Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.10.0
-
Fix Version/s: 1.11.11
-
Component/s: Zend_Oauth
-
Labels:
Description
Adding the following line (in file Zend/Oauth/Client.php in function prepareOauth()):
$params = array_merge($params, $this->paramsGet);
just before:
if (!empty($this->paramsPost)) {
fixed the bug for me.
Activity
Hide
Adam Lundrigan
added a comment -
After talking with 
Pádraic Brady on IRC, it was decided that URI parameters should take precedence over those set by the client using setParameterGet.
Reproducing test case:
Index: tests/Zend/Oauth/OauthTest.php
===================================================================
--- tests/Zend/Oauth/OauthTest.php (revision 24413)
+++ tests/Zend/Oauth/OauthTest.php (working copy)
@@ -183,4 +183,43 @@
$this->assertNotContains('realm=""',$client->getHeader('Authorization'));
$this->assertContains('realm="someRealm"',$client->getHeader('Authorization'));
}
+
+ /**
+ * @group ZF-11663
+ */
+ public function testOauthClientAcceptsGetParametersThroughSetter()
+ {
+ require_once "Zend/Oauth/Token/Access.php";
+ $token = new Zend_Oauth_Token_Access();
+
+ $options = array(
+ 'requestMethod' => 'GET',
+ 'requestScheme' => Zend_Oauth::REQUEST_SCHEME_QUERYSTRING,
+ 'realm' => 'someRealm'
+ );
+
+ require_once 'Zend/Oauth/Client.php';
+ $client = new Zend_Oauth_Client($options);
+ $client->setToken($token);
+ $client->setUri('http://www.example.com/?test=FooBar');
+ $queryString = $client->getUri()->getQuery();
+
+ // Check that query string was set properly
+ $this->assertSame('test=FooBar', $queryString);
+
+ // Change the GET parameters
+ $client->setParameterGet('test', 'FooBaz');
+ $client->setParameterGet('second', 'TestTest');
+
+ // Prepare the OAuth request
+ $client->prepareOauth();
+ $queryString = $client->getUri()->getQuery();
+
+ // Ensure that parameter 'test' is unchanged, as URI parameters
+ // should take precedence over ones set with setParameterGet
+ $this->assertContains('test=FooBar', $queryString);
+
+ // Ensure that new parameter was added
+ $this->assertContains('second=TestTest', $queryString);
+ }
}
Fix:
Index: library/Zend/Oauth/Client.php
===================================================================
--- library/Zend/Oauth/Client.php (revision 24413)
+++ library/Zend/Oauth/Client.php (working copy)
@@ -261,7 +261,7 @@
$this->setRawData($raw, 'application/x-www-form-urlencoded');
$this->paramsPost = array();
} elseif ($requestScheme == Zend_Oauth::REQUEST_SCHEME_QUERYSTRING) {
- $params = array();
+ $params = $this->paramsGet;
$query = $this->getUri()->getQuery();
if ($query) {
$queryParts = explode('&', $this->getUri()->getQuery());
After applying fix, reproducing test case passes.
Show
Adam Lundrigan
added a comment - After talking with Pádraic Brady on IRC, it was decided that URI parameters should take precedence over those set by the client using setParameterGet.
Reproducing test case:
Fix:
After applying fix, reproducing test case passes.
Pádraic Brady on IRC, it was decided that URI parameters should take precedence over those set by the client using setParameterGet.
Reproducing test case:
Index: tests/Zend/Oauth/OauthTest.php
===================================================================
--- tests/Zend/Oauth/OauthTest.php (revision 24413)
+++ tests/Zend/Oauth/OauthTest.php (working copy)
@@ -183,4 +183,43 @@
$this->assertNotContains('realm=""',$client->getHeader('Authorization'));
$this->assertContains('realm="someRealm"',$client->getHeader('Authorization'));
}
+
+ /**
+ * @group ZF-11663
+ */
+ public function testOauthClientAcceptsGetParametersThroughSetter()
+ {
+ require_once "Zend/Oauth/Token/Access.php";
+ $token = new Zend_Oauth_Token_Access();
+
+ $options = array(
+ 'requestMethod' => 'GET',
+ 'requestScheme' => Zend_Oauth::REQUEST_SCHEME_QUERYSTRING,
+ 'realm' => 'someRealm'
+ );
+
+ require_once 'Zend/Oauth/Client.php';
+ $client = new Zend_Oauth_Client($options);
+ $client->setToken($token);
+ $client->setUri('http://www.example.com/?test=FooBar');
+ $queryString = $client->getUri()->getQuery();
+
+ // Check that query string was set properly
+ $this->assertSame('test=FooBar', $queryString);
+
+ // Change the GET parameters
+ $client->setParameterGet('test', 'FooBaz');
+ $client->setParameterGet('second', 'TestTest');
+
+ // Prepare the OAuth request
+ $client->prepareOauth();
+ $queryString = $client->getUri()->getQuery();
+
+ // Ensure that parameter 'test' is unchanged, as URI parameters
+ // should take precedence over ones set with setParameterGet
+ $this->assertContains('test=FooBar', $queryString);
+
+ // Ensure that new parameter was added
+ $this->assertContains('second=TestTest', $queryString);
+ }
}
Index: library/Zend/Oauth/Client.php
===================================================================
--- library/Zend/Oauth/Client.php (revision 24413)
+++ library/Zend/Oauth/Client.php (working copy)
@@ -261,7 +261,7 @@
$this->setRawData($raw, 'application/x-www-form-urlencoded');
$this->paramsPost = array();
} elseif ($requestScheme == Zend_Oauth::REQUEST_SCHEME_QUERYSTRING) {
- $params = array();
+ $params = $this->paramsGet;
$query = $this->getUri()->getQuery();
if ($query) {
$queryParts = explode('&', $this->getUri()->getQuery());
The issue here is that Zend_Oauth_Client takes the GET parameters directly from the URI provided:
So, we have two sources of GET parameters. That begs the question: Which takes precedence, the ones set in the URI or the ones set directly in the client?