parameter normalisation issues

[jimoleary]

method OAuth::Helper::normalize doesn't correctly handle nested paramters.

Nesting parameters causes problems.

For example the following request has nested device[address], device[name], and device[app_user_id] query parameters.

    Parameters: {"oauth_consumer_key"=>"CONSUMER_KEY", 
                        "oauth_version"=>"1.0", 
                        "oauth_signature_method"=>"HMAC-SHA1",              
                        "oauth_signature"=>"Chcpg3KpWqXhz5gDlq9jjynZ5tA=", 
                        "oauth_timestamp"=>"1287146096", 
                        "oauth_nonce"=>"4319466586287469700", 
                        "oauth_callback"=>"dowser-android-app://callback", 
                        "device"=>{"name"=>"Nexus One", 
                                          "address"=>"0023769CF278"},               
                                          "app_user_id"=>"2066797975"
                        }

This produces the following signature string which has incorrectly handled and sorted the device parameters:

    GET&http%3A%2F%2Fmy.address%2Foauth%2Frequest_token.js&app_user_id%3D2066797975%26device%3D%257B%2522name%2522%253D%253E%2522Nexus%2520One%2522%252C%2520%2522address%2522%253D%253E%25220023769CF278%2522%257D%26oauth_callback%3Ddowser-android-app%253A%252F%252Fcallback%26oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce%3D4319466586287469700%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1287146096%26oauth_version%3D1.0

The signature string for this set of parameters should be :

    GET&http%3A%2F%2Fmy.address%2Foauth%2Frequest_token.js&app_user_id%3D2066797975%26device%255Baddress%255D%3D0023769CF278%26device%255Bname%255D%3DNexus%2520One%26oauth_callback%3Ddowser-android-app%253A%252F%252Fcallback%26oauth_consumer_key%3DCONSUMER_KEY%26oauth_nonce%3D4877467751290230394%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1287145526%26oauth_version%3D1.0

The following monkey patch fixes the problem for single level hashed parameters:

    module OAuth
      module Helper
        def normalize(params)
          params.sort.map do |k, values|
            if values.is_a?(Array)
              # multiple values were provided for a single key
              values.sort.collect do |v|
                [escape(k),escape(v)] * "="
              end          
            elsif values.is_a?(Hash)
              key = k
              values.sort.collect do |k, v|
                [escape("#{key}[#{k}]"),escape(v)] * "="
              end          
            else
              [escape(k),escape(values)] * "="
            end
          end * "&"
        end
      end
    end

[shir]

new patch to fix many level hashed parameters:

module OAuth
  module Helper
    # see https://github.com/pelle/oauth/issues#issue/8
    def normalize_hash_param(param, values)
      values.sort.collect do |key, value|
        if value.is_a?(Hash)
          normalize_hash_param("#{param}[#{key}]", value)
        else
          [escape("#{param}[#{key}]"),escape(value)] * "="
        end
      end
    end

    def normalize(params)
      params.sort.map do |k, values|
        if values.is_a?(Array)
          # multiple values were provided for a single key
          values.sort.collect do |v|
            [escape(k),escape(v)] * "="
          end
        elsif values.is_a?(Hash)
          normalize_hash_param(k, values)
        else
          [escape(k),escape(values)] * "="
        end
      end * "&"
    end
  end
end