From 761a83d9e7408d0e47e8c279052b93f8d9edb511 Mon Sep 17 00:00:00 2001 From: Xavier Claessens Date: Thu, 31 Oct 2013 13:39:21 -0400 Subject: [PATCH] SASL: fix facebook mechanism libsoup was escaping '_' and '.' in the challenge response but the facebook server is not expecting that. https://bugzilla.gnome.org/show_bug.cgi?id=707747 --- libempathy/empathy-sasl-mechanisms.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/libempathy/empathy-sasl-mechanisms.c b/libempathy/empathy-sasl-mechanisms.c index ffb3aa4..05a2de9 100644 --- a/libempathy/empathy-sasl-mechanisms.c +++ b/libempathy/empathy-sasl-mechanisms.c @@ -156,8 +156,7 @@ facebook_new_challenge_cb (TpChannel *channel, GSimpleAsyncResult *result = user_data; FacebookData *data; GHashTable *h; - GHashTable *params; - gchar *response; + GString *response_string; GArray *response_array; DEBUG ("new challenge: %s", challenge->data); @@ -166,27 +165,29 @@ facebook_new_challenge_cb (TpChannel *channel, h = soup_form_decode (challenge->data); - /* See https://developers.facebook.com/docs/chat/#platauth */ - params = g_hash_table_new (g_str_hash, g_str_equal); - g_hash_table_insert (params, "method", g_hash_table_lookup (h, "method")); - g_hash_table_insert (params, "nonce", g_hash_table_lookup (h, "nonce")); - g_hash_table_insert (params, "access_token", data->access_token); - g_hash_table_insert (params, "api_key", data->client_id); - g_hash_table_insert (params, "call_id", "0"); - g_hash_table_insert (params, "v", "1.0"); - - response = soup_form_encode_hash (params); - DEBUG ("Response: %s", response); + /* See https://developers.facebook.com/docs/chat/#platauth. + * We don't use soup_form_encode() here because it would escape parameters + * and facebook server is not expecting that and would reject the response. */ + response_string = g_string_new ("v=1.0&call_id=0"); + g_string_append (response_string, "&access_token="); + g_string_append_uri_escaped (response_string, data->access_token, NULL, TRUE); + g_string_append (response_string, "&api_key="); + g_string_append_uri_escaped (response_string, data->client_id, NULL, TRUE); + g_string_append (response_string, "&method="); + g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "method"), NULL, TRUE); + g_string_append (response_string, "&nonce="); + g_string_append_uri_escaped (response_string, g_hash_table_lookup (h, "nonce"), NULL, TRUE); + + DEBUG ("Response: %s", response_string->str); response_array = g_array_new (FALSE, FALSE, sizeof (gchar)); - g_array_append_vals (response_array, response, strlen (response)); + g_array_append_vals (response_array, response_string->str, response_string->len); tp_cli_channel_interface_sasl_authentication_call_respond (data->channel, -1, response_array, generic_cb, g_object_ref (result), g_object_unref, NULL); g_hash_table_unref (h); - g_hash_table_unref (params); - g_free (response); + g_string_free (response_string, TRUE); g_array_unref (response_array); } -- 1.8.3.2