search

hubshoply / m1

HubSpot integration with Magento 1
0 stars 0 forks source link

Hubshoply uses a wrong OAuth signature for the `/api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36` request #6

Open dmitrii-fediuk opened 4 years ago

dmitrii-fediuk commented 4 years ago

Now the first API request from Hubshoply to Magento (GET /api/rest/orders/1) works correctly, but the second one (GET /api/rest/products) fails with another authentication failure. I am investigating it.

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_408cad113d7d5f6b7ffc3d0715a76e94

04

dmitrii-fediuk commented 4 years ago

It seems that Hubshoply incorrectly generates an OAuth signature for a product request. At the same time, Hubshoply correctly generates the signature for an order request. The correct order request is simple: /api/rest/orders/1 The incorrect product request is more complex: https://m1.hubshoply.mage2.pro/api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36

The Magento's code to verify the signature is: https://github.com/OpenMage/magento-mirror/blob/1.9.4.5/app/code/core/Mage/Oauth/Model/Server.php#L538-L547 https://github.com/OpenMage/magento-mirror/blob/1.9.4.5/lib/Zend/Oauth/Signature/Hmac.php#L44-L53

The parameters used by Magento to verify the order and product request signatures are shown on the product.png and order.png screenshot (I made then in a PHP debugger).

I guess that the OAuth client library used by Hubshoply incorrectly processes the ?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36 part and generates a wrong OAuth signature.

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_3a8f3307d35c8c3f107dc50efca59f60

order

product

dmitrii-fediuk commented 4 years ago

I think the Hubshoply's OAuth client incorrecly calculates the OAuth signature when the request URL contains some special characters. The problem is described here: magento.stackexchange.com/questions/62873 In my case the problem URL is https://m1.hubshoply.mage2.pro/api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_2dd9e0d7b9d8a9eadef5f5dd6c3917ee