From 4cf57012884090aa7374a30f0a697559df0730e9 Mon Sep 17 00:00:00 2001
From: David Gouldin <david@gould.in>
Date: Mon, 12 Mar 2012 23:52:12 -0700
Subject: Fixing signature module to escape the components of the base
 signature string correctly, making unicode -> string conversions sane.

---
 oauthlib/parameters.py |  4 ++--
 oauthlib/signature.py  | 15 +++++++--------
 2 files changed, 9 insertions(+), 10 deletions(-)

(limited to 'oauthlib')

diff --git a/oauthlib/parameters.py b/oauthlib/parameters.py
index 0271860..721a910 100644
--- a/oauthlib/parameters.py
+++ b/oauthlib/parameters.py
@@ -20,8 +20,8 @@ def order_params(target):
     first argument.
     """
     def wrapper(params, *args, **kwargs):
-        params = order_oauth_parameters(params)
-        return target(params, *args, **kwargs)
+        ordered_params = order_oauth_parameters(params)
+        return target(ordered_params, *args, **kwargs)
 
     wrapper.__doc__ = target.__doc__
     return wrapper
diff --git a/oauthlib/signature.py b/oauthlib/signature.py
index 1499dfa..c995370 100644
--- a/oauthlib/signature.py
+++ b/oauthlib/signature.py
@@ -35,10 +35,10 @@ def construct_base_string(http_method, base_string_uri,
     .. _`section 3.4.1.1`: http://tools.ietf.org/html/rfc5849#section-3.4.1.1
     """
 
-    return u'&'.join((
-        http_method.upper(),
-        base_string_uri,
-        normalized_encoded_request_parameters,
+    return '&'.join((
+        utils.escape(http_method.upper()),
+        utils.escape(base_string_uri),
+        utils.escape(normalized_encoded_request_parameters),
     ))
 
 def normalize_base_string_uri(uri):
@@ -62,7 +62,7 @@ def normalize_base_string_uri(uri):
         if port == u'80':
             netloc = host
 
-    return urlparse.urlunparse((scheme, netloc, path, params, query, fragment))
+    return urlparse.urlunparse((scheme, netloc, path, '', '', ''))
 
 def collect_parameters(uri_query=None, authorization_header=None, body=None,
         exclude_oauth_signature=True):
@@ -117,10 +117,9 @@ def sign_hmac_sha1(base_string, client_secret, resource_owner_secret):
     .. _`section 3.4.2`: http://tools.ietf.org/html/rfc5849#section-3.4.2
     """
 
-    key = u'&'.join((utils.escape(client_secret),
+    key = '&'.join((utils.escape(client_secret),
         utils.escape(resource_owner_secret)))
-    signature = hmac.new(key.encode('utf-8'), base_string.encode('utf-8'),
-        hashlib.sha1)
+    signature = hmac.new(key, base_string, hashlib.sha1)
     return binascii.b2a_base64(signature.digest())[:-1].decode('utf-8')
 
 def sign_rsa_sha1(base_string, rsa_private_key):
-- 
cgit v1.2.1