fix for multi-valued parameters. they must be flattened into multiple k/v pairs rather than a single k to array pair

Woodya · joestump · commit 5dd09fd4e860 · 2010-02-07T05:35:45.000+08:00
diff --git a/oauth2/__init__.py b/oauth2/__init__.py
@@ -29,6 +29,7 @@
 import hmac
 import binascii
 import httplib2
+from types import ListType
 
 try:
     from urlparse import parse_qs, parse_qsl
@@ -309,7 +310,7 @@ def to_header(self, realm=''):
  
     def to_postdata(self):
         """Serialize as post data for a POST request."""
-        return urllib.urlencode(self)
+        return urllib.urlencode(self.get_parameter_list())
  
     def to_url(self):
         """Serialize as a URL for a GET request."""
@@ -322,9 +323,22 @@ def get_parameter(self, parameter):
 
         return ret
  
+    def get_parameter_list(self):
+        """
+        Get the request parameters as a tuple list (flattening out embedded lists),
+        dict causes issues with urllib Request
+        """
+        items = []
+        for (k,v) in self.iteritems():
+            if type(v) != ListType:
+                items.append((k,v))
+            else:
+                items.extend([(k,x) for x in v])
+        return items
+
     def get_normalized_parameters(self):
         """Return a string that contains the parameters that must be signed."""
-        items = [(k, v) for k, v in self.items() if k != 'oauth_signature']
+        items = [(k,v) for k,v in self.get_parameter_list() if k != 'oauth_signature']
         encoded_str = urllib.urlencode(sorted(items))
         # Encode signature parameters per Oauth Core 1.0 protocol
         # spec draft 7, section 3.6
diff --git a/tests/test_oauth.py b/tests/test_oauth.py
@@ -1,18 +1,18 @@
 """
 The MIT License
- 
+
 Copyright (c) 2009 Vic Fryzel
- 
+
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
- 
+
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
- 
+
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -61,7 +61,7 @@ def test_build_auth_header(self):
         self.assertEqual(header['WWW-Authenticate'], 'OAuth realm="%s"' %
                          realm)
         self.assertEqual(len(header), 1)
-    
+
     def test_escape(self):
         string = 'http://whatever.com/~someuser/?test=test&other=other'
         self.assert_('~' in oauth.escape(string))
@@ -83,7 +83,7 @@ def test_gen_verifier(self):
     def test_gen_timestamp(self):
         exp = int(time.time())
         now = oauth.generate_timestamp()
-        self.assertEqual(exp, now) 
+        self.assertEqual(exp, now)
 
 class TestConsumer(unittest.TestCase):
     def setUp(self):
@@ -252,7 +252,7 @@ def test_url(self):
 
         req = oauth.Request(method, url1)
         self.assertEquals(req.url, exp1)
-        
+
         req = oauth.Request(method, url2)
         self.assertEquals(req.url, exp2)
 
@@ -270,10 +270,11 @@ def test_get_nonoauth_parameters(self):
         oauth_params = {
             'oauth_consumer': 'asdfasdfasdf'
         }
-        
+
         other_params = {
             'foo': 'baz',
-            'bar': 'foo'
+            'bar': 'foo',
+            'multi': ['FOO','BAR']
         }
 
         params = oauth_params
@@ -301,10 +302,10 @@ def test_to_header(self):
         parts = value.split('OAuth ')
         vars = parts[1].split(', ')
         self.assertTrue(len(vars), (len(params) + 1))
-        
+
         res = {}
         for v in vars:
-            var, val = v.split('=')    
+            var, val = v.split('=')
             res[var] = urllib.unquote(val.strip('"'))
 
         self.assertEquals(realm, res['realm'])
@@ -319,6 +320,7 @@ def test_to_postdata(self):
         realm = "http://sp.example.com/"
 
         params = {
+            'multi': ['FOO','BAR'],
             'oauth_version': "1.0",
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': "137131200",
@@ -329,8 +331,11 @@ def test_to_postdata(self):
         }
 
         req = oauth.Request("GET", realm, params)
-        
-        self.assertEquals(params, dict(parse_qsl(req.to_postdata())))
+
+        flat = [('multi','FOO'),('multi','BAR')]
+        del params['multi']
+        flat.extend(params.items())
+        self.assertEquals(flat, parse_qsl(req.to_postdata()))
 
     def test_to_url(self):
         url = "http://sp.example.com/"
@@ -348,13 +353,13 @@ def test_to_url(self):
         req = oauth.Request("GET", url, params)
         exp = urlparse.urlparse("%s?%s" % (url, urllib.urlencode(params)))
         res = urlparse.urlparse(req.to_url())
-        self.assertEquals(exp.scheme, res.scheme) 
-        self.assertEquals(exp.netloc, res.netloc) 
-        self.assertEquals(exp.path, res.path) 
+        self.assertEquals(exp.scheme, res.scheme)
+        self.assertEquals(exp.netloc, res.netloc)
+        self.assertEquals(exp.path, res.path)
 
         a = parse_qs(exp.query)
         b = parse_qs(res.query)
-        self.assertEquals(a, b) 
+        self.assertEquals(a, b)
 
     def test_get_normalized_parameters(self):
         url = "http://sp.example.com/"
@@ -426,7 +431,7 @@ def test_sign_request(self):
         req = oauth.Request(method="GET", url=url, parameters=params)
 
         methods = {
-            'TQ6vGQ5A6IZn8dmeGB4+/Jl3EMI=': oauth.SignatureMethod_HMAC_SHA1(), 
+            'TQ6vGQ5A6IZn8dmeGB4+/Jl3EMI=': oauth.SignatureMethod_HMAC_SHA1(),
             'con-test-secret&tok-test-secret': oauth.SignatureMethod_PLAINTEXT()
         }
 
