[drakma-devel] cl-oauth and drakma interoperability issue
I just filled an issue on github... The text is below... Hi, I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github). I received a complaint from a quicklisp user that he couldn't authenticate with twitter. After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen. Here's the code diff (plus my proposed change :) ========================== v 1.2.3 ================================== (when (and (not parameters-used-p) parameters) (setf (uri-query uri) ;; append parameters to existing query of URI (format nil "~@[~A~]~:*~:[~;&~]~A" (uri-query uri) (alist-to-url-encoded-string parameters external-format-out)))) ===========================current github/v1.2.4============= (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))) ===============================my proposed change=================================================== (when (and (not parameters-used-p) parameters) (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out)))) A few more comments : This is the hand-off in cl-oauth : (defun http-request (uri &key (request-method :get) parameters drakma-args) ;; TODO handle redirects properly (let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t))) (case request-method (:get (apply #'drakma:http-request (uri-with-additional-query-part uri param-string-encoded) :method request-method drakma-args)) (:post (apply #'drakma:http-request uri :method request-method :content param-string-encoded drakma-args)) As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string... =======================session=================== (drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&") ("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T" [....]) CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=") ; compiling (DEFUN HTTP-REQUEST ...) STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN ("oauth_signature" "oq37d1/qm[...]778") (I've elided some of the strings...). I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution... At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
Hi, is this the right mailing list for this issue ? Thanks ! On Dec 29, 2011, at 1:01 PM, mohegan-skunkworks wrote:
I just filled an issue on github...
The text is below... Hi, I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github).
I received a complaint from a quicklisp user that he couldn't authenticate with twitter.
After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen.
Here's the code diff (plus my proposed change :) ========================== v 1.2.3 ================================== (when (and (not parameters-used-p) parameters) (setf (uri-query uri) ;; append parameters to existing query of URI (format nil "~@[~A~]~:*~:[~;&~]~A" (uri-query uri) (alist-to-url-encoded-string parameters external-format-out))))
===========================current github/v1.2.4============= (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))) ===============================my proposed change=================================================== (when (and (not parameters-used-p) parameters) (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))))
A few more comments :
This is the hand-off in cl-oauth :
(defun http-request (uri &key (request-method :get) parameters drakma-args) ;; TODO handle redirects properly (let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t))) (case request-method (:get (apply #'drakma:http-request (uri-with-additional-query-part uri param-string-encoded) :method request-method drakma-args)) (:post (apply #'drakma:http-request uri :method request-method :content param-string-encoded drakma-args))
As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string... =======================session=================== (drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&") ("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T" [....])
CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=") ; compiling (DEFUN HTTP-REQUEST ...) STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN
("oauth_signature" "oq37d1/qm[...]778") (I've elided some of the strings...).
I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution...
At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
It is, but see here: http://lists.common-lisp.net/pipermail/drakma-devel/2011-August/000884.html On Wed, Jan 4, 2012 at 12:53 AM, mohegan-skunkworks <fh@mohegan-skunkworks.com> wrote:
Hi, is this the right mailing list for this issue ?
Thanks ! On Dec 29, 2011, at 1:01 PM, mohegan-skunkworks wrote:
I just filled an issue on github...
The text is below...
Hi, I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github).
I received a complaint from a quicklisp user that he couldn't authenticate with twitter.
After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen.
Here's the code diff (plus my proposed change :) ========================== v 1.2.3 ================================== (when (and (not parameters-used-p) parameters) (setf (uri-query uri) ;; append parameters to existing query of URI (format nil "~@[~A~]~:*~:[~;&~]~A" (uri-query uri) (alist-to-url-encoded-string parameters external-format-out))))
===========================current github/v1.2.4============= (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))) ===============================my proposed change=================================================== (when (and (not parameters-used-p) parameters) (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))))
________________________________
A few more comments :
This is the hand-off in cl-oauth :
(defun http-request (uri &key (request-method :get) parameters drakma-args) ;; TODO handle redirects properly (let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t))) (case request-method (:get (apply #'drakma:http-request (uri-with-additional-query-part uri param-string-encoded) :method request-method drakma-args)) (:post (apply #'drakma:http-request uri :method request-method :content param-string-encoded drakma-args))
As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string... =======================session=================== (drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&") ("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T" [....])
CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=") ; compiling (DEFUN HTTP-REQUEST ...) STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN
("oauth_signature" "oq37d1/qm[...]778")
(I've elided some of the strings...).
I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution...
At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
ok, does this mean that this library is no longer maintained ? On Jan 4, 2012, at 9:54 AM, Edi Weitz wrote:
It is, but see here:
http://lists.common-lisp.net/pipermail/drakma-devel/2011-August/000884.html
On Wed, Jan 4, 2012 at 12:53 AM, mohegan-skunkworks <fh@mohegan-skunkworks.com> wrote:
Hi, is this the right mailing list for this issue ?
