Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.| Comment | File | Size | Author |
|---|---|---|---|
| #5 | oauth.lib_.0.patch | 1.66 KB | Alan Evans |
| #4 | oauth_update.patch | 2.29 KB | Alan Evans |
| oauth.lib_.0.patch | 1.66 KB | sun | |
Comments
Comment #1
sunComment #2
teunis CreditAttribution: teunis commentedWorks for me!
Comment #3
Alan Evans CreditAttribution: Alan Evans commentedLibrary has moved on again since this patch was posted... will post a patch in a moment ...
Upping the priority, as this causes some serious breakages, for example auth failures on any installation which uses a non-standard port, due to client code signing with eg myhost.com:8080 and the older oauth.module lib validating against myhost.com:8080:8080 (see #1337718: OAuthRequest->http_url defaults to having the port twice! and a couple of other auth issues in the queue)
Comment #4
Alan Evans CreditAttribution: Alan Evans commentedComment #5
Alan Evans CreditAttribution: Alan Evans commentedSorry, I didn't realise that the final block of the patch wasn't new code in the library but in fact a change that is required for two-legged oauth to work. Sun's original patch still stands. Reposting sun's original patch here for clarity and resetting to previous RTBC status, but leaving the priority at major as there are known bugs with the existing older version.
Having said that, I'm not 100% sure that the oauth.module-specific change is entirely secure (referring to the only remaining difference between google's code and the bundled version here). It looks mainly ok, as it should then be down to calling code to determine whether an empty token is ok ... so I *think* it's ok, but would be good to track down where this difference came from to be sure.
Comment #6
juampynr CreditAttribution: juampynr commentedThe dev version of the module uses Libraries API, so instead of containing the library it expects it to be downloaded at sites/all/libraries/oauth/OAuth.php, which fixes this issue.
See #1591692: Replace current OAuth library for more details.
Comment #7
sun@juampy: Thanks! But btw, I hope you're not adding the Libraries API + oauth library dependency within an existing major version, as that would totally blow up sites that are merely updating from an earlier point release to a new.
Comment #8
juampynr CreditAttribution: juampynr commentedErrrm, yes. It is currently at 7.x-3.0 and was going to be available at 7.x-3.1. I created 7.x-4.x to hold the migration to a better library.
Should I better use 7.x-4.x to implement Libraries API and 7.x-5.x for #1591692: Replace current OAuth library? If so, I will revert this work at 7.x-3.x and move those commits to 7.x-4.x.
Comment #9
sunTotally, I think. No one expects API changes and dependency additions in a point release ;)
Comment #10
juampynr CreditAttribution: juampynr commentedOK, reopening in order to do these changes. Thanks for the feedback.
Comment #11
juampynr CreditAttribution: juampynr commentedUpdated library at Github for 7.x-4.x (using Libraries API):
https://github.com/juampy72/OAuth-PHP/commit/7697938203b1304915fc80cc030...
Applied to 7.x-3.x: http://drupalcode.org/project/oauth.git/commit/6a41b0a
Applied to 6.x-3.x: http://drupalcode.org/project/oauth.git/commitdiff/1f260e0
Thanks!