer(symbol, klass)
>>       define_method("#{symbol}=") do |value|
>>         instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
>> klass.from_hash(value) : nil)
>>       end
>>     end
>>
>> On Jan 23, 2009, at 5:52 PM, kevin lochner wrote:
>>
>>>     def hash_settable_writer(symbol, klass)
>>>       define_method("#{symbol}=") do |value|
>>>         instance_variable_set("@#{symbol}", value.kind_of?(Hash) ?  
>>> klass.from_hash(value) : value)
>>>       end
>>>     end
>>
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>


From vincentchu at gmail.com  Sat Jan 24 03:02:10 2009
From: vincentchu at gmail.com (vincent chu)
Date: Sat, 24 Jan 2009 00:02:10 -0800
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
	<EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
	<786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>
Message-ID: <ddc18b3e0901240002l2321ad1dk9f3e53e6cea19e07@mail.gmail.com>

Kevin and Mike --

I've been playing around with Connect in the past few days and have
encountered similar problems. If I have a fb_connect view, cookies
that hang around after the user has logged off will cause the app to
fail when I try and access some user information.

I think the problem comes back to the 'set_facebook_session' --- when
a user comes in with cookies or with a facebook_session in his
session, Facebooker will go ahead and create a new facebook_session or
use the currently set one without checking to see if the session is
truly valid.

This is because the secure_with_cookies! and session_already_secured?
methods never actually query facebook to check if the session_key that
comes from the user's session or his cookies is actually valid.

To get around this, I think the best thing to do is to maybe stick a
small bit of code into the 'set_facebook_session' that checks to see
if the user actually has a valid session. I stuck a begin/rescue block
that does this (posted at gist.github.com):

http://gist.github.com/51380

Do y'all think this is a reasonable solution?

Cheers,

Vince



On Fri, Jan 23, 2009 at 12:21 PM, kevin lochner <klochner at gmail.com> wrote:
> I agree with that - validating the cookies is an inexpensive call to make,
> and
> the fields that get serialized are in the cookies anyway.
>
>
> On Jan 23, 2009, at 1:49 PM, Mike Mangino wrote:
>
>> We could go back to not storing the facebook session in the session when
>> it comes from a cookie. That seems reasonable to me.
>>
>> Mike
>> On Jan 23, 2009, at 1:08 PM, kevin lochner wrote:
>>
>>> See below for a message I picked this up on the rfacebook google group
>>> mailing list.
>>>
>>> I'm concerned with whether session_already_secured? is an accurate
>>> indicator
>>> of facebook connection status.    Bear with me while I step through the
>>> logic, where
>>> I've included just the meat of the functions below:
>>>
>>> session_already_secured?
>>> > (@facebook_session = session[:facebook_session]) &&
>>> > session[:facebook_session].secured? if valid_session_key_in_session?
>>>
>>> session.secured?
>>> >  !@session_key.nil? && !expired?
>>>
>>> valid_session_key_in_session?
>>> >  !session[:facebook_session].blank? &&
>>> >  (params[:fb_sig_session_key].blank? ||
>>> > session[:facebook_session].session_key == facebook_params[:session_key])
>>>
>>> The problem for connect is if the following sequence happens:
>>>  - user comes to your site and logs in via facebook,
>>>  - user goes to facebook in another browser tab and logs out
>>>  - user returns to your site
>>>
>>> The connect app will have the following state:
>>>  - session[:facebook_session]
>>>  - @session_key && !expired?
>>>  - params[:fb_sig_session_key].blank?
>>>
>>> So they're technically still logged in and your app will throw an
>>> exception when trying to access user info.
>>>
>>> One solution for a pure connect app is that the session is invalid if the
>>> cookies aren't present.  They don't
>>> need to be verified on each request, but they should be checked for
>>> existence.
>>>
>>> I don't know the best way to handle this because I don't know what would
>>> cause the params[:fb_sig_session_key]
>>> to be blank in non-connect apps while the user is still logged in.  Can
>>> someone fill me in?
>>>
>>> - kevin
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> From: Aaron Nemoyten <swivelmaster at gmail.com>
>>>> Date: January 21, 2009 6:23:51 PM EST
>>>> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
>>>> Subject: [rfacebook] Re: How exactly are session cookies supposed to
>>>> work? Will  ensure_authenticated use them?
>>>> Reply-To: rfacebook at googlegroups.com
>>>>
>>>>
>>>> Well, I've got an update yet again!
>>>>
>>>> Seems that it's possible that new sessions aren't created when they
>>>> should be sometimes because of the order that Facebooker checks for
>>>> valid session info.
>>>>
>>>> If you check out ensure_authenticated_to_facebook, you'll see this:
>>>> def set_facebook_session
>>>>      returning session_set = session_already_secured? ||
>>>> secure_with_facebook_params! || secure_with_cookies! ||
>>>> secure_with_token!
>>>> (etc.)
>>>>
>>>> Grabbing the old session if there is new session info available from
>>>> the facebook_params seems to cause some problems, as well as trying to
>>>> secure with cookies if there's an auth token available (usually
>>>> involving my Safari iframe fix - we can pop out of the iframe with the
>>>> auth token but no params, and Facebooker will grab the old cookie,
>>>> thus rendering the iframe fix potentially useless.
>>>>
>>>> So my preferred order is params, session, auth token, cookies.
>>>>
>>>> Another issue I ran into (which may not be relevant since I moved the
>>>> cookie auth method last) is that cookies from invalid sessions will
>>>> make Facebooker throw an error when all I'd really want to do is just
>>>> ignore them and make a new session, so I rescued secure_with_cookies!
>>>> for Facebooker::Session::IncorrectSignature and just returned false.
>>>>
>>>> Not sure if I mentioned this before, but it's also necessary to modify
>>>> request_comes_from_facebook? to make sure it doesn't incorrectly
>>>> return false because it's looking for canvas-specific parameters.
>>>>
>>>> This seems to have fixed some problems for now.
>>>>
>>>> -Aaron
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>>>>>
>>>>> Aaron your posts are highly appreciated, keep up
>>>>> We also hope to post a few hints, unfortunately IFrames are badly
>>>>> supported though they are superior technology compared to the limited
>>>>> plain FBML apps
>>>>
>>>> --~--~---------~--~----~------------~-------~--~----~
>>>> You received this message because you are subscribed to the Google
>>>> Groups "All Things Facebook and Ruby" group.
>>>> To post to this group, send email to rfacebook at googlegroups.com
>>>> To unsubscribe from this group, send email to
>>>> rfacebook+unsubscribe at googlegroups.com
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/rfacebook?hl=en
>>>> -~----------~----~----~----~------~----~------~--~---
>>>>
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>

From klochner at gmail.com  Sat Jan 24 11:43:02 2009
From: klochner at gmail.com (kevin lochner)
Date: Sat, 24 Jan 2009 11:43:02 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <ddc18b3e0901240002l2321ad1dk9f3e53e6cea19e07@mail.gmail.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
	<EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
	<786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>
	<ddc18b3e0901240002l2321ad1dk9f3e53e6cea19e07@mail.gmail.com>
Message-ID: <487BD52E-283C-4D45-AFA1-156A5CA85229@gmail.com>

Vince -

The cookies should disappear on the first request after the user has  
logged
out of facebook, because your app will only see them if facebook sets  
them
on each request.

I'm going to revert the secure_with_cookies! method
to no longer set session[:facebook_session], so the only time you  
would get
a state mismatch would be if the user logged out of facebook and hadn't
issued a new request to your site yet.

Are you seeing cookies persist for multiple requests after the user as  
logged
out of facebook?  Can you give an accounting of how your user's login
state is validated when there is an error?
(values of cookies, session, valid_session_key, key. expired, etc)

- kevin

On Jan 24, 2009, at 3:02 AM, vincent chu wrote:

> Kevin and Mike --
>
> I've been playing around with Connect in the past few days and have
> encountered similar problems. If I have a fb_connect view, cookies
> that hang around after the user has logged off will cause the app to
> fail when I try and access some user information.
>
> I think the problem comes back to the 'set_facebook_session' --- when
> a user comes in with cookies or with a facebook_session in his
> session, Facebooker will go ahead and create a new facebook_session or
> use the currently set one without checking to see if the session is
> truly valid.
>
> This is because the secure_with_cookies! and session_already_secured?
> methods never actually query facebook to check if the session_key that
> comes from the user's session or his cookies is actually valid.
>
> To get around this, I think the best thing to do is to maybe stick a
> small bit of code into the 'set_facebook_session' that checks to see
> if the user actually has a valid session. I stuck a begin/rescue block
> that does this (posted at gist.github.com):
>
> http://gist.github.com/51380
>
> Do y'all think this is a reasonable solution?
>
> Cheers,
>
> Vince
>
>
>
> On Fri, Jan 23, 2009 at 12:21 PM, kevin lochner <klochner at gmail.com>  
> wrote:
>> I agree with that - validating the cookies is an inexpensive call  
>> to make,
>> and
>> the fields that get serialized are in the cookies anyway.
>>
>>
>> On Jan 23, 2009, at 1:49 PM, Mike Mangino wrote:
>>
>>> We could go back to not storing the facebook session in the  
>>> session when
>>> it comes from a cookie. That seems reasonable to me.
>>>
>>> Mike
>>> On Jan 23, 2009, at 1:08 PM, kevin lochner wrote:
>>>
>>>> See below for a message I picked this up on the rfacebook google  
>>>> group
>>>> mailing list.
>>>>
>>>> I'm concerned with whether session_already_secured? is an accurate
>>>> indicator
>>>> of facebook connection status.    Bear with me while I step  
>>>> through the
>>>> logic, where
>>>> I've included just the meat of the functions below:
>>>>
>>>> session_already_secured?
>>>>> (@facebook_session = session[:facebook_session]) &&
>>>>> session[:facebook_session].secured? if  
>>>>> valid_session_key_in_session?
>>>>
>>>> session.secured?
>>>>> !@session_key.nil? && !expired?
>>>>
>>>> valid_session_key_in_session?
>>>>> !session[:facebook_session].blank? &&
>>>>> (params[:fb_sig_session_key].blank? ||
>>>>> session[:facebook_session].session_key ==  
>>>>> facebook_params[:session_key])
>>>>
>>>> The problem for connect is if the following sequence happens:
>>>> - user comes to your site and logs in via facebook,
>>>> - user goes to facebook in another browser tab and logs out
>>>> - user returns to your site
>>>>
>>>> The connect app will have the following state:
>>>> - session[:facebook_session]
>>>> - @session_key && !expired?
>>>> - params[:fb_sig_session_key].blank?
>>>>
>>>> So they're technically still logged in and your app will throw an
>>>> exception when trying to access user info.
>>>>
>>>> One solution for a pure connect app is that the session is  
>>>> invalid if the
>>>> cookies aren't present.  They don't
>>>> need to be verified on each request, but they should be checked for
>>>> existence.
>>>>
>>>> I don't know the best way to handle this because I don't know  
>>>> what would
>>>> cause the params[:fb_sig_session_key]
>>>> to be blank in non-connect apps while the user is still logged  
>>>> in.  Can
>>>> someone fill me in?
>>>>
>>>> - kevin
>>>>
>>>>
>>>> Begin forwarded message:
>>>>
>>>>> From: Aaron Nemoyten <swivelmaster at gmail.com>
>>>>> Date: January 21, 2009 6:23:51 PM EST
>>>>> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
>>>>> Subject: [rfacebook] Re: How exactly are session cookies  
>>>>> supposed to
>>>>> work? Will  ensure_authenticated use them?
>>>>> Reply-To: rfacebook at googlegroups.com
>>>>>
>>>>>
>>>>> Well, I've got an update yet again!
>>>>>
>>>>> Seems that it's possible that new sessions aren't created when  
>>>>> they
>>>>> should be sometimes because of the order that Facebooker checks  
>>>>> for
>>>>> valid session info.
>>>>>
>>>>> If you check out ensure_authenticated_to_facebook, you'll see  
>>>>> this:
>>>>> def set_facebook_session
>>>>>     returning session_set = session_already_secured? ||
>>>>> secure_with_facebook_params! || secure_with_cookies! ||
>>>>> secure_with_token!
>>>>> (etc.)
>>>>>
>>>>> Grabbing the old session if there is new session info available  
>>>>> from
>>>>> the facebook_params seems to cause some problems, as well as  
>>>>> trying to
>>>>> secure with cookies if there's an auth token available (usually
>>>>> involving my Safari iframe fix - we can pop out of the iframe  
>>>>> with the
>>>>> auth token but no params, and Facebooker will grab the old cookie,
>>>>> thus rendering the iframe fix potentially useless.
>>>>>
>>>>> So my preferred order is params, session, auth token, cookies.
>>>>>
>>>>> Another issue I ran into (which may not be relevant since I  
>>>>> moved the
>>>>> cookie auth method last) is that cookies from invalid sessions  
>>>>> will
>>>>> make Facebooker throw an error when all I'd really want to do is  
>>>>> just
>>>>> ignore them and make a new session, so I rescued  
>>>>> secure_with_cookies!
>>>>> for Facebooker::Session::IncorrectSignature and just returned  
>>>>> false.
>>>>>
>>>>> Not sure if I mentioned this before, but it's also necessary to  
>>>>> modify
>>>>> request_comes_from_facebook? to make sure it doesn't incorrectly
>>>>> return false because it's looking for canvas-specific parameters.
>>>>>
>>>>> This seems to have fixed some problems for now.
>>>>>
>>>>> -Aaron
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>>>>>>
>>>>>> Aaron your posts are highly appreciated, keep up
>>>>>> We also hope to post a few hints, unfortunately IFrames are badly
>>>>>> supported though they are superior technology compared to the  
>>>>>> limited
>>>>>> plain FBML apps
>>>>>
>>>>> --~--~---------~--~----~------------~-------~--~----~
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "All Things Facebook and Ruby" group.
>>>>> To post to this group, send email to rfacebook at googlegroups.com
>>>>> To unsubscribe from this group, send email to
>>>>> rfacebook+unsubscribe at googlegroups.com
>>>>> For more options, visit this group at
>>>>> http://groups.google.com/group/rfacebook?hl=en
>>>>> -~----------~----~----~----~------~----~------~--~---
>>>>>
>>>>
>>>> _______________________________________________
>>>> Facebooker-talk mailing list
>>>> Facebooker-talk at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>>> --
>>> Mike Mangino
>>> http://www.elevatedrails.com
>>>
>>>
>>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>


