scream78 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

Python API does not support multi-valued parameters in query string #88

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Construct an OauthRequest using a parameter whose value is a list of
strings.
2. Call "to_url()"

What is the expected output? What do you see instead?
If parameters is {"p1": ["v1", "v2"]}, then the query string should be
"p1=v1&p1=v2".  Instead it is "p1=%5B%27v1%27%2C%20%27v2%27%5D".

Original issue reported on code.google.com by nat...@sandlands.org on 27 Feb 2009 at 10:26

GoogleCodeExporter commented 9 years ago

Original comment by leah.culver on 7 Apr 2009 at 11:46

GoogleCodeExporter commented 9 years ago
Attached is a patch that resolves this issue.

Github commit:
http://github.com/joshthecoder/python-oauth/commit/18f8a6b985237fd14cb57528e6d2b
58257f4ad2b

Original comment by jroessl...@gmail.com on 8 Dec 2009 at 8:49

Attachments:

GoogleCodeExporter commented 9 years ago
the above patch does not produce the correct signature b/c it only changes the
to_post(), the get_normalize_parameters() must also be updated to produce a 
valid
signature.

this code is slightly different in how it flattens the embedded arrays, but 
shares
the logic for both to_post and get_normalize_parameters.
this diff produced by:
diff -u orig/oauth.py new/oauth.py > multivalue.patch

it'd be great to get this type of fix into the next distribution of this lib, so
other people don't spend time dealing with this issue.

Original comment by woody.an...@gmail.com on 5 Feb 2010 at 6:53

Attachments:

GoogleCodeExporter commented 9 years ago
there is a much simpler fix done by Brian Rosner. find that here: 
http://github.com/simplegeo/python-oauth2/commit/5e32b4cb229e1ba93454420d5e68c14
02475832f

Original comment by woody.an...@gmail.com on 7 Feb 2010 at 1:54

GoogleCodeExporter commented 9 years ago
Yeah that fix should do the trick. I was a bit puzzled what doseq really did. 
The
documentation for it is a bit confusing. We should then just tack on True to the
urlencode method.

Original comment by jroessl...@gmail.com on 7 Feb 2010 at 2:41

GoogleCodeExporter commented 9 years ago
One thing though we don't use urlencode. I think the reason for that is ~ are 
safe
which urlencode will still encode. AFAIK there's no way to supply a safe list.

Original comment by jroessl...@gmail.com on 7 Feb 2010 at 2:45