dipenpanchasara / oauthconsumer Goto Github PK

What steps will reproduce the problem?
1. Ask a request token from the OAuth provider as described in the wiki
2. Call the openURL method as described in the wiki
3. The provider (yammer.com in this case) said: "no request token found"

What is the expected output? What do you see instead?

I expected to see the token in the URL. Not sure if it's passed as a POST 
request? The URL didn't 
show the the token in the URL so it's missing if it should be a GET request.

What version of the product are you using? On what operating system?

Head version from SVN on Mac off course.

Please provide any additional information below.

I fixed it by adding the request token to the URL (the GET way that is). Not 
sure if that's correct 
but it seems to work. This could be a Yammer problem as well, don't know. Here 
is the code

    NSString *urlString = [NSString stringWithFormat:kConsumerAuthorizeURL, 
requestToken.key];
    NSURL *url = [NSURL URLWithString:urlString];
    [[NSWorkspace sharedWorkspace] openURL:url];

I need the feature mentioned in the title, so I have implemented a crude token 
removal mechanism from the keychain (see patch attached).

However, note that storing a new token for an existing {application, 
service_provider} pair will _not_ default to deleting the previous one - you 
need to explicitly remove it yourself if your application needs that behaviour. 
Also, if several items exist for the same application and service provider 
names, only the first one found will be removed.

Cheers!

What steps will reproduce the problem?
1. I have received access token

How to post/share on user's wall/ home 

Dear sir, 

May I take the objective-c(for iOS) part to Github?
I wish that library can present on Cocoapods.

Sincerely yours.

I cleaned and then built all on 10.5.2 on a MacBook Pro.  I tried both Debug 
and Release.  I get three 
errors:

error: -[OATokenTest testInitWithKeychainUsingAppName] : '(null)' should be 
equal to '123456' 
Token key was incorrectly populated as: (null)

error: -[OATokenTest testInitWithKeychainUsingAppName] : '(null)' should be 
equal to 'abcdef' 
Token secret was incorrectly populated as: (null)

error: Failed tests for architecture 'ppc' (GC OFF)

What steps will reproduce the problem?
1. Run the unit tests. The bug appears intermittently.  

What is the expected output? What do you see instead?
Unit tests crash. See attached output. 

What version of the product are you using? On what operating system?
Revision 1241, Xcode 3.2, Mac OS X 10.6.4

Please provide any additional information below.

Twitter OAUTH now requires that oauth_callback be sent with every request.  
There is no availability for this in the oauthconsumer since it's not really a 
requirement of oauth 1.0. 

Stupid Twitter.

I know the static analyser is not perfect and is only meant to highlight areas 
to look at but several of the memory leaks it has highlighted seem valid, 
however as I am currently struggling to get the OAToken_KeychainExtensions to 
work and also struggling to access protected resources after getting both keys 
I cannot begin testing this. 

Perhaps its worth looking into.

What steps will reproduce the problem?

POSTing anything with a POST body and no encoded POST parameters

What is the expected output? What do you see instead?

Expect correct signature and successful POST.
Instead depending on input, either invalid signatures are created, or an 
out-of-bounds exception occurs.

What version of the product are you using? On what operating system?

Obj-C 2.0 version. File marked 10/19/07

Please provide any additional information below.

Attached is a patch that looks for the specific "Content-Type" header 
"application/x-www-form-urlencoded"  as per 
http://tools.ietf.org/html/rfc5849#section-3.4.1

I beleive this patch should resolve issues 5 and 16.

On a IOS 4.2.1 device, the request returns the following:
"{"error":{"text":"Signature was 
invalid","id":"INVALID_SIGNATURE","description":"Expired timestamp: given 
1326836189 and now 1326840585 has a greater difference than threshold 300"}}"

It works fine on IOS5.
anyone know what's going on?

I currently can't figure out how to include the oauthconsumer framework in an 
iPhone app.

There seem to be some issues including third party frameworks and some other 
frameworks have 
released (jsonframework) have released versions which are precompiled and 
includable as additional 
SDKs for iPhone development.

Enabling iPhone development would be very nice.

What steps will reproduce the problem?
It’s hard to say exactly what conditions lead up to this, but we’re seeing 
intermittent crashing in OAMutableURLRequest.