From vincentchu at gmail.com  Sat Jan 24 15:17:24 2009
From: vincentchu at gmail.com (vincent chu)
Date: Sat, 24 Jan 2009 12:17:24 -0800
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <487BD52E-283C-4D45-AFA1-156A5CA85229@gmail.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
	<EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
	<786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>
	<ddc18b3e0901240002l2321ad1dk9f3e53e6cea19e07@mail.gmail.com>
	<487BD52E-283C-4D45-AFA1-156A5CA85229@gmail.com>
Message-ID: <ddc18b3e0901241217k723df330x34ae07d298ae45bf@mail.gmail.com>

Kevin ---

Perhaps I am not understanding something correctly, but this is my
basic test setup:

1) I have an existing site that I want to enable with fb_connect.

2) I made a very simple controller called 'fb_connect':

class FbConnectController < ApplicationController

  protect_from_forgery :secret => 'XXXXXXXXXXXXXX'
  before_filter :set_facebook_session
  helper_method :facebook_session

  def index
  end

end

3) The view is very simple (pretty much just a copy of the elevated
rails blog post):

<h1>My Great Application</h1>
<%= fb_connect_javascript_tag %>
<%= init_fb_connect "XFBML"%>
<%= fb_login_button%>

<% if facebook_session %>
  <h2>You are logged in as <%= facebook_session.user.name %></h2>
<% else %>
  <h2>You are not logged in!</h2>
<% end %>

4) All the other stuff in the html header (e.g., <html xmlns:fb ..
etc..) is located in the "views/layouts/application.rhtml" file.


Anyway, this is the behavior that I get:

0) User is initially logged out of facebook.com

1) User clicks on the login button and inputs his credentials. He's
logged in correctly to the rails app (rails view successfully reports
that the user is "logged in as so and so"). Cookies are placed in the
user's browser with a valid session_key, etc..

2) User goes to facebook.com and he's logged in. He then clicks
'logout' on facebook.com

3) User reloads the fb_connect/index view and throws an "Session key
invalid or no longer valid" exception. Cookies stick around.

>From my understanding of the code, this is what seems to be happening:

 - Cookies are placed at step #1. Logging out of facebook.com at step
#2 expires the session_key stored in the cookies. However, logging out
doesn't delete them (should it?).

 - Because the cookies weren't deleted, they hang out until the next
reload. Upon reloading the fb_connect/index view, they're scooped up
and used to parameterize a facebook_session. Or, if the reload has
happened within a short enough period, the facebook_session stored in
the user's session variable is used.

 - In either case, facebooker doesn't explicitly check that the
facebook_session created from cookies or the session is valid. Hence
the next reload of the view will throw an exception.

Is this right?

Thanks for the help,

Vince



On Sat, Jan 24, 2009 at 8:43 AM, kevin lochner <klochner at gmail.com> wrote:
> Vince -
>
> The cookies should disappear on the first request after the user has logged
> out of facebook, because your app will only see them if facebook sets them
> on each request.
>
> I'm going to revert the secure_with_cookies! method
> to no longer set session[:facebook_session], so the only time you would get
> a state mismatch would be if the user logged out of facebook and hadn't
> issued a new request to your site yet.
>
> Are you seeing cookies persist for multiple requests after the user as
> logged
> out of facebook?  Can you give an accounting of how your user's login
> state is validated when there is an error?
> (values of cookies, session, valid_session_key, key. expired, etc)
>
> - kevin
>
> On Jan 24, 2009, at 3:02 AM, vincent chu wrote:
>
>> Kevin and Mike --
>>
>> I've been playing around with Connect in the past few days and have
>> encountered similar problems. If I have a fb_connect view, cookies
>> that hang around after the user has logged off will cause the app to
>> fail when I try and access some user information.
>>
>> I think the problem comes back to the 'set_facebook_session' --- when
>> a user comes in with cookies or with a facebook_session in his
>> session, Facebooker will go ahead and create a new facebook_session or
>> use the currently set one without checking to see if the session is
>> truly valid.
>>
>> This is because the secure_with_cookies! and session_already_secured?
>> methods never actually query facebook to check if the session_key that
>> comes from the user's session or his cookies is actually valid.
>>
>> To get around this, I think the best thing to do is to maybe stick a
>> small bit of code into the 'set_facebook_session' that checks to see
>> if the user actually has a valid session. I stuck a begin/rescue block
>> that does this (posted at gist.github.com):
>>
>> http://gist.github.com/51380
>>
>> Do y'all think this is a reasonable solution?
>>
>> Cheers,
>>
>> Vince
>>
>>
>>
>> On Fri, Jan 23, 2009 at 12:21 PM, kevin lochner <klochner at gmail.com>
>> wrote:
>>>
>>> I agree with that - validating the cookies is an inexpensive call to
>>> make,
>>> and
>>> the fields that get serialized are in the cookies anyway.
>>>
>>>
>>> On Jan 23, 2009, at 1:49 PM, Mike Mangino wrote:
>>>
>>>> We could go back to not storing the facebook session in the session when
>>>> it comes from a cookie. That seems reasonable to me.
>>>>
>>>> Mike
>>>> On Jan 23, 2009, at 1:08 PM, kevin lochner wrote:
>>>>
>>>>> See below for a message I picked this up on the rfacebook google group
>>>>> mailing list.
>>>>>
>>>>> I'm concerned with whether session_already_secured? is an accurate
>>>>> indicator
>>>>> of facebook connection status.    Bear with me while I step through the
>>>>> logic, where
>>>>> I've included just the meat of the functions below:
>>>>>
>>>>> session_already_secured?
>>>>>>
>>>>>> (@facebook_session = session[:facebook_session]) &&
>>>>>> session[:facebook_session].secured? if valid_session_key_in_session?
>>>>>
>>>>> session.secured?
>>>>>>
>>>>>> !@session_key.nil? && !expired?
>>>>>
>>>>> valid_session_key_in_session?
>>>>>>
>>>>>> !session[:facebook_session].blank? &&
>>>>>> (params[:fb_sig_session_key].blank? ||
>>>>>> session[:facebook_session].session_key ==
>>>>>> facebook_params[:session_key])
>>>>>
>>>>> The problem for connect is if the following sequence happens:
>>>>> - user comes to your site and logs in via facebook,
>>>>> - user goes to facebook in another browser tab and logs out
>>>>> - user returns to your site
>>>>>
>>>>> The connect app will have the following state:
>>>>> - session[:facebook_session]
>>>>> - @session_key && !expired?
>>>>> - params[:fb_sig_session_key].blank?
>>>>>
>>>>> So they're technically still logged in and your app will throw an
>>>>> exception when trying to access user info.
>>>>>
>>>>> One solution for a pure connect app is that the session is invalid if
>>>>> the
>>>>> cookies aren't present.  They don't
>>>>> need to be verified on each request, but they should be checked for
>>>>> existence.
>>>>>
>>>>> I don't know the best way to handle this because I don't know what
>>>>> would
>>>>> cause the params[:fb_sig_session_key]
>>>>> to be blank in non-connect apps while the user is still logged in.  Can
>>>>> someone fill me in?
>>>>>
>>>>> - kevin
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> From: Aaron Nemoyten <swivelmaster at gmail.com>
>>>>>> Date: January 21, 2009 6:23:51 PM EST
>>>>>> To: All Things Facebook and Ruby <rfacebook at googlegroups.com>
>>>>>> Subject: [rfacebook] Re: How exactly are session cookies supposed to
>>>>>> work? Will  ensure_authenticated use them?
>>>>>> Reply-To: rfacebook at googlegroups.com
>>>>>>
>>>>>>
>>>>>> Well, I've got an update yet again!
>>>>>>
>>>>>> Seems that it's possible that new sessions aren't created when they
>>>>>> should be sometimes because of the order that Facebooker checks for
>>>>>> valid session info.
>>>>>>
>>>>>> If you check out ensure_authenticated_to_facebook, you'll see this:
>>>>>> def set_facebook_session
>>>>>>    returning session_set = session_already_secured? ||
>>>>>> secure_with_facebook_params! || secure_with_cookies! ||
>>>>>> secure_with_token!
>>>>>> (etc.)
>>>>>>
>>>>>> Grabbing the old session if there is new session info available from
>>>>>> the facebook_params seems to cause some problems, as well as trying to
>>>>>> secure with cookies if there's an auth token available (usually
>>>>>> involving my Safari iframe fix - we can pop out of the iframe with the
>>>>>> auth token but no params, and Facebooker will grab the old cookie,
>>>>>> thus rendering the iframe fix potentially useless.
>>>>>>
>>>>>> So my preferred order is params, session, auth token, cookies.
>>>>>>
>>>>>> Another issue I ran into (which may not be relevant since I moved the
>>>>>> cookie auth method last) is that cookies from invalid sessions will
>>>>>> make Facebooker throw an error when all I'd really want to do is just
>>>>>> ignore them and make a new session, so I rescued secure_with_cookies!
>>>>>> for Facebooker::Session::IncorrectSignature and just returned false.
>>>>>>
>>>>>> Not sure if I mentioned this before, but it's also necessary to modify
>>>>>> request_comes_from_facebook? to make sure it doesn't incorrectly
>>>>>> return false because it's looking for canvas-specific parameters.
>>>>>>
>>>>>> This seems to have fixed some problems for now.
>>>>>>
>>>>>> -Aaron
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jan 19, 12:56 am, PanosJee <pap... at freemail.gr> wrote:
>>>>>>>
>>>>>>> Aaron your posts are highly appreciated, keep up
>>>>>>> We also hope to post a few hints, unfortunately IFrames are badly
>>>>>>> supported though they are superior technology compared to the limited
>>>>>>> plain FBML apps
>>>>>>
>>>>>> --~--~---------~--~----~------------~-------~--~----~
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "All Things Facebook and Ruby" group.
>>>>>> To post to this group, send email to rfacebook at googlegroups.com
>>>>>> To unsubscribe from this group, send email to
>>>>>> rfacebook+unsubscribe at googlegroups.com
>>>>>> For more options, visit this group at
>>>>>> http://groups.google.com/group/rfacebook?hl=en
>>>>>> -~----------~----~----~----~------~----~------~--~---
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Facebooker-talk mailing list
>>>>> Facebooker-talk at rubyforge.org
>>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>>
>>>> --
>>>> Mike Mangino
>>>> http://www.elevatedrails.com
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>

