Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I'm using oauth_common on a local development server, which has the URL http://localhost:8086. I'm always getting invalid signatures because the OAuthRequest->http_url is:
http://localhost:8086:8086/oauth/request_token
... with the :8086 listed twice.
If I remove lines 247 and 248 from lib/OAuth.php, the $http_url is correct and my signatures succeed. A patch is attached!
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | oauth-patch-doubleport.diff | 1.58 KB | teunis |
| oauth-double-port.patch | 517 bytes | dsnopek | |
Comments
Comment #1
teunis CreditAttribution: teunis commentedAnother rather longer fix, because the problem is with parse_url - which is following its own documentation now and including the port in the hostname. Problem only shows up if using nonstandard port. (eg: because my ISP blocks my web server ports, I run my test services on a nonstandard one)
Tested with Drupal 7/oauth dev + services-3. Tested with REST and XMLRPC - works fine with both from my tests.
The last part is because I initially didn't know why inputstream was asked for, so I added a message notification if its services were required and it wasn't present. I've got some patches for the 'services' crew but am not sure how to submit yet.
btw - thanks for posting this request - I am kind of new to drupal.org and wasn't sure how to post that I even had the patch!
PS: someone let me know if this needs to be in a different format.
Comment #2
sr631 CreditAttribution: sr631 commentedPer the note license note: this code is from: http://code.google.com/p/oauth/
The current library at :
http://oauth.googlecode.com/svn/code/php/OAuth.php
Fixes this bug by using SERVER_NAME instead of HTTP_HOST to build the URL. Testing with that fix works.
I'm very new to drupal, so I'm not sure the process here, but since this is an external library, wouldn't the fix be to simply use the newer (fixed) version? I don't know how I'd contribute that here?
NOTE: this is also an issue for the current 7.x branch
Comment #3
Alan Evans CreditAttribution: Alan Evans commented+1 on upgrading to the latest from google, as I had the exact same issue, which is fixed by using the latest from google.
... I realise that we may have a problem validating the upgrade though, as there are no automated tests included in the oauth project. It will be hard to verify that the upgrade does not break anything. However, the latest from google will be the accepted standard OAuth library, so maybe regression testing is their responsibility.
I appreciate the effort put into patch #1, but I think it's an inappropriate approach here. The latest OAuth lib from google solves the issue by using $_SERVER['SERVER_NAME'] instead of $_SERVER['HTTP_HOST'] when constructing the url, which solves the issue at the source rather than the approach shown here which patches up the url after it's been built.
Note also coding standards don't allow tab characters (indent == 2 spaces). I haven't checked the rest of the patch, as I'm sure using the latest from google is the correct solution.
Comment #4
Alan Evans CreditAttribution: Alan Evans commentedRecommend to the maintainers that this issue be closed as a duplicate of #1235070: OAuth library is outdated