diff options
author | David Gouldin <david@gould.in> | 2012-03-12 23:52:12 -0700 |
---|---|---|
committer | David Gouldin <david@gould.in> | 2012-03-12 23:52:19 -0700 |
commit | 4cf57012884090aa7374a30f0a697559df0730e9 (patch) | |
tree | f4fe6d15e04eb871d684349104192e969ca565a7 /oauthlib | |
parent | 7ad93eae094f7108dbf01f6eb08d0e3c81c68f73 (diff) | |
download | oauthlib-4cf57012884090aa7374a30f0a697559df0730e9.tar.gz |
Fixing signature module to escape the components of the base signature string correctly, making unicode -> string conversions sane.
Diffstat (limited to 'oauthlib')
-rw-r--r-- | oauthlib/parameters.py | 4 | ||||
-rw-r--r-- | oauthlib/signature.py | 15 |
2 files changed, 9 insertions, 10 deletions
diff --git a/oauthlib/parameters.py b/oauthlib/parameters.py index 0271860..721a910 100644 --- a/oauthlib/parameters.py +++ b/oauthlib/parameters.py @@ -20,8 +20,8 @@ def order_params(target): first argument. """ def wrapper(params, *args, **kwargs): - params = order_oauth_parameters(params) - return target(params, *args, **kwargs) + ordered_params = order_oauth_parameters(params) + return target(ordered_params, *args, **kwargs) wrapper.__doc__ = target.__doc__ return wrapper diff --git a/oauthlib/signature.py b/oauthlib/signature.py index 1499dfa..c995370 100644 --- a/oauthlib/signature.py +++ b/oauthlib/signature.py @@ -35,10 +35,10 @@ def construct_base_string(http_method, base_string_uri, .. _`section 3.4.1.1`: http://tools.ietf.org/html/rfc5849#section-3.4.1.1 """ - return u'&'.join(( - http_method.upper(), - base_string_uri, - normalized_encoded_request_parameters, + return '&'.join(( + utils.escape(http_method.upper()), + utils.escape(base_string_uri), + utils.escape(normalized_encoded_request_parameters), )) def normalize_base_string_uri(uri): @@ -62,7 +62,7 @@ def normalize_base_string_uri(uri): if port == u'80': netloc = host - return urlparse.urlunparse((scheme, netloc, path, params, query, fragment)) + return urlparse.urlunparse((scheme, netloc, path, '', '', '')) def collect_parameters(uri_query=None, authorization_header=None, body=None, exclude_oauth_signature=True): @@ -117,10 +117,9 @@ def sign_hmac_sha1(base_string, client_secret, resource_owner_secret): .. _`section 3.4.2`: http://tools.ietf.org/html/rfc5849#section-3.4.2 """ - key = u'&'.join((utils.escape(client_secret), + key = '&'.join((utils.escape(client_secret), utils.escape(resource_owner_secret))) - signature = hmac.new(key.encode('utf-8'), base_string.encode('utf-8'), - hashlib.sha1) + signature = hmac.new(key, base_string, hashlib.sha1) return binascii.b2a_base64(signature.digest())[:-1].decode('utf-8') def sign_rsa_sha1(base_string, rsa_private_key): |