Skip to content
This repository was archived by the owner on May 16, 2018. It is now read-only.

Zend_Oauth_Client: Consider multipart/form-data #244

Merged
merged 1 commit into from
Aug 20, 2014
Merged

Zend_Oauth_Client: Consider multipart/form-data #244

merged 1 commit into from
Aug 20, 2014

Conversation

@chmielot
Copy link
Contributor

@chmielot chmielot commented Nov 15, 2013

Parameters being sent that are not the oauth_* named parameters do not become part of the OAuth signature base string when the HTTP method being used is POST but the post body is not of the "Content-Type: x-www-form-urlencoded" variety.

Consider multipart/form-data encoding when retrieving parameters to encode:

  • Fix indentation in _getSignableParametersAsQueryString method
  • Remove comment that states that a query string is returned
  • Change return type to array in docblock
  • Remove unnecessary code that created the query string which
    is not used.
  • Add code to not include POST parameters when encoding is
    multipart/form-data

Problem popped up when I tried to send images to the twitter API. The encoding has to be multipart/form-data and the API didn't validate my credentials because they were simply wrong for that case.

@froschdesign
Copy link
Member

froschdesign commented Jan 6, 2014

@chmielot
Can you provide some unit tests? Thanks!

- Fix indentation in _getSignableParametersAsQueryString method
5f7a2dd 
- Remove comment that states that a query string is returned
- Change return type to array
- Remove unnecessary code that created the query string which
  is not used again.
- Add code to not include POST parameters when encoding is
  multipart/form-data
- Add tests for both encodings and POST parameters

The test uses a dummy class which extends Zend_Oauth_Client. This
dummy class allows to call _getSignableParametersAsQueryString()
directly. The reason for this is the following:
This protected function is used in prepareOauth() only,
which sets the request header 'Authorization'. This request header
can be read via getHeader() but the parameters are already encoded
and the encoded string changes with every call. It is not possible
to determine the results of the _getSignableParametersAsQueryString()
method by checking the headers. That's why I needed this stub.
@chmielot
Copy link
Contributor Author

chmielot commented Jan 30, 2014

@froschdesign
Here you are. I added tests. Please see the commit message for further explanation about the tests. Is this ok?

@froschdesign
Copy link
Member

froschdesign commented Apr 1, 2014

ping @ezimuel

@chmielot
Copy link
Contributor Author

chmielot commented Jun 11, 2014

Are there any problems with the fix? @froschdesign

@akrabat
Copy link
Contributor

akrabat commented Jun 12, 2014

@chmielot, we're waiting on @ezimuel to check it.

@froschdesign froschdesign added this to the 1.12.8 milestone Aug 19, 2014
ezimuel added a commit that referenced this pull request Aug 20, 2014
@ezimuel
Merge pull request #244 from chmielot/oauth_multipart
7e6b5a7 
Zend_Oauth_Client: Consider multipart/form-data
@ezimuel ezimuel merged commit 7e6b5a7 into zendframework:master Aug 20, 2014
@ezimuel
Copy link
Contributor

ezimuel commented Aug 20, 2014

@chmielot Thanks for the PR and sorry for the delay of the merge.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@ezimuel ezimuel

Labels

Zend_Oauth

Projects

None yet

Milestone

1.12.8

Development

Successfully merging this pull request may close these issues.

4 participants

@chmielot @froschdesign @akrabat @ezimuel