From aurelien.malisart.mailinglists at gmail.com  Sun Jan 25 16:23:53 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Sun, 25 Jan 2009 22:23:53 +0100
Subject: [Facebooker-talk] How to instanciate a Group or Event model object
Message-ID: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>

Hi,

What do I have to do to have a populated object of class  
Facebooker::Group or Facebooker::Event populated with its group/event  
information if I know it's gid/eid? Is it required to use FQL?

I tried things like these:

Facebooker::Group.new(:gid => 42)
Facebooker::Event.new(:eid => 42)

since the initialize of Facebooker::Model takes a hash, but the object  
isn't populated.

Thanks

Aur?lien

From alexis at yoolink.fr  Mon Jan 26 06:14:57 2009
From: alexis at yoolink.fr (Alexis Sukrieh)
Date: Mon, 26 Jan 2009 12:14:57 +0100
Subject: [Facebooker-talk] Patch for supporting story_size in
	publishUserAction
Message-ID: <497D9B31.3020202@yoolink.fr>

Hello list,

I use Facebooker for writing a Facebook app with rails, it works great,
thanks for the job!

I'm experiencing an issue though, described here:
https://forums.pragprog.com/forums/48/topics/1904

Mainly, the issue is that publish_user_action() does not handle the
optional parameter "story_size" of the Feed.publishUserAction methdod
(see http://wiki.developers.facebook.com/index.php/Feed.publishUserAction )

So here is a patch that lets you give a "size" optional parameter when
using any deliver_* method defined in your publisher.

Hope that helps.

Note: I'm not 100% happy with rescue ArgumentError stuff, maybe there's
a better way to do that.

Regards,

-- 
Alexis Sukrieh
Yoolink - http://www.yoolinkpro.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: publishUserAction.diff
Type: text/x-patch
Size: 3231 bytes
Desc: not available
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090126/42ba8f95/attachment-0001.bin>

From lee at crossbonesystems.com  Mon Jan 26 06:50:15 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Mon, 26 Jan 2009 11:50:15 +0000
Subject: [Facebooker-talk] fb_sig_canvas_user
Message-ID: <e8c2bee00901260350v2b8936a9g3c6f1b91d5e37206@mail.gmail.com>

Hi all,

I've got myself a bit confused over fb_sig_canvas_user and I'm hoping
some of the seasoned facebook devs can clear it up.

>From reading the facebook wiki, it seems like fb_sig_user is the main
parameter to check for the logged in user ID when a user has installed
the app. However, it seems that fb_sig_canvas_user is passed to my
URLs (instead of fb_sig_user) when a user is logged in to facebook but
has not authorized my app.

So to determine the authoritative "current user" with facebooker,
should I simply be doing the following?

if facebook_params['user'] != 0
  return facebook_params['user']
end
if facebook_params['canvas_user'] != 0
  return facebook_params['canvas_user']
end
return nil

Or are there also other conditions (or user parameters!) I should be
watching out for?

Bear in mind that I'm letting users look at my pages without forcing
them to install/authorize my application.

Regards,
Lee.


-- 
Lee Mallabone.
http://apps.facebook.com/headhunting/

From lee at crossbonesystems.com  Mon Jan 26 07:10:07 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Mon, 26 Jan 2009 12:10:07 +0000
Subject: [Facebooker-talk] How to instanciate a Group or Event model
	object
In-Reply-To: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>
References: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>
Message-ID: <e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>

Hi Aur?lien,

Did you already get your site setup so facebook users can login?
http://apps.facebook.com/facebooker_tutorial/outline

Once you have done that, in your controller make a call to:

facebook_session.user.groups()
or
facebook_session.user.events()

and you should get all the groups/events for the logged in user: you
can pass in specific IDs to just retrieve individual objects.

Hope that helps,
Lee.


2009/1/25 Malisart Aur?lien <aurelien.malisart.mailinglists at gmail.com>:
> Hi,
>
> What do I have to do to have a populated object of class Facebooker::Group
> or Facebooker::Event populated with its group/event information if I know
> it's gid/eid? Is it required to use FQL?
>
> I tried things like these:
>
> Facebooker::Group.new(:gid => 42)
> Facebooker::Event.new(:eid => 42)
>
> since the initialize of Facebooker::Model takes a hash, but the object isn't
> populated.
>
> Thanks
>
> Aur?lien
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>



-- 
Lee Mallabone.
Crossbone Systems Ltd.

http://www.crossbonesystems.com/
http://www.fonicmonkey.net/
http://CambridgeWebHeads.ning.com/

From aurelien.malisart.mailinglists at gmail.com  Mon Jan 26 07:50:19 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Mon, 26 Jan 2009 13:50:19 +0100
Subject: [Facebooker-talk] How to instanciate a Group or Event model
	object
In-Reply-To: <e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>
References: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>
	<e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>
Message-ID: <E33720BF-FAC3-4AB0-9FCE-E0570A3725E4@gmail.com>

Thanks!

On 26 Jan 2009, at 13:10, Lee Mallabone wrote:

> Hi Aur?lien,
>
> Did you already get your site setup so facebook users can login?
> http://apps.facebook.com/facebooker_tutorial/outline

Yes yes I did.

> Once you have done that, in your controller make a call to:
>
> facebook_session.user.groups()
> or
> facebook_session.user.events()

Yes this works.
But what I'm trying to do is to have the infos for a given group, even  
if it isn't one of the current user groups.
Maybe it is not possible?

Aur?lien

From aurelien.malisart.mailinglists at gmail.com  Mon Jan 26 07:55:33 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Mon, 26 Jan 2009 13:55:33 +0100
Subject: [Facebooker-talk] How to instanciate a Group or Event model
	object
In-Reply-To: <e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>
References: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>
	<e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>
Message-ID: <DCDCCAA9-A3C4-4E6C-BE11-2585CFE837D1@gmail.com>

Mmm I just tried. It works with groups the current user isn't member  
of too.

Thanks for your help.

From lee at crossbonesystems.com  Mon Jan 26 07:56:32 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Mon, 26 Jan 2009 12:56:32 +0000
Subject: [Facebooker-talk] How to instanciate a Group or Event model
	object
In-Reply-To: <DCDCCAA9-A3C4-4E6C-BE11-2585CFE837D1@gmail.com>
References: <57BEC9FA-2DE8-4507-9F44-1CF8B337DB47@gmail.com>
	<e8c2bee00901260410y7ebb46eaiabdaf30bd98348a1@mail.gmail.com>
	<DCDCCAA9-A3C4-4E6C-BE11-2585CFE837D1@gmail.com>
Message-ID: <e8c2bee00901260456i43ffa173kc61491d0bff51799@mail.gmail.com>

You could also try using FQL queries:
http://wiki.developers.facebook.com/index.php/Group_%28FQL%29

Lee.


2009/1/26 Malisart Aur?lien <aurelien.malisart.mailinglists at gmail.com>:
> Mmm I just tried. It works with groups the current user isn't member of too.
>
> Thanks for your help.
>



-- 
Lee Mallabone.
Crossbone Systems Ltd.

http://www.crossbonesystems.com/
http://www.fonicmonkey.net/
http://CambridgeWebHeads.ning.com/

From klochner at gmail.com  Mon Jan 26 12:06:44 2009
From: klochner at gmail.com (kevin lochner)
Date: Mon, 26 Jan 2009 12:06:44 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <ddc18b3e0901241217k723df330x34ae07d298ae45bf@mail.gmail.com>
References: <7301f335-1c02-4d70-97bd-65916a38ae57@w1g2000prk.googlegroups.com>
	<612BD38F-DC17-4625-A226-D493732546CB@gmail.com>
	<EF4D48AD-9032-4BE9-9378-81ADC4BE22A9@elevatedrails.com>
	<786DAC5C-FD4A-4C39-A72E-87867EDB3361@gmail.com>
	<ddc18b3e0901240002l2321ad1dk9f3e53e6cea19e07@mail.gmail.com>
	<487BD52E-283C-4D45-AFA1-156A5CA85229@gmail.com>
	<ddc18b3e0901241217k723df330x34ae07d298ae45bf@mail.gmail.com>
Message-ID: <C8ECDA13-5DF7-45F2-88E2-7CDD913328B3@gmail.com>


hey vince -

I'm with you now, see below.   Comments appreciated from anyone
as I think there are tradeoffs to be considered in how we approach this.


> 0) User is initially logged out of facebook.com
>
>
> 1) User clicks on the login button and inputs his credentials. He's
> logged in correctly to the rails app (rails view successfully reports
> that the user is "logged in as so and so"). Cookies are placed in the
> user's browser with a valid session_key, etc..
>
> 2) User goes to facebook.com and he's logged in. He then clicks
> 'logout' on facebook.com
>
> 3) User reloads the fb_connect/index view and throws an "Session key
> invalid or no longer valid" exception. Cookies stick around.
>
> From my understanding of the code, this is what seems to be happening:
>
> - Cookies are placed at step #1. Logging out of facebook.com at step
> #2 expires the session_key stored in the cookies. However, logging out
> doesn't delete them (should it?).
>

The cookies will be cleared on the 2nd request after the user logs out
of facebook, which is a little late to avoid throwing an exception if  
you're
invoking the rest api, but this is going to be a relatively rare  
occurrence,
so I'd rather avoid forcing an extra ping of facebook on every request.

