search

maraujop / requests-oauth

Python's Requests OAuth (Open Authentication) plugin
BSD 3-Clause "New" or "Revised" License
188 stars 33 forks source link

Does not work with file uploads #9

Closed nisc closed 12 years ago

nisc commented 12 years ago

I've created the "client" object as described in your documentation.

client = requests.session(hooks={'pre_request': oauth_hook})

However, when I try to upload a file to a server using client.post(URL, files={'filename':open('filename')}), the token and signature are not sent to the server. (I've used WIreshark to inspect the network traffic.)

Hence, the upload fails because of missing authentication.

maraujop commented 12 years ago

Hi,

You are completely right, I've used tcpdump, and authentication params don't get sent. I know what is going on, I'm working on a patch, I will release it as soon as possible,

Thanks for reporting it, Miguel

maraujop commented 12 years ago

Ok. I've just pushed a fix for this problem, see: https://github.com/maraujop/requests-oauth/commit/fc0e0a42cf3e58ad4ef2535e1a072a324483a208

Version 0.2.4 is not stable yet, as there are some problems with Rdio tests. I've added support for header authentication and the library is not using it by default. Even though this is the recommended way by the standard, it's less supported. So for uploading a file to Twitter here is the code snippet I'm using in my test:

oauth_hook.header_auth = True
client = requests.session(hooks={'pre_request': oauth_hook})
files = {'image': ('hommer.gif', open('hommer.gif', 'rb'))}
response = client.post('http://api.twitter.com/1/account/update_profile_image.json', files=files)

Please, confirm if this fixes your issue, pull from dev branch. Thanks, Miguel

nisc commented 12 years ago

Works for me. At least a simple test case. Thanks.

I haven't tried supplying extra params= and data= parameters yet, though. For example, Flickr photo upload only works if the signature is calculated over all parts except for the files. Will test when I find time.

maraujop commented 12 years ago

Thanks for confirming it.

OAuth spec defines that the files should not be used for calculating the signature. I think I have that controlled. Therefore I'm closing this issue for now. If you happen to find in the future it doesn't work for a specific case, feel free to reopen this one or another issue.

Miguel