Skip to content

Commit

Permalink
Merge pull request #4 from aparkins/master
Browse files Browse the repository at this point in the history
Make sure oauth_body_hash gets forwarded to actual Authorization header
  • Loading branch information
ribrdb authored Sep 13, 2019
2 parents b098500 + 0a10983 commit 5847673
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions auther.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,17 @@ func newAuther(config *Config) *auther {
// request (temporary credential) according to RFC 5849 2.1.
func (a *auther) setRequestTokenAuthHeader(req *http.Request) error {
oauthParams := a.commonOAuthParams()
oauthParams[oauthCallbackParam] = a.config.CallbackURL

params, err := collectParameters(req, oauthParams)
if err != nil {
return err
}

oauthParams[oauthCallbackParam] = a.config.CallbackURL
if bodyHash, ok := params[oauthBodyHash]; ok {
oauthParams[oauthBodyHash] = bodyHash
}

signatureBase := signatureBase(req, params)
signature, err := a.signer().Sign("", signatureBase)
if err != nil {
Expand All @@ -84,17 +90,24 @@ func (a *auther) setRequestTokenAuthHeader(req *http.Request) error {
// (token credential) according to RFC 5849 2.3.
func (a *auther) setAccessTokenAuthHeader(req *http.Request, requestToken, requestSecret, verifier string) error {
oauthParams := a.commonOAuthParams()
oauthParams[oauthTokenParam] = requestToken
oauthParams[oauthVerifierParam] = verifier

params, err := collectParameters(req, oauthParams)
if err != nil {
return err
}

oauthParams[oauthTokenParam] = requestToken
oauthParams[oauthVerifierParam] = verifier
if bodyHash, ok := params[oauthBodyHash]; ok {
oauthParams[oauthBodyHash] = bodyHash
}

signatureBase := signatureBase(req, params)
signature, err := a.signer().Sign(requestSecret, signatureBase)
if err != nil {
return err
}

oauthParams[oauthSignatureParam] = signature
req.Header.Set(authorizationHeaderParam, authHeaderValue(oauthParams))
return nil
Expand All @@ -104,21 +117,29 @@ func (a *auther) setAccessTokenAuthHeader(req *http.Request, requestToken, reque
// requests with an AccessToken (token credential) according to RFC 5849 3.1.
func (a *auther) setRequestAuthHeader(req *http.Request, accessToken *Token) error {
oauthParams := a.commonOAuthParams()

var tokenSecret string
if accessToken != nil {
oauthParams[oauthTokenParam] = accessToken.Token
tokenSecret = accessToken.TokenSecret
}

params, err := collectParameters(req, oauthParams)
if err != nil {
return err
}

signatureBase := signatureBase(req, params)
signature, err := a.signer().Sign(tokenSecret, signatureBase)
if err != nil {
return err
}

oauthParams[oauthSignatureParam] = signature
if bodyHash, ok := params[oauthBodyHash]; ok {
oauthParams[oauthBodyHash] = bodyHash
}

req.Header.Set(authorizationHeaderParam, authHeaderValue(oauthParams))
return nil
}
Expand Down

0 comments on commit 5847673

Please sign in to comment.