> - Because the cookies weren't deleted, they hang out until the next
> reload. Upon reloading the fb_connect/index view, they're scooped up
> and used to parameterize a facebook_session. Or, if the reload has
> happened within a short enough period, the facebook_session stored in
> the user's session variable is used.
>

We're not going to save cookie-based session information in the  
session hash
anymore, remove the last line from secure_with_cookies!   
(session[:fb_session] = @session)

> - In either case, facebooker doesn't explicitly check that the
> facebook_session created from cookies or the session is valid. Hence
> the next reload of the view will throw an exception.

I don't like forcing an extra POST to facebook on every page request  
just to make sure the
user hasn't logged out of fb elsewhere.   I timed them at between .25  
and .5 seconds a pop.
Also note that we'd be forcing an extra post for all canvas apps even  
though they don't
have the invalid cookie problem.

If you're using fb connect only as a secondary login credential,  you  
may never throw an
exception anyway, and the cookies will pick up state within a couple  
of requests (or
the session key can expire based on time before they send another  
request).

we could add a test_facebook_session method that  you can call in
any controllers that use the facebook rest api and were secured with  
cookies, but
I'd prefer the following in facebooker/.../controller.rb:

 >  def self.included(controller)
 >  ...
 >   controller.rescue_from Facebooker::Session::SessionExpired, :with  
=> :session_expired
 >  end

 >  def session_expired
 >      clear_fb_cookies!
 >      clear_facebook_session_information
 >      flash[:error] = "Your facebook session has expired."
 >      redirect_to "/"
 >  end

note that with this approach you will have to explicitly pre-load data  
in the
controller rather than invoking the facebook rest api in the view  
(which is
what you did in your example).

  - kevin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090126/22708354/attachment.html>

From klochner at gmail.com  Mon Jan 26 19:57:44 2009
From: klochner at gmail.com (kevin lochner)
Date: Mon, 26 Jan 2009 19:57:44 -0500
Subject: [Facebooker-talk] feed publisher
Message-ID: <7C28D23E-F3BB-4D0C-BCFB-1FAB5A659266@gmail.com>

For connect, it looks like you have to use the javascript library to  
publish feed stories
(and get the pop-up feed dialogue window).  Has anyone written a  
helper to generate
the javascript?

  - kevin

From swivelmaster at yahoo.com  Wed Jan 28 18:33:15 2009
From: swivelmaster at yahoo.com (Aaron Nemoyten)
Date: Wed, 28 Jan 2009 15:33:15 -0800 (PST)
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are
	session	cookies supposed to work? Will ensure_authenticated
	use them?
Message-ID: <38504.75625.qm@web33005.mail.mud.yahoo.com>

Hey everyone.

I'm the author of the original post to the Facebook/Ruby group.  I apologize for not getting over to this list sooner - Kevin Lochner emailed me and suggested it last week.

I'm trying to catch up on the discussion here.

Because the app I'm working on is in an iFrame AND we're using Flash AND we're relying on cookies to authenticate requests in Facebook...  we've had a lot of issues.

>> I don't know the best way to handle this because I don't know what  
> would cause the params[:fb_sig_session_key]
> to be blank in non-connect apps while the user is still logged in.   

The problem is navigation within iFrame apps - you get the fb_sig parameters and then you have one chance to initialize the session correctly...  the rest of the time you're basically flying blind.

This gets difficult because cookie settings vary from browser to browser, including Safari's very restrictive default behavior which prevents cookies from being set and read from within iframes that do not match the domain of the main tab URL.

Because Facebooker's default behavior is to initialize sessions from the session store BEFORE checking params, it's possible (and very easy) to end up with the wrong session if a user simply uses the app, logs out of facebook, logs back in, and uses the app again.

My easy fix to that was to make secure_with_facebook_params the first choice, followed by secure_with_token, followed by session_already_secured (and then cookies...  not sure how often we're even getting to that at this point).  Since these params should only come in once anyway, this isn't any more expensive and prevents the wrong session from being initialized.

There are still a ton of issues regarding cookie settings and setting/getting session.  I finally just figured out a problem we were having post-login/authorization in Safari that goes something like this:

* Application redirects user to login page
* Login page sends user to app with auth_token parameter
* Server initializes session with auth_token parameter
* Service sends response with cookies/session info included
* Browser refuses to set cookies but renders page
* Page has javascript to check for cookies and redirects top.href to href (my fix - this works when we have fb_sig params because we can recreate the session from them, set the cookies, and then redirect back into the frame)
* Params are included, including auth_token, which Facebook refuses to turn into a valid session because we already did that once (is this what's happening?) and an exception is thrown
* User sees error.

WARNING:  HORRIBLE HACK STARTS HERE!

The best fix I can come up with right now is to remove auth_token from the redirect to top, which will cause a redirect BACK to apps.facebook.com/appname, which will pass in fb_sig params but fail to create the cookie, so the javascript will redirect to top once again, but with fb_sig params in the url, which will create the session correctly with cookies allowed by all browsers, and redirect back into the frame.

So now the question is...  what if javascript isn't allowed to read the cookie in the first place.  Then maybe I have to have Flash ping the server (cookies are automatically sent with Flash requests) and let the server tell Flash if the cookie is correct, and then Flash can call ExternalInterface and force the reload.

...this is all to get around restrictive browser cookie settings.  The alternative is to just ask users to change their cookie settings and reload, but that seems like it would have a lower success rate.

-Aaron


      

From mmangino at elevatedrails.com  Wed Jan 28 19:03:24 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Wed, 28 Jan 2009 19:03:24 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are
	session	cookies supposed to work? Will ensure_authenticated
	use them?
In-Reply-To: <38504.75625.qm@web33005.mail.mud.yahoo.com>
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
Message-ID: <17320669-63EE-45B4-809A-CB762B15A265@elevatedrails.com>

Aaron, thanks for the note.

I like the idea of using params as the default choice. I think that  
definitely makes sense.

The post login authorization issue is really ugly. Are you able to get  
a canvas url for the post login url? That would be a cleaner way to  
solve the problem.

Mike

On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:

> Hey everyone.
>
> I'm the author of the original post to the Facebook/Ruby group.  I  
> apologize for not getting over to this list sooner - Kevin Lochner  
> emailed me and suggested it last week.
>
> I'm trying to catch up on the discussion here.
>
> Because the app I'm working on is in an iFrame AND we're using Flash  
> AND we're relying on cookies to authenticate requests in  
> Facebook...  we've had a lot of issues.
>
>>> I don't know the best way to handle this because I don't know what
>> would cause the params[:fb_sig_session_key]
>> to be blank in non-connect apps while the user is still logged in.
>
> The problem is navigation within iFrame apps - you get the fb_sig  
> parameters and then you have one chance to initialize the session  
> correctly...  the rest of the time you're basically flying blind.
>
> This gets difficult because cookie settings vary from browser to  
> browser, including Safari's very restrictive default behavior which  
> prevents cookies from being set and read from within iframes that do  
> not match the domain of the main tab URL.
>
> Because Facebooker's default behavior is to initialize sessions from  
> the session store BEFORE checking params, it's possible (and very  
> easy) to end up with the wrong session if a user simply uses the  
> app, logs out of facebook, logs back in, and uses the app again.
>
> My easy fix to that was to make secure_with_facebook_params the  
> first choice, followed by secure_with_token, followed by  
> session_already_secured (and then cookies...  not sure how often  
> we're even getting to that at this point).  Since these params  
> should only come in once anyway, this isn't any more expensive and  
> prevents the wrong session from being initialized.
>
> There are still a ton of issues regarding cookie settings and  
> setting/getting session.  I finally just figured out a problem we  
> were having post-login/authorization in Safari that goes something  
> like this:
>
> * Application redirects user to login page
> * Login page sends user to app with auth_token parameter
> * Server initializes session with auth_token parameter
> * Service sends response with cookies/session info included
> * Browser refuses to set cookies but renders page
> * Page has javascript to check for cookies and redirects top.href to  
> href (my fix - this works when we have fb_sig params because we can  
> recreate the session from them, set the cookies, and then redirect  
> back into the frame)
> * Params are included, including auth_token, which Facebook refuses  
> to turn into a valid session because we already did that once (is  
> this what's happening?) and an exception is thrown
> * User sees error.
>
> WARNING:  HORRIBLE HACK STARTS HERE!
>
> The best fix I can come up with right now is to remove auth_token  
> from the redirect to top, which will cause a redirect BACK to  
> apps.facebook.com/appname, which will pass in fb_sig params but fail  
> to create the cookie, so the javascript will redirect to top once  
> again, but with fb_sig params in the url, which will create the  
> session correctly with cookies allowed by all browsers, and redirect  
> back into the frame.
>
> So now the question is...  what if javascript isn't allowed to read  
> the cookie in the first place.  Then maybe I have to have Flash ping  
> the server (cookies are automatically sent with Flash requests) and  
> let the server tell Flash if the cookie is correct, and then Flash  
> can call ExternalInterface and force the reload.
>
> ...this is all to get around restrictive browser cookie settings.   
> The alternative is to just ask users to change their cookie settings  
> and reload, but that seems like it would have a lower success rate.
>
> -Aaron
>
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From lee at crossbonesystems.com  Thu Jan 29 11:26:07 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Thu, 29 Jan 2009 16:26:07 +0000
Subject: [Facebooker-talk] link_to issue when running outside of web server
Message-ID: <e8c2bee00901290826q6a089545uabdb59a6b8238476@mail.gmail.com>

Hi all,

I've created a class that I want to run outside of my web server using
the standard rails "script/runner".

The script works fine, loading ActiveRecord objects etc, until I try
and use the link_to helper.

I've included the following in my class:
    include ActionView::Helpers::UrlHelper
    include ActionController::UrlWriter
but when I try and call link_to I get the following error:

/Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/url_rewriter.rb:138:in
`url_for': Missing host to link to! Please provide :host parameter or
set default_url_options[:host] (RuntimeError)

I'm calling link_to like this:
link_to('link test', :canvas => true, :controller => :job, :action =>
:show, :id => user_job)

It almost looks as though facebooker's URL helper methods are not
getting mixed in properly, so it's not picking up facebooker's host or
canvas prefix. Anyone know how to fix this? I've attached a tiny class
that demonstrates the problem in my environment. run it with:
script/runner /path/to/link_to_issue.rb

Regards,
Lee.

-- 
Lee Mallabone.
Crossbone Systems Ltd.

Tired of hunting for great people?
Post jobs on your facebook profile with Head Hunting:
http://apps.facebook.com/headhunting/pages/recruiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: link_to_issue.rb
Type: text/x-ruby-script
Size: 230 bytes
Desc: not available
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090129/68d4cc4f/attachment.bin>

From mmangino at elevatedrails.com  Thu Jan 29 14:01:56 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Thu, 29 Jan 2009 14:01:56 -0500
Subject: [Facebooker-talk] link_to issue when running outside of web
	server
In-Reply-To: <e8c2bee00901290826q6a089545uabdb59a6b8238476@mail.gmail.com>
References: <e8c2bee00901290826q6a089545uabdb59a6b8238476@mail.gmail.com>
Message-ID: <3D16EB2A-95BF-4F48-8111-1ED0F5F4235B@elevatedrails.com>

There is a lot of magic required to make those helpers work. You will  
probably need to include the facebooker helpers. The Publisher code  
sets up a class with all of the helpers available, you might try  
looking at that.

