From c9ce81bfb436c06d8048a16be445b6678ebef151 Mon Sep 17 00:00:00 2001
From: Zooko Ofsimplegeo <zooko@simplegeo.com>
Date: Thu, 3 Feb 2011 11:00:08 -0700
Subject: [PATCH] Include all parameters from URL, even ones that begin with
 "oauth_", in signature base.

effectively reverts https://github.com/simplegeo/python-oauth2/commit/50ca9578f598faff5427e58814e2f45d01d3261c
fixes #27
Thanks to @robhudson for the bug report and help debugging.
---
 oauth2/__init__.py  |  4 ++--
 tests/test_oauth.py | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/oauth2/__init__.py b/oauth2/__init__.py
index 12e4caff..7b88e95a 100644
--- a/oauth2/__init__.py
+++ b/oauth2/__init__.py
@@ -446,8 +446,8 @@ def get_normalized_parameters(self):
         query = urlparse.urlparse(self.url)[4]
 
         url_items = self._split_url_string(query).items()
-        non_oauth_url_items = list([(to_utf8(k), to_utf8(v)) for k, v in url_items  if not k.startswith('oauth_')])
-        items.extend(non_oauth_url_items)
+        url_items = [(to_utf8(k), to_utf8(v)) for k, v in url_items ]
+        items.extend(url_items)
 
         items.sort()
         encoded_str = urllib.urlencode(items)
diff --git a/tests/test_oauth.py b/tests/test_oauth.py
index 7769b4e6..cfd073bd 100644
--- a/tests/test_oauth.py
+++ b/tests/test_oauth.py
@@ -545,6 +545,38 @@ def test_get_normalized_parameters_empty(self):
 
         self.assertEquals(expected, res)
 
+    def test_get_normalized_parameters_from_url(self):
+        # example copied from
+        # https://github.com/ciaranj/node-oauth/blob/master/tests/oauth.js
+        # which in turns says that it was copied from
+        # http://oauth.net/core/1.0/#sig_base_example .
+        url = "http://photos.example.net/photos?file=vacation.jpg&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_nonce=kllo9940pd9333jh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1191242096&oauth_token=nnch734d00sl2jdk&oauth_version=1.0&size=original"
+
+        req = oauth.Request("GET", url)
+
+        res = req.get_normalized_parameters()
+
+        expected = 'file=vacation.jpg&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_nonce=kllo9940pd9333jh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1191242096&oauth_token=nnch734d00sl2jdk&oauth_version=1.0&size=original'
+
+        self.assertEquals(expected, res)
+
+    def test_signing_base(self):
+        # example copied from
+        # https://github.com/ciaranj/node-oauth/blob/master/tests/oauth.js
+        # which in turns says that it was copied from
+        # http://oauth.net/core/1.0/#sig_base_example .
+        url = "http://photos.example.net/photos?file=vacation.jpg&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_nonce=kllo9940pd9333jh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1191242096&oauth_token=nnch734d00sl2jdk&oauth_version=1.0&size=original"
+
+        req = oauth.Request("GET", url)
+
+        sm = oauth.SignatureMethod_HMAC_SHA1()
+
+        consumer = oauth.Consumer('dpf43f3p2l4k3l03', 'foo')
+        key, raw = sm.signing_base(req, consumer, None)
+
+        expected = 'GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal'
+        self.assertEquals(expected, raw)
+
     def test_get_normalized_parameters(self):
         url = "http://sp.example.com/"