Encode consumerSecret, back out change that exposes req.

Author: jaredhanson

lib/passport-http-oauth/strategies/consumer.js

@@ -289,7 +289,7 @@ ConsumerStrategy.prototype.authenticate = function(req) {
         , base = utils.constructBaseString(req.method, normalizedURL, normalizedParams);
 
       if (signatureMethod == 'HMAC-SHA1') {
-        var key = consumerSecret + '&';
+        var key = utils.encode(consumerSecret) + '&';
         if (tokenSecret) { key += utils.encode(tokenSecret); }
         var computedSignature = utils.hmacsha1(key, base);
 

lib/passport-http-oauth/strategies/token.js

@@ -117,7 +117,6 @@ function TokenStrategy(options, consumer, verify, validate) {
   this._host = options.host || null;
   this._realm = options.realm || 'Users';
   this._ignoreVersion = options.ignoreVersion || false;
-  this.req = null;
 }
 
 /**
@@ -136,7 +135,6 @@ TokenStrategy.prototype.authenticate = function(req) {
   var params = undefined
     , header = null;
 
-  this.req = req;
   if (req.headers && req.headers['authorization']) {
     var parts = req.headers['authorization'].split(' ');
     if (parts.length >= 2) {
@@ -221,7 +219,7 @@ TokenStrategy.prototype.authenticate = function(req) {
         , base = utils.constructBaseString(req.method, normalizedURL, normalizedParams);
 
       if (signatureMethod == 'HMAC-SHA1') {
-        var key = consumerSecret + '&';
+        var key = utils.encode(consumerSecret) + '&';
         if (tokenSecret) { key += utils.encode(tokenSecret); }
         var computedSignature = utils.hmacsha1(key, base);