Mike

On Jan 29, 2009, at 11:26 AM, Lee Mallabone wrote:

> Hi all,
>
> I've created a class that I want to run outside of my web server using
> the standard rails "script/runner".
>
> The script works fine, loading ActiveRecord objects etc, until I try
> and use the link_to helper.
>
> I've included the following in my class:
>    include ActionView::Helpers::UrlHelper
>    include ActionController::UrlWriter
> but when I try and call link_to I get the following error:
>
> /Library/Ruby/Gems/1.8/gems/actionpack-2.2.2/lib/action_controller/ 
> url_rewriter.rb:138:in
> `url_for': Missing host to link to! Please provide :host parameter or
> set default_url_options[:host] (RuntimeError)
>
> I'm calling link_to like this:
> link_to('link test', :canvas => true, :controller => :job, :action =>
> :show, :id => user_job)
>
> It almost looks as though facebooker's URL helper methods are not
> getting mixed in properly, so it's not picking up facebooker's host or
> canvas prefix. Anyone know how to fix this? I've attached a tiny class
> that demonstrates the problem in my environment. run it with:
> script/runner /path/to/link_to_issue.rb
>
> Regards,
> Lee.
>
> -- 
> Lee Mallabone.
> Crossbone Systems Ltd.
>
> Tired of hunting for great people?
> Post jobs on your facebook profile with Head Hunting:
> http://apps.facebook.com/headhunting/pages/recruiter
> <link_to_issue.rb>_______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From klochner at gmail.com  Thu Jan 29 14:02:42 2009
From: klochner at gmail.com (kevin lochner)
Date: Thu, 29 Jan 2009 14:02:42 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <38504.75625.qm@web33005.mail.mud.yahoo.com>
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
Message-ID: <FC441846-B405-4349-A9ED-E92B5B1335CE@gmail.com>

The only case where this is an issue is if they've granted cookie  
access on
a site-by-site basis, since you can't use facebook without allowing  
cookies
(or at least that has been my experience).

I don't think this should be a priority, since your typical facebook  
user will
just allow cookies globally.

On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:

>
> WARNING:  HORRIBLE HACK STARTS HERE!
>
> The best fix I can come up with right now is to remove auth_token  
> from the redirect to top, which will cause a redirect BACK to  
> apps.facebook.com/appname, which will pass in fb_sig params but fail  
> to create the cookie, so the javascript will redirect to top once  
> again, but with fb_sig params in the url, which will create the  
> session correctly with cookies allowed by all browsers, and redirect  
> back into the frame.
>
> So now the question is...  what if javascript isn't allowed to read  
> the cookie in the first place.  Then maybe I have to have Flash ping  
> the server (cookies are automatically sent with Flash requests) and  
> let the server tell Flash if the cookie is correct, and then Flash  
> can call ExternalInterface and force the reload.
>
> ...this is all to get around restrictive browser cookie settings.   
> The alternative is to just ask users to change their cookie settings  
> and reload, but that seems like it would have a lower success rate.
>
> -Aaron
>
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk


From swivelmaster at yahoo.com  Thu Jan 29 14:20:55 2009
From: swivelmaster at yahoo.com (Aaron Nemoyten)
Date: Thu, 29 Jan 2009 11:20:55 -0800 (PST)
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
	<FC441846-B405-4349-A9ED-E92B5B1335CE@gmail.com>
Message-ID: <959008.37635.qm@web33005.mail.mud.yahoo.com>

Check out Safari cookie preferences and you'll see that the default option is Accept Cookies:  Only from sites you navigate to.
In Firefox the default equivalent is Accept Third Party Cookies.

If an iFrame is in a different domain from the top site, cookies will not be accepted if these options are turned off.  

Facebook itself will work just fine, but any iframe content from a different domain will have no cookie access.  

I may have come up with a solution for my current issues that just ignores cookies all together.  Sadly, this may be the only choice if I want complete reliability.



----- Original Message ----
From: kevin lochner <klochner at gmail.com>
To: Aaron Nemoyten <swivelmaster at yahoo.com>
Cc: facebooker-talk at rubyforge.org
Sent: Thursday, January 29, 2009 11:02:42 AM
Subject: Re: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session cookies supposed to work? Will ensure_authenticated use them?

The only case where this is an issue is if they've granted cookie access on
a site-by-site basis, since you can't use facebook without allowing cookies
(or at least that has been my experience).

I don't think this should be a priority, since your typical facebook user will
just allow cookies globally.

On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:

> 
> WARNING:  HORRIBLE HACK STARTS HERE!
> 
> The best fix I can come up with right now is to remove auth_token from the redirect to top, which will cause a redirect BACK to apps.facebook.com/appname, which will pass in fb_sig params but fail to create the cookie, so the javascript will redirect to top once again, but with fb_sig params in the url, which will create the session correctly with cookies allowed by all browsers, and redirect back into the frame.
> 
> So now the question is...  what if javascript isn't allowed to read the cookie in the first place.  Then maybe I have to have Flash ping the server (cookies are automatically sent with Flash requests) and let the server tell Flash if the cookie is correct, and then Flash can call ExternalInterface and force the reload.
> 
> ...this is all to get around restrictive browser cookie settings.  The alternative is to just ask users to change their cookie settings and reload, but that seems like it would have a lower success rate.
> 
> -Aaron
> 
> 
> 
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk


      

From mmangino at elevatedrails.com  Thu Jan 29 16:20:47 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Thu, 29 Jan 2009 16:20:47 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
In-Reply-To: <959008.37635.qm@web33005.mail.mud.yahoo.com>
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
	<FC441846-B405-4349-A9ED-E92B5B1335CE@gmail.com>
	<959008.37635.qm@web33005.mail.mud.yahoo.com>
Message-ID: <C5B49B5F-B73F-4382-8F89-BBFAE7F7FB7E@elevatedrails.com>

We set cookies on the initial request to the iframe. Does that cause  
problems?

Mike

On Jan 29, 2009, at 2:20 PM, Aaron Nemoyten wrote:

> Check out Safari cookie preferences and you'll see that the default  
> option is Accept Cookies:  Only from sites you navigate to.
> In Firefox the default equivalent is Accept Third Party Cookies.
>
> If an iFrame is in a different domain from the top site, cookies  
> will not be accepted if these options are turned off.
>
> Facebook itself will work just fine, but any iframe content from a  
> different domain will have no cookie access.
>
> I may have come up with a solution for my current issues that just  
> ignores cookies all together.  Sadly, this may be the only choice if  
> I want complete reliability.
>
>
>
> ----- Original Message ----
> From: kevin lochner <klochner at gmail.com>
> To: Aaron Nemoyten <swivelmaster at yahoo.com>
> Cc: facebooker-talk at rubyforge.org
> Sent: Thursday, January 29, 2009 11:02:42 AM
> Subject: Re: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are  
> session cookies supposed to work? Will ensure_authenticated use them?
>
> The only case where this is an issue is if they've granted cookie  
> access on
> a site-by-site basis, since you can't use facebook without allowing  
> cookies
> (or at least that has been my experience).
>
> I don't think this should be a priority, since your typical facebook  
> user will
> just allow cookies globally.
>
> On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:
>
>>
>> WARNING:  HORRIBLE HACK STARTS HERE!
>>
>> The best fix I can come up with right now is to remove auth_token  
>> from the redirect to top, which will cause a redirect BACK to  
>> apps.facebook.com/appname, which will pass in fb_sig params but  
>> fail to create the cookie, so the javascript will redirect to top  
>> once again, but with fb_sig params in the url, which will create  
>> the session correctly with cookies allowed by all browsers, and  
>> redirect back into the frame.
>>
>> So now the question is...  what if javascript isn't allowed to read  
>> the cookie in the first place.  Then maybe I have to have Flash  
>> ping the server (cookies are automatically sent with Flash  
>> requests) and let the server tell Flash if the cookie is correct,  
>> and then Flash can call ExternalInterface and force the reload.
>>
>> ...this is all to get around restrictive browser cookie settings.   
>> The alternative is to just ask users to change their cookie  
>> settings and reload, but that seems like it would have a lower  
>> success rate.
>>
>> -Aaron
>>
>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From swivelmaster at yahoo.com  Thu Jan 29 16:28:16 2009
From: swivelmaster at yahoo.com (Aaron Nemoyten)
Date: Thu, 29 Jan 2009 13:28:16 -0800 (PST)
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session
	cookies supposed to work? Will ensure_authenticated use them?
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
	<FC441846-B405-4349-A9ED-E92B5B1335CE@gmail.com>
	<959008.37635.qm@web33005.mail.mud.yahoo.com>
	<C5B49B5F-B73F-4382-8F89-BBFAE7F7FB7E@elevatedrails.com>
Message-ID: <566659.30768.qm@web33005.mail.mud.yahoo.com>

The assumption that it worked is what is causing the problems :)

I just tried out a proof of concept that avoids cookies completely.  

Here's the gist of it:

application.rb:
  def authenticate_with_session_id_only
    if params[:mc_session_id]
      set_facebook_session CGI::Session::ActiveRecordStore::Session.find_by_session_id(params[:mc_session_id]).data[:facebook_session]
    else
      render_javascript_redirect
    end
  end

Facebooker's controller.rb
 def set_facebook_session provided_session = nil #! added
        returning session_set = use_provided_session(provided_session) || secure_with_facebook_params! || secure_with_token! || session_already_secured? || secure_with_cookies!  do #! switched order, added provided_session
          if session_set
            capture_facebook_friends_if_available! 
            Session.current = facebook_session
          end
        end
      end

      def use_provided_session p
        @facebook_session = p if p
      end

Then I'm passing around a parameter that has the session key but with our own name - mc_session_id - in link_to tags and (pending implementation over the next hour) from Flash.

-Aaron




----- Original Message ----
From: Mike Mangino <mmangino at elevatedrails.com>
To: Aaron Nemoyten <swivelmaster at yahoo.com>
Cc: kevin lochner <klochner at gmail.com>; facebooker-talk at rubyforge.org
Sent: Thursday, January 29, 2009 1:20:47 PM
Subject: Re: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session cookies supposed to work? Will ensure_authenticated use them?

We set cookies on the initial request to the iframe. Does that cause problems?

