From f3f67c93b2ae9eb3c64ac05a39eb51748e8032c1 Mon Sep 17 00:00:00 2001
From: Rubyist007 <dubinchuk.vasyl@gmail.com>
Date: Sun, 14 Apr 2024 16:28:20 +0300
Subject: [PATCH 1/2] Remove access token for profile picture URL

---
 lib/omniauth/strategies/facebook.rb | 10 ++++----
 test/strategy_test.rb               | 37 +++++++----------------------
 2 files changed, 12 insertions(+), 35 deletions(-)

diff --git a/lib/omniauth/strategies/facebook.rb b/lib/omniauth/strategies/facebook.rb
index e93602f..2bcc793 100644
--- a/lib/omniauth/strategies/facebook.rb
+++ b/lib/omniauth/strategies/facebook.rb
@@ -164,15 +164,13 @@ def image_url(uid, options)
         uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
         site_uri = URI.parse(client.site)
         url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
-        query = { access_token: access_token.token }
 
-        if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
-          query[:type] = options[:image_size]
+        query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
+          { type: options[:image_size] }
         elsif options[:image_size].is_a?(Hash)
-          query.merge!(options[:image_size])
+          options[:image_size]
         end
-
-        url.query = Rack::Utils.build_query(query)
+        url.query = Rack::Utils.build_query(query) if query
 
         url.to_s
       end
diff --git a/test/strategy_test.rb b/test/strategy_test.rb
index 9d08089..9edff85 100644
--- a/test/strategy_test.rb
+++ b/test/strategy_test.rb
@@ -96,67 +96,54 @@ def setup
 end
 
 class InfoTest < StrategyTestCase
-  def setup
-    super
-    @access_token = stub('OAuth2::AccessToken')
-    @access_token.stubs(:token).returns('test_access_token')
-  end
-
   test 'returns the secure facebook avatar url when `secure_image_url` option is set to true' do
     @options = { secure_image_url: true }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
   end
 
   test 'returns the non-ssl facebook avatar url when `secure_image_url` option is set to false' do
     @options = { secure_image_url: false }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "http://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_equal "http://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
   end
 
   test 'returns the secure facebook avatar url when `secure_image_url` option is omitted' do
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
   end
 
   test 'returns the image_url based of the client site' do
     @options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "https://blah.facebook.com/v2.2/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_equal "https://blah.facebook.com/v2.2/321/picture", strategy.info['image']
   end
 
   test 'returns the image with size specified in the `image_size` option' do
     @options = { image_size: 'normal' }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?type=normal", strategy.info['image']
   end
 
   test 'returns the image with size specified as a symbol in the `image_size` option' do
     @options = { image_size: :normal }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
-    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token&type=normal", strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?type=normal", strategy.info['image']
   end
 
   test 'returns the image with width and height specified in the `image_size` option' do
     @options = { image_size: { width: 123, height: 987 } }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    strategy.stubs(:access_token).returns(@access_token)
     assert_match 'width=123', strategy.info['image']
     assert_match 'height=987', strategy.info['image']
-    assert_match "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_match "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
   end
 end
 
@@ -165,10 +152,6 @@ def setup
     super
     @raw_info ||= { 'name' => 'Fred Smith' }
     strategy.stubs(:raw_info).returns(@raw_info)
-
-    access_token = stub('OAuth2::AccessToken')
-    access_token.stubs(:token).returns('test_access_token')
-    strategy.stubs(:access_token).returns(access_token)
   end
 
   test 'returns the name' do
@@ -207,7 +190,7 @@ def setup
 
   test 'returns the facebook avatar url' do
     @raw_info['id'] = '321'
-    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture?access_token=test_access_token", strategy.info['image']
+    assert_equal "https://graph.facebook.com/#{@facebook_api_version}/321/picture", strategy.info['image']
   end
 
   test 'returns the Facebook link as the Facebook url' do
@@ -246,10 +229,6 @@ def setup
     super
     @raw_info ||= { 'name' => 'Fred Smith' }
     strategy.stubs(:raw_info).returns(@raw_info)
-
-    access_token = stub('OAuth2::AccessToken')
-    access_token.stubs(:token).returns('test_access_token')
-    strategy.stubs(:access_token).returns(access_token)
   end
 
   test 'has no email key' do

From 2e0de7e0e21295947c0292c0009c3c0540e46c07 Mon Sep 17 00:00:00 2001
From: Rubyist007 <dubinchuk.vasyl@gmail.com>
Date: Sun, 19 May 2024 17:11:20 +0300
Subject: [PATCH 2/2] update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 04bd573..d533022 100644
--- a/README.md
+++ b/README.md
@@ -87,7 +87,7 @@ Here's an example *Auth Hash* available in `request.env['omniauth.auth']`:
     name: 'Joe Bloggs',
     first_name: 'Joe',
     last_name: 'Bloggs',
-    image: 'http://graph.facebook.com/1234567/picture?type=square&access_token=...',
+    image: 'http://graph.facebook.com/1234567/picture?type=square',
     verified: true
   },
   credentials: {