Fixed issue where request params were being copied to the Authorization header.

Reverted test to remove incorrect strings, but left order be flexible.
2025-02-24 18:13:00 +01:00 · 2013-07-24 15:23:00 +01:00 · 2013-07-24 15:23:00 +01:00 · 93777f80b8
commit 93777f80b8
parent af5e05a586
2 changed files with 31 additions and 15 deletions
--- a/src/Guzzle/Plugin/Oauth/OauthPlugin.php
+++ b/src/Guzzle/Plugin/Oauth/OauthPlugin.php
@ -68,7 +68,7 @@ class OauthPlugin implements EventSubscriberInterface
        $timestamp = $this->getTimestamp($event);
        $request = $event['request'];
        $nonce = $this->generateNonce($request);
-        $authorizationParams = $this->getParamsToSign($request, $timestamp, $nonce);
+        $authorizationParams = $this->getOauthParams($timestamp, $nonce);
        $authorizationParams['oauth_signature']  = $this->getSignature($request, $timestamp, $nonce);

        $request->setHeader(
@ -142,16 +142,13 @@ class OauthPlugin implements EventSubscriberInterface
    }

    /**
-     * Parameters sorted and filtered in order to properly sign a request
-     *
-     * @param RequestInterface $request   Request to generate a signature for
-     * @param integer          $timestamp Timestamp to use for nonce
-     * @param string           $nonce
-     *
-     * @return array
+     * Get the oauth parameters as named by the oauth spec
+     * 
+     * @param $timestamp
+     * @param $nonce
+     * @return Collection
     */
-    public function getParamsToSign(RequestInterface $request, $timestamp, $nonce)
-    {
+    protected function getOauthParams($timestamp, $nonce){
        $params = new Collection(array(
            'oauth_consumer_key'     => $this->config['consumer_key'],
            'oauth_nonce'            => $nonce,
@ -173,6 +170,24 @@ class OauthPlugin implements EventSubscriberInterface
                $params[$oauthName] = $this->config[$optionName];
            }
        }
+        return $params;
+    }
+
+    /**
+     * Get all of the parameters required to sign a request including:
+     * * The oauth params
+     * * The request GET params.
+     * * The params passed in the POST body (with a content-type of application/x-www-form-urlencoded)
+     * 
+     * @param RequestInterface $request   Request to generate a signature for
+     * @param integer          $timestamp Timestamp to use for nonce
+     * @param string           $nonce
+     *
+     * @return array
+     */
+    public function getParamsToSign(RequestInterface $request, $timestamp, $nonce)
+    {
+        $params = $this->getOauthParams($timestamp, $nonce);

        // Add query string parameters
        $params->merge($request->getQuery());
--- a/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
+++ b/tests/Guzzle/Tests/Plugin/Oauth/OauthPluginTest.php
@ -169,6 +169,10 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
        );
    }

+    /**
+     * Test that the Oauth is signed correctly and that extra strings haven't been added 
+     * to the authorization header.
+     */
    public function testSignsOauthRequests()
    {
        $p = new OauthPlugin($this->config);
@ -183,11 +187,8 @@ class OauthPluginTest extends \Guzzle\Tests\GuzzleTestCase
        $authorizationHeader = (string)$event['request']->getHeader('Authorization');

        $this->assertStringStartsWith("OAuth ", $authorizationHeader);
-
-        $stringsToCheck = array(
-            'a="b"', 
-            'c="d"',
-            'e="f"', 
+        
+        $stringsToCheck = array( 
            'oauth_consumer_key="foo"',
            'oauth_nonce="'.urlencode($params['oauth_nonce']).'"',
            'oauth_signature="'.urlencode($params['oauth_signature']).'"',