Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #362 from jeffmarshall/master

Running `rfc3986` on `base_uri` in `oauth.hmacsign` instead of just `encodeURIComponent`
  • Loading branch information...
commit 32713adeb81ca7c53f5f022d23309d6eab7d1d47 2 parents 4a81507 + 590452d
@mikeal mikeal authored
Showing with 21 additions and 13 deletions.
  1. +21 −13 oauth.js
View
34 oauth.js
@@ -16,19 +16,27 @@ function rfc3986 (str) {
;
}
-function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret, body) {
- // adapted from https://dev.twitter.com/docs/auth/oauth
- var base =
- (httpMethod || 'GET') + "&" +
- encodeURIComponent( base_uri ) + "&" +
- Object.keys(params).sort().map(function (i) {
- // big WTF here with the escape + encoding but it's what twitter wants
- return escape(rfc3986(i)) + "%3D" + escape(rfc3986(params[i]))
- }).join("%26")
- var key = encodeURIComponent(consumer_secret) + '&'
- if (token_secret) key += encodeURIComponent(token_secret)
- return sha1(key, base)
+function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) {
+ // adapted from https://dev.twitter.com/docs/auth/oauth and
+ // https://dev.twitter.com/docs/auth/creating-signature
+
+ var querystring = Object.keys(params).sort().map(function(key){
+ return key +"="+ params[key];
+ }).join('&');
+
+ var base = [
+ httpMethod ? httpMethod.toUpperCase : 'GET',
+ rfc3986(base_uri),
+ rfc3986(querystring),
+ ].join('&');
+
+ var key = [
+ consumer_secret,
+ token_secret || ''
+ ].map(rfc3986).join('&');
+
+ return sha1(key, base);
}
exports.hmacsign = hmacsign
-exports.rfc3986 = rfc3986
+exports.rfc3986 = rfc3986
Please sign in to comment.
Something went wrong with that request. Please try again.