diff options
author | Poren Chiang <ren.chiang@gmail.com> | 2018-08-01 05:04:49 +0800 |
---|---|---|
committer | Poren Chiang <ren.chiang@gmail.com> | 2018-09-14 06:38:04 +0000 |
commit | 51a0b723032640e3b3f99adf3e392ed7d8ceec33 (patch) | |
tree | 4807df5fd55054b16b3bee656be83dcdb74c1e33 | |
parent | a8765e4e37ce02c8de26e4675a4fa034266412bc (diff) |
Fix grant process by passing oauth parameters to header
Currently, `parameters` passed to `QOAuth1Private::requestToken`
are used as HTTP GET or POST parameters directly. This commit fixes
the non-standard compliant behavior by inserting parameters with
`oauth_` prefix to `headers`; this fix also allows parameter
`oauth_callback` to be inserted only during `OAuth1::grant()`
but not all token requests.
Several approaches had been taken under consideration:
* strip `const` from `parameters` function signature
* make a copy of `const QVariantMap ¶meters`
* insert relevant headers and leave parameters intact
* current: copy oauth-inrelevant parameters to another map
Task-number: QTBUG-69709
Change-Id: I892f0e6b9a70c9e425fef976f6703ef065ee9163
Reviewed-by: Poren Chiang <ren.chiang@gmail.com>
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
-rw-r--r-- | src/oauth/qoauth1.cpp | 23 | ||||
-rw-r--r-- | tests/auto/oauth1/tst_oauth1.cpp | 1 |
2 files changed, 16 insertions, 8 deletions
diff --git a/src/oauth/qoauth1.cpp b/src/oauth/qoauth1.cpp index 37408fc..928418e 100644 --- a/src/oauth/qoauth1.cpp +++ b/src/oauth/qoauth1.cpp @@ -155,7 +155,6 @@ QNetworkReply *QOAuth1Private::requestToken(QNetworkAccessManager::Operation ope const QPair<QString, QString> &token, const QVariantMap ¶meters) { - Q_Q(QOAuth1); if (Q_UNLIKELY(!networkAccessManager())) { qCWarning(loggingCategory, "QNetworkAccessManager not available"); return nullptr; @@ -175,27 +174,35 @@ QNetworkReply *QOAuth1Private::requestToken(QNetworkAccessManager::Operation ope QAbstractOAuth::Stage stage = QAbstractOAuth::Stage::RequestingTemporaryCredentials; QVariantMap headers; + QVariantMap remainingParameters; appendCommonHeaders(&headers); - headers.insert(Key::oauthCallback, q->callback()); + for (auto it = parameters.begin(), end = parameters.end(); it != end; ++it) { + const auto key = it.key(); + const auto value = it.value(); + if (key.startsWith(QStringLiteral("oauth_"))) + headers.insert(key, value); + else + remainingParameters.insert(key, value); + } if (!token.first.isEmpty()) { headers.insert(Key::oauthToken, token.first); stage = QAbstractOAuth::Stage::RequestingAccessToken; } - appendSignature(stage, &headers, url, operation, parameters); + appendSignature(stage, &headers, url, operation, remainingParameters); - request.setRawHeader("Authorization", q->generateAuthorizationHeader(headers)); + request.setRawHeader("Authorization", QOAuth1::generateAuthorizationHeader(headers)); QNetworkReply *reply = nullptr; if (operation == QNetworkAccessManager::GetOperation) { if (parameters.size() > 0) { QUrl url = request.url(); - url.setQuery(QOAuth1Private::createQuery(parameters)); + url.setQuery(QOAuth1Private::createQuery(remainingParameters)); request.setUrl(url); } reply = networkAccessManager()->get(request); } else if (operation == QNetworkAccessManager::PostOperation) { - QUrlQuery query = QOAuth1Private::createQuery(parameters); + QUrlQuery query = QOAuth1Private::createQuery(remainingParameters); const QByteArray data = query.toString(QUrl::FullyEncoded).toUtf8(); request.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/x-www-form-urlencoded")); @@ -665,7 +672,9 @@ QNetworkReply *QOAuth1::requestTemporaryCredentials(QNetworkAccessManager::Opera Q_D(QOAuth1); d->token.clear(); d->tokenSecret.clear(); - return d->requestToken(operation, url, qMakePair(d->token, d->tokenSecret), parameters); + QVariantMap allParameters(parameters); + allParameters.insert(Key::oauthCallback, callback()); + return d->requestToken(operation, url, qMakePair(d->token, d->tokenSecret), allParameters); } /*! diff --git a/tests/auto/oauth1/tst_oauth1.cpp b/tests/auto/oauth1/tst_oauth1.cpp index 2385863..dbc793c 100644 --- a/tests/auto/oauth1/tst_oauth1.cpp +++ b/tests/auto/oauth1/tst_oauth1.cpp @@ -450,7 +450,6 @@ void tst_OAuth1::getToken() }); QVERIFY(waitForFinish(reply) == Success); QCOMPARE(tokenReceived, expectedToken); - QCOMPARE(oauthHeaders["oauth_callback"], "oob"); QCOMPARE(oauthHeaders["oauth_consumer_key"], clientCredentials.first); QCOMPARE(oauthHeaders["oauth_version"], "1.0"); QString expectedSignature; |