get_normalized_parameters() is required to exclude any oauth_signature that was already there, and it is required to preserve duplicate keys, even with identical values

zookos · zookos · commit 1178db3d7b33 · 2011-02-07T12:23:08.000-07:00
ref joestump#46, fixes pull/49, thanks @zyegfryed
diff --git a/oauth2/__init__.py b/oauth2/__init__.py
@@ -451,7 +451,7 @@ def get_normalized_parameters(self):
         query = urlparse.urlparse(self.url)[4]
 
         url_items = self._split_url_string(query).items()
-        url_items = [(to_utf8(k), to_utf8(v)) for k, v in url_items ]
+        url_items = [(to_utf8(k), to_utf8(v)) for k, v in url_items if k != 'oauth_signature' ]
         items.extend(url_items)
 
         items.sort()
@@ -658,8 +658,8 @@ def request(self, uri, method="GET", body='', headers=None,
         else:
             headers.update(req.to_header(realm=realm))
 
-        return httplib2.Http.request(self, uri, method=method, body=body, 
-            headers=headers, redirections=redirections, 
+        return httplib2.Http.request(self, uri, method=method, body=body,
+            headers=headers, redirections=redirections,
             connection_type=connection_type)
 
 
diff --git a/tests/test_oauth.py b/tests/test_oauth.py
@@ -552,7 +552,7 @@ def test_get_normalized_parameters_duplicate(self):
 
         res = req.get_normalized_parameters()
 
-        expected='oauth_consumer_key=mykey&oauth_nonce=79815175&oauth_signature=spWLI%2FGQjid7sQVd5%2FarahRxzJg%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1295397962&oauth_version=1.0&offset=10&q=car'
+        expected='oauth_consumer_key=mykey&oauth_nonce=79815175&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1295397962&oauth_version=1.0&offset=10&q=car'
 
         self.assertEquals(expected, res)
 
@@ -599,6 +599,7 @@ def test_get_normalized_parameters(self):
             'oauth_signature_method': "HMAC-SHA1",
             'oauth_token': "ad180jjd733klru7",
             'multi': ['FOO','BAR', u'\u00ae', '\xc2\xae'],
+            'multi_same': ['FOO','FOO'],
             'uni_utf8_bytes': '\xc2\xae',
             'uni_unicode_object': u'\u00ae'
         }
@@ -607,7 +608,7 @@ def test_get_normalized_parameters(self):
 
         res = req.get_normalized_parameters()
 
-        expected='multi=BAR&multi=FOO&multi=%C2%AE&multi=%C2%AE&oauth_consumer_key=0685bd9184jfhq22&oauth_nonce=4572616e48616d6d65724c61686176&oauth_signature_method=HMAC-SHA1&oauth_timestamp=137131200&oauth_token=ad180jjd733klru7&oauth_version=1.0&uni_unicode_object=%C2%AE&uni_utf8_bytes=%C2%AE'
+        expected='multi=BAR&multi=FOO&multi=%C2%AE&multi=%C2%AE&multi_same=FOO&multi_same=FOO&oauth_consumer_key=0685bd9184jfhq22&oauth_nonce=4572616e48616d6d65724c61686176&oauth_signature_method=HMAC-SHA1&oauth_timestamp=137131200&oauth_token=ad180jjd733klru7&oauth_version=1.0&uni_unicode_object=%C2%AE&uni_utf8_bytes=%C2%AE'
 
         self.assertEquals(expected, res)
 
