Chris Hillery has proposed merging lp:~zorba-coders/zorba/fix-oauth-redirect into lp:zorba/oauth-module.
Commit message: Handle HTTP redirects manually, so we create a unique nonce for each request. Requested reviews: Chris Hillery (ceejatec) For more details, see: https://code.launchpad.net/~zorba-coders/zorba/fix-oauth-redirect/+merge/156456 -- https://code.launchpad.net/~zorba-coders/zorba/fix-oauth-redirect/+merge/156456 Your team Zorba Coders is subscribed to branch lp:zorba/oauth-module.
=== modified file 'src/com/zorba-xquery/www/modules/oauth/client.xq' --- src/com/zorba-xquery/www/modules/oauth/client.xq 2013-04-02 01:08:19 +0000 +++ src/com/zorba-xquery/www/modules/oauth/client.xq 2013-04-02 04:02:23 +0000 @@ -612,23 +612,41 @@ {$additional-parameters/p:parameter} </p:parameters> } - let $response := oauth:http-request($consumer-secret, $protected-resource, $oauth-token-secret, $params, $realm, $signature-method) + let $response := { + (: Unless the user explicitly sets follow-redirect, we set it to false. + We have to handle redirects manually to provide a new nonce each time. :) + if (fn:empty($protected-resource/@follow-redirect)) + then + insert node attribute { "follow-redirect" } { "false" } + into $protected-resource; + else (); + oauth:http-request($consumer-secret, $protected-resource, $oauth-token-secret, $params, $realm, $signature-method) + } let $head := $response[1] let $body := if($response[2] instance of xs:base64Binary) then base64:decode($response[2]) else $response[2] - return - if($head/@status = 200) + let $status := xs:integer($head/@status) + return + if($status eq 200) then if ($format-params) then oauth:parse-parameters($body) else $response - else if ($head/@status = 401) then + else if ( ($status ge 301 and $status le 303) or $status eq 307 ) then { + replace value of node $protected-resource/@href with + data($head/http-client:header[@name eq "Location"]/@value); + oauth:format-request( + $consumer-key, $consumer-secret, $protected-resource, $oauth-token, + $oauth-token-secret, $realm, $signature-method, $additional-parameters, + $format-params) + } + else if ($status eq 401) then error( xs:QName("oerr:OC003"), concat("Authorization header unauthorized: ", $body) ) else - error($oerr:OC004, concat("Service Provider Error: ", $body)) + error($oerr:OC004, concat("Service Provider Error ", $status, ": ", $body)) };
-- Mailing list: https://launchpad.net/~zorba-coders Post to : zorba-coders@lists.launchpad.net Unsubscribe : https://launchpad.net/~zorba-coders More help : https://help.launchpad.net/ListHelp