fix for #271 Invalid OAuth1 signature for GET request

Author: devatwork

RestSharp.IntegrationTests/oAuth1Tests.cs

@@ -261,5 +261,33 @@ public void Can_Retrieve_Member_Profile_Field_Field_Selector_From_LinkedIN()
 			Assert.NotNull( response.Data.FirstName );
 			Assert.NotNull( response.Data.LastName );
 		}
+
+		[Fact( Skip = "Provide your own consumer key/secret before running" )]
+		public void Can_Query_Vimeo()
+		{
+			const string consumerKey = "TODO_CONSUMER_KEY_HERE";
+			const string consumerSecret = "TODO_CONSUMER_SECRET_HERE";
+
+			// arrange
+			var client = new RestClient {
+				BaseUrl = "http://vimeo.com/api/rest/v2",
+				Authenticator = OAuth1Authenticator.ForRequestToken( consumerKey, consumerSecret )
+			};
+			var request = new RestRequest();
+			request.AddParameter( "format", "json" );
+			request.AddParameter( "method", "vimeo.videos.search" );
+			request.AddParameter( "query", "weather" );
+			request.AddParameter( "full_response", 1 );
+
+			// act
+			var response = client.Execute( request );
+
+			// assert
+			Assert.NotNull( response );
+			Assert.Equal( HttpStatusCode.OK, response.StatusCode );
+			Assert.NotNull( response.Content );
+			Assert.False( response.Content.Contains( "\"stat\":\"fail\"" )  );
+			Assert.True( response.Content.Contains( "\"stat\":\"ok\"" )  );
+		}
 	}
 }

RestSharp/Authenticators/OAuth1Authenticator.cs

@@ -13,6 +13,7 @@
 
 namespace RestSharp.Authenticators
 {
+	/// <seealso href="http://tools.ietf.org/html/rfc5849"/>
 	public class OAuth1Authenticator : IAuthenticator
 	{
 		public virtual string Realm { get; set; }
@@ -154,13 +155,14 @@ private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflo
 
 			var parameters = new WebParameterCollection();
 
-			// for non-GET style requests make sure params are part of oauth signature
-			if (request.Method != Method.GET && request.Method != Method.DELETE)
+			// include all GET and POST parameters before generating the signature
+			// according to the RFC 5849 - The OAuth 1.0 Protocol
+			// http://tools.ietf.org/html/rfc5849#section-3.4.1
+			// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
+			// or implement a seperate class for each OAuth version
+			foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost))
 			{
-				foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost))
-				{
-					parameters.Add(new WebPair(p.Name, p.Value.ToString()));
-				}
+				parameters.Add(new WebPair(p.Name, p.Value.ToString()));
 			}
 
 			switch (Type)