From 1c93463189346f5e03ee70016b4111046a560de7 Mon Sep 17 00:00:00 2001 From: ciaranj Date: Mon, 19 Jul 2010 00:25:00 +0100 Subject: [PATCH] it looks like non oauth_ parameters where being included within the authorization headers I believe this to be incorrect. --- Readme.md | 3 ++- lib/oauth.js | 6 +++++- package.json | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Readme.md b/Readme.md index 32199cc3..0ca4470f 100644 --- a/Readme.md +++ b/Readme.md @@ -8,7 +8,8 @@ Also provides rudimentary OAuth2 support, tested against facebook connect and gi at express-auth (http://github.com/ciaranj/express-auth) Change History -============== +============== +* 0.7.7 - Looks like non oauth_ parameters where appearing within the Authorization headers, which I believe to be inccorrect. * 0.7.6 - Added in oauth_verifier property to getAccessToken required for 1.0A * 0.7.5 - Added in a main.js to simplify the require'ing of OAuth * 0.7.4 - Minor change to add an error listener to the OAuth client (thanks troyk) diff --git a/lib/oauth.js b/lib/oauth.js index 562e4356..72e0f9f6 100644 --- a/lib/oauth.js +++ b/lib/oauth.js @@ -193,8 +193,12 @@ exports.OAuth.prototype._performSecureRequest= function( oauth_token, oauth_toke // build request authorization header var authHeader="OAuth "; - for( var i= 0 ; i < orderedParameters.length; i++) { + for( var i= 0 ; i < orderedParameters.length; i++) { + // Whilst the all the parameters should be included within the signature, only the oauth_ arguments + // should appear within the authorization header. + if( orderedParameters[i][0].match('^oauth_') != "oauth_") { authHeader+= this._encodeData(orderedParameters[i][0])+"=\""+ this._encodeData(orderedParameters[i][1])+"\","; + } } authHeader= authHeader.substring(0, authHeader.length-1); diff --git a/package.json b/package.json index 3b8db586..5d440475 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { "name" : "oauth" -, "version" : "0.7.6" +, "version" : "0.7.7" , "directories" : { "lib" : "./lib" } , "main" : "main.js" , "author" : "Ciaran Jessup"