Mike

On Jan 29, 2009, at 2:20 PM, Aaron Nemoyten wrote:

> Check out Safari cookie preferences and you'll see that the default option is Accept Cookies:  Only from sites you navigate to.
> In Firefox the default equivalent is Accept Third Party Cookies.
> 
> If an iFrame is in a different domain from the top site, cookies will not be accepted if these options are turned off.
> 
> Facebook itself will work just fine, but any iframe content from a different domain will have no cookie access.
> 
> I may have come up with a solution for my current issues that just ignores cookies all together.  Sadly, this may be the only choice if I want complete reliability.
> 
> 
> 
> ----- Original Message ----
> From: kevin lochner <klochner at gmail.com>
> To: Aaron Nemoyten <swivelmaster at yahoo.com>
> Cc: facebooker-talk at rubyforge.org
> Sent: Thursday, January 29, 2009 11:02:42 AM
> Subject: Re: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are session cookies supposed to work? Will ensure_authenticated use them?
> 
> The only case where this is an issue is if they've granted cookie access on
> a site-by-site basis, since you can't use facebook without allowing cookies
> (or at least that has been my experience).
> 
> I don't think this should be a priority, since your typical facebook user will
> just allow cookies globally.
> 
> On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:
> 
>> 
>> WARNING:  HORRIBLE HACK STARTS HERE!
>> 
>> The best fix I can come up with right now is to remove auth_token from the redirect to top, which will cause a redirect BACK to apps.facebook.com/appname, which will pass in fb_sig params but fail to create the cookie, so the javascript will redirect to top once again, but with fb_sig params in the url, which will create the session correctly with cookies allowed by all browsers, and redirect back into the frame.
>> 
>> So now the question is...  what if javascript isn't allowed to read the cookie in the first place.  Then maybe I have to have Flash ping the server (cookies are automatically sent with Flash requests) and let the server tell Flash if the cookie is correct, and then Flash can call ExternalInterface and force the reload.
>> 
>> ...this is all to get around restrictive browser cookie settings.  The alternative is to just ask users to change their cookie settings and reload, but that seems like it would have a lower success rate.
>> 
>> -Aaron
>> 
>> 
>> 
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
> 
> 
> 
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com


      

From jonathan.otto at gmail.com  Fri Jan 30 00:48:02 2009
From: jonathan.otto at gmail.com (Jonathan Otto)
Date: Thu, 29 Jan 2009 23:48:02 -0600
Subject: [Facebooker-talk] call queuing
In-Reply-To: <B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
	<B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>
Message-ID: <b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>

What data are you storing in the queue object?

The Facebook sessions timeout after 1 hour unless extended permissions
right? Does this mean that if the daemon doesn't get to the queue
within 30 minutes of the user's last hit to your app it will fail?

If this is true, then it would seem that you should keep multiple
daemons running to keep the queue as low as possible.

On Tue, Jan 13, 2009 at 9:05 AM, Mike Mangino
<mmangino at elevatedrails.com> wrote:
> We process all API calls through a set of starling queues. We have a
> ProfileUpdate object so our flow looks like:
>
> class User
>  def refresh_profile
>    ProfileUpdate.new(self.faceook_id).enqueue
>  end
> end
>
> We then have a job that pulls Profile Update messages off of the queue and
> calls execute on them. The execute method does the profile update.
>
> My using the command pattern we know we can throw any object the implements
> execute onto the queue and the processing daemons will handle it.
>
> Mike
>
> On Jan 13, 2009, at 9:53 AM, Lee Mallabone wrote:
>
>> Hi all,
>>
>> I'm using profile.setFBML for an app I'm working on and in development
>> I'm seeing fairly lengthy response times. It normally seems to return
>> well within 1-3 seconds but occasionally seems to spike at around 20
>> seconds.
>>
>> As I'm calling setFBML in response to a user action (on a canvas
>> page), this could give a really bad user experience. I don't think my
>> FBML pages are especially large so I'm wondering, are these sorts of
>> timings normal?
>>
>> If so, is anyone already using an asynchronous queuing system to cope
>> with this issue that they'd be willing to point me at? I could roll my
>> own, but if setFBML typically takes a while it seems like something
>> that would be useful for a large number of facebooker users.
>>
>> Regards,
>> Lee.
>>
>>
>> --
>> Lee Mallabone.
>> Crossbone Systems Ltd.
>>
>> http://www.crossbonesystems.com/
>> http://www.fonicmonkey.net/
>> http://CambridgeWebHeads.ning.com/
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>

From lee at crossbonesystems.com  Fri Jan 30 03:40:12 2009
From: lee at crossbonesystems.com (Lee Mallabone)
Date: Fri, 30 Jan 2009 08:40:12 +0000
Subject: [Facebooker-talk] call queuing
In-Reply-To: <b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
	<B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>
	<b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>
Message-ID: <e8c2bee00901300040x6aa06616mdedd747249cee0de@mail.gmail.com>

I just queued up my calls that set the profile FBML. That API call
doesn't need a session key so you only have to store the user_id and
the FBML (or the data to generate the FBML) you intend to send.

I'd be interested to hear other people's approaches if they are indeed
queuing all API calls.

Lee.


2009/1/30 Jonathan Otto <jonathan.otto at gmail.com>:
> What data are you storing in the queue object?
>
> The Facebook sessions timeout after 1 hour unless extended permissions
> right? Does this mean that if the daemon doesn't get to the queue
> within 30 minutes of the user's last hit to your app it will fail?
>
> If this is true, then it would seem that you should keep multiple
> daemons running to keep the queue as low as possible.
>
> On Tue, Jan 13, 2009 at 9:05 AM, Mike Mangino
> <mmangino at elevatedrails.com> wrote:
>> We process all API calls through a set of starling queues. We have a
>> ProfileUpdate object so our flow looks like:
>>
>> class User
>>  def refresh_profile
>>    ProfileUpdate.new(self.faceook_id).enqueue
>>  end
>> end
>>
>> We then have a job that pulls Profile Update messages off of the queue and
>> calls execute on them. The execute method does the profile update.
>>
>> My using the command pattern we know we can throw any object the implements
>> execute onto the queue and the processing daemons will handle it.
>>
>> Mike
>>
>> On Jan 13, 2009, at 9:53 AM, Lee Mallabone wrote:
>>
>>> Hi all,
>>>
>>> I'm using profile.setFBML for an app I'm working on and in development
>>> I'm seeing fairly lengthy response times. It normally seems to return
>>> well within 1-3 seconds but occasionally seems to spike at around 20
>>> seconds.
>>>
>>> As I'm calling setFBML in response to a user action (on a canvas
>>> page), this could give a really bad user experience. I don't think my
>>> FBML pages are especially large so I'm wondering, are these sorts of
>>> timings normal?
>>>
>>> If so, is anyone already using an asynchronous queuing system to cope
>>> with this issue that they'd be willing to point me at? I could roll my
>>> own, but if setFBML typically takes a while it seems like something
>>> that would be useful for a large number of facebooker users.
>>>
>>> Regards,
>>> Lee.
>>>
>>>
>>> --
>>> Lee Mallabone.
>>> Crossbone Systems Ltd.
>>>
>>> http://www.crossbonesystems.com/
>>> http://www.fonicmonkey.net/
>>> http://CambridgeWebHeads.ning.com/
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>



-- 
Lee Mallabone.
Crossbone Systems Ltd.

Tired of hunting for great people?
Post jobs on your facebook profile with Head Hunting:
http://apps.facebook.com/headhunting/pages/recruiter

From mmangino at elevatedrails.com  Fri Jan 30 08:53:29 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 30 Jan 2009 08:53:29 -0500
Subject: [Facebooker-talk] call queuing
In-Reply-To: <b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
	<B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>
	<b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>
Message-ID: <95FEB65E-FB79-4AE3-86B0-68FD16FC2BDB@elevatedrails.com>


On Jan 30, 2009, at 12:48 AM, Jonathan Otto wrote:

> What data are you storing in the queue object?

We have two different types. One type just stores the minimum data  
necessary to pull the data it needs from the DB. These are the profile  
update type messages that need a lot of data to do their job. The  
objects that send messages store everything they need to send the  
message.

>
>
> The Facebook sessions timeout after 1 hour unless extended permissions
> right? Does this mean that if the daemon doesn't get to the queue
> within 30 minutes of the user's last hit to your app it will fail?

That's right, but we want the queues to process quickly anyway. In  
some of our apps, users will interact with the application and then go  
view a user's profile to look for the change. We try to keep our queue  
under 100 messages all of the time.

We have 2 machines dedicated to just processing these API calls. We  
run about 2 million messages through the queues per day.

Then again, these applications have a lot of users :)

Mike

>
>
> If this is true, then it would seem that you should keep multiple
> daemons running to keep the queue as low as possible.
>

We're currently running about 15 processes per machine.

> On Tue, Jan 13, 2009 at 9:05 AM, Mike Mangino
> <mmangino at elevatedrails.com> wrote:
>> We process all API calls through a set of starling queues. We have a
>> ProfileUpdate object so our flow looks like:
>>
>> class User
>> def refresh_profile
>>   ProfileUpdate.new(self.faceook_id).enqueue
>> end
>> end
>>
>> We then have a job that pulls Profile Update messages off of the  
>> queue and
>> calls execute on them. The execute method does the profile update.
>>
>> My using the command pattern we know we can throw any object the  
>> implements
>> execute onto the queue and the processing daemons will handle it.
>>
>> Mike
>>
>> On Jan 13, 2009, at 9:53 AM, Lee Mallabone wrote:
>>
>>> Hi all,
>>>
>>> I'm using profile.setFBML for an app I'm working on and in  
>>> development
>>> I'm seeing fairly lengthy response times. It normally seems to  
>>> return
>>> well within 1-3 seconds but occasionally seems to spike at around 20
>>> seconds.
>>>
>>> As I'm calling setFBML in response to a user action (on a canvas
>>> page), this could give a really bad user experience. I don't think  
>>> my
>>> FBML pages are especially large so I'm wondering, are these sorts of
>>> timings normal?
>>>
>>> If so, is anyone already using an asynchronous queuing system to  
>>> cope
>>> with this issue that they'd be willing to point me at? I could  
>>> roll my
>>> own, but if setFBML typically takes a while it seems like something
>>> that would be useful for a large number of facebooker users.
>>>
>>> Regards,
>>> Lee.
>>>
>>>
>>> --
>>> Lee Mallabone.
>>> Crossbone Systems Ltd.
>>>
>>> http://www.crossbonesystems.com/
>>> http://www.fonicmonkey.net/
>>> http://CambridgeWebHeads.ning.com/
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>

--
Mike Mangino
http://www.elevatedrails.com




From mixonic at synitech.com  Fri Jan 30 10:58:29 2009
From: mixonic at synitech.com (Matthew Beale)
Date: Fri, 30 Jan 2009 10:58:29 -0500
Subject: [Facebooker-talk] profile_user facebook tabs
Message-ID: <1233331109.8805.7.camel@localhost>

Hi all,

I use the following monkey-patch on facebooker- it secures a session
with fb_sig_profile_user for profile tabs.

I can spec it out and add it to my fork:

http://github.com/mixonic/facebooker/tree/master

If secure_with_facebook_params feels like the right place for it.
Thoughts?  Thanks!

-------------------------
module Facebooker
  module Rails
    module Controller

      # Over write secure to handle profile_user and profile_session_key params
      #
      def secure_with_facebook_params!
        return unless request_comes_from_facebook?

        if ['user', 'session_key'].all? {|element| facebook_params[element]}
          @facebook_session = new_facebook_session
          @facebook_session.secure_with!(facebook_params['session_key'], facebook_params['user'], facebook_params['expires'])
        elsif ['profile_user', 'profile_session_key'].all? {|element| facebook_params[element]}
          @facebook_session = new_facebook_session
          @facebook_session.secure_with!(facebook_params['profile_session_key'], facebook_params['profile_user'], facebook_params['expires'])
        end
        session[:facebook_session] = @facebook_session
      end
    end
  end
end
-----------------

-- 
Matthew Beale :: 607 227 0871
Resume & Portfolio @ http://madhatted.com


From mixonic at synitech.com  Fri Jan 30 11:12:36 2009
From: mixonic at synitech.com (Matthew Beale)
Date: Fri, 30 Jan 2009 11:12:36 -0500
Subject: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are
	session	cookies supposed to work? Will ensure_authenticated
	use them?
In-Reply-To: <C5B49B5F-B73F-4382-8F89-BBFAE7F7FB7E@elevatedrails.com>
References: <38504.75625.qm@web33005.mail.mud.yahoo.com>
	<FC441846-B405-4349-A9ED-E92B5B1335CE@gmail.com>
	<959008.37635.qm@web33005.mail.mud.yahoo.com>
	<C5B49B5F-B73F-4382-8F89-BBFAE7F7FB7E@elevatedrails.com>
Message-ID: <1233331956.8805.17.camel@localhost>

On Thu, 2009-01-29 at 16:20 -0500, Mike Mangino wrote:
> We set cookies on the initial request to the iframe. Does that cause  
> problems?
> 

Yes.  IE6 and Safari have default behavior disabling cookies in an
iframe.

