Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-61125

QOAuth1 creates an invalid signature for percent encoded query

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P2: Important
    • Resolution: Done
    • Affects Version/s: 5.8.0
    • Fix Version/s: 5.9.2
    • Labels:
      None
    • Commits:
      61a1f8ee91a33734f12c14b25ceaff3ae05174e3

      Description

      I'm using QOAuth1 with a web service (Twitter) that requires URLs to be percent encoded. If I use any special characters in the query, the server rejects the request due to an invalid signature.

      QOAuth1::get() doesn't automatically percent encode the URL, so you'd need to encode the query before passing it to QOauth1::get(). But QOAuth1Signature percent encodes all query parameters in the URL, even if they were already percent encoded. So if I want to include "@value" in the query, I would pass it as "%40value" to QOAuth1. Then QOAuth1Signature encodes it to "%2540value" and generates a wrong signature.

       

      #include <QtNetworkAuth>
      
      void testOAuth() {
        QVariantMap oauthParams;
        oauthParams.insert("oauth_consumer_key", "consumerkey");
        oauthParams.insert("oauth_version", "1.0");
        oauthParams.insert("oauth_token", "token");
        oauthParams.insert("oauth_signature_method", "HMAC-SHA1");
        oauthParams.insert("oauth_nonce", "nonce");
        oauthParams.insert("oauth_timestamp", "time");
      
        QUrl url("http://example.com");
        QString key = "key";
        QString value = "@value";
        QOAuth1 auth;
        QList<QByteArray> results;
       
        {
          QUrlQuery query;
          query.addQueryItem(key, value);
          url.setQuery(query);
          results << auth.get(url)->url().toEncoded(); // http://example.com?key=@value
          QOAuth1Signature sig(url, QOAuth1Signature::HttpRequestMethod::Get, oauthParams);
          results << sig.hmacSha1().toBase64(); // SrVdwHkvs+tTuPls+i47bOD0H9Q=
        }
      
        {
          QUrlQuery query;
          query.addQueryItem(key, QUrl::toPercentEncoding(value));
          url.setQuery(query);
          results << auth.get(url)->url().toEncoded(); // http://example.com?key=%40value
          QOAuth1Signature sig(url, QOAuth1Signature::HttpRequestMethod::Get, oauthParams);
          results << sig.hmacSha1().toBase64(); // QHEARfCVhXa7L6Y1sirmOwkZRFE=
        }
      }
      

        Attachments

        1. main.cpp
          0.3 kB
        2. TestOAuth.cpp
          0.7 kB
        3. TestOAuth.hpp
          0.3 kB
        For Gerrit Dashboard: QTBUG-61125
        # Subject Branch Project Status CR V

          Activity

            People

            • Assignee:
              manordheim Mårten Nordheim
              Reporter:
              sottka sottka
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Gerrit Reviews

                There are no open Gerrit changes