Make OMB work if the configured domain name does not exclusively contain lower case...

If the configured domain is mixed-case OAuth throws invalidsignature errors. The current URL is part of the signated parts; since the consumer does not pass the current URL, the service has to get it itself and add it to the other OAuth params for signature rebuilding. OAuth.php uses $_SERVER for this, however, the domain is lcased in $_SERVER. Hence we pass the complete current URL as generated by common_local_url to OAuthRequest.

diff --git a/actions/accesstoken.php b/actions/accesstoken.php
index 77fdf6aefa7012ab120c2c624df8c8be78807aa4..bb68d3314d49efea773f0cc6f304d308ec2636a2 100644 (file)
--- a/actions/accesstoken.php
+++ b/actions/accesstoken.php
@@ -59,7 +59,7 @@ class AccesstokenAction extends Action
         try {
             common_debug('getting request from env variables', __FILE__);
             common_remove_magic_from_request();
-            $req = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request('POST', common_locale_url('accesstoken'));
             common_debug('getting a server', __FILE__);
             $server = omb_oauth_server();
             common_debug('fetching the access token', __FILE__);

diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php
index d54c29a60365df22235bc0db9286a79b53becb00..3e3a817154ddef6c5a81bb413a15817cf7956be8 100644 (file)
--- a/actions/finishremotesubscribe.php
+++ b/actions/finishremotesubscribe.php
@@ -44,7 +44,7 @@ class FinishremotesubscribeAction extends Action
         common_debug('stored request: '.print_r($omb,true), __FILE__);
 
         common_remove_magic_from_request();
-        $req = OAuthRequest::from_request();
+        $req = OAuthRequest::from_request('POST', common_local_url('finishuserauthorization'));
 
         $token = $req->get_parameter('oauth_token');
 

diff --git a/actions/postnotice.php b/actions/postnotice.php
index c32d8ca94b611dd3fa356efc5de1ab1ae8e2364b..3e98b3cd5535efe46c946df4cc1e664dc7fbc6f2 100644 (file)
--- a/actions/postnotice.php
+++ b/actions/postnotice.php
@@ -28,7 +28,7 @@ class PostnoticeAction extends Action
         parent::handle($args);
         try {
             common_remove_magic_from_request();
-            $req = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request('POST', common_local_url('postnotice'));
             # Note: server-to-server function!
             $server = omb_oauth_server();
             list($consumer, $token) = $server->verify_request($req);

diff --git a/actions/requesttoken.php b/actions/requesttoken.php
index ca253b97aa7729e957e3b70832df0417bb8da4a1..4e6f92913af9800d8a0094970f036e3e12cf92b7 100644 (file)
--- a/actions/requesttoken.php
+++ b/actions/requesttoken.php
@@ -69,7 +69,7 @@ class RequesttokenAction extends Action
         parent::handle($args);
         try {
             common_remove_magic_from_request();
-            $req    = OAuthRequest::from_request();
+            $req    = OAuthRequest::from_request('POST', common_local_url('requesttoken'));
             $server = omb_oauth_server();
             $token  = $server->fetch_request_token($req);
             print $token;

diff --git a/actions/updateprofile.php b/actions/updateprofile.php
index 7dc52fda9eaf69d315d83a585793accb563f7172..08cb31ae037c77c55af08f5017156685ed0076a0 100644 (file)
--- a/actions/updateprofile.php
+++ b/actions/updateprofile.php
@@ -29,7 +29,7 @@ class UpdateprofileAction extends Action
         parent::handle($args);
         try {
             common_remove_magic_from_request();
-            $req = OAuthRequest::from_request();
+            $req = OAuthRequest::from_request('POST', common_local_url('updateprofile'));
             # Note: server-to-server function!
             $server = omb_oauth_server();
             list($consumer, $token) = $server->verify_request($req);