requests-oauthlib
requests-oauthlib copied to clipboard
requests
oauthlib raises exception due to unquoted apostrophe or single quote
I'm attempting to make a request that has a query parameter which contains apostrophes. oauthlib seems to only consider =&;:%+~,*@!()/? to be safe, but requests isn't encoding the apostrophe as %27, since it's passing !#$%&'()*+,/:;=?@[]~ as the safe list to urllib's quote here.
I'm not really sure what the intentions of the various intermediate encoding steps are to fix the issue.
Expected Result
A successful GET request with a query parameter that includes apostrophes when using the requests_oauthlib plugin.
Actual Result
oauthlib raises an exception here due to the single quote not being encoded.
Reproduction Steps
from requests.utils import requote_uri
from oauthlib.common import urldecode
requoted_uri = requote_uri("SELECT * FROM Deposit WHERE TxnDate >= '2017-08-01' AND TxnDate < '2017-09-01'")
urldecode(requoted_uri)
System Information
$ python -m requests.help
{
"chardet": {
"version": "3.0.4"
},
"cryptography": {
"version": ""
},
"idna": {
"version": "2.6"
},
"implementation": {
"name": "CPython",
"version": "3.6.1"
},
"platform": {
"release": "7",
"system": "Windows"
},
"pyOpenSSL": {
"openssl_version": "",
"version": null
},
"requests": {
"version": "2.18.4"
},
"system_ssl": {
"version": "100020bf"
},
"urllib3": {
"version": "1.22"
},
"using_pyopenssl": false
}
It seems like oauthlib might be expecting a fully x-www-form-urlencoded uri, but requests is only unquoting unreserved characters here before passing the uri to the auth client here.
Hm. It seems like oauthlib and Requests are disagreeing on what URL spec to follow. I can be convinced that Requests is in the wrong here.
