tumblesocks icon indicating copy to clipboard operation
tumblesocks copied to clipboard

Published 20 hours ago verified publisher icon gcr

API connect broken, insecure

Open ryantate opened this issue 5 years ago • 5 comments

Won't connect to Tumblr. Tumblr end is fine, author's server returns a code to put into emacs, albeit over an unencrypted http link, which is pretty unforgivable in 2020. Anyway, once you put in the code, it still doesn't work. Even if you do the "forget" command, and try it all again, it's just an endless loop of broken with no way to debug (sparse use of Messages buffer) :-\

ryantate avatar Jan 12 '20 18:01 ryantate

i suppose the API has changed. i would also love to be able to post to interact with tumblr from emacs, especially since they disabled their post by email feature.

mooseyboots avatar May 06 '21 12:05 mooseyboots

i got tumblesocks working again by setting: (setq oauth-nonce-function #'oauth-internal-make-nonce)

as per https://danzorx.tumblr.com/post/36832512247/a-weird-oauth-el-issue-when-trying-to-set-up, mentioned in another issue.

mooseyboots avatar Jan 17 '22 14:01 mooseyboots

Tumblesocks doesn't work for me. On WSL with GNU Emacs 28.2 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.35, cairo version 1.16.0) of 2022-12-20, modified by Debian tumblesocks-api-test-auth generates a nil token. The URL is: https://www.tumblr.com/oauth/authorize?oauth_token=nil.

elpa gives me the following dependencies: oauth-20130128.151, htmlize-20210825.2150, markdown-mode-20221105.236.

I read https://billisalive.tumblr.com/ and https://danzorx.tumblr.com/post/36832512247/a-weird-oauth-el-issue-when-trying-to-set-up but couldn't get tumblesocks to work.

gargle avatar Dec 21 '22 19:12 gargle

On my debian box I'm able to copy the code from the tumblr webpage, but then I get the "Looks likeomething broke." error message. I get an error in oauth.el: hmac-sha1: key QuH.....th1SK must be unibyte.

gargle avatar Dec 26 '22 18:12 gargle

I am able to login onto tumblr with tumblesocks but I have to replace oauth-build-signature-hmac-sha1 with

(defun oauth-build-signature-hmac-sha1 (req secret)
  "Returns the signature for the given request object"
  (let* ((token (oauth-request-token req))
         (key (concat secret "&" (when token (oauth-t-token-secret token))))
         (hmac-params
          (list (string-to-unibyte (encode-coding-string key 'utf-8 t))
                (string-to-unibyte (encode-coding-string
                 (oauth-build-signature-basestring-hmac-sha1 req) 'utf-8 t)))))
    (if oauth-hmac-sha1-param-reverse (setq hmac-params (reverse hmac-params)))
    (base64-encode-string (apply 'hmac-sha1 hmac-params))))

I receive a Hello, gargle! Tumblesocks is working properly.

I also had to change

(flet ((shr-ensure-paragraph () 0))

in tumblesocks-view-insert-parsed-html-fragment with

(cl-flet ((shr-ensure-paragraph () 0))

I have a dashboard now.

I haven't throughly tested tumblesocks. Perhaps there are more errors.

gargle avatar Dec 29 '22 19:12 gargle