@@ -447,17 +452,17 @@ def test_from_request(self):
             'oauth_token': "ad180jjd733klru7",
             'oauth_signature': "wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
         }
-        
+
         req = oauth.Request("GET", url, params)
         headers = req.to_header()
 
         # Test from the headers
         req = oauth.Request.from_request("GET", url, headers)
         self.assertEquals(req.method, "GET")
         self.assertEquals(req.url, url)
-        
+
         self.assertEquals(params, req.copy())
-         
+
         # Test with bad OAuth headers
         bad_headers = {
             'Authorization' : 'OAuth this is a bad header'
@@ -469,7 +474,7 @@ def test_from_request(self):
         # Test getting from query string
         qs = urllib.urlencode(params)
         req = oauth.Request.from_request("GET", url, query_string=qs)
-        
+
         exp = parse_qs(qs, keep_blank_values=False)
         for k, v in exp.iteritems():
             exp[k] = urllib.unquote(v[0])
@@ -492,7 +497,7 @@ def test_from_token_and_callback(self):
             'oauth_token': "ad180jjd733klru7",
             'oauth_signature': "wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
         }
-        
+
         tok = oauth.Token(key="tok-test-key", secret="tok-test-secret")
         req = oauth.Request.from_token_and_callback(tok)
         self.assertFalse('oauth_callback' in req)
@@ -507,7 +512,7 @@ def test_from_consumer_and_token(self):
 
         tok = oauth.Token(key="tok-test-key", secret="tok-test-secret")
         con = oauth.Consumer(key="con-test-key", secret="con-test-secret")
-        req = oauth.Request.from_consumer_and_token(con, token=tok, 
+        req = oauth.Request.from_consumer_and_token(con, token=tok,
             http_method="GET", http_url=url)
 
         self.assertEquals(req['oauth_token'], tok.key)
@@ -532,10 +537,11 @@ def setUp(self):
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': int(time.time()),
             'bar': 'blerg',
+            'multi': ['FOO','BAR'],
             'foo': 59
         }
 
-        self.consumer = oauth.Consumer(key="consumer-key", 
+        self.consumer = oauth.Consumer(key="consumer-key",
             secret="consumer-secret")
         self.token = oauth.Token(key="token-key", secret="token-secret")
 
@@ -549,7 +555,7 @@ def setUp(self):
     def test_init(self):
         server = oauth.Server(signature_methods={'HMAC-SHA1' : oauth.SignatureMethod_HMAC_SHA1()})
         self.assertTrue('HMAC-SHA1' in server.signature_methods)
-        self.assertTrue(isinstance(server.signature_methods['HMAC-SHA1'], 
+        self.assertTrue(isinstance(server.signature_methods['HMAC-SHA1'],
             oauth.SignatureMethod_HMAC_SHA1))
 
         server = oauth.Server()
@@ -558,15 +564,15 @@ def test_init(self):
     def test_add_signature_method(self):
         server = oauth.Server()
         res = server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
-        self.assertTrue(len(res) == 1) 
+        self.assertTrue(len(res) == 1)
         self.assertTrue('HMAC-SHA1' in res)
-        self.assertTrue(isinstance(res['HMAC-SHA1'], 
+        self.assertTrue(isinstance(res['HMAC-SHA1'],
             oauth.SignatureMethod_HMAC_SHA1))
 
         res = server.add_signature_method(oauth.SignatureMethod_PLAINTEXT())
-        self.assertTrue(len(res) == 2) 
+        self.assertTrue(len(res) == 2)
         self.assertTrue('PLAINTEXT' in res)
-        self.assertTrue(isinstance(res['PLAINTEXT'], 
+        self.assertTrue(isinstance(res['PLAINTEXT'],
             oauth.SignatureMethod_PLAINTEXT))
 
     def test_verify_request(self):
@@ -578,8 +584,10 @@ def test_verify_request(self):
 
         self.assertTrue('bar' in parameters)
         self.assertTrue('foo' in parameters)
+        self.assertTrue('multi' in parameters)
         self.assertEquals(parameters['bar'], 'blerg')
         self.assertEquals(parameters['foo'], 59)
+        self.assertEquals(parameters['multi'], ['FOO','BAR'])
 
     def test_no_version(self):
         url = "http://sp.example.com/"
@@ -588,10 +596,11 @@ def test_no_version(self):
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': int(time.time()),
             'bar': 'blerg',
+            'multi': ['FOO','BAR'],
             'foo': 59
         }
 
