Comments

Status:Needs review» Reviewed & tested by the community

Works for me!

Priority:Normal» Major
Status:Reviewed & tested by the community» Needs work

Library has moved on again since this patch was posted... will post a patch in a moment ...

Upping the priority, as this causes some serious breakages, for example auth failures on any installation which uses a non-standard port, due to client code signing with eg myhost.com:8080 and the older oauth.module lib validating against myhost.com:8080:8080 (see #1337718: OAuthRequest->http_url defaults to having the port twice! and a couple of other auth issues in the queue)

Status:Needs work» Needs review
StatusFileSize
new2.29 KB

StatusFileSize
new1.66 KB

Sorry, I didn't realise that the final block of the patch wasn't new code in the library but in fact a change that is required for two-legged oauth to work. Sun's original patch still stands. Reposting sun's original patch here for clarity and resetting to previous RTBC status, but leaving the priority at major as there are known bugs with the existing older version.

Having said that, I'm not 100% sure that the oauth.module-specific change is entirely secure (referring to the only remaining difference between google's code and the bundled version here). It looks mainly ok, as it should then be down to calling code to determine whether an empty token is ok ... so I *think* it's ok, but would be good to track down where this difference came from to be sure.

Status:Needs review» Closed (won't fix)

The dev version of the module uses Libraries API, so instead of containing the library it expects it to be downloaded at sites/all/libraries/oauth/OAuth.php, which fixes this issue.

See #1591692: Replace current OAuth library for more details.

@juampy: Thanks! But btw, I hope you're not adding the Libraries API + oauth library dependency within an existing major version, as that would totally blow up sites that are merely updating from an earlier point release to a new.

Errrm, yes. It is currently at 7.x-3.0 and was going to be available at 7.x-3.1. I created 7.x-4.x to hold the migration to a better library.

Should I better use 7.x-4.x to implement Libraries API and 7.x-5.x for #1591692: Replace current OAuth library? If so, I will revert this work at 7.x-3.x and move those commits to 7.x-4.x.

Status:Closed (won't fix)» Fixed

Totally, I think. No one expects API changes and dependency additions in a point release ;)

Status:Fixed» Active

OK, reopening in order to do these changes. Thanks for the feedback.

Status:Active» Fixed

Status:Fixed» Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.