nwios / oauthconsumer Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/oauthconsumer
Automatically exported from code.google.com/p/oauthconsumer
What steps will reproduce the problem?
POSTing anything with a POST body and no encoded POST parameters
What is the expected output? What do you see instead?
Expect correct signature and successful POST.
Instead depending on input, either invalid signatures are created, or an
out-of-bounds exception occurs.
What version of the product are you using? On what operating system?
Obj-C 2.0 version. File marked 10/19/07
Please provide any additional information below.
Attached is a patch that looks for the specific "Content-Type" header
"application/x-www-form-urlencoded" as per
http://tools.ietf.org/html/rfc5849#section-3.4.1
I beleive this patch should resolve issues 5 and 16.
Original issue reported on code.google.com by [email protected]
on 19 Mar 2013 at 2:58
Attachments:
OAuthConsumer appears to have been written to assume GC, and leaks exuberantly
when run in a
non-GC environment. I've got a patch to add mixed-mode memory management, which
was
pleasantly straightforward to put together. I really appreciate how clearly
written the framework is,
and I've tried not to gum that up.
I opted to use properties for accessor generation, and in a couple of places
needed read-write in
places where you'd specified read-only. I compromised by making those members
private if they
weren't marked as such already. Here's a summary of the property-related
changes:
OAMutableURLRequest: signature and nonce moved from protected to private, their
properties
changed from read-only to read-write. Properties added for consumer, token,
realm, signatureProvider, and timestamp. Added "self." to ivar usage in .m to
go through accessors.
OADataFetcher - Properties added for request, responseData, and delegate. The
'delegate' property
retains its ivar, which is a little questionable, but I went with it to match
the GC behavior. "self." usage
added.
OAServiceTicket: ivars were already private, property access changed to
read-write. 'self.' usage
added.
OAConsumer, OAToken, OARequestParameter: Properties were in place, no changes
needed.
OAHMAC_SHA1SignatureProvider, OAPlaintextSignatureProvider: No ivars, no
changes needed.
Here's a summary of the other implementation changes in
r678-memory-management.diff:
OAConsumer.m, OADataFetcher.m, OAHMAC_SHA1SignatureProvider.m,
OAPlaintextSignatureProvider.m, OARequestParameter.m, OAServiceTicket.m: Added
dealloc only.
OAMutableURLRequest.m - Added dealloc, fixed two CF leaks in _generateNonce,
additional
autoreleasing in _signatureBaseString.
OAToken.m - Added dealloc, reformatted initWithUserDefaults[...],
storeInUserDefaults[...].
OAToken_KeychainExtensions.m - Changed NSMakeCollectable to CFRelease (outside
GC,
NSMakeCollectable's returned id objects aren't marked autoreleased).
NSMutableURLRequest+Parameters.m - Autoreleasing a couple of things.
I also ran into the same URL encoding problem that Mike fixed, and made some
further changes
there, which are in r678-url-encoding.diff. In NSString+URLEncoding.m,
* CFStringRefs are now returned as NSStrings using NSMakeCollectable, which
should plug leaks
under GC. Returned strings are autoreleased, which plugs leaks not under GC.
* I applied the same character overrides to encodedURLString as
encodedURLParameterString,
because I couldn't figure out why they should be different, given that section
9.1.3 of oauth's spec
references the parameter encoding section. (If the overrides are properly the
same, perhaps the two
encoding methods should be merged.)
* I trimmed three chars out of Mike's character overrides, which testing
indicates the CF encoding
method knows about by default.
In NSString+URLEncodingTest.m, Mike's overridden characters are appended to the
encoding test.
Tested under Intel, all tests passed, no warnings. My OAuth app is just an
infant but it exercises most
of OAuthConsumer's functionality, and Instruments says I'm now leak-free across
my code and the
framework. I realize it's a large patch, and if I can do anything to answer
questions or make it easier
to digest, please let me know.
Thanks very much, it was a huge help not to have to learn the protocol from
scratch.
Original issue reported on code.google.com by [email protected]
on 20 Oct 2008 at 9:55
Attachments:
What steps will reproduce the problem?
1. Ask a request token from the OAuth provider as described in the wiki
2. Call the openURL method as described in the wiki
3. The provider (yammer.com in this case) said: "no request token found"
What is the expected output? What do you see instead?
I expected to see the token in the URL. Not sure if it's passed as a POST
request? The URL didn't
show the the token in the URL so it's missing if it should be a GET request.
What version of the product are you using? On what operating system?
Head version from SVN on Mac off course.
