raise an exception if the URL passed in is not a unicode object nor ascii

We can't submit a correct URL with arbitrary bytes -- we have to submit a utf-8 encoded unicode string. (Otherwise we'll cause either a rejection or a signature mismatch in the server, which is what has happened at SimpleGeo.)
If the caller passes in non-ascii things in a str then it would be better for them to change their code to decode it to unicode before passing it in than for us to decode it, since they have a better chance of knowing what encoding it is in -- if we did it we would be guessing.

Author: zookos

oauth2/__init__.py

@@ -88,9 +88,21 @@ def build_xoauth_string(url, consumer, token=None):
     return "%s %s %s" % ("GET", url, ','.join(params))
 
 
+def check_for_bad_encoding(s):
+    """ Returns None if s is a unicode or an ascii string, else
+    returns the UnicodeDecodeError that results from attempting to
+    decode it as ascii. """
+    try:
+        s.decode('ascii')
+    except UnicodeDecodeError, le:
+        return le
+
 def escape(s):
     """Escape a URL including any /."""
-    return urllib.quote(s, safe='~')
+    encerr = check_for_bad_encoding(s)
+    if encerr:
+        raise Error('You are required to pass either a unicode object or an ascii string here. You passed a Python string object which contained non-ascii: %r. The UnicodeDecodeError that resulted from attempting to interpret it as ascii was: %s' % (encerr,))
+    return urllib.quote(s.encode('utf-8'), safe='~')
 
 
 def generate_timestamp():
@@ -276,8 +288,11 @@ class Request(dict):
     version = OAUTH_VERSION
 
     def __init__(self, method=HTTP_METHOD, url=None, parameters=None):
+        encerr = check_for_bad_encoding(url)
+        if encerr:
+            raise ValueError("You are required to pass either a unicode object or an ascii string for `url'. You passed a Python string object which contained non-ascii: %r. The UnicodeDecodeError that resulted from attempting to interpret it as ascii was: %s" % (url, encerr,))
         self.method = method
-        self.url = url
+        self.url = unicode(url)
         if parameters is not None:
             self.update(parameters)
 
@@ -735,6 +750,7 @@ def signing_base(self, request, consumer, token):
     def sign(self, request, consumer, token):
         """Builds the base signature string."""
         key, raw = self.signing_base(request, consumer, token)
+        print "raw: type: %s, str: %s, repr: %s, hexbytes: %s" % (type(raw), str(raw), repr(raw), ["0x%x" % ord(c) for c in raw])
 
         hashed = hmac.new(key, raw, sha)
 

tests/test_oauth.py

@@ -558,6 +558,24 @@ def test_get_normalized_string_escapes_spaces_properly(self):
         expected = urllib.urlencode(sorted(params.items())).replace('+', '%20')
         self.assertEqual(expected, res)
 
+    def test_request_nonascii_bytes(self):
+        # If someone has a sequence of bytes which is not ascii, we'll
+        # raise an exception as early as possible.
+        url = "http://sp.example.com/\x92"
+
+        params = {
+            'oauth_version': "1.0",
+            'oauth_nonce': "4572616e48616d6d65724c61686176",
+            'oauth_timestamp': "137131200"
+        }
+
+        tok = oauth.Token(key="tok-test-key", secret="tok-test-secret")
+        con = oauth.Consumer(key="con-test-key", secret="con-test-secret")
+
+        params['oauth_token'] = tok.key
+        params['oauth_consumer_key'] = con.key
+        self.assertRaises(ValueError, oauth.Request, method="GET", url=url, parameters=params)
+
     def test_sign_request(self):
         url = "http://sp.example.com/"