From 808754f8bdc72bf7868e449352224baa5adf2190 Mon Sep 17 00:00:00 2001
From: Ilya Zhitomirskiy <ilya@laptop.(none)>
Date: Wed, 8 Jun 2011 18:20:47 -0700
Subject: [PATCH] added the cert bundle for facebook http things

---
 app/models/app_config.rb        | 24 +++++++++++++++++++++++-
 app/models/services/facebook.rb |  4 ++--
 config/application.yml.example  |  6 ++++++
 config/initializers/faraday.rb  |  5 +++++
 config/initializers/omniauth.rb |  3 ++-
 5 files changed, 38 insertions(+), 4 deletions(-)
 create mode 100644 config/initializers/faraday.rb

diff --git a/app/models/app_config.rb b/app/models/app_config.rb
index f84a0f46c..b98a4e73c 100644
--- a/app/models/app_config.rb
+++ b/app/models/app_config.rb
@@ -37,6 +37,24 @@ HELP
 
     super
     
+    if self[:ca_file].blank? && Rails.env.development?
+      OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE 
+    end
+
+    if no_cert_file_in_prod?
+      $stderr.puts <<-HELP
+******** Diaspora does not know where your SSL-CA-Certificates file is. **********
+  Please add the root certificate bundle (this is operating system specific) to application.yml. Defaults:
+    CentOS: '/etc/pki/tls/certs/ca-bundle.crt'
+    Debian: '/etc/ssl/certs/ca-certificates.crt'
+
+  Example:
+    ca_file: '/etc/ssl/certs/ca-certificates.crt'
+******** Thanks for being secure! **********
+HELP
+      Process.exit(1)
+    end
+
     normalize_pod_url
     normalize_admins
   end
@@ -49,6 +67,10 @@ HELP
     !File.exists?(@source)
   end
 
+  def self.no_cert_file_in_prod?
+    (Rails.env == "production") && !File.exists?(self[:ca_file])
+  end
+
   def self.have_old_config_file?
     File.exists?(File.join(Rails.root, "config", "app.yml")) || (File.exists?(File.join(Rails.root, "config", "app_config.yml")))
   end
@@ -94,4 +116,4 @@ HELP
     end
     return @@pod_uri
   end
-end
\ No newline at end of file
+end
diff --git a/app/models/services/facebook.rb b/app/models/services/facebook.rb
index 49243e12b..25a6034f5 100644
--- a/app/models/services/facebook.rb
+++ b/app/models/services/facebook.rb
@@ -9,7 +9,7 @@ class Services::Facebook < Service
     Rails.logger.debug("event=post_to_service type=facebook sender_id=#{self.user_id}")
     message = public_message(post, url)
     begin
-      RestClient.post("https://graph.facebook.com/me/feed", :message => message, :access_token => self.access_token)
+      Faraday.post("https://graph.facebook.com/me/feed", :message => message, :access_token => self.access_token)
     rescue Exception => e
       Rails.logger.info("#{e.message} failed to post to facebook")
     end
@@ -39,7 +39,7 @@ class Services::Facebook < Service
 
   def save_friends
     url = "https://graph.facebook.com/me/friends?fields[]=name&fields[]=picture&access_token=#{URI.escape(self.access_token)}"
-    response = RestClient.get(url)
+    response = Faraday.get(url)
     data = JSON.parse(response.body)['data']
     data.each{ |p|
       ServiceUser.find_or_create_by_service_id_and_uid(:service_id => self.id, :name => p["name"],
diff --git a/config/application.yml.example b/config/application.yml.example
index b4a92f3b0..79d8109c6 100644
--- a/config/application.yml.example
+++ b/config/application.yml.example
@@ -127,6 +127,7 @@ defaults: &defaults
   # Set this to true if you want to do everything synchronously instead of using resque, our redis-backed queue system.
   single_process_mode: true
 
+
 # Use this section to override default settings in specific environments
 development:
   <<: *defaults
@@ -136,6 +137,11 @@ production:
   <<: *defaults
   single_process_mode: false
 
+  # Setting the root certificate bundle (this is operating system specific). Defaults:
+  # CentOS: '/etc/pki/tls/certs/ca-bundle.crt'
+  # Debian: '/etc/ssl/certs/ca-certificates.crt'
+  ca_file: '/etc/pki/tls/certs/ca-bundle.crt'
+
 # Do not touch unless you know what you're doing
 test:
   <<: *defaults
diff --git a/config/initializers/faraday.rb b/config/initializers/faraday.rb
new file mode 100644
index 000000000..574066c8a
--- /dev/null
+++ b/config/initializers/faraday.rb
@@ -0,0 +1,5 @@
+#   Copyright (c) 2011, Diaspora Inc.  This file is
+#   licensed under the Affero General Public License version 3 or later.  See
+#   the COPYRIGHT file.
+
+Faraday.default_connection = Faraday::Connection.new( :ssl => {:ca_file => AppConfig[:ca_file]} )
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 9a9579235..42d670b97 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -10,6 +10,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
     provider :tumblr, SERVICES['tumblr']['consumer_key'], SERVICES['tumblr']['consumer_secret']
   end
   if SERVICES['facebook'] && SERVICES['facebook']['app_id'] && SERVICES['facebook']['app_secret']
-    provider :facebook, SERVICES['facebook']['app_id'], SERVICES['facebook']['app_secret'], :scope => "publish_stream,email,offline_access"
+    provider :facebook, SERVICES['facebook']['app_id'], SERVICES['facebook']['app_secret'],  { :scope => "publish_stream,email,offline_access",
+                                                                                               :client_options => {:ssl => {:ca_file => AppConfig[:ca_file]}}}
   end
 end