Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hubshoply uses a wrong OAuth signature for the /api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36 request #6

Open
dmitrii-fediuk opened this issue Jun 1, 2020 · 2 comments
Open

Hubshoply uses a wrong OAuth signature for the /api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36 request #6

dmitrii-fediuk opened this issue Jun 1, 2020 · 2 comments
Labels
bug

Comments

@dmitrii-fediuk
Copy link
Contributor

dmitrii-fediuk commented Jun 1, 2020
edited
Loading

Now the first API request from Hubshoply to Magento (GET /api/rest/orders/1) works correctly, but the second one (GET /api/rest/products) fails with another authentication failure.
I am investigating it.

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_408cad113d7d5f6b7ffc3d0715a76e94

04
@dmitrii-fediuk
Copy link
Contributor Author

It seems that Hubshoply incorrectly generates an OAuth signature for a product request.
At the same time, Hubshoply correctly generates the signature for an order request.
The correct order request is simple: /api/rest/orders/1
The incorrect product request is more complex: https://m1.hubshoply.mage2.pro/api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36

The Magento's code to verify the signature is:
https://github.com/OpenMage/magento-mirror/blob/1.9.4.5/app/code/core/Mage/Oauth/Model/Server.php#L538-L547
https://github.com/OpenMage/magento-mirror/blob/1.9.4.5/lib/Zend/Oauth/Signature/Hmac.php#L44-L53

The parameters used by Magento to verify the order and product request signatures are shown on the product.png and order.png screenshot (I made then in a PHP debugger).

I guess that the OAuth client library used by Hubshoply incorrectly processes the ?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36 part and generates a wrong OAuth signature.

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_3a8f3307d35c8c3f107dc50efca59f60

order

product

@dmitrii-fediuk
Copy link
Contributor Author

I think the Hubshoply's OAuth client incorrecly calculates the OAuth signature when the request URL contains some special characters.
The problem is described here: magento.stackexchange.com/questions/62873
In my case the problem URL is https://m1.hubshoply.mage2.pro/api/rest/products?filter%5B1%5D%5Battribute%5D=sku&filter%5B1%5D%5Beq%5D=Saint+Laurent+Betty-beige-36

upwork.com/messages/rooms/room_b72ba12d343219fd302517aa34ee4d7b/story_2dd9e0d7b9d8a9eadef5f5dd6c3917ee

@dmitrii-fediuk dmitrii-fediuk mentioned this issue Jun 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmitrii-fediuk