[empathy/gnome-3-6] SASL: fix facebook mechanism



commit a08792a8a24733ca4dee7b1034ffbcf73b01fe91
Author: Xavier Claessens <xavier claessens collabora co uk>
Date:   Thu Oct 31 13:39:21 2013 -0400

    SASL: fix facebook mechanism
    
    libsoup was escaping '_' and '.' in the challenge response but the
    facebook server is not expecting that.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=707747

 libempathy/empathy-sasl-mechanisms.c |   33 +++++++++++++++++----------------
 1 files changed, 17 insertions(+), 16 deletions(-)
---
diff --git a/libempathy/empathy-sasl-mechanisms.c b/libempathy/empathy-sasl-mechanisms.c
index 3eaa010..3383bbd 100644
--- a/libempathy/empathy-sasl-mechanisms.c
+++ b/libempathy/empathy-sasl-mechanisms.c
@@ -155,8 +155,7 @@ facebook_new_challenge_cb (TpChannel *channel,
   GSimpleAsyncResult *result = user_data;
   FacebookData *data;
   GHashTable *h;
-  GHashTable *params;
-  gchar *response;
+  GString *response_string;
   GArray *response_array;
 
   DEBUG ("new challenge: %s", challenge->data);
@@ -165,27 +164,29 @@ facebook_new_challenge_cb (TpChannel *channel,
 
   h = soup_form_decode (challenge->data);
 
-  /* See https://developers.facebook.com/docs/chat/#platauth */
-  params = g_hash_table_new (g_str_hash, g_str_equal);
-  g_hash_table_insert (params, "method", g_hash_table_lookup (h, "method"));
-  g_hash_table_insert (params, "nonce", g_hash_table_lookup (h, "nonce"));
-  g_hash_table_insert (params, "access_token", data->access_token);
-  g_hash_table_insert (params, "api_key", data->client_id);
-  g_hash_table_insert (params, "call_id", "0");
-  g_hash_table_insert (params, "v", "1.0");
-
-  response = soup_form_encode_hash (params);
-  DEBUG ("Response: %s", response);
+  /* See https://developers.facebook.com/docs/chat/#platauth.
+   * We don't use soup_form_encode() here because it would escape parameters
+   * and facebook server is not expecting that and would reject the response. */
+  response_string = g_string_new ("v=1.0&call_id=0");
+  g_string_append (response_string, "&access_token=");
+  g_string_append_uri_escaped (response_string, data->access_token, NULL, TRUE);
+  g_string_append (response_string, "&api_key=");
+  g_string_append_uri_escaped (response_string, data->client_id, NULL, TRUE);
+  g_string_append (response_string, "&method=");
+  g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "method"), NULL, TRUE);
+  g_string_append (response_string, "&nonce=");
+  g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "nonce"), NULL, TRUE);
+
+  DEBUG ("Response: %s", response_string->str);
 
   response_array = g_array_new (FALSE, FALSE, sizeof (gchar));
-  g_array_append_vals (response_array, response, strlen (response));
+  g_array_append_vals (response_array, response_string->str, response_string->len);
 
   tp_cli_channel_interface_sasl_authentication_call_respond (data->channel, -1,
       response_array, generic_cb, g_object_ref (result), g_object_unref, NULL);
 
   g_hash_table_unref (h);
-  g_hash_table_unref (params);
-  g_free (response);
+  g_string_free (response_string, TRUE);
   g_array_unref (response_array);
 }
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]