Details
-
Bug
-
Resolution: Done
-
P2: Important
-
5.8.0
-
None
-
61a1f8ee91a33734f12c14b25ceaff3ae05174e3
Description
I'm using QOAuth1 with a web service (Twitter) that requires URLs to be percent encoded. If I use any special characters in the query, the server rejects the request due to an invalid signature.
QOAuth1::get() doesn't automatically percent encode the URL, so you'd need to encode the query before passing it to QOauth1::get(). But QOAuth1Signature percent encodes all query parameters in the URL, even if they were already percent encoded. So if I want to include "@value" in the query, I would pass it as "%40value" to QOAuth1. Then QOAuth1Signature encodes it to "%2540value" and generates a wrong signature.
#include <QtNetworkAuth>
void testOAuth() {
QVariantMap oauthParams;
oauthParams.insert("oauth_consumer_key", "consumerkey");
oauthParams.insert("oauth_version", "1.0");
oauthParams.insert("oauth_token", "token");
oauthParams.insert("oauth_signature_method", "HMAC-SHA1");
oauthParams.insert("oauth_nonce", "nonce");
oauthParams.insert("oauth_timestamp", "time");
QUrl url("http://example.com");
QString key = "key";
QString value = "@value";
QOAuth1 auth;
QList<QByteArray> results;
{
QUrlQuery query;
query.addQueryItem(key, value);
url.setQuery(query);
results << auth.get(url)->url().toEncoded(); // http://example.com?key=@value
QOAuth1Signature sig(url, QOAuth1Signature::HttpRequestMethod::Get, oauthParams);
results << sig.hmacSha1().toBase64(); // SrVdwHkvs+tTuPls+i47bOD0H9Q=
}
{
QUrlQuery query;
query.addQueryItem(key, QUrl::toPercentEncoding(value));
url.setQuery(query);
results << auth.get(url)->url().toEncoded(); // http://example.com?key=%40value
QOAuth1Signature sig(url, QOAuth1Signature::HttpRequestMethod::Get, oauthParams);
results << sig.hmacSha1().toBase64(); // QHEARfCVhXa7L6Y1sirmOwkZRFE=
}
}