[drakma-devel] cl-oauth and drakma interoperability issue
mohegan-skunkworks
fh at mohegan-skunkworks.com
Thu Dec 29 18:01:45 UTC 2011
I just filled an issue on github...
The text is below...
Hi,
I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github).
I received a complaint from a quicklisp user that he couldn't authenticate with twitter.
After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen.
Here's the code diff (plus my proposed change :)
========================== v 1.2.3 ==================================
(when (and (not parameters-used-p)
parameters)
(setf (uri-query uri)
;; append parameters to existing query of URI
(format nil "~@[~A~]~:*~:[~;&~]~A"
(uri-query uri)
(alist-to-url-encoded-string parameters external-format-out))))
===========================current github/v1.2.4=============
(when-let (all-get-parameters
(append (dissect-query (uri-query uri))
(and (not parameters-used-p) parameters)))
(setf (uri-query uri)
(alist-to-url-encoded-string all-get-parameters external-format-out)))
===============================my proposed change===================================================
(when (and (not parameters-used-p)
parameters)
(when-let (all-get-parameters
(append (dissect-query (uri-query uri))
(and (not parameters-used-p) parameters)))
(setf (uri-query uri)
(alist-to-url-encoded-string all-get-parameters external-format-out))))
A few more comments :
This is the hand-off in cl-oauth :
(defun http-request (uri &key (request-method :get) parameters drakma-args)
;; TODO handle redirects properly
(let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t)))
(case request-method
(:get
(apply #'drakma:http-request
(uri-with-additional-query-part uri param-string-encoded)
:method request-method
drakma-args))
(:post
(apply #'drakma:http-request
uri
:method request-method
:content param-string-encoded
drakma-args))
As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string...
=======================session===================
(drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&")
("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T"
[....])
CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=")
; compiling (DEFUN HTTP-REQUEST ...)
STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN
("oauth_signature" "oq37d1/qm[...]778")
(I've elided some of the strings...).
I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution...
At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/drakma-devel/attachments/20111229/6c4d9c2a/attachment.html>
More information about the Drakma-devel
mailing list