Fix grant process by passing oauth parameters to header

Currently, `parameters` passed to `QOAuth1Private::requestToken` are used as HTTP GET or POST parameters directly. This commit fixes the non-standard compliant behavior by inserting parameters with `oauth_` prefix to `headers`; this fix also allows parameter `oauth_callback` to be inserted only during `OAuth1::grant()` but not all token requests. Several approaches had been taken under consideration: * strip `const` from `parameters` function signature * make a copy of `const QVariantMap &parameters` * insert relevant headers and leave parameters intact * current: copy oauth-inrelevant parameters to another map Task-number: QTBUG-69709 Change-Id: I892f0e6b9a70c9e425fef976f6703ef065ee9163 Reviewed-by: Poren Chiang <ren.chiang@gmail.com> Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
author: Poren Chiang <ren.chiang@gmail.com> 2018-08-01 05:04:49 +0800
committer: Poren Chiang <ren.chiang@gmail.com> 2018-09-14 06:38:04 +0000
commit: 51a0b723032640e3b3f99adf3e392ed7d8ceec33 (patch)
tree: 4807df5fd55054b16b3bee656be83dcdb74c1e33
parent: a8765e4e37ce02c8de26e4675a4fa034266412bc (diff)
2 files changed, 16 insertions, 8 deletions
diff --git a/src/oauth/qoauth1.cpp b/src/oauth/qoauth1.cpp
index 37408fc..928418e 100644
--- a/src/oauth/qoauth1.cpp
+++ b/src/oauth/qoauth1.cpp
@@ -155,7 +155,6 @@ QNetworkReply *QOAuth1Private::requestToken(QNetworkAccessManager::Operation ope
                                             const QPair<QString, QString> &token,
                                             const QVariantMap &parameters)
 {
-    Q_Q(QOAuth1);
     if (Q_UNLIKELY(!networkAccessManager())) {
         qCWarning(loggingCategory, "QNetworkAccessManager not available");
         return nullptr;
@@ -175,27 +174,35 @@ QNetworkReply *QOAuth1Private::requestToken(QNetworkAccessManager::Operation ope
 
     QAbstractOAuth::Stage stage = QAbstractOAuth::Stage::RequestingTemporaryCredentials;
     QVariantMap headers;
+    QVariantMap remainingParameters;
     appendCommonHeaders(&headers);
-    headers.insert(Key::oauthCallback, q->callback());
+    for (auto it = parameters.begin(), end = parameters.end(); it != end; ++it) {
+        const auto key = it.key();
+        const auto value = it.value();
+        if (key.startsWith(QStringLiteral("oauth_")))
+            headers.insert(key, value);
+        else
+            remainingParameters.insert(key, value);
+    }
     if (!token.first.isEmpty()) {
         headers.insert(Key::oauthToken, token.first);
         stage = QAbstractOAuth::Stage::RequestingAccessToken;
     }
-    appendSignature(stage, &headers, url, operation, parameters);
+    appendSignature(stage, &headers, url, operation, remainingParameters);
 
-    request.setRawHeader("Authorization", q->generateAuthorizationHeader(headers));
+    request.setRawHeader("Authorization", QOAuth1::generateAuthorizationHeader(headers));
 
     QNetworkReply *reply = nullptr;
     if (operation == QNetworkAccessManager::GetOperation) {
         if (parameters.size() > 0) {
             QUrl url = request.url();
-            url.setQuery(QOAuth1Private::createQuery(parameters));
+            url.setQuery(QOAuth1Private::createQuery(remainingParameters));
             request.setUrl(url);
         }
         reply = networkAccessManager()->get(request);
     }
     else if (operation == QNetworkAccessManager::PostOperation) {
-        QUrlQuery query = QOAuth1Private::createQuery(parameters);
+        QUrlQuery query = QOAuth1Private::createQuery(remainingParameters);
         const QByteArray data = query.toString(QUrl::FullyEncoded).toUtf8();
         request.setHeader(QNetworkRequest::ContentTypeHeader,
                           QStringLiteral("application/x-www-form-urlencoded"));
@@ -665,7 +672,9 @@ QNetworkReply *QOAuth1::requestTemporaryCredentials(QNetworkAccessManager::Opera
     Q_D(QOAuth1);
     d->token.clear();
     d->tokenSecret.clear();
-    return d->requestToken(operation, url, qMakePair(d->token, d->tokenSecret), parameters);
+    QVariantMap allParameters(parameters);
+    allParameters.insert(Key::oauthCallback, callback());
+    return d->requestToken(operation, url, qMakePair(d->token, d->tokenSecret), allParameters);
 }
 
 /*!
diff --git a/tests/auto/oauth1/tst_oauth1.cpp b/tests/auto/oauth1/tst_oauth1.cpp
index 2385863..dbc793c 100644
--- a/tests/auto/oauth1/tst_oauth1.cpp
+++ b/tests/auto/oauth1/tst_oauth1.cpp
@@ -450,7 +450,6 @@ void tst_OAuth1::getToken()
     });
     QVERIFY(waitForFinish(reply) == Success);
     QCOMPARE(tokenReceived, expectedToken);
-    QCOMPARE(oauthHeaders["oauth_callback"], "oob");
     QCOMPARE(oauthHeaders["oauth_consumer_key"], clientCredentials.first);
     QCOMPARE(oauthHeaders["oauth_version"], "1.0");
     QString expectedSignature;
author	Poren Chiang <ren.chiang@gmail.com>	2018-08-01 05:04:49 +0800
committer	Poren Chiang <ren.chiang@gmail.com>	2018-09-14 06:38:04 +0000
commit	51a0b723032640e3b3f99adf3e392ed7d8ceec33 (patch)
tree	4807df5fd55054b16b3bee656be83dcdb74c1e33
parent	a8765e4e37ce02c8de26e4675a4fa034266412bc (diff)