arnontp / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

[python] OAuthSignatureMethod_HMAC_SHA1 does not comply with Specification #125

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
In oauth.py:OAuthSignatureMethod_HMAC_SHA1, the signure is not being
verified as per the OAuth Core 1.0[a] specification. The specification states:

 The Service Provider verifies the request by generating a new request
signature octet string, and comparing it to the signature provided by the
Consumer, first URL-decoded per Parameter Encoding (Parameter Encoding),
then base64-decoded per [RFC2045] section 6.8. The signature is generated
using the request parameters as provided by the Consumer, and the Consumer
Secret and Token Secret as stored by the Service Provider.

However, the code is only comparing the base64 encoded strings. The
attached patch resolves this issue, by overriding the check_signature method.

Original issue reported on code.google.com by dobey.p...@gmail.com on 24 Sep 2009 at 3:34

GoogleCodeExporter commented 9 years ago

Original comment by dobey.p...@gmail.com on 24 Sep 2009 at 3:35

Attachments:

GoogleCodeExporter commented 9 years ago

Original comment by leah.culver on 25 Sep 2009 at 5:38