HMAC-SHA1 Verification does not follow OAuth Core specification
Bug #435992 reported by
dobey
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Python oauth library |
Unknown
|
Unknown
|
|||
| python-oauth (Ubuntu) |
Fix Released
|
Undecided
|
dobey | ||
| Karmic |
Fix Released
|
Undecided
|
dobey | ||
Bug Description
Binary package hint: python-oauth
OAuth Core 1.0 specifies verification of the HMAC-SHA1 signature be done by comparing the digest bytes, after the parameter value is decoded from it's URL encoding, and then base64 decoded. The implementation in oauth.py is only comparing the base64 encoded strings.
Related branches
lp://staging/~dobey/ubuntu/karmic/python-oauth/svn1124
- James Westby (community): Approve
-
Diff: 101 lines3 files modifieddebian/changelog (+17/-0)
oauth/oauth.py (+22/-7)
setup.py (+1/-1)
| Changed in python-oauth (Ubuntu): | |
| status: | New → In Progress |
| assignee: | nobody → Rodney Dawes (dobey) |
| Changed in python-oauth (Ubuntu Karmic): | |
| milestone: | none → ubuntu-9.10-beta |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in python-oauth (Ubuntu Karmic): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
This bug was fixed in the package python-oauth - 1.0a~svn1124-
---------------
python-oauth (1.0a~svn1124-
* oauth/oauth.py: Fix typo and argument handling creating invalid
OAuthRequests with from_consumer_
(LP: #435994, http://
* oauth/oauth.py: Fix HMAC-SHA1 verification to follow OAuth Core 1.0 spec
(LP: #435992, http://
python-oauth (1.0a~svn1124-
* New upsream snapshot, includes partial fix for issue 117, and fixes
an error being raised when no verifier is sent to the server
-- Rodney Dawes <email address hidden> Thu, 24 Sep 2009 14:15:33 -0400