What is the expected output? What do you see instead?
Expected: it works
Instead, it crashes on CFRelease()

What version of the product are you using? On what operating system?
The version included in https://github.com/bengottlieb/Twitter-OAuth-iPhone

Please provide any additional information below.
I believe the crash is related to this line (in my code, line 287 of 
OAMutableURLRequest.m, in the method -URLEncodedString:):


    CFRelease(preprocessedString);

Since CFURLCreateStringByReplacingPercentEscapesUsingEncoding() can return NULL 
if it fails, this line should be changed to:

    if (preprocessedString != NULL) {
        CFRelease(preprocessedString);
    }

That should safeguard against CFRelease() crashing. We’re currently testing 
this change in our code.

What steps will reproduce the problem?
1. POST e.g. XLM data in the HTTP body
2. have some encoded XML special characters in there (like < and > and so 
on)
3. launch the request

What is the expected output? What do you see instead?
Expected: XML with encoded chars goes straight through
Instead: "*** Terminating app due to uncaught exception 'NSRangeException', 
reason: '*** -
[NSCFArray objectAtIndex:]: index (1) beyond bounds (1)"

What version of the product are you using? On what operating system?
//  NSMutableURLRequest+Parameters.m
//
//  Created by Jon Crosby on 10/19/07.


Please provide any additional information below.
- The code that's in question resides in the - (NSArray *)parameters method of 
NSMutableURLRequest+Parameters.m.
- & character is considered a delimiter for key/value pairs which is not always 
the case (as for 
instance with XML data where & is used to escape special characters)

What steps will reproduce the problem?
1. Authorize an application against a service such as LinkedIn
2. Build a POST request to an API (e.g. LinkedIn Invitation API)
3. Set the HTTPBody content to some string that contains an "=" sign. For 
example, the LinkedIn API's JSON specification uses the following. Note the 
line with "[email protected]":

{
  "recipients": {
    "values": [
    {
      "person": {
        "_path": "/people/[email protected]"",
        "first-name":"Andrew",
        "last-name":"User"
       }
    }]
  },
  "subject": "Invitation to connect.",
  "body": "Say yes!",
  "item-content":{
       "invitation-request":{
           "connect-type":"friend"
       }
    }

3. Submit the request to the service provider using [fetchDataWithRequest]

What is the expected output? What do you see instead?

The expectation is that the signature base string does not include the JSON 
string as a name/value pair.

What actually happens is the signature base string does include the above with 
the part of the JSON string to the left of the "=" sign as the parameter name, 
and the part of the JSON string to the right of the "=" sign as the parameter 
value. This condition arises because the [prepare] method is always called by 
the [fetchDataWithRequest] method of the OADataFetcher object just before the 
NSURLConnection is initialized.

How I resolved it: I commented out the call to [prepare] within the 
[fetchDataWithRequest] method of [OADataFetcher] and have updated my own code 
to specifically call [prepare] on the request object at the appropriate time 
(in my example, before setting HTTPBody to the above JSON string).

What version of the product are you using? On what operating system?

Version: Objective C version 2.0
OS: iOS 6

Please provide any additional information below.

Within the [prepare] method is a reference to [self parameters], which calls a 
method on the NSMutableURLRequest+Parameters category. On line 58 is where a 
strings are split by the "=" sign. If HTTPBody has been set to the above, the 
JSON string is then assumed to be a name/value parameter.

What steps will reproduce the problem?
- Send an OAuth request that has a parameter with a RFC 3986 sub-delim in
it (for example, '!').

What is the expected output? What do you see instead?
- Sub-delim should be escaped in SignatureBaseString, but it's not. Simple
fix is to add all sub-delims to the list of characters to encode in
NSString+URLEncoding.m encodeURLParameterString: on line 44. The list of
sub-delims is available at http://tools.ietf.org/html/rfc3986#section-2.2.
I'm using CFSTR(":/=,!$&'()*+;[]@#?").

What steps will reproduce the problem?
1. use a OAMutableURLRequest on a slowish server/connection
2. it times out and fails

What is the expected output? What do you see instead?
A successful request

What version of the product are you using? On what operating system?
iPhone

Please provide any additional information below.

