Skip Menu |

This queue is for tickets about the Finance-MtGox CPAN distribution.

Report information
The Basics
Id: 80681
Status: open
Priority: 0/
Queue: Finance-MtGox
People
Owner: Nobody in particular
Requestors: pagenyon [...] gmail.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Nov 07 04:07:45 2012 pagenyon [...] gmail.com - Ticket created
Subject: Make header safe when using with clients other than LWP/Mech
Finance::MtGox::_build_api_method_request creates an invalid HTTP header. Because Rest-Sign is the result of a a regular base64-encoding, it usually contains embedded newlines, which are invalid in headers. LWP::Protocol::http takes care of that by replacing newlines with spaces, but if a user wants to use the internal method to construct an HTTP::Request to use with a different HTTP client, it will not work, because most other clients don't perform this non-standard cleanup. Finance::MtGox should itself replace the newlines with spaces. A possible alternative is to use MIME::Base64::encode_base64url instead of MIME::Base64::encode_base64, though I haven't tested that.
  Thu Dec 06 22:53:52 2012 RWSTAUNER [...] cpan.org - Correspondence added
Base64 decoders typically ignore unknown characters (like whitespace). It should be safe to just strip them out since that's what the LWP module has been doing anyway. Additionally MIME::Base64::encode_base64() accepts an eol character as the second parameter (which defaults to "\n"). So you could pass an empty string as the second parameter to get the same effect (as is stated in the docs). I have attached a patch with a small test file to demonstrate. I don't know much about the module though so adjust as necessary.
Subject: mtgox-base64-no-newlines.patch
diff --git a/lib/Finance/MtGox.pm b/lib/Finance/MtGox.pm index f58a4f1..5aea402 100644 --- a/lib/Finance/MtGox.pm +++ b/lib/Finance/MtGox.pm @@ -309,7 +309,7 @@ sub _generate_nonce { sub _sign { my ( $self, $message ) = @_; my $secret = decode_base64( $self->_secret ); - return encode_base64( hmac_sha512( $message, $secret ) ); + return encode_base64( hmac_sha512( $message, $secret ), '' ); } =head1 AUTHOR diff --git a/t/http-request.t b/t/http-request.t index e69de29..1a32f17 100644 --- a/t/http-request.t +++ b/t/http-request.t @@ -0,0 +1,25 @@ +use strict; +use warnings; + +use Finance::MtGox; +use Test::More tests => 6; + +my $key = 'K'; +my $secret = 'S'; +my $mtgox = Finance::MtGox->new({ + key => $key, + secret => $secret, +}); +ok( $mtgox, 'Finance::MtGox object created' ); + +my $req = $mtgox->_build_api_method_request('POST', 'N', 'P'); + +like $req->uri, qr{https://mtgox\.com/api/0/P/N\.php}, 'uri'; + +like $req->content, qr/nonce=\d+/, 'nonce'; + +is $req->header('content-type'), 'application/x-www-form-urlencoded', 'content-type'; + +is $req->header('rest-key'), 'K', 'rest-key header'; + +unlike $req->header('rest-sign'), qr/\n/, 'no newlines in header';
  Thu Dec 06 22:53:53 2012 The RT System itself - Status changed from 'new' to 'open'