Please provide any additional information below.
I fixed it by adding the request token to the URL (the GET way that is). Not
sure if that's correct
but it seems to work. This could be a Yammer problem as well, don't know. Here
is the code
NSString *urlString = [NSString stringWithFormat:kConsumerAuthorizeURL,
requestToken.key];
NSURL *url = [NSURL URLWithString:urlString];
[[NSWorkspace sharedWorkspace] openURL:url];
Original issue reported on code.google.com by [email protected]
on 15 Nov 2009 at 4:06
On a IOS 4.2.1 device, the request returns the following:
"{"error":{"text":"Signature was
invalid","id":"INVALID_SIGNATURE","description":"Expired timestamp: given
1326836189 and now 1326840585 has a greater difference than threshold 300"}}"
It works fine on IOS5.
anyone know what's going on?
Original issue reported on code.google.com by [email protected]
on 17 Jan 2012 at 10:53
I currently can't figure out how to include the oauthconsumer framework in an
iPhone app.
There seem to be some issues including third party frameworks and some other
frameworks have
released (jsonframework) have released versions which are precompiled and
includable as additional
SDKs for iPhone development.
Enabling iPhone development would be very nice.
Original issue reported on code.google.com by alper.cugun
on 30 Aug 2008 at 3:46
What steps will reproduce the problem?
1. Authorize an application against a service such as LinkedIn
2. Build a POST request to an API (e.g. LinkedIn Invitation API)
3. Set the HTTPBody content to some string that contains an "=" sign. For
example, the LinkedIn API's JSON specification uses the following. Note the
line with "[email protected]":
{
"recipients": {
"values": [
{
"person": {
"_path": "/people/[email protected]"",
"first-name":"Andrew",
"last-name":"User"
}
}]
},
"subject": "Invitation to connect.",
"body": "Say yes!",
"item-content":{
"invitation-request":{
"connect-type":"friend"
}
}
3. Submit the request to the service provider using [fetchDataWithRequest]
What is the expected output? What do you see instead?
The expectation is that the signature base string does not include the JSON
string as a name/value pair.
What actually happens is the signature base string does include the above with
the part of the JSON string to the left of the "=" sign as the parameter name,
and the part of the JSON string to the right of the "=" sign as the parameter
value. This condition arises because the [prepare] method is always called by
the [fetchDataWithRequest] method of the OADataFetcher object just before the
NSURLConnection is initialized.
How I resolved it: I commented out the call to [prepare] within the
[fetchDataWithRequest] method of [OADataFetcher] and have updated my own code
to specifically call [prepare] on the request object at the appropriate time
(in my example, before setting HTTPBody to the above JSON string).
What version of the product are you using? On what operating system?
Version: Objective C version 2.0
OS: iOS 6
Please provide any additional information below.
Within the [prepare] method is a reference to [self parameters], which calls a
method on the NSMutableURLRequest+Parameters category. On line 58 is where a
strings are split by the "=" sign. If HTTPBody has been set to the above, the
JSON string is then assumed to be a name/value parameter.
Original issue reported on code.google.com by [email protected]
on 1 Oct 2012 at 12:46
I cleaned and then built all on 10.5.2 on a MacBook Pro. I tried both Debug
and Release. I get three
errors:
error: -[OATokenTest testInitWithKeychainUsingAppName] : '(null)' should be
equal to '123456'
Token key was incorrectly populated as: (null)
error: -[OATokenTest testInitWithKeychainUsingAppName] : '(null)' should be
equal to 'abcdef'
Token secret was incorrectly populated as: (null)
error: Failed tests for architecture 'ppc' (GC OFF)
Original issue reported on code.google.com by [email protected]
on 9 May 2008 at 4:51
What steps will reproduce the problem?
Replace 3 urls as:
Request Token:
http://vimeo.com/oauth/request_token
User Authorization:
http://vimeo.com/oauth/authorize
Access Token:
http://vimeo.com/oauth/access_token
For getting access token, get verifier and authorized token from webview
request when the app is redirected to callback in the "User Authorization step".
