Skip Menu |
 

This queue is for tickets about the Net-OAuth CPAN distribution.

Report information
The Basics
Id: 59714
Status: new
Priority: 0/
Queue: Net-OAuth

People
Owner: Nobody in particular
Requestors: notbenh [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in:
  • 0.25
  • 0.26
  • 0.27
Fixed in: (no value)



Subject: signature_base_string does not compile the correct string for RSA signatures
According to the spec's the base string used for signature's needs to only be a subset of the headers and sorted. The current base_string seems to end up including things like user_agent. I've overridden signature_base_string to better match the spec. Spec: http://oauth.net/core/1.0a/#anchor13 Modified Code: { no warnings; *Net::OAuth::Message::signature_base_string = sub{ my $self = shift; use Util::Log; # build up non-body parts like the standard sig_base_string my @base_string_parts = map{ $self->$_ } grep{ $_ ne 'normalized_message_parameters' } @{$self->signature_elements}; my $NMP = $self->normalized_message_parameters; # now break apart the message so we can muttle with it my %message = split /[&=]/, $self->normalized_message_parameters; # build up a string that only contains oauth (and scope) stuff, sorted my $NMP = join '&', map{join '=', $_ => $message{$_}} sort grep{m/^(?:oauth|scope)/} keys %message ; # now use that to build out the base_string return join '&', map{Net::OAuth::Message::encode($_)} @base_string_parts, $NMP; }; }


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.