X-Git-Url: https://projects.mako.cc/source/twitter-api-cdsw/blobdiff_plain/ba48aab4fca5486068104ad61b2d37db6f7cc86a..29c8e0142111e03237eb8f92a9470ba90d295e10:/oauthlib/oauth1/rfc5849/__init__.py?ds=inline diff --git a/oauthlib/oauth1/rfc5849/__init__.py b/oauthlib/oauth1/rfc5849/__init__.py index ad9713c..56b8c6f 100644 --- a/oauthlib/oauth1/rfc5849/__init__.py +++ b/oauthlib/oauth1/rfc5849/__init__.py @@ -7,7 +7,8 @@ This module is an implementation of various logic needed for signing and checking OAuth 1.0 RFC 5849 requests. """ from __future__ import absolute_import, unicode_literals - +import base64 +import hashlib import logging log = logging.getLogger(__name__) @@ -101,10 +102,6 @@ class Client(object): self.nonce = encode(nonce) self.timestamp = encode(timestamp) - if self.signature_method == SIGNATURE_RSA and self.rsa_key is None: - raise ValueError( - 'rsa_key is required when using RSA signature method.') - def __repr__(self): attrs = vars(self).copy() attrs['client_secret'] = '****' if attrs['client_secret'] else None @@ -176,6 +173,16 @@ class Client(object): if self.verifier: params.append(('oauth_verifier', self.verifier)) + # providing body hash for requests other than x-www-form-urlencoded + # as described in http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html + # 4.1.1. When to include the body hash + # * [...] MUST NOT include an oauth_body_hash parameter on requests with form-encoded request bodies + # * [...] SHOULD include the oauth_body_hash parameter on all other requests. + content_type = request.headers.get('Content-Type', None) + content_type_eligible = content_type and content_type.find('application/x-www-form-urlencoded') < 0 + if request.body is not None and content_type_eligible: + params.append(('oauth_body_hash', base64.b64encode(hashlib.sha1(request.body.encode('utf-8')).digest()).decode('utf-8'))) + return params def _render(self, request, formencode=False, realm=None):