@@ -44,7 +44,10 @@ module OAuth::RequestProxy::Net end def query_string - [ query_params, post_params, auth_header_params ].compact.join('&') + params = [ query_params, auth_header_params ] + is_form_urlencoded = request['Content-Type'] != nil && request['Content-Type'].downcase == 'application/x-www-form-urlencoded' + params << post_params if method.to_s.upcase == 'POST' && is_form_urlencoded + params.compact.join('&') end def query_params lib/oauth/request_proxy/net_http.rb @@ -129,6 +129,36 @@ class NetHTTPClientTest < Test::Unit::TestCase # assert_equal request['authorization'],response.body assert_equal "oauth_token=requestkey&oauth_token_secret=requestsecret",response.body end + + def test_that_put_bodies_not_signed + request = Net::HTTP::Put.new(@request_uri.path) + request.body = "<?xml version=\"1.0\"?><foo><bar>baz</bar></foo>" + request["Content-Type"] = "application/xml" + signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp }) + assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_token%3D%26oauth_version%3D1.0", signature_base_string + end + + def test_that_put_bodies_not_signed_even_if_form_urlencoded + request = Net::HTTP::Put.new(@request_uri.path) + request.set_form_data( { 'key2' => 'value2' } ) + signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp }) + assert_equal "PUT&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_token%3D%26oauth_version%3D1.0", signature_base_string + end + + def test_that_post_bodies_signed_if_form_urlencoded + request = Net::HTTP::Post.new(@request_uri.path) + request.set_form_data( { 'key2' => 'value2' } ) + signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp }) + assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&key2%3Dvalue2%26oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_token%3D%26oauth_version%3D1.0", signature_base_string + end + + def test_that_post_bodies_not_signed_if_other_content_type + request = Net::HTTP::Post.new(@request_uri.path) + request.body = "<?xml version=\"1.0\"?><foo><bar>baz</bar></foo>" + request["Content-Type"] = "application/xml" + signature_base_string=request.signature_base_string(@http, @consumer, nil, { :nonce => @nonce, :timestamp => @timestamp }) + assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_token%3D%26oauth_version%3D1.0", signature_base_string + end protected test/test_net_http_client.rb f8dbb689b5723dd19556119c0c0481b4e90b0a69 Scott Hill git@stmpjmpr.com http://github.com/pelle/oauth/commit/5cabd84b3c712cd3f615af174f127a47d7010561 5cabd84b3c712cd3f615af174f127a47d7010561 2008-09-03T14:04:47-07:00 2008-09-03T14:04:47-07:00 Fixed behavior where POST params in the request body were being included in the SBS even when not encoded as application/x-www-form-urlencoded. 49b2ad6ad6dcbd3252dc00946e87fce2bdd30aa6 Scott Hill git@stmpjmpr.com