php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72006 oauth_problem=parameter_absent with php-fpm on nginx
Submitted: 2016-04-11 19:44 UTC Modified: 2016-05-10 04:23 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: cweiske@php.net Assigned: seander (profile)
Status: Closed Package: oauth (PECL)
PHP Version: 7.0.5 OS:
Private report: No CVE-ID: None
 [2016-04-11 19:44 UTC] cweiske@php.net
Description:
------------
Sending an OAuth request to php-fpm 7.0.5 with oauth 2.0.1dev (git 5fb568c) on nginx 1.8.1 always fails with the following error:

> oauth_problem=parameter_absent

This happens although the HTTP_AUTHORIZATION $_SERVER variable contains the correct Authentication header line.

Calling the test script with curl and some oauth headers yields a signature_invalid message if all works fine, and the described parameter_absent error on my nginx test host.

Test script:
---------------
<?php
try {
    var_dump($_SERVER['HTTP_AUTHORIZATION']);
    $provider = new OAuthProvider();
    $provider->isRequestTokenEndpoint(true);
    $provider->consumerHandler(function(){return OAUTH_OK;});
    $provider->timestampNonceHandler(function(){return OAUTH_OK;});
    $provider->checkOAuthRequest();
} catch (OAuthException $e) {
    header('HTTP/1.0 400 Bad Request');
    echo OAuthProvider::reportProblem($e);
    exit(2);
}


Expected result:
----------------
$ curl -H 'Authorization: OAuth realm="test",oauth_consumer_key="test",oauth_nonce="test",oauth_signature="test",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1",oauth_token="test",oauth_version="1.0"' http://localhost/server.php

oauth_problem=signature_invalid&debug_sbs=GET&http%3A%2F%2Flocalhost%2Fserver.php&oauth_consumer_key%3Dtest%26oauth_nonce%3Dtest%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1%26oauth_token%3Dtest%26oauth_version%3D1.0


Actual result:
--------------
$ curl -H 'Authorization: OAuth realm="test",oauth_consumer_key="test",oauth_nonce="test",oauth_signature="test",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1",oauth_token="test",oauth_version="1.0"' http://localhost:8080/server.php

string(180) "OAuth realm="test",oauth_consumer_key="test",oauth_nonce="test",oauth_signature="test",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1",oauth_token="test",oauth_version="1.0""

oauth_problem=parameter_absent&oauth_parameters_absent=oauth_consumer_key%26oauth_signature%26oauth_signature_method%26oauth_nonce%26oauth_timestamp


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-04-13 12:28 UTC] mike dot meierhuber at xoxy dot net
Exact same wrong result here with
lighttpd 1.4.39
php 7.0.5
pecl-oauth 2.0.1
 [2016-05-10 04:21 UTC] seander@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: seander
 [2016-05-10 04:23 UTC] seander@php.net
Hey everyone, would you mind trying the dev version (git 89c8886b88972abb266db8f2cb126eeaa2718262)

It looks like this regressed in https://bugs.php.net/bug.php?id=67883, short explanation of the fix from my commit message.

"Fix #72006, OAuth provider should be plucking values from HTTP_AUTHORIZATION OR REDIRECT_HTTP_AUTHORIZATION. Instead it was failing if both were not set"

If this works for everyone, and doesn't break anything I can push out a new version.
 [2016-05-14 18:21 UTC] cweiske@php.net
Where is this patch? Apparently not in php.net's oauth pecl repo - https://github.com/cweiske/grauphel/issues/38#issuecomment-219208216
 [2016-05-16 06:14 UTC] seander@php.net
Automatic comment on behalf of sean@siobud.com
Revision: http://git.php.net/?p=pecl/web_services/oauth.git;a=commit;h=89c8886b88972abb266db8f2cb126eeaa2718262
Log: Fix #72006, OAuth provider should be plucking values from HTTP_AUTHORIZATION OR REDIRECT_HTTP_AUTHORIZATION. Instead it was failing if both were not set
 [2016-05-16 06:14 UTC] seander@php.net
-Status: Assigned +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 20:01:28 2024 UTC