The timeout specified in OAMutableURLRequest.m is 10 seconds, which I kept 
hitting when 
recently trying to interact with foursquare. The default timeout for 
NSURLRequest_Class is 60 
seconds and it should probably be the same for OAMutableURLRequest.

http://developer.apple.com/mac/library/documentation/Cocoa/Reference/Foundation/
Classes/N
SURLRequest_Class/Reference/Reference.html

OAuthConsumer appears to have been written to assume GC, and leaks exuberantly 
when run in a 
non-GC environment. I've got a patch to add mixed-mode memory management, which 
was 
pleasantly straightforward to put together. I really appreciate how clearly 
written the framework is, 
and I've tried not to gum that up.

I opted to use properties for accessor generation, and in a couple of places 
needed read-write in 
places where you'd specified read-only. I compromised by making those members 
private if they 
weren't marked as such already. Here's a summary of the property-related 
changes:

OAMutableURLRequest: signature and nonce moved from protected to private, their 
properties 
changed from read-only to read-write. Properties added for consumer, token, 
realm, signatureProvider, and timestamp. Added "self." to ivar usage in .m to 
go through accessors.
OADataFetcher - Properties added for request, responseData, and delegate. The 
'delegate' property 
retains its ivar, which is a little questionable, but I went with it to match 
the GC behavior. "self." usage 
added.
OAServiceTicket: ivars were already private, property access changed to 
read-write. 'self.' usage 
added.
OAConsumer, OAToken, OARequestParameter: Properties were in place, no changes 
needed.
OAHMAC_SHA1SignatureProvider, OAPlaintextSignatureProvider: No ivars, no 
changes needed.

Here's a summary of the other implementation changes in 
r678-memory-management.diff:

OAConsumer.m, OADataFetcher.m, OAHMAC_SHA1SignatureProvider.m, 
OAPlaintextSignatureProvider.m, OARequestParameter.m, OAServiceTicket.m: Added 
dealloc only.

OAMutableURLRequest.m - Added dealloc, fixed two CF leaks in _generateNonce, 
additional 
autoreleasing in _signatureBaseString.
OAToken.m - Added dealloc, reformatted initWithUserDefaults[...], 
storeInUserDefaults[...].
OAToken_KeychainExtensions.m - Changed NSMakeCollectable to CFRelease (outside 
GC, 
NSMakeCollectable's returned id objects aren't marked autoreleased).
NSMutableURLRequest+Parameters.m - Autoreleasing a couple of things.

I also ran into the same URL encoding problem that Mike fixed, and made some 
further changes 
there, which are in r678-url-encoding.diff. In NSString+URLEncoding.m, 

* CFStringRefs are now returned as NSStrings using NSMakeCollectable, which 
should plug leaks 
under GC. Returned strings are autoreleased, which plugs leaks not under GC. 

* I applied the same character overrides to encodedURLString as 
encodedURLParameterString, 
because I couldn't figure out why they should be different, given that section 
9.1.3 of oauth's spec 
references the parameter encoding section. (If the overrides are properly the 
same, perhaps the two 
encoding methods should be merged.) 

* I trimmed three chars out of Mike's character overrides, which testing 
indicates the CF encoding 
method knows about by default.

In NSString+URLEncodingTest.m, Mike's overridden characters are appended to the 
encoding test. 

Tested under Intel, all tests passed, no warnings. My OAuth app is just an 
infant but it exercises most 
of OAuthConsumer's functionality, and Instruments says I'm now leak-free across 
my code and the 
framework. I realize it's a large patch, and if I can do anything to answer 
questions or make it easier 
to digest, please let me know.

Thanks very much, it was a huge help not to have to learn the protocol from 
scratch.

What steps will reproduce the problem?
Replace 3 urls as:
Request Token:
    http://vimeo.com/oauth/request_token
User Authorization:
    http://vimeo.com/oauth/authorize
Access Token:
    http://vimeo.com/oauth/access_token

For getting access token, get verifier and authorized token from webview 
request when the app is redirected to callback in the "User Authorization step".

