request_token failed if virtual host is combind with a port not equal to 80

liaolzy / oauth

Automatically exported from code.google.com/p/oauth

0 stars 0 forks source link

request_token failed if virtual host is combind with a port not equal to 80 #170

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. reside our request_token.php to
http://somehost:someport/request_token.php, someport e.g. 1000
2. request a temporary credential with the client.php and signing method
is: HMAC-SHA1
3. the result tells 'Invalid signature'

What is the expected output? What do you see instead?

oauth_token=requestkey&oauth_token_secret=requestsecret

What version of the product are you using? On what operating system?

oauth - Revision 1219

Please provide any additional information below.

i think the $_SERVER['HTTP_HOST'] and $_SERVER['SERVER_PORT'] variable are
both including the port information, which caused this issue.

code following may cope this issue
==========
$http_host=$_SERVER['HTTP_HOST'];
if(false===strpos($http_host,':'))$http_host=$_SERVER['HTTP_HOST'].':'.$_SERVER[
'SERVER_PORT'];

Original issue reported on code.google.com by laurence...@gmail.com on 1 Jun 2010 at 9:22

GoogleCodeExporter commented 8 years ago

sorry, forgot to mention, this issue is related to oauth-php  Revision 1219

Original comment by laurence...@gmail.com on 1 Jun 2010 at 9:24

GoogleCodeExporter commented 8 years ago

So you're saying that $_SERVER['HTTP_HOST'] = 'somehost:someport' and 
$_SERVER['HTTP_PORT'] = 'someport', which means the normalized http-host is 
wrongly 'somehost:someport:someport', right?

I remember having this issue once, but I thought I had fixed it. Anyways, will 
look into it again, and write a proper unit-test to make sure it works 
properly..

-Morten

Original comment by morten.f...@gmail.com on 12 Jun 2010 at 8:01

Changed state: Accepted
Added labels: Lib-PHP, Type-Defect

GoogleCodeExporter commented 8 years ago

We ran into this issue also at the Apache Shindig PHP version which uses this 
OAuth library:

https://issues.apache.org/jira/browse/SHINDIG-1385

Our proposed solution was to exchange HTTP_HOST with SERVER_NAME

Index: php/external/OAuth/OAuth.php
===================================================================
250c250
< '://' . $_SERVER['HTTP_HOST'] .
---
> '://' . $_SERVER['SERVER_NAME'] .

Original comment by bashofm...@gmail.com on 19 Jul 2010 at 9:41

GoogleCodeExporter commented 8 years ago

I just confirmed this is still happening and the above solution fixed it.

Original comment by lgell...@gmail.com on 10 Sep 2010 at 10:15

GoogleCodeExporter commented 8 years ago

This issue was closed by revision r1261.

Original comment by morten.f...@gmail.com on 29 Mar 2011 at 5:49

Changed state: Fixed