Pass these as parameters to http://vimeo.com/oauth/access_token as follows:
- (void)successfulAuthorizationWithToken:(NSString *)token verifier:(NSString
*)verifier {
OAMutableURLRequest *request;
OADataFetcher *fetcher;
NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/access_token"];
request = [[[OAMutableURLRequest alloc] initWithURL:url
consumer:self.consumer
token:nil
realm:nil
signatureProvider:nil] autorelease];
OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_token"
value:token];
OARequestParameter *p1 = [[OARequestParameter alloc] initWithName:@"oauth_verifier"
value:verifier];
NSArray *params = [NSArray arrayWithObjects:p0, p1, nil];
[request setParameters:params];
fetcher = [[[OADataFetcher alloc] init] autorelease];
[fetcher fetchDataWithRequest:request
delegate:self
didFinishSelector:@selector(accessTokenTicket:didFinishWithData:)
didFailSelector:@selector(accessTokenTicket:didFailWithError:)];
[p0 release];
[p1 release];
}
What is the expected output? What do you see instead?
App returns following error is selector (accessTokenTicket:didFailWithError:):
Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be
completed. (NSURLErrorDomain error -1012.)" UserInfo=0xe2aab40
{NSErrorFailingURLKey=http://vimeo.com/oauth/access_token?oauth_token=c033e428a2
f07516edc82f11f48de7c3&oauth_verifier=category-2108815695,
NSErrorFailingURLStringKey=http://vimeo.com/oauth/access_token?oauth_token=c033e
428a2f07516edc82f11f48de7c3&oauth_verifier=category-2108815695,
NSUnderlyingError=0xe2a57f0 "The operation couldn’t be completed.
(kCFErrorDomainCFNetwork error -1012.)"}
App should go to selector(accessTokenTicket:didFinishWithData:)
What version of the product are you using? On what operating system?
It's an iPad app
Please provide any additional information below.
App has callback registered during registration.
Here are the other two requests for getting request token and authorization
- (IBAction)authenticateButtonAction {
NSLog(@"authenticateButtonAction");
OAMutableURLRequest *request;
OADataFetcher *fetcher;
//NSURL *url = [NSURL URLWithString:@"https://api.twitter.com/oauth/request_token"];
NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/request_token"];
request = [[[OAMutableURLRequest alloc] initWithURL:url
consumer:self.consumer
token:nil
realm:nil
signatureProvider:nil] autorelease];
[request setHTTPMethod:@"GET"];
OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_callback" value:@"oob"];
NSArray *params = [NSArray arrayWithObject:p0];
[request setParameters:params];
fetcher = [[[OADataFetcher alloc] init] autorelease];
[fetcher fetchDataWithRequest:request
delegate:self
didFinishSelector:@selector(requestTokenTicket:didFinishWithData:)
didFailSelector:@selector(requestTokenTicket:didFailWithError:)];
}
- (void)requestTokenTicket:(OAServiceTicket *)ticket didFinishWithData:(NSData
*)data {
if (ticket.didSucceed) {
OAMutableURLRequest *request;
NSString *responseBody = [[NSString alloc] initWithData:data
encoding:NSUTF8StringEncoding];
if (self.accessToken != nil) {
[self.accessToken release];
self.accessToken = nil;
}
self.accessToken = [[OAToken alloc] initWithHTTPResponseBody:responseBody];
[responseBody release];
//NSURL *url = [NSURL URLWithString:@"https://api.twitter.com/oauth/authorize"];
NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/authorize"];
request = [[[OAMutableURLRequest alloc] initWithURL:url
consumer:self.consumer
token:self.accessToken
realm:nil
signatureProvider:nil] autorelease];
OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_token"
value:self.accessToken.key];
NSArray *params = [NSArray arrayWithObject:p0];
[request setParameters:params];
//[request prepare];
AuthorizeWebViewController *vc;
vc = [[AuthorizeWebViewController alloc] initWithNibName:@"AuthorizeWebViewController" bundle:nil];
vc.delegate = self;
[self presentModalViewController:vc animated:YES];
[vc.webView loadRequest:request];
[vc release];
[p0 release];
}
else {
}
}
Original issue reported on code.google.com by [email protected]
on 12 May 2011 at 8:30
What steps will reproduce the problem?
1. I have received access token
How to post/share on user's wall/ home
Original issue reported on code.google.com by [email protected]
on 19 Dec 2011 at 11:24
What steps will reproduce the problem?
1. POST e.g. XLM data in the HTTP body
2. have some encoded XML special characters in there (like < and > and so
on)
3. launch the request
What is the expected output? What do you see instead?
Expected: XML with encoded chars goes straight through
Instead: "*** Terminating app due to uncaught exception 'NSRangeException',
reason: '*** -
[NSCFArray objectAtIndex:]: index (1) beyond bounds (1)"
What version of the product are you using? On what operating system?
// NSMutableURLRequest+Parameters.m
//
// Created by Jon Crosby on 10/19/07.
Please provide any additional information below.
