Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

oauthlib raises exception due to unquoted apostrophe or single quote #298

Open
chancyk opened this issue Nov 2, 2017 · 2 comments
Open

Comments

@chancyk
Copy link

chancyk commented Nov 2, 2017

I'm attempting to make a request that has a query parameter which contains apostrophes. oauthlib seems to only consider =&;:%+~,*@!()/? to be safe, but requests isn't encoding the apostrophe as %27, since it's passing !#$%&'()*+,/:;=?@[]~ as the safe list to urllib's quote here.

I'm not really sure what the intentions of the various intermediate encoding steps are to fix the issue.

Expected Result

A successful GET request with a query parameter that includes apostrophes when using the requests_oauthlib plugin.

Actual Result

oauthlib raises an exception here due to the single quote not being encoded.

Reproduction Steps

from requests.utils import requote_uri
from oauthlib.common import urldecode

requoted_uri = requote_uri("SELECT * FROM Deposit WHERE TxnDate >= '2017-08-01' AND TxnDate < '2017-09-01'")
urldecode(requoted_uri)

System Information

$ python -m requests.help
{
  "chardet": {
    "version": "3.0.4"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "2.6"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.6.1"
  },
  "platform": {
    "release": "7",
    "system": "Windows"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.18.4"
  },
  "system_ssl": {
    "version": "100020bf"
  },
  "urllib3": {
    "version": "1.22"
  },
  "using_pyopenssl": false
}
@chancyk
Copy link
Author

chancyk commented Nov 2, 2017

It seems like oauthlib might be expecting a fully x-www-form-urlencoded uri, but requests is only unquoting unreserved characters here before passing the uri to the auth client here.

@Lukasa
Copy link
Member

Lukasa commented Nov 4, 2017

Hm. It seems like oauthlib and Requests are disagreeing on what URL spec to follow. I can be convinced that Requests is in the wrong here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants