kmoonki / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

python: no ampersand in plaintext signature, no escaping in Authentication header #16

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
[Spec says](http://oauth.net/core/1.0/#anchor22): 

oauth_signature is set to the concatenated encoded values of the Consumer 
Secret and Token Secret, 
separated by a ‘&’ character (ASCII code 38), even if either secret is 
empty. The result MUST be encoded 
again.

oauth.py doesn't append ampersand for request token and doesn't escape values 
passed to 
Authentication header. Attached patch fixes this.

Original issue reported on code.google.com by atregoub...@gmail.com on 25 Mar 2008 at 2:47

Attachments:

GoogleCodeExporter commented 9 years ago
Verified, patch fixes plaintext signature method. I was facing this issue as 
well.

Original comment by ashish.t...@gmail.com on 24 Jun 2008 at 10:11

GoogleCodeExporter commented 9 years ago
I confirm that bug, here is a more complete patch which handle PLAINTEXT 
signature in a consistent way and 
solve a bug with a mutable argument in OAuthRequest.from_request()

Someone can commit those changes? Otherwise I can do this (tests need to be 
fixed too, they seems broken for 
now). Thanks.

Original comment by lar...@gmail.com on 30 Jun 2008 at 11:34

Attachments:

GoogleCodeExporter commented 9 years ago
Patch plaintext.signature.ampersand.diff looks great and I've checked it in:

http://code.google.com/p/oauth/source/detail?r=588

Thanks atregoubenko!

Original comment by leah.culver on 8 Jul 2008 at 4:32

GoogleCodeExporter commented 9 years ago
larlet - I've added one of your changes, the check for the OAuthError 
specifically.
Can you provide more reasoning for your other two changes? I'm closing this 
ticket,
but feel free to open another for those issues.

Thanks!

Original comment by leah.culver on 8 Jul 2008 at 4:37

GoogleCodeExporter commented 9 years ago

Original comment by leah.culver on 14 Jan 2009 at 8:33