search

liaolzy / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

oauth-java: Body is included in Signature Base String when inappropriate #201

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Run sample server using 'net.oauth.server' package.
2. Create a POST request whose content-type is not 
"application/x-www-form-urlencoded" to the server.
3. Sample server returns invalid signature and we can see signature base string 
contains key-value pair in body.

What is the expected output? What do you see instead?
Signature base string must take body into account only when the content-type is 
"application/x-www-form-urlencoded".

What version of the product are you using? On what operating system?
SVN: r1222.

Please provide any additional information below.
#27 is Ruby version.
We should probably check content-type header in 'net.oauth.server. 
HttpRequestMessage#getParameters()'.

Original issue reported on code.google.com by skitaz...@gmail.com on 16 May 2011 at 4:59

GoogleCodeExporter commented 8 years ago 
how about this patch to check content-type?

Original comment by skitaz...@gmail.com on 23 May 2011 at 8:24

Attachments: