🚑️ [SECURITY] Fix unsafe string comparison

- Closes #156

Signed-off-by: Peter Boling <peter.boling@gmail.com>

Author: pboling

lib/oauth/signature/base.rb

@@ -51,7 +51,9 @@ def signature
     end
 
     def ==(cmp_signature)
-      signature == cmp_signature
+      check = signature.bytesize ^ cmp_signature.bytesize
+      signature.bytes.zip(cmp_signature.bytes) { |x, y| check |= x ^ y.to_i }
+      check.zero?
     end
 
     def verify