Pass these as parameters to http://vimeo.com/oauth/access_token as follows:
- (void)successfulAuthorizationWithToken:(NSString *)token verifier:(NSString 
*)verifier  {
    OAMutableURLRequest *request;
    OADataFetcher *fetcher;


    NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/access_token"];
    request = [[[OAMutableURLRequest alloc] initWithURL:url
                                               consumer:self.consumer
                                                  token:nil
                                                  realm:nil
                                      signatureProvider:nil] autorelease];


    OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_token"
                                                                value:token];
    OARequestParameter *p1 = [[OARequestParameter alloc] initWithName:@"oauth_verifier"
                                                                value:verifier];
    NSArray *params = [NSArray arrayWithObjects:p0, p1, nil];
    [request setParameters:params];

    fetcher = [[[OADataFetcher alloc] init] autorelease];

    [fetcher fetchDataWithRequest:request
                         delegate:self
                didFinishSelector:@selector(accessTokenTicket:didFinishWithData:)
                  didFailSelector:@selector(accessTokenTicket:didFailWithError:)];

    [p0 release];
    [p1 release];


}



What is the expected output? What do you see instead?

App returns following error is selector (accessTokenTicket:didFailWithError:):
Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be 
completed. (NSURLErrorDomain error -1012.)" UserInfo=0xe2aab40 
{NSErrorFailingURLKey=http://vimeo.com/oauth/access_token?oauth_token=c033e428a2
f07516edc82f11f48de7c3&oauth_verifier=category-2108815695, 
NSErrorFailingURLStringKey=http://vimeo.com/oauth/access_token?oauth_token=c033e
428a2f07516edc82f11f48de7c3&oauth_verifier=category-2108815695, 
NSUnderlyingError=0xe2a57f0 "The operation couldn’t be completed. 
(kCFErrorDomainCFNetwork error -1012.)"}

App should go to selector(accessTokenTicket:didFinishWithData:)

What version of the product are you using? On what operating system?
It's an iPad app

Please provide any additional information below.
App has callback registered during registration. 

Here are the other two requests for getting request token and authorization

- (IBAction)authenticateButtonAction {
    NSLog(@"authenticateButtonAction");
    OAMutableURLRequest *request;
    OADataFetcher *fetcher;

    //NSURL *url = [NSURL URLWithString:@"https://api.twitter.com/oauth/request_token"];
    NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/request_token"];
    request = [[[OAMutableURLRequest alloc] initWithURL:url
                                               consumer:self.consumer
                                                  token:nil
                                                  realm:nil
                                      signatureProvider:nil] autorelease];

    [request setHTTPMethod:@"GET"];


    OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_callback" value:@"oob"];

        NSArray *params = [NSArray arrayWithObject:p0];
        [request setParameters:params];

    fetcher = [[[OADataFetcher alloc] init] autorelease];


    [fetcher fetchDataWithRequest:request
                         delegate:self
                didFinishSelector:@selector(requestTokenTicket:didFinishWithData:)
                  didFailSelector:@selector(requestTokenTicket:didFailWithError:)];



}


- (void)requestTokenTicket:(OAServiceTicket *)ticket didFinishWithData:(NSData 
*)data {

    if (ticket.didSucceed) {
        OAMutableURLRequest *request;
        NSString *responseBody = [[NSString alloc] initWithData:data
                                                       encoding:NSUTF8StringEncoding];

        if (self.accessToken != nil) {
            [self.accessToken release];
            self.accessToken = nil;
        }

        self.accessToken = [[OAToken alloc] initWithHTTPResponseBody:responseBody];
        [responseBody release];

        //NSURL *url = [NSURL URLWithString:@"https://api.twitter.com/oauth/authorize"];
        NSURL *url = [NSURL URLWithString:@"http://vimeo.com/oauth/authorize"];
        request = [[[OAMutableURLRequest alloc] initWithURL:url
                                                   consumer:self.consumer
                                                      token:self.accessToken
                                                      realm:nil
                                          signatureProvider:nil] autorelease];


        OARequestParameter *p0 = [[OARequestParameter alloc] initWithName:@"oauth_token"
                                                                    value:self.accessToken.key];
        NSArray *params = [NSArray arrayWithObject:p0];
        [request setParameters:params];
        //[request prepare];

        AuthorizeWebViewController *vc;
        vc = [[AuthorizeWebViewController alloc] initWithNibName:@"AuthorizeWebViewController" bundle:nil];
        vc.delegate = self;
        [self presentModalViewController:vc animated:YES];
        [vc.webView loadRequest:request];

        [vc release];
        [p0 release];
    }
    else {

    }


}

I receive the following error

oauth_timestamp is too far away; we believe it is now 1318854880, you sent 
1318900286, 45406 seconds away