Details
-
Suggestion
-
Resolution: Won't Do
-
P4: Low
-
None
-
5.15.0
-
None
-
All
Description
The Oauth1 standard requires the server to respond with Content-Type: application/x-www-form-urlencoded However the code in qoauthoobreplyhandler.cpp:
void QOAuthOobReplyHandler::networkReplyFinished
Handles a number of other Content-Types, such as text/html, application/javascript, text/json, etc.
SUGGESTION:
Instead of issuing a warning and returning when the content type is unknown, attempt to parse the data and only return if the parsing failed:
diff --git a/src/oauth/qoauthoobreplyhandler.cpp b/src/oauth/qoauthoobreplyhandler.cpp
index 0409274..a2c03cd 100644
--- a/src/oauth/qoauthoobreplyhandler.cpp
+++ b/src/oauth/qoauthoobreplyhandler.cpp
@@ -92,7 +92,9 @@ void QOAuthOobReplyHandler::networkReplyFinished(QNetworkReply *reply)
{{ ret = object.toVariantMap();}}
{{ } else {}}
{{ qCWarning(lcReplyHandler, "Unknown Content-type: %s", qPrintable(contentType));}}
- return;
+ ret = parseResponse(data);
+ if(ret.isEmpty())
+ return;
{{ }}}
{{ Q_EMIT tokensReceived(ret);}}
This was discovered while attempting to authenticate against OpenStreetMap.org's auth server. It returns "text/plain" and the url encoded oauth credentials resulting in failed authentication by QOAuth1. The content type was ultimately set by the Ruby oauth-plugin project which is used by OSM.