From d9be899bf5113b164af5cc27c7dc8b44b54d6f8d Mon Sep 17 00:00:00 2001 From: Hiromi Ishii Date: Tue, 21 Jun 2011 03:10:16 +0900 Subject: [PATCH 1/3] Fiexed bug: cannot escape request including multi-byte sequence correctly --- Web/Authenticate/OAuth.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Web/Authenticate/OAuth.hs b/Web/Authenticate/OAuth.hs index 28e0bd8a..035d799e 100644 --- a/Web/Authenticate/OAuth.hs +++ b/Web/Authenticate/OAuth.hs @@ -207,7 +207,7 @@ renderAuthHeader = ("OAuth " `BS.append`). BS.intercalate "," . map (\(a,b) -> B paramEncode :: BS.ByteString -> BS.ByteString paramEncode = BS.concatMap escape where - escape c | isAlpha c || isDigit c || c `elem` "-._~" = BS.singleton c + escape c | isAscii c && (isAlpha c || isDigit c || c `elem` "-._~") = BS.singleton c | otherwise = let num = map toUpper $ showHex (ord c) "" oct = '%' : replicate (2 - length num) '0' ++ num in BS.pack oct From 5bb993291948795ac9732e4da76a173eda924ad2 Mon Sep 17 00:00:00 2001 From: Hiromi Ishii Date: Tue, 21 Jun 2011 03:12:19 +0900 Subject: [PATCH 2/3] removed redundant import --- Web/Authenticate/OAuth.hs | 1 - 1 file changed, 1 deletion(-) diff --git a/Web/Authenticate/OAuth.hs b/Web/Authenticate/OAuth.hs index 035d799e..f327569e 100644 --- a/Web/Authenticate/OAuth.hs +++ b/Web/Authenticate/OAuth.hs @@ -38,7 +38,6 @@ import Data.Enumerator (($$), run_, Stream (..), continue) import Data.Monoid (mconcat) import Control.Monad.IO.Class (MonadIO (liftIO)) import Data.IORef (newIORef, readIORef, atomicModifyIORef) -import Control.Exception (Exception, throwIO) -- | Data type for OAuth client (consumer). data OAuth = OAuth { oauthServerName :: String -- ^ Service name From 2a8de3c35c1911be4bfd324015b54d37636d4939 Mon Sep 17 00:00:00 2001 From: Hiromi Ishii Date: Tue, 21 Jun 2011 04:23:15 +0900 Subject: [PATCH 3/3] changed how to render the Authentication Header --- Web/Authenticate/OAuth.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Web/Authenticate/OAuth.hs b/Web/Authenticate/OAuth.hs index f327569e..0107408e 100644 --- a/Web/Authenticate/OAuth.hs +++ b/Web/Authenticate/OAuth.hs @@ -200,7 +200,7 @@ addAuthHeader (Credential cred) req = req { requestHeaders = insertMap "Authorization" (renderAuthHeader cred) $ requestHeaders req } renderAuthHeader :: [(BS.ByteString, BS.ByteString)] -> BS.ByteString -renderAuthHeader = ("OAuth " `BS.append`). BS.intercalate "," . map (\(a,b) -> BS.concat [paramEncode a, "=\"", paramEncode b, "\""]) . filter ((`notElem` ["oauth_token_secret", "oauth_consumer_secret"]) . fst) +renderAuthHeader = ("OAuth " `BS.append`). BS.intercalate "," . map (\(a,b) -> BS.concat [paramEncode a, "=\"", paramEncode b, "\""]) . filter ((`elem` ["realm", "oauth_token", "oauth_verifier", "oauth_consumer_key", "oauth_signature_method", "oauth_timestamp", "oauth_nonce", "oauth_version", "oauth_callback", "oauth_signature"]) . fst) -- | Encode a string using the percent encoding method for OAuth. paramEncode :: BS.ByteString -> BS.ByteString @@ -223,7 +223,7 @@ getBaseString tok req = do bsBodyQ <- if isBodyFormEncoded $ requestHeaders req then liftM parseSimpleQuery $ toLBS (requestBody req) else return [] - let bsAuthParams = filter ((`notElem`["oauth_signature","realm", "oauth_token_secret"]).fst) $ unCredential tok + let bsAuthParams = filter ((`elem`["oauth_consumer_key","oauth_token", "oauth_version","oauth_signature_method","oauth_timestamp", "oauth_nonce", "oauth_verifier", "oauth_version"]).fst) $ unCredential tok allParams = bsQuery++bsBodyQ++bsAuthParams bsParams = BS.intercalate "&" $ map (\(a,b)->BS.concat[a,"=",b]) $ sortBy compareTuple $ map (\(a,b) -> (paramEncode a,paramEncode b)) allParams