Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Running `rfc3986` on `base_uri` in `oauth.hmacsign` instead of just `encodeURIComponent` #362

Merged
merged 1 commit into from Nov 5, 2012
Jump to file or symbol
Failed to load files and symbols.
+21 −13
Split
View
@@ -16,19 +16,27 @@ function rfc3986 (str) {
;
}
-function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret, body) {
- // adapted from https://dev.twitter.com/docs/auth/oauth
- var base =
- (httpMethod || 'GET') + "&" +
- encodeURIComponent( base_uri ) + "&" +
- Object.keys(params).sort().map(function (i) {
- // big WTF here with the escape + encoding but it's what twitter wants
- return escape(rfc3986(i)) + "%3D" + escape(rfc3986(params[i]))
- }).join("%26")
- var key = encodeURIComponent(consumer_secret) + '&'
- if (token_secret) key += encodeURIComponent(token_secret)
- return sha1(key, base)
+function hmacsign (httpMethod, base_uri, params, consumer_secret, token_secret) {
+ // adapted from https://dev.twitter.com/docs/auth/oauth and
+ // https://dev.twitter.com/docs/auth/creating-signature
+
+ var querystring = Object.keys(params).sort().map(function(key){
+ return key +"="+ params[key];
+ }).join('&');
+
+ var base = [
+ httpMethod ? httpMethod.toUpperCase : 'GET',
+ rfc3986(base_uri),
+ rfc3986(querystring),
+ ].join('&');
+
+ var key = [
+ consumer_secret,
+ token_secret || ''
+ ].map(rfc3986).join('&');
+
+ return sha1(key, base);
}
exports.hmacsign = hmacsign
-exports.rfc3986 = rfc3986
+exports.rfc3986 = rfc3986