I create a facebook session on the first page the same way you would
secure from a profile, then the tomfoolery begins.  I reset the session
in case they had a session at www.  Each page is foo.iframe, so I can
key off the page format as iframe.  I've also written something named
the "stash" where you throw data like a session- some of the methods
like current_user test for iframe format and fetch the user from the
stash or session based on that.

The stash idea isn't the most secure- it's pretty much a
session-in-the-url trick.  A key is passed on every request (but there
are helpers for that).  It's at least secured by IP and expiry.

It's a pretty seem-less system now that it's in place.  But yes, you
cannot reliably use cookies (and therefore the rails session) in an
iframe.

-- 
Matthew Beale :: 607 227 0871
Resume & Portfolio @ http://madhatted.com

> Mike
> 
> On Jan 29, 2009, at 2:20 PM, Aaron Nemoyten wrote:
> 
> > Check out Safari cookie preferences and you'll see that the default  
> > option is Accept Cookies:  Only from sites you navigate to.
> > In Firefox the default equivalent is Accept Third Party Cookies.
> >
> > If an iFrame is in a different domain from the top site, cookies  
> > will not be accepted if these options are turned off.
> >
> > Facebook itself will work just fine, but any iframe content from a  
> > different domain will have no cookie access.
> >
> > I may have come up with a solution for my current issues that just  
> > ignores cookies all together.  Sadly, this may be the only choice if  
> > I want complete reliability.
> >
> >
> >
> > ----- Original Message ----
> > From: kevin lochner <klochner at gmail.com>
> > To: Aaron Nemoyten <swivelmaster at yahoo.com>
> > Cc: facebooker-talk at rubyforge.org
> > Sent: Thursday, January 29, 2009 11:02:42 AM
> > Subject: Re: [Facebooker-talk] Fwd: [rfacebook] Re: How exactly are  
> > session cookies supposed to work? Will ensure_authenticated use them?
> >
> > The only case where this is an issue is if they've granted cookie  
> > access on
> > a site-by-site basis, since you can't use facebook without allowing  
> > cookies
> > (or at least that has been my experience).
> >
> > I don't think this should be a priority, since your typical facebook  
> > user will
> > just allow cookies globally.
> >
> > On Jan 28, 2009, at 6:33 PM, Aaron Nemoyten wrote:
> >
> >>
> >> WARNING:  HORRIBLE HACK STARTS HERE!
> >>
> >> The best fix I can come up with right now is to remove auth_token  
> >> from the redirect to top, which will cause a redirect BACK to  
> >> apps.facebook.com/appname, which will pass in fb_sig params but  
> >> fail to create the cookie, so the javascript will redirect to top  
> >> once again, but with fb_sig params in the url, which will create  
> >> the session correctly with cookies allowed by all browsers, and  
> >> redirect back into the frame.
> >>
> >> So now the question is...  what if javascript isn't allowed to read  
> >> the cookie in the first place.  Then maybe I have to have Flash  
> >> ping the server (cookies are automatically sent with Flash  
> >> requests) and let the server tell Flash if the cookie is correct,  
> >> and then Flash can call ExternalInterface and force the reload.
> >>
> >> ...this is all to get around restrictive browser cookie settings.   
> >> The alternative is to just ask users to change their cookie  
> >> settings and reload, but that seems like it would have a lower  
> >> success rate.
> >>
> >> -Aaron
> >>
> >>
> >>
> >> _______________________________________________
> >> Facebooker-talk mailing list
> >> Facebooker-talk at rubyforge.org
> >> http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> >
> >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> 
> --
> Mike Mangino
> http://www.elevatedrails.com
> 
> 
> 
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk



From mixonic at synitech.com  Fri Jan 30 11:39:58 2009
From: mixonic at synitech.com (Matthew Beale)
Date: Fri, 30 Jan 2009 11:39:58 -0500
Subject: [Facebooker-talk] fb_sig_canvas_user
In-Reply-To: <e8c2bee00901260350v2b8936a9g3c6f1b91d5e37206@mail.gmail.com>
References: <e8c2bee00901260350v2b8936a9g3c6f1b91d5e37206@mail.gmail.com>
Message-ID: <1233333598.8805.21.camel@localhost>

Hi Lee,

I swore I used to get this variable, but I don't seem to any more.  Are
you really getting the canvas_user for *any* unallowed user?

-- 
Matthew Beale :: 607 227 0871
Resume & Portfolio @ http://madhatted.com

On Mon, 2009-01-26 at 11:50 +0000, Lee Mallabone wrote:
> Hi all,
> 
> I've got myself a bit confused over fb_sig_canvas_user and I'm hoping
> some of the seasoned facebook devs can clear it up.
> 
> >From reading the facebook wiki, it seems like fb_sig_user is the main
> parameter to check for the logged in user ID when a user has installed
> the app. However, it seems that fb_sig_canvas_user is passed to my
> URLs (instead of fb_sig_user) when a user is logged in to facebook but
> has not authorized my app.
> 
> So to determine the authoritative "current user" with facebooker,
> should I simply be doing the following?
> 
> if facebook_params['user'] != 0
>   return facebook_params['user']
> end
> if facebook_params['canvas_user'] != 0
>   return facebook_params['canvas_user']
> end
> return nil
> 
> Or are there also other conditions (or user parameters!) I should be
> watching out for?
> 
> Bear in mind that I'm letting users look at my pages without forcing
> them to install/authorize my application.
> 
> Regards,
> Lee.
> 
> 



From swivelmaster at yahoo.com  Fri Jan 30 13:53:52 2009
From: swivelmaster at yahoo.com (Aaron Nemoyten)
Date: Fri, 30 Jan 2009 10:53:52 -0800 (PST)
Subject: [Facebooker-talk] Session key invalid or no longer valid on
	Photos.upload occasionally?
Message-ID: <246033.84485.qm@web33005.mail.mud.yahoo.com>

Hi everyone,

The app I'm working on is pretty much centered around posting photos to users' photo albums. 

We seem to be getting a rare and random session key error on Photos.upload.  I checked the last time it happened and the session looks like it was loaded correctly from a stored session based on params that came in three or four minutes previous to the call.  

Has anyone else had this problem?  What's the best way to troubleshoot something like this?

http://apps.facebook.com/supertagphotos

-Aaron


      

From mmangino at elevatedrails.com  Fri Jan 30 13:54:12 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 30 Jan 2009 13:54:12 -0500
Subject: [Facebooker-talk] profile_user facebook tabs
In-Reply-To: <1233331109.8805.7.camel@localhost>
References: <1233331109.8805.7.camel@localhost>
Message-ID: <9CC75B69-788C-4CA8-8C90-99001ACFB47A@elevatedrails.com>

The profile_user is the person whose tab is being viewed, right? Not  
the viewer? If so, it seems wrong to secure a session with that user.

Mike

On Jan 30, 2009, at 10:58 AM, Matthew Beale wrote:

> Hi all,
>
> I use the following monkey-patch on facebooker- it secures a session
> with fb_sig_profile_user for profile tabs.
>
> I can spec it out and add it to my fork:
>
> http://github.com/mixonic/facebooker/tree/master
>
> If secure_with_facebook_params feels like the right place for it.
> Thoughts?  Thanks!
>
> -------------------------
> module Facebooker
>  module Rails
>    module Controller
>
>      # Over write secure to handle profile_user and  
> profile_session_key params
>      #
>      def secure_with_facebook_params!
>        return unless request_comes_from_facebook?
>
>        if ['user', 'session_key'].all? {|element|  
> facebook_params[element]}
>          @facebook_session = new_facebook_session
>          @facebook_session.secure_with! 
> (facebook_params['session_key'], facebook_params['user'],  
> facebook_params['expires'])
>        elsif ['profile_user', 'profile_session_key'].all? {|element|  
> facebook_params[element]}
>          @facebook_session = new_facebook_session
>          @facebook_session.secure_with! 
> (facebook_params['profile_session_key'],  
> facebook_params['profile_user'], facebook_params['expires'])
>        end
>        session[:facebook_session] = @facebook_session
>      end
>    end
>  end
> end
> -----------------
>
> -- 
> Matthew Beale :: 607 227 0871
> Resume & Portfolio @ http://madhatted.com
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

--
Mike Mangino
http://www.elevatedrails.com




From mixonic at synitech.com  Fri Jan 30 15:49:42 2009
From: mixonic at synitech.com (Matthew Beale)
Date: Fri, 30 Jan 2009 15:49:42 -0500
Subject: [Facebooker-talk] profile_user facebook tabs
In-Reply-To: <9CC75B69-788C-4CA8-8C90-99001ACFB47A@elevatedrails.com>
References: <1233331109.8805.7.camel@localhost>
	<9CC75B69-788C-4CA8-8C90-99001ACFB47A@elevatedrails.com>
Message-ID: <1233348582.8805.46.camel@localhost>

On Fri, 2009-01-30 at 13:54 -0500, Mike Mangino wrote:
> The profile_user is the person whose tab is being viewed, right? Not  
> the viewer? If so, it seems wrong to secure a session with that user.
> 

Nah, you need a session for someone :-).  It's better than no session at
all, and you have a chance to show some data about the hosting user.
It's just a change of perspective to keep in mind while you write
templates.

I've also gotten feedback from a large number of users who use the tab
for themselves anyway, it's weird but I try to keep a focus on both
possible audiences.

