Issue #3 resolved

Make source of request parameters clear

Peter Tröger
created an issue

Quoting the documentation of 'authenticate':

"Response is the query string as parsed by cgi.parse_qs."

The method is deprecated in module cgi, so it should be urlparse.parse_qs. Beside this, it would be much more helpful to accept a simple dictionary of HTTP parameters, which can be generated from both Django HTTPRequest objects and the cgi / urlparse module.

Comments (3)

  1. Peter Tröger reporter
    • marked as bug

    With the current situation, the following code is needed to convert a Django HTTPRequest object into an appropriate data structure for the authenticate call:

    query={}
    for key, val in request.GET.iteritems():
      query[key.encode('utf-8','ignore')]=[val.encode('utf-8','ignore')]
    

    Converting from the cgi module output to a simple dictionary would have been just one list comprehension. In addition, I needed to make the character encoding explicitely UTF-8. Unicode (the Django default) and ASCII did not work.

  2. Martin von Löwis repo owner

    It's essential that the original byte representation of the query parameters becomes available to the library, or can at least be restored. Otherwise, signature checking would fail. So using the 'ignore' parameter for UTF-8 is surely a mistake; it would be better if Django provided somehow the full original GET parameters (possibly URL-decoded).

  3. Log in to comment