Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix for encoding signature when using PLAINTEXT

  • Loading branch information...
commit 4654edc121b73e9335a58d94f940afbc10af79e3 1 parent 99e6259
@redbugz authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/oauth.js
View
4 lib/oauth.js
@@ -189,11 +189,11 @@ exports.OAuth.prototype._createSignature= function(signatureBase, tokenSecret) {
if( tokenSecret === undefined ) var tokenSecret= "";
else tokenSecret= this._encodeData( tokenSecret );
// consumerSecret is already encoded
- var key= this._consumerSecret + "&" + tokenSecret;
+ var key= this._encodeData(this._consumerSecret) + "&" + this._encodeData(tokenSecret);
var hash= ""
if( this._signatureMethod == "PLAINTEXT" ) {
- hash= this._encodeData(key);
+ hash= key;
}
else {
if( crypto.Hmac ) {

2 comments on commit 4654edc

@ciaranj

Thank you for this, however does this break the other signature methods though ? Would it be possible for you to add a test case to cover it ?

@up_the_irons

This bug hit me too. I saw double encoding of the signature when trying to get protected resources from Yammer. Applying this diff fixed the issue.

Please sign in to comment.
Something went wrong with that request. Please try again.