search

Mastercard / oauth1-signer-python

Python library for generating a Mastercard API compliant OAuth signature.
https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/
MIT License
29 stars 22 forks source link

[BUG] OAuthRSA1 body hash for None body #32

Closed RomainGehrig closed 3 years ago

RomainGehrig commented 3 years ago

Description The oauth_body_hash is incorrect when the body is None. The reason is that str(message) returns 'None' when message is None.

To Reproduce

URI = "<some GET endpoint>"
signing_key = authenticationutils.load_signing_key(PKCS_CERTIFICATE_PATH, PKCS_CERTIFICATE_PASSWORD)
auth = OAuth1RSA(consumer_key=CONSUMER_KEY, signing_key=signing_key)
s = requests.Session()
req = requests.Request(method='GET', url=URI, auth=auth)
prep = req.prepare()
print('Auth header:', prep.headers['Authorization'])
resp = s.send(prep)
print(resp.text)

Return message is "Incorrect oauth_body_hash." You can see that oauth_body_message is "3JN7WYkmBPWoaslpNs1/8J4l8Yrmt1joAUokx/oDnpE%3D" which is uri_rfc3986_encode(base64.b64encode(hashlib.sha256('None'.encode('utf-8')).digest())).

Expected behavior A successful connection.

Suggest a fix/enhancement Creating a PR for the fix right now.

ech0s7r commented 3 years ago

Thank you @RomainGehrig for submitting the issue and providing a PR!

I'm closing this issue as it is fixed with #33.