search

frankdyc / oauthconsumer

Automatically exported from code.google.com/p/oauthconsumer
0 stars 0 forks source link

Authorization signature base string incorrect on POST when content of HTTPBody contains = signs #16

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Authorize an application against a service such as LinkedIn
2. Build a POST request to an API (e.g. LinkedIn Invitation API)
3. Set the HTTPBody content to some string that contains an "=" sign. For 
example, the LinkedIn API's JSON specification uses the following. Note the 
line with "email=a_user@domain.com":

{
  "recipients": {
    "values": [
    {
      "person": {
        "_path": "/people/email=a_user@domain.com"",
        "first-name":"Andrew",
        "last-name":"User"
       }
    }]
  },
  "subject": "Invitation to connect.",
  "body": "Say yes!",
  "item-content":{
       "invitation-request":{
           "connect-type":"friend"
       }
    }

3. Submit the request to the service provider using [fetchDataWithRequest]

What is the expected output? What do you see instead?

The expectation is that the signature base string does not include the JSON 
string as a name/value pair.

What actually happens is the signature base string does include the above with 
the part of the JSON string to the left of the "=" sign as the parameter name, 
and the part of the JSON string to the right of the "=" sign as the parameter 
value. This condition arises because the [prepare] method is always called by 
the [fetchDataWithRequest] method of the OADataFetcher object just before the 
NSURLConnection is initialized.

How I resolved it: I commented out the call to [prepare] within the 
[fetchDataWithRequest] method of [OADataFetcher] and have updated my own code 
to specifically call [prepare] on the request object at the appropriate time 
(in my example, before setting HTTPBody to the above JSON string).

What version of the product are you using? On what operating system?

Version: Objective C version 2.0
OS: iOS 6

Please provide any additional information below.

Within the [prepare] method is a reference to [self parameters], which calls a 
method on the NSMutableURLRequest+Parameters category. On line 58 is where a 
strings are split by the "=" sign. If HTTPBody has been set to the above, the 
JSON string is then assumed to be a name/value parameter.

Original issue reported on code.google.com by bbarb...@gmail.com on 1 Oct 2012 at 12:46