Skip to content

Handle case when body is None #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Handle case when body is None #113

wants to merge 1 commit into from

Conversation

holm
Copy link

@holm holm commented Apr 6, 2012

Should fix issue #112

@markunsworth
Copy link

Seems sensible. The spec says you SHOULD hash an empty string for the body_hash if the body is empty. I can't think why that would be recommended though. If a body is added to the request by a man in the middle attack the server will hash the body and the request signature would be different.

@rickhanlonii rickhanlonii mentioned this pull request Apr 26, 2013
Closed
@rickhanlonii
Copy link
Collaborator

Thanks @holm, this does fix 112. But @markunsworth is right, the specification states:

3.2. Hash Calculation

The value of the oauth_body_hash parameter SHALL be set as follows:

  1. The body hash value is calculated by executing the selected hash algorithm over the request body. The request body is the entity body as defined in [RFC2616] section 7.2. If the request does not have an entity body, the hash should be taken over the empty string.

  2. The calculated body hash value is encoded using Base64 per [RFC4648].

So we shouldn't skip the hash in this instance, we should hash an empty string. See: 28af426

@joestump
Copy link
Owner

I'm going to close this out in favor of #138.

@joestump joestump closed this Jul 29, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@holm @markunsworth @rickhanlonii @joestump