Skip to content

Commit a85af76

Browse files
author
Nikolaj Viguro
committed
In POST request body params does not calculated in signature
1 parent 99359df commit a85af76

1 file changed

Lines changed: 28 additions & 17 deletions

File tree

scribejava-apis/src/main/java/com/github/scribejava/apis/service/OdnoklassnikiServiceImpl.java

Lines changed: 28 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,22 @@
11
package com.github.scribejava.apis.service;
22

3-
import java.io.UnsupportedEncodingException;
4-
import java.net.URLDecoder;
5-
import org.apache.commons.codec.CharEncoding;
6-
import static org.apache.commons.codec.digest.DigestUtils.md5Hex;
73
import com.github.scribejava.core.builder.api.DefaultApi20;
84
import com.github.scribejava.core.model.OAuth2AccessToken;
95
import com.github.scribejava.core.model.OAuthConfig;
106
import com.github.scribejava.core.model.OAuthRequest;
7+
import com.github.scribejava.core.model.Parameter;
8+
import com.github.scribejava.core.model.ParameterList;
119
import com.github.scribejava.core.oauth.OAuth20Service;
12-
import java.util.Arrays;
10+
11+
import org.apache.commons.codec.CharEncoding;
12+
13+
import java.io.UnsupportedEncodingException;
14+
import java.net.URLDecoder;
15+
import java.util.ArrayList;
16+
import java.util.Collections;
17+
import java.util.List;
18+
19+
import static org.apache.commons.codec.digest.DigestUtils.md5Hex;
1320

1421
public class OdnoklassnikiServiceImpl extends OAuth20Service {
1522

@@ -23,20 +30,24 @@ public void signRequest(OAuth2AccessToken accessToken, OAuthRequest request) {
2330
try {
2431
final String tokenDigest = md5Hex(accessToken.getAccessToken() + getConfig().getApiSecret());
2532

26-
final String completeUrl = request.getCompleteUrl();
27-
final int queryIndex = completeUrl.indexOf('?');
28-
if (queryIndex != -1) {
29-
final String[] params = completeUrl.substring(queryIndex + 1).split("&");
30-
Arrays.sort(params);
31-
final StringBuilder builder = new StringBuilder();
32-
for (String param : params) {
33-
builder.append(param);
34-
}
35-
36-
final String sigSource = URLDecoder.decode(builder.toString(), CharEncoding.UTF_8) + tokenDigest;
37-
request.addQuerystringParameter("sig", md5Hex(sigSource).toLowerCase());
33+
ParameterList queryParams = request.getQueryStringParams();
34+
ParameterList bodyParams = request.getBodyParams();
35+
queryParams.addAll(bodyParams);
36+
Collections.sort(queryParams.getParams());
37+
38+
List<String> params = new ArrayList<>();
39+
for(Parameter param : queryParams.getParams()) {
40+
params.add(param.getKey().concat("=").concat(param.getValue()));
3841
}
3942

43+
final StringBuilder builder = new StringBuilder();
44+
for (String param : params) {
45+
builder.append(param);
46+
}
47+
48+
final String sigSource = URLDecoder.decode(builder.toString(), CharEncoding.UTF_8) + tokenDigest;
49+
request.addQuerystringParameter("sig", md5Hex(sigSource).toLowerCase());
50+
4051
super.signRequest(accessToken, request);
4152
} catch (UnsupportedEncodingException unex) {
4253
throw new IllegalStateException(unex);

0 commit comments

Comments
 (0)