-- 
Matthew Beale :: 607 227 0871
Resume & Portfolio @ http://madhatted.com

> Mike
> 
> On Jan 30, 2009, at 10:58 AM, Matthew Beale wrote:
> 
> > Hi all,
> >
> > I use the following monkey-patch on facebooker- it secures a session
> > with fb_sig_profile_user for profile tabs.
> >
> > I can spec it out and add it to my fork:
> >
> > http://github.com/mixonic/facebooker/tree/master
> >
> > If secure_with_facebook_params feels like the right place for it.
> > Thoughts?  Thanks!
> >
> > -------------------------
> > module Facebooker
> >  module Rails
> >    module Controller
> >
> >      # Over write secure to handle profile_user and  
> > profile_session_key params
> >      #
> >      def secure_with_facebook_params!
> >        return unless request_comes_from_facebook?
> >
> >        if ['user', 'session_key'].all? {|element|  
> > facebook_params[element]}
> >          @facebook_session = new_facebook_session
> >          @facebook_session.secure_with! 
> > (facebook_params['session_key'], facebook_params['user'],  
> > facebook_params['expires'])
> >        elsif ['profile_user', 'profile_session_key'].all? {|element|  
> > facebook_params[element]}
> >          @facebook_session = new_facebook_session
> >          @facebook_session.secure_with! 
> > (facebook_params['profile_session_key'],  
> > facebook_params['profile_user'], facebook_params['expires'])
> >        end
> >        session[:facebook_session] = @facebook_session
> >      end
> >    end
> >  end
> > end
> > -----------------
> >
> > -- 
> > Matthew Beale :: 607 227 0871
> > Resume & Portfolio @ http://madhatted.com
> >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> 
> --
> Mike Mangino
> http://www.elevatedrails.com
> 
> 
> 



From aurelien.malisart.mailinglists at gmail.com  Fri Jan 30 15:52:46 2009
From: aurelien.malisart.mailinglists at gmail.com (=?ISO-8859-1?Q?Malisart_Aur=E9lien?=)
Date: Fri, 30 Jan 2009 21:52:46 +0100
Subject: [Facebooker-talk] a constatation on fb:name FBML tag
Message-ID: <15A98399-466B-4168-A265-582DFE6F21B6@gmail.com>

Hi all,

I just constated something strange (for me at least) with <fb:name />.

If you use a group gid as the "uid" param, it works too. The group  
name and link get rendered.
On the wiki page (http://wiki.developers.facebook.com/index.php/ 
Fb:name) it is said that it works with user ids and page ids.

So does it mean the "id space of facebook" is shared between all types  
of objects (pages, users, groups, events, ...) and the plateform is  
able to determine what type it is (deterministically) according to the  
given id?
By the way, if you access the user profile page with a gid as the id  
you get redirected to the group page, so it seems to be the case.

Do you think I can rely on this in my application and so use the  
fb:name tag to display groups names/links (which would be a great  
performance ehencement).

Maybe all of you did know that and that's just a dicovery for me....

aur?lien

From mmangino at elevatedrails.com  Fri Jan 30 16:44:04 2009
From: mmangino at elevatedrails.com (Mike Mangino)
Date: Fri, 30 Jan 2009 16:44:04 -0500
Subject: [Facebooker-talk] profile_user facebook tabs
In-Reply-To: <1233348582.8805.46.camel@localhost>
References: <1233331109.8805.7.camel@localhost>
	<9CC75B69-788C-4CA8-8C90-99001ACFB47A@elevatedrails.com>
	<1233348582.8805.46.camel@localhost>
Message-ID: <7D8E2DD7-5157-420B-99CB-CC5FB0C0F159@elevatedrails.com>

I would rather use tab_session or some other session name to make sure  
it is clear that it is a different user. That way, you don't pull the  
user information and accidently give the viewing user the privileges  
of the user they are viewing.

You could create a tab_session helper and build it only on tab pages.

Mike

On Jan 30, 2009, at 3:49 PM, Matthew Beale wrote:

> On Fri, 2009-01-30 at 13:54 -0500, Mike Mangino wrote:
>> The profile_user is the person whose tab is being viewed, right? Not
>> the viewer? If so, it seems wrong to secure a session with that user.
>>
>
> Nah, you need a session for someone :-).  It's better than no  
> session at
> all, and you have a chance to show some data about the hosting user.
> It's just a change of perspective to keep in mind while you write
> templates.
>
> I've also gotten feedback from a large number of users who use the tab
> for themselves anyway, it's weird but I try to keep a focus on both
> possible audiences.
>
> -- 
> Matthew Beale :: 607 227 0871
> Resume & Portfolio @ http://madhatted.com
>
>> Mike
>>
>> On Jan 30, 2009, at 10:58 AM, Matthew Beale wrote:
>>
>>> Hi all,
>>>
>>> I use the following monkey-patch on facebooker- it secures a session
>>> with fb_sig_profile_user for profile tabs.
>>>
>>> I can spec it out and add it to my fork:
>>>
>>> http://github.com/mixonic/facebooker/tree/master
>>>
>>> If secure_with_facebook_params feels like the right place for it.
>>> Thoughts?  Thanks!
>>>
>>> -------------------------
>>> module Facebooker
>>> module Rails
>>>   module Controller
>>>
>>>     # Over write secure to handle profile_user and
>>> profile_session_key params
>>>     #
>>>     def secure_with_facebook_params!
>>>       return unless request_comes_from_facebook?
>>>
>>>       if ['user', 'session_key'].all? {|element|
>>> facebook_params[element]}
>>>         @facebook_session = new_facebook_session
>>>         @facebook_session.secure_with!
>>> (facebook_params['session_key'], facebook_params['user'],
>>> facebook_params['expires'])
>>>       elsif ['profile_user', 'profile_session_key'].all? {|element|
>>> facebook_params[element]}
>>>         @facebook_session = new_facebook_session
>>>         @facebook_session.secure_with!
>>> (facebook_params['profile_session_key'],
>>> facebook_params['profile_user'], facebook_params['expires'])
>>>       end
>>>       session[:facebook_session] = @facebook_session
>>>     end
>>>   end
>>> end
>>> end
>>> -----------------
>>>
>>> -- 
>>> Matthew Beale :: 607 227 0871
>>> Resume & Portfolio @ http://madhatted.com
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>
>> --
>> Mike Mangino
>> http://www.elevatedrails.com
>>
>>
>>
>
>

--
Mike Mangino
http://www.elevatedrails.com




From rmatei at gmail.com  Sat Jan 31 18:50:56 2009
From: rmatei at gmail.com (Robert Matei)
Date: Sat, 31 Jan 2009 15:50:56 -0800
Subject: [Facebooker-talk] Dynamically setting api/secret keys: a quick howto
Message-ID: <31e3a0430901311550r5049926bt6b60f9917fbf8d99@mail.gmail.com>

This started out as a request for help, but I figured it out so I figured
I'd share. I run several Facebook apps off a single Rails app and I keep
track of them in the database, so I wanted to set the Facebooker config for
each request, without relying on hard-coded yml files. It's actually pretty
simple:

1) Delete your facebooker.yml file so Facebooker's own initialization
doesn't override your settings.
2) Run something like this <http://pastie.org/376285> as a
prepend_before_filter (might also work as a regular before_filter).

code copied here:
      # replacement for Facebooker.load_configuration - we need this to set
the app
      # dynamically rather than from facebooker.yml.
      def self.set_facebooker_config app = App.current
        puts "Seting Facebooker config for #{app.api_key}..."
        attributes = app.attributes
        ENV['FACEBOOK_API_KEY'] = attributes['api_key']
        ENV['FACEBOOK_SECRET_KEY'] = attributes['secret_key']
        ENV['FACEBOOKER_RELATIVE_URL_ROOT'] = attributes['canvas_page_name']
        ENV['FACEBOOKER_API'] = "new"
        ActionController::Base.asset_host = attributes['callback_url']
      end

Hope this saves someone some diving through the Facebooker source.
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20090131/7c68fa19/attachment.html>

From jonathan.otto at gmail.com  Sat Jan 31 20:37:38 2009
From: jonathan.otto at gmail.com (Jonathan Otto)
Date: Sat, 31 Jan 2009 19:37:38 -0600
Subject: [Facebooker-talk] call queuing
In-Reply-To: <95FEB65E-FB79-4AE3-86B0-68FD16FC2BDB@elevatedrails.com>
References: <e8c2bee00901130653u7252e273n2840e42e9a07e1af@mail.gmail.com>
	<B19CA80A-76FF-4BD9-B3F0-7E498DA7163A@elevatedrails.com>
	<b0e948460901292148h163be3d8veaeca634097dbc4f@mail.gmail.com>
	<95FEB65E-FB79-4AE3-86B0-68FD16FC2BDB@elevatedrails.com>
Message-ID: <b0e948460901311737o3265942ct213faa3036e3e774@mail.gmail.com>

For anyone else thinking of implementing a queue, this seems to work
pretty well and lets you implement a light weight daemon that doesn't
load up the Rails env since the message contains the URL and params.

http://gist.github.com/55742

The FacebookQueue class simply abstracts any queue system you might use.

Let me know if you see any problems with it.

On Fri, Jan 30, 2009 at 7:53 AM, Mike Mangino
<mmangino at elevatedrails.com> wrote:
>
> On Jan 30, 2009, at 12:48 AM, Jonathan Otto wrote:
>
>> What data are you storing in the queue object?
>
> We have two different types. One type just stores the minimum data necessary
> to pull the data it needs from the DB. These are the profile update type
> messages that need a lot of data to do their job. The objects that send
> messages store everything they need to send the message.
>
>>
>>
>> The Facebook sessions timeout after 1 hour unless extended permissions
>> right? Does this mean that if the daemon doesn't get to the queue
>> within 30 minutes of the user's last hit to your app it will fail?
>
> That's right, but we want the queues to process quickly anyway. In some of
> our apps, users will interact with the application and then go view a user's
> profile to look for the change. We try to keep our queue under 100 messages
> all of the time.
>
> We have 2 machines dedicated to just processing these API calls. We run
> about 2 million messages through the queues per day.
>
> Then again, these applications have a lot of users :)
>
> Mike
>
>>
>>
>> If this is true, then it would seem that you should keep multiple
>> daemons running to keep the queue as low as possible.
>>
>
> We're currently running about 15 processes per machine.
>
>> On Tue, Jan 13, 2009 at 9:05 AM, Mike Mangino
>> <mmangino at elevatedrails.com> wrote:
>>>
>>> We process all API calls through a set of starling queues. We have a
>>> ProfileUpdate object so our flow looks like:
>>>
>>> class User
>>> def refresh_profile
>>>  ProfileUpdate.new(self.faceook_id).enqueue
>>> end
>>> end
>>>
>>> We then have a job that pulls Profile Update messages off of the queue
>>> and
>>> calls execute on them. The execute method does the profile update.
>>>
>>> My using the command pattern we know we can throw any object the
>>> implements
>>> execute onto the queue and the processing daemons will handle it.
>>>
>>> Mike
>>>
>>> On Jan 13, 2009, at 9:53 AM, Lee Mallabone wrote:
>>>
>>>> Hi all,
>>>>
>>>> I'm using profile.setFBML for an app I'm working on and in development
>>>> I'm seeing fairly lengthy response times. It normally seems to return
>>>> well within 1-3 seconds but occasionally seems to spike at around 20
>>>> seconds.
>>>>
>>>> As I'm calling setFBML in response to a user action (on a canvas
>>>> page), this could give a really bad user experience. I don't think my
>>>> FBML pages are especially large so I'm wondering, are these sorts of
>>>> timings normal?
>>>>
>>>> If so, is anyone already using an asynchronous queuing system to cope
>>>> with this issue that they'd be willing to point me at? I could roll my
>>>> own, but if setFBML typically takes a while it seems like something
>>>> that would be useful for a large number of facebooker users.
>>>>
>>>> Regards,
>>>> Lee.
>>>>
>>>>
>>>> --
>>>> Lee Mallabone.
>>>> Crossbone Systems Ltd.
>>>>
>>>> http://www.crossbonesystems.com/
>>>> http://www.fonicmonkey.net/
>>>> http://CambridgeWebHeads.ning.com/
>>>> _______________________________________________
>>>> Facebooker-talk mailing list
>>>> Facebooker-talk at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>>> --
>>> Mike Mangino
>>> http://www.elevatedrails.com
>>>
>>>
>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>
>