Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Backport 15533 (#15542)

* Fix OAuth 1 when consumer key is base64 string

Fix consumer keys not being correctly encoded when the key is base64 and ends with an equals sign

Co-authored-by: Rytis Slatkevičius <rytis.s@gmail.com>
Co-authored-by: Rytis Slatkevičius <rytis@techec.lt>
Mark Story 4 years ago
parent
affc2078ad
commit
6f5a129d42
2 changed files with 36 additions and 1 deletions
Split View Show Diff Stats
  1. 5 1
      src/Http/Client/Auth/Oauth.php
  2. 31 0
      tests/TestCase/Http/Client/Auth/OauthTest.php

+ 5 - 1
src/Http/Client/Auth/Oauth.php
View File 

@@ -138,10 +138,14 @@ class Oauth
 
             'oauth_timestamp' => $timestamp,
 
             'oauth_signature_method' => 'HMAC-SHA1',
 
             'oauth_token' => $credentials['token'],
 
-            'oauth_consumer_key' => $credentials['consumerKey'],
 
+            'oauth_consumer_key' => $this->_encode($credentials['consumerKey']),
 
         ];
 
         $baseString = $this->baseString($request, $values);
 
 
+        // Consumer key should only be encoded for base string calculation as
 
+        // auth header generation already encodes independently
 
+        $values['oauth_consumer_key'] = $credentials['consumerKey'];
 
+
 
         if (isset($credentials['realm'])) {
 
             $values['oauth_realm'] = $credentials['realm'];
 
         }

+ 31 - 0
tests/TestCase/Http/Client/Auth/OauthTest.php
View File 

@@ -308,6 +308,37 @@ shqoyFXJvizZzje7HaTQv/eJTuA6rUOzu/sAv/eBx2YAPkA8oa3qUw==
 
     }
 
 
     /**
 
+     * Test HMAC-SHA1 signing with a base64 consumer key
 
+     *
 
+     * @return void
 
+     */
 
+    public function testHmacBase64Signing()
 
+    {
 
+        $request = new Request(
 
+            'http://photos.example.net/photos',
 
+            'GET'
 
+        );
 
+
 
+        $options = [
 
+            'consumerKey' => 'ZHBmNDNmM3AybDRrM2wwMw==',
 
+            'consumerSecret' => 'kd94hf93k423kf44',
 
+            'tokenSecret' => 'pfkkdhi9sl3r4s00',
 
+            'token' => 'nnch734d00sl2jdk',
 
+            'nonce' => 'kllo9940pd9333jh',
 
+            'timestamp' => '1191242096',
 
+        ];
 
+        $auth = new Oauth();
 
+        $request = $auth->authentication($request, $options);
 
+
 
+        $result = $request->getHeaderLine('Authorization');
 
+        $expected = '2hr/eoFyTSuWc6SfZIvkhpeRHdM=';
 
+        $this->assertContains(
 
+            'oauth_signature="' . $expected . '"',
 
+            urldecode($result)
 
+        );
 
+    }
 
+
 
+    /**
 
      * Test RSA-SHA1 signing with a private key string
 
      *
 
      * Hash result + parameters taken from