Thanks ! On Dec 29, 2011, at 1:01 PM, mohegan-skunkworks wrote:
I just filled an issue on github...
The text is below...
Hi, I'm using cl-oauth to authenticate with twitter (it's in the cl-twitter package, also on github).
I received a complaint from a quicklisp user that he couldn't authenticate with twitter.
After looking into this a bit I realized that drakma is encoding the uri on get requests. Now, cl-oauth passes in an encoded uri so this uri gets encoded twice. This was never a problem for me because I was using v 1.2.3 of drakma where this didn't happen.
Here's the code diff (plus my proposed change :) ========================== v 1.2.3 ================================== (when (and (not parameters-used-p) parameters) (setf (uri-query uri) ;; append parameters to existing query of URI (format nil "~@[~A~]~:*~:[~;&~]~A" (uri-query uri) (alist-to-url-encoded-string parameters external-format-out))))
===========================current github/v1.2.4============= (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))) ===============================my proposed change=================================================== (when (and (not parameters-used-p) parameters) (when-let (all-get-parameters (append (dissect-query (uri-query uri)) (and (not parameters-used-p) parameters))) (setf (uri-query uri) (alist-to-url-encoded-string all-get-parameters external-format-out))))
________________________________
A few more comments :
This is the hand-off in cl-oauth :
(defun http-request (uri &key (request-method :get) parameters drakma-args) ;; TODO handle redirects properly (let* ((param-string-encoded (alist->query-string parameters :include-leading-ampersand nil :url-encode t))) (case request-method (:get (apply #'drakma:http-request (uri-with-additional-query-part uri param-string-encoded) :method request-method drakma-args)) (:post (apply #'drakma:http-request uri :method request-method :content param-string-encoded drakma-args))
As you can see url-encode is set to t. That was because (I think !) previous versions required encoding and drakma wasn't providing any. Now, ideally tis flag s/b nil. However the issue the becomes the string splitting in dissect-query. This splits on "=" which is also the terminating symbol for the authentication string... =======================session=================== (drakma::split-string "oauth_signature=oq37d1/qm[....]fIKb778=&include_entities=T&oauth_consumer_key=9[....]cYBg&oauth_token=206[...]Tt5SwRvCJqQWgR3ajEQpk&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1325002586&oauth_nonce=3680613621135035286&oauth_version=1.0" "&") ("oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "include_entities=T" [....])
CL-USER> (drakma::split-string "oauth_signature=oq37d1/qmFX0YuQUwxsgfIKb778=" "=") ; compiling (DEFUN HTTP-REQUEST ...) STYLE-WARNING: redefining DRAKMA:HTTP-REQUEST in DEFUN
("oauth_signature" "oq37d1/qm[...]778")
(I've elided some of the strings...).
I think my proposal resolves the issue. However, it would require a bit more work to get to what I think is the 'right' solution...
At this stage I'd like to get some feedback on whta you consider the right course of action before proceeding to submit a patch
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
thanks for the feedback... I'll take a closer look at cl-oauth then... On Jan 7, 2012, at 5:06 PM, Zach Beane wrote:
mohegan-skunkworks <fh@mohegan-skunkworks.com> writes:
ok, does this mean that this library is no longer maintained ?
For what it's worth, I had a similar issue with ZS3, but rewriting ZS3 to pass parameters as :parameters instead of in the URL worked to fix it.
Zach
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
On Sat, Jan 7, 2012 at 10:50 PM, mohegan-skunkworks <fh@mohegan-skunkworks.com> wrote:
ok, does this mean that this library is no longer maintained ?
It means that I currently don't have the time to maintain it. But you can check out the github repository and see what's happening there: http://netzhansa.blogspot.com/2011/08/ediware-moving-to-github.html Cheers, Edi.
got it, thanks for the follow up. I appreciate it ! On Jan 7, 2012, at 8:31 PM, Edi Weitz wrote:
On Sat, Jan 7, 2012 at 10:50 PM, mohegan-skunkworks <fh@mohegan-skunkworks.com> wrote:
ok, does this mean that this library is no longer maintained ?
It means that I currently don't have the time to maintain it. But you can check out the github repository and see what's happening there:
http://netzhansa.blogspot.com/2011/08/ediware-moving-to-github.html
Cheers, Edi.
_______________________________________________ drakma-devel mailing list drakma-devel@common-lisp.net http://lists.common-lisp.net/cgi-bin/mailman/listinfo/drakma-devel
participants (3)
-
Edi Weitz -
mohegan-skunkworks -
Zach Beane