- The code that's in question resides in the - (NSArray *)parameters method of
NSMutableURLRequest+Parameters.m.
- & character is considered a delimiter for key/value pairs which is not always
the case (as for
instance with XML data where & is used to escape special characters)
Original issue reported on code.google.com by [email protected]
on 6 Oct 2009 at 10:41
What steps will reproduce the problem?
1. Run the unit tests. The bug appears intermittently.
What is the expected output? What do you see instead?
Unit tests crash. See attached output.
What version of the product are you using? On what operating system?
Revision 1241, Xcode 3.2, Mac OS X 10.6.4
Please provide any additional information below.
Original issue reported on code.google.com by [email protected]
on 25 Oct 2010 at 5:42
Attachments:
I know the static analyser is not perfect and is only meant to highlight areas
to look at but several of the memory leaks it has highlighted seem valid,
however as I am currently struggling to get the OAToken_KeychainExtensions to
work and also struggling to access protected resources after getting both keys
I cannot begin testing this.
Perhaps its worth looking into.
Original issue reported on code.google.com by [email protected]
on 4 Jul 2010 at 3:50
Dear sir,
May I take the objective-c(for iOS) part to Github?
I wish that library can present on Cocoapods.
Sincerely yours.
Original issue reported on code.google.com by [email protected]
on 13 May 2014 at 2:31
What steps will reproduce the problem?
- Send an OAuth request that has a parameter with a RFC 3986 sub-delim in
it (for example, '!').
What is the expected output? What do you see instead?
- Sub-delim should be escaped in SignatureBaseString, but it's not. Simple
fix is to add all sub-delims to the list of characters to encode in
NSString+URLEncoding.m encodeURLParameterString: on line 44. The list of
sub-delims is available at http://tools.ietf.org/html/rfc3986#section-2.2.
I'm using CFSTR(":/=,!$&'()*+;[]@#?").
Original issue reported on code.google.com by [email protected]
on 6 Jun 2008 at 9:04
What steps will reproduce the problem?
It’s hard to say exactly what conditions lead up to this, but we’re seeing
intermittent crashing in OAMutableURLRequest.
What is the expected output? What do you see instead?
Expected: it works
Instead, it crashes on CFRelease()
What version of the product are you using? On what operating system?
The version included in https://github.com/bengottlieb/Twitter-OAuth-iPhone
Please provide any additional information below.
I believe the crash is related to this line (in my code, line 287 of
OAMutableURLRequest.m, in the method -URLEncodedString:):
CFRelease(preprocessedString);
Since CFURLCreateStringByReplacingPercentEscapesUsingEncoding() can return NULL
if it fails, this line should be changed to:
if (preprocessedString != NULL) {
CFRelease(preprocessedString);
}
That should safeguard against CFRelease() crashing. We’re currently testing
this change in our code.
Original issue reported on code.google.com by [email protected]
on 17 Jan 2012 at 5:45
What steps will reproduce the problem?
1. use a OAMutableURLRequest on a slowish server/connection
2. it times out and fails
What is the expected output? What do you see instead?
A successful request
What version of the product are you using? On what operating system?
iPhone
Please provide any additional information below.
The timeout specified in OAMutableURLRequest.m is 10 seconds, which I kept
hitting when
recently trying to interact with foursquare. The default timeout for
NSURLRequest_Class is 60
seconds and it should probably be the same for OAMutableURLRequest.
http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/
Classes/N
SURLRequest_Class/Reference/Reference.html
Original issue reported on code.google.com by [email protected]
on 4 May 2010 at 3:35
Twitter OAUTH now requires that oauth_callback be sent with every request.
There is no availability for this in the oauthconsumer since it's not really a
requirement of oauth 1.0.
Stupid Twitter.
Original issue reported on code.google.com by [email protected]
on 13 Jun 2013 at 9:09
I receive the following error
oauth_timestamp is too far away; we believe it is now 1318854880, you sent
1318900286, 45406 seconds away
Original issue reported on code.google.com by [email protected]
on 17 Oct 2011 at 12:36
I need the feature mentioned in the title, so I have implemented a crude token
removal mechanism from the keychain (see patch attached).
However, note that storing a new token for an existing {application,
service_provider} pair will _not_ default to deleting the previous one - you
need to explicitly remove it yourself if your application needs that behaviour.
Also, if several items exist for the same application and service provider
names, only the first one found will be removed.
Cheers!
Original issue reported on code.google.com by [email protected]
on 31 Aug 2010 at 11:20
Attachments:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.