-        self.consumer = oauth.Consumer(key="consumer-key", 
+        self.consumer = oauth.Consumer(key="consumer-key",
             secret="consumer-secret")
         self.token = oauth.Token(key="token-key", secret="token-secret")
 
@@ -616,10 +625,11 @@ def test_invalid_version(self):
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': int(time.time()),
             'bar': 'blerg',
+            'multi': ['foo','bar'],
             'foo': 59
         }
 
-        consumer = oauth.Consumer(key="consumer-key", 
+        consumer = oauth.Consumer(key="consumer-key",
             secret="consumer-secret")
         token = oauth.Token(key="token-key", secret="token-secret")
 
@@ -633,7 +643,7 @@ def test_invalid_version(self):
         server = oauth.Server()
         server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
 
-        self.assertRaises(oauth.Error, server.verify_request, request, 
+        self.assertRaises(oauth.Error, server.verify_request, request,
             consumer, token)
 
     def test_invalid_signature_method(self):
@@ -644,10 +654,11 @@ def test_invalid_signature_method(self):
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': int(time.time()),
             'bar': 'blerg',
+            'multi': ['FOO','BAR'],
             'foo': 59
         }
 
-        consumer = oauth.Consumer(key="consumer-key", 
+        consumer = oauth.Consumer(key="consumer-key",
             secret="consumer-secret")
         token = oauth.Token(key="token-key", secret="token-secret")
 
@@ -661,7 +672,7 @@ def test_invalid_signature_method(self):
         server = oauth.Server()
         server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
 
-        self.assertRaises(oauth.Error, server.verify_request, request, 
+        self.assertRaises(oauth.Error, server.verify_request, request,
             consumer, token)
 
     def test_missing_signature(self):
@@ -672,10 +683,11 @@ def test_missing_signature(self):
             'oauth_nonce': "4572616e48616d6d65724c61686176",
             'oauth_timestamp': int(time.time()),
             'bar': 'blerg',
+            'multi': ['FOO','BAR'],
             'foo': 59
         }
 
-        consumer = oauth.Consumer(key="consumer-key", 
+        consumer = oauth.Consumer(key="consumer-key",
             secret="consumer-secret")
         token = oauth.Token(key="token-key", secret="token-secret")
 
@@ -690,15 +702,15 @@ def test_missing_signature(self):
         server = oauth.Server()
         server.add_signature_method(oauth.SignatureMethod_HMAC_SHA1())
 
-        self.assertRaises(oauth.MissingSignature, server.verify_request, 
+        self.assertRaises(oauth.MissingSignature, server.verify_request,
             request, consumer, token)
 
 
-# Request Token: http://oauth-sandbox.sevengoslings.net/request_token 
-# Auth: http://oauth-sandbox.sevengoslings.net/authorize 
-# Access Token: http://oauth-sandbox.sevengoslings.net/access_token 
-# Two-legged: http://oauth-sandbox.sevengoslings.net/two_legged 
-# Three-legged: http://oauth-sandbox.sevengoslings.net/three_legged 
+# Request Token: http://oauth-sandbox.sevengoslings.net/request_token
+# Auth: http://oauth-sandbox.sevengoslings.net/authorize
+# Access Token: http://oauth-sandbox.sevengoslings.net/access_token
+# Two-legged: http://oauth-sandbox.sevengoslings.net/two_legged
+# Three-legged: http://oauth-sandbox.sevengoslings.net/three_legged
 # Key: bd37aed57e15df53
 # Secret: 0e9e6413a9ef49510a4f68ed02cd
 class TestClient(unittest.TestCase):
@@ -714,18 +726,19 @@ class TestClient(unittest.TestCase):
         'two_legged': '/two_legged',
         'three_legged': '/three_legged'
     }
-        
+
     consumer_key = 'bd37aed57e15df53'
     consumer_secret = '0e9e6413a9ef49510a4f68ed02cd'
     host = 'http://oauth-sandbox.sevengoslings.net'
 
     def setUp(self):
-        self.consumer = oauth.Consumer(key=self.consumer_key, 
+        self.consumer = oauth.Consumer(key=self.consumer_key,
             secret=self.consumer_secret)
 
         self.body = {
             'foo': 'bar',
             'bar': 'foo',
+            'multi': ['FOO','BAR'],
             'blah': 599999
         }
 
@@ -735,7 +748,7 @@ def _uri(self, type):
             raise KeyError("%s is not a valid OAuth URI type." % type)
 
         return "%s%s" % (self.host, uri)
-    
+
     def test_access_token_get(self):
         """Test getting an access token via GET."""
         client = oauth.Client(self.consumer, None)
@@ -757,7 +770,7 @@ def test_access_token_post(self):
     def _two_legged(self, method):
         client = oauth.Client(self.consumer, None)
 
-        return client.request(self._uri('two_legged'), method, 
+        return client.request(self._uri('two_legged'), method,
             body=urllib.urlencode(self.body))
 
     def test_two_legged_post(self):
