Appsecret proof is enabled by default

drudge · Sep 30, 2015 · 503d6db · 503d6db
1 parent ac85470
commit 503d6db
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/index.js b/src/index.js
@@ -51,7 +51,7 @@ export default class FacebookTokenStrategy extends OAuth2Strategy {
     this._passReqToCallback = options.passReqToCallback;
     this._profileURL = options.profileURL || 'https://graph.facebook.com/v2.4/me';
     this._clientSecret = options.clientSecret;
-    this._enableProof = options.enableProof;
+    this._enableProof = typeof options.enableProof === 'boolean' ? options.enableProof : true;
     this._profileFields = options.profileFields || ['id', 'name', 'emails'];
     this._oauth2._useAuthorizationHeaderForGET = false;
   }

diff --git a/test/unit/index.test.js b/test/unit/index.test.js
@@ -287,7 +287,7 @@ describe('FacebookTokenStrategy:userProfile', () => {
     sinon.stub(strategy._oauth2, 'get', (url, accessToken, next) => next(null, fakeProfile, null));
 
     strategy.userProfile('accessToken', (error, profile) => {
-      assert.equal(strategy._oauth2.get.getCall(0).args[0], 'https://graph.facebook.com/v2.4/me?fields=last_name,first_name,middle_name,custom');
+      assert.equal(strategy._oauth2.get.getCall(0).args[0], 'https://graph.facebook.com/v2.4/me?appsecret_proof=8c340bd01643ab69939ca971314d7a3d64bfb18946cdde566f12fdbf6707d182&fields=last_name,first_name,middle_name,custom');
       strategy._oauth2.get.restore();
       done();
     });