Package fitbit: Don't URL-decode Fitbit's signature.

The documentation states that that should be done, but then the signature
may include "+", which URL decode turns into a space …

diff --git a/fitbit/fitbit.go b/fitbit/fitbit.go
index f871604..2c0a04a 100644 (file)
--- a/fitbit/fitbit.go
+++ b/fitbit/fitbit.go
@@ -9,7 +9,6 @@ import (
        "fmt"
        "io/ioutil"
        "net/http"
-       "net/url"
        "time"
 
        "github.com/octo/gfitsync/app"
@@ -46,14 +45,9 @@ func ParseToken(ctx context.Context, r *http.Request, u *app.User) error {
 }
 
 func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool {
-       base64Sig, err := url.QueryUnescape(rawSig)
+       signatureGot, err := base64.StdEncoding.DecodeString(rawSig)
