Zorba

Merge lp:~zorba-coders/zorba/fix-oauth-security into lp:zorba/oauth-module

fix-oauth-security
Merge into oauth-module

Proposed by Matthias Brantner on 2012-08-01

Status:	Merged
Approved by:	Chris Hillery on 2012-12-14
Approved revision:	27
Merged at revision:	25
Proposed branch:	lp:~zorba-coders/zorba/fix-oauth-security
Merge into:	lp:zorba/oauth-module
Diff against target:	46 lines (+4/-8) 2 files modified src/com/zorba-xquery/www/modules/oauth/CMakeLists.txt (+1/-5) src/com/zorba-xquery/www/modules/oauth/client.xq (+3/-3)
To merge this branch:	bzr merge lp:~zorba-coders/zorba/fix-oauth-security
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Chris Hillery	2012-08-01	Approve on 2012-12-14
Sorin Marian Nasoi		Approve on 2012-09-28
Review via email: mp+117813@code.launchpad.net

Commit message

fix to work with hmac v.2 module

Description of the change

adapted to new hmac v.2 module

Revision history for this message

Chris Hillery (ceejatec) wrote on 2012-08-01:

Shouldn't you also change the import statement to explicitly import v2 of the hmac module?

Revision history for this message

Sorin Marian Nasoi (sorin.marian.nasoi) on 2012-09-28:

review: Approve

Revision history for this message

Chris Hillery (ceejatec) on 2012-12-14:

review: Approve

Revision history for this message

Zorba Build Bot (zorba-buildbot) wrote on 2012-12-14:

Validation queue starting for merge proposal.
Log at: http://zorbatest.lambda.nu:8080/remotequeue/fix-oauth-security-2012-12-14T06-43-34.462Z/log.html

Revision history for this message

Zorba Build Bot (zorba-buildbot) wrote on 2012-12-14:

The attempt to merge lp:~zorba-coders/zorba/fix-oauth-security into lp:zorba/oauth-module failed. Below is the output from the failed tests.

CMake Error at /home/ceej/zo/testing/zorbatest/tester/TarmacLander.cmake:275 (message):
Validation queue job fix-oauth-security-2012-12-14T06-43-34.462Z is
finished. The final status was:

1 tests did not succeed - changes not commited.

Error in read script: /home/ceej/zo/testing/zorbatest/tester/TarmacLander.cmake

lp:~zorba-coders/zorba/fix-oauth-security updated on 2012-12-14

27. By Chris Hillery on 2012-12-14: Bumped DECLARE_ZORBA_MODULE() version to match module; removed commented-out
code.

Revision history for this message

Zorba Build Bot (zorba-buildbot) wrote on 2012-12-14:

Validation queue starting for merge proposal.
Log at: http://zorbatest.lambda.nu:8080/remotequeue/fix-oauth-security-2012-12-14T08-49-34.391Z/log.html

Revision history for this message

Zorba Build Bot (zorba-buildbot) wrote on 2012-12-14:

Validation queue job fix-oauth-security-2012-12-14T08-49-34.391Z is finished. The final status was:

All tests succeeded!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Zorba Coders

1	=== modified file 'src/com/zorba-xquery/www/modules/oauth/CMakeLists.txt'
2	--- src/com/zorba-xquery/www/modules/oauth/CMakeLists.txt 2011-08-15 13:29:12 +0000
3	+++ src/com/zorba-xquery/www/modules/oauth/CMakeLists.txt 2012-12-14 07:20:25 +0000
4	@@ -12,10 +12,6 @@
5	# See the License for the specific language governing permissions and
6	# limitations under the License.
7
8	-DECLARE_ZORBA_MODULE (URI "http://www.zorba-xquery.com/modules/oauth/client" VERSION 1.0 FILE "client.xq")
9	-# This test is introduced by DECLARE_ZORBA_MODULE(), so this is the
10	-# best place for the EXPECTED_FAILURE() (especially because we're
11	-# cheating and using the undocumented ${num_zorba_modules}).
12	-#EXPECTED_FAILURE("check_mod_${num_zorba_modules}_client.xq" 3389465)
13	+DECLARE_ZORBA_MODULE (URI "http://www.zorba-xquery.com/modules/oauth/client" VERSION 2.0 FILE "client.xq")
14
15	DECLARE_ZORBA_MODULE (URI "http://www.zorba-xquery.com/modules/oauth/error" VERSION 1.0 FILE "error.xq")
16
17	=== modified file 'src/com/zorba-xquery/www/modules/oauth/client.xq'
18	--- src/com/zorba-xquery/www/modules/oauth/client.xq 2012-04-25 16:32:43 +0000
19	+++ src/com/zorba-xquery/www/modules/oauth/client.xq 2012-12-14 07:20:25 +0000
20	@@ -31,7 +31,7 @@
21	module namespace oauth = "http://www.zorba-xquery.com/modules/oauth/client";
22
23	import module namespace ra = "http://www.zorba-xquery.com/modules/random";
24	-import module namespace hmac = "http://www.zorba-xquery.com/modules/cryptography/hmac";
25	+import module namespace hmac = "http://www.zorba-xquery.com/modules/cryptography/hmac#2.0";
26	import module namespace http-client = "http://expath.org/ns/http-client";
27	import schema namespace http = "http://expath.org/ns/http-client";
28
29	@@ -52,7 +52,7 @@
30
31	declare option op:disable "f:trace";
32
33	-declare option ver:module-version "1.0";
34	+declare option ver:module-version "2.0";
35
36	(:~
37	: Utility function to build a service provider object.
38	@@ -504,7 +504,7 @@
39	: uses the hmac-sha1 algorithm found here @see http://tools.ietf.org/html/rfc2104
40	:)
41	if($oauth-signature-method = "HMAC-SHA1")
42	- then hmac:sha1($base-string, $key)
43	+ then xs:string(hmac:sha1($base-string, $key))
44	(:
45	: RSA-SHA1
46	: @see http://tools.ietf.org/html/rfc5849#section-3.4.3