Skip to content

Commit ae7093d

Browse files
authored
Merge pull request #232 from chuckremes/master
Option to disable oauth_body_hash computation
2 parents 32a67a3 + c780ac6 commit ae7093d

File tree

4 files changed

+25
-7
lines changed

4 files changed

+25
-7
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1010

1111
### Changed
1212

13+
* Made a new option `body_hash_enabled` which defaults to true to maintain backward compatibility with prior releases. Setting to `false` disables generation of a `oauth_body_hash` component as part of the signature computation.
1314

1415
### Fixed
1516

lib/oauth/client/net_http.rb

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ class HTTPGenericRequest
1818
# * consumer - OAuth::Consumer instance
1919
# * token - OAuth::Token instance
2020
# * options - Request-specific options (e.g. +request_uri+, +consumer+, +token+, +scheme+,
21-
# +signature_method+, +nonce+, +timestamp+)
21+
# +signature_method+, +nonce+, +timestamp+, +body_hash+)
2222
#
2323
# This method also modifies the <tt>User-Agent</tt> header to add the OAuth gem version.
2424
#
@@ -29,7 +29,7 @@ def oauth!(http, consumer = nil, token = nil, options = {})
2929
helper_options = oauth_helper_options(http, consumer, token, options)
3030
@oauth_helper = OAuth::Client::Helper.new(self, helper_options)
3131
@oauth_helper.amend_user_agent_header(self)
32-
@oauth_helper.hash_body if oauth_body_hash_required?
32+
@oauth_helper.hash_body if oauth_body_hash_required?(helper_options)
3333
send("set_oauth_#{helper_options[:scheme]}")
3434
end
3535

@@ -51,7 +51,7 @@ def oauth!(http, consumer = nil, token = nil, options = {})
5151
def signature_base_string(http, consumer = nil, token = nil, options = {})
5252
helper_options = oauth_helper_options(http, consumer, token, options)
5353
@oauth_helper = OAuth::Client::Helper.new(self, helper_options)
54-
@oauth_helper.hash_body if oauth_body_hash_required?
54+
@oauth_helper.hash_body if oauth_body_hash_required?(helper_options)
5555
@oauth_helper.signature_base_string
5656
end
5757

@@ -64,7 +64,8 @@ def oauth_helper_options(http, consumer, token, options)
6464
scheme: "header",
6565
signature_method: nil,
6666
nonce: nil,
67-
timestamp: nil }.merge(options)
67+
timestamp: nil,
68+
body_hash_enabled: true }.merge(options)
6869
end
6970

7071
def oauth_full_request_uri(http, options)
@@ -87,8 +88,8 @@ def oauth_full_request_uri(http, options)
8788
uri.to_s
8889
end
8990

90-
def oauth_body_hash_required?
91-
!@oauth_helper.token_request? && request_body_permitted? && !content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded")
91+
def oauth_body_hash_required?(options)
92+
!@oauth_helper.token_request? && request_body_permitted? && !content_type.to_s.downcase.start_with?("application/x-www-form-urlencoded") && options[:body_hash_enabled]
9293
end
9394

9495
def set_oauth_header

lib/oauth/consumer.rb

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,11 @@ class Consumer
6464
# some_value - uses some_value
6565
debug_output: nil,
6666

67+
# Defaults to producing a body_hash as part of the signature but
68+
# can be disabled since it's not officially part of the OAuth 1.0
69+
# spec. Possible values are true and false
70+
body_hash_enabled: true,
71+
6772
oauth_version: "1.0"
6873
}
6974

@@ -78,7 +83,8 @@ class Consumer
7883
# :http_method => :post,
7984
# :request_token_path => "/oauth/example/request_token.php",
8085
# :access_token_path => "/oauth/example/access_token.php",
81-
# :authorize_path => "/oauth/example/authorize.php"
86+
# :authorize_path => "/oauth/example/authorize.php",
87+
# :body_hash_enabled => false
8288
# })
8389
#
8490
# Start the process by requesting a token

test/units/test_net_http_client.rb

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,6 +310,16 @@ def test_that_post_bodies_signed_if_other_content_type
310310
signature_base_string
311311
end
312312

313+
def test_that_post_bodies_not_signed_if_body_hash_disabled
314+
request = Net::HTTP::Post.new(@request_uri.path)
315+
request.body = "<?xml version=\"1.0\"?><foo><bar>baz</bar></foo>"
316+
request["Content-Type"] = "application/xml"
317+
signature_base_string = request.signature_base_string(@http, @consumer, nil,
318+
{ nonce: @nonce, timestamp: @timestamp, body_hash_enabled: false })
319+
assert_equal "POST&http%3A%2F%2Fexample.com%2Ftest&oauth_consumer_key%3Dconsumer_key_86cad9%26oauth_nonce%3D225579211881198842005988698334675835446%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1199645624%26oauth_version%3D1.0",
320+
signature_base_string
321+
end
322+
313323
def test_that_site_address_is_not_modified_in_place
314324
options = { site: "http://twitter.com", request_endpoint: "http://api.twitter.com" }
315325
request = Net::HTTP::Get.new("#{@request_uri.path}?#{request_parameters_to_s}")

0 commit comments

Comments
 (0)