Fix 0.1.5 which erroneously escaped query params

This is probably a desirable change but breaks backwards compatibility so will have to wait for auth_version 2.
YourAcclaim · Nov 19, 2012 · f0e20ac · f0e20ac
1 parent de85b06
commit f0e20ac
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 1 deletion.
diff --git a/lib/signature.rb b/lib/signature.rb
@@ -186,7 +186,9 @@ def parameter_string
         # Exclude signature from signature generation!
         hash.delete("auth_signature")
 
-        hash.sort.map { |k, v| QueryEncoder.encode_param(k, v) }.join('&')
+        hash.sort.map do |k, v|
+          QueryEncoder.encode_param_without_escaping(k, v)
+        end.join('&')
       end
 
       def validate_version!

diff --git a/lib/signature/query_encoder.rb b/lib/signature/query_encoder.rb
@@ -12,6 +12,15 @@ def encode_param(k, v)
         end
       end
 
+      # Like encode_param, but doesn't url escape keys or values
+      def encode_param_without_escaping(k, v)
+        if v.is_a?(Array)
+          v.map { |e| k + "[]=" + e }.join("&")
+        else
+          k + "=" + v
+        end
+      end
+
       private
 
       def escape(s)

diff --git a/spec/signature_spec.rb b/spec/signature_spec.rb
@@ -67,6 +67,14 @@
       @request.send(:string_to_sign).should == "POST\n/some/path\nthings[]=thing1&things[]=thing2"
     end
 
+    # This may well change in auth version 2
+    it "should not escape keys or values in the query string" do
+      @request.query_hash = {
+        "key;" => "value@"
+      }
+      @request.send(:string_to_sign).should == "POST\n/some/path\nkey;=value@"
+    end
+
     it "should use the path to generate signature" do
       @request.path = '/some/other/path'
       @request.sign(@token)[:auth_signature].should_not == @signature