[Http] Adding the ability to remove POST parameters from OAuth signat…

…ures. Closes #135
guzzle · Sep 30, 2012 · e6fe489 · e6fe489
1 parent 6bcb146
commit e6fe489
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 8 deletions.
diff --git a/src/Guzzle/Http/Plugin/OauthPlugin.php b/src/Guzzle/Http/Plugin/OauthPlugin.php
@@ -25,12 +25,13 @@ class OauthPlugin implements EventSubscriberInterface
      * Create a new OAuth 1.0 plugin
      *
      * @param array $config Configuration array containing these parameters:
-     *     - string 'consumer_key'     Consumer key
-     *     - string 'consumer_secret'  Consumer secret
-     *     - string 'token'            Token
-     *     - string 'token_secret'     Token secret
-     *     - string 'version'          OAuth version.  Defaults to 1.0
-     *     - string 'signature_method' Custom signature method
+     *     - string 'consumer_key'         Consumer key
+     *     - string 'consumer_secret'      Consumer secret
+     *     - string 'token'                Token
+     *     - string 'token_secret'         Token secret
+     *     - string 'version'              OAuth version.  Defaults to 1.0
+     *     - string 'signature_method'     Custom signature method
+     *     - bool   'disable_post_params'  Set to true to prevent POST parameters from being signed
      *     - array|Closure 'signature_callback' Custom signature callback that accepts a string to sign and a signing key
      */
     public function __construct($config)
@@ -127,8 +128,8 @@ public function getParamsToSign(RequestInterface $request, $timestamp)
         // Add query string parameters
         $params->merge($request->getQuery());
         // Add POST fields to signing string
-        if ($request instanceof EntityEnclosingRequestInterface
-            && $request->getHeader('Content-Type') == 'application/x-www-form-urlencoded') {
+        if (!$this->config->get('disable_post_params') && $request instanceof EntityEnclosingRequestInterface
+            && (string) $request->getHeader('Content-Type') == 'application/x-www-form-urlencoded') {
             $params->merge($request->getPostFields());
         }
 

diff --git a/tests/Guzzle/Tests/Http/Plugin/OauthPluginTest.php b/tests/Guzzle/Tests/Http/Plugin/OauthPluginTest.php
@@ -55,6 +55,7 @@ public function testCreatesStringToSignFromPostRequest()
     {
         $p = new OauthPlugin($this->config);
         $request = $this->getRequest();
+        $this->assertContains('&e=f', rawurldecode($p->getStringToSign($request, self::TIMESTAMP)));
         $this->assertEquals(
             // Method and URL
             'POST&http%3A%2F%2Fwww.test.com%2Fpath' .
@@ -67,6 +68,16 @@ public function testCreatesStringToSignFromPostRequest()
         );
     }
 
+    public function testCreatesStringToSignIgnoringPostFields()
+    {
+        $config = $this->config;
+        $config['disable_post_params'] = true;
+        $p = new OauthPlugin($config);
+        $request = $this->getRequest();
+        $sts = rawurldecode($p->getStringToSign($request, self::TIMESTAMP));
+        $this->assertNotContains('&e=f', $sts);
+    }
+
     public function testCreatesStringToSignFromPostRequestWithCustomContentType()
     {
         $p = new OauthPlugin($this->config);