[drakma-devel] cl-oauth and drakma interoperability issue

mohegan-skunkworks fh at mohegan-skunkworks.com
Tue Jan 3 23:53:04 UTC 2012


Hi, is this the right mailing list for this issue ?

Thanks ! 
On Dec 29, 2011, at 1:01 PM, mohegan-skunkworks wrote:

> I just filled an issue on github...
> 
> The text is below...
> Hi,
> I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github).
> 
> I received a complaint from a quicklisp user that he couldn't authenticate with twitter.
> 
> After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen.
> 
> Here's the code diff (plus my proposed change :)
> ========================== v 1.2.3 ==================================
> (when (and (not parameters-used-p)
> parameters)
> (setf (uri-query uri)
> ;; append parameters to existing query of URI
> (format nil "~@[~A~]~:*~:[~;&~]~A"
> (uri-query uri)
> (alist-to-url-encoded-string parameters external-format-out))))
> 
> ===========================current github/v1.2.4=============
> (when-let (all-get-parameters
> (append (dissect-query (uri-query uri))
> (and (not parameters-used-p) parameters)))
> (setf (uri-query uri)
> (alist-to-url-encoded-string all-get-parameters external-format-out)))
> ===============================my proposed change===================================================
> (when (and (not parameters-used-p)
> parameters)
> (when-let (all-get-parameters
> (append (dissect-query (uri-query uri))
> (and (not parameters-used-p) parameters)))
> (setf (uri-query uri)
> (alist-to-url-encoded-string all-get-parameters external-format-out))))
> 
> A few more comments :
> 
> This is the hand-off in cl-oauth :
> 
> (defun http-request (uri &key (request-method :get) parameters drakma-args)
>   ;; TODO handle redirects properly
>   (let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t)))
>     (case request-method
>       (:get 
>        (apply #'drakma:http-request 
> 	      (uri-with-additional-query-part uri param-string-encoded)
> 	      :method request-method
> 	      drakma-args))
>       (:post
>         (apply #'drakma:http-request
>                uri
>                :method request-method
>                :content param-string-encoded
>                drakma-args))
> 
> As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string...
> =======================session===================
> (drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&")
> ("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T"
> [....])
> 
> CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=")
> ; compiling (DEFUN HTTP-REQUEST ...)
> STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN
> 
> ("oauth_signature" "oq37d1/qm[...]778")
> (I've elided some of the strings...).
> 
> I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution...
> 
> At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
> 
> _______________________________________________
> drakma-devel mailing list
> drakma-devel at common-lisp.net
> http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/drakma-devel/attachments/20120103/5c36b556/attachment.html>


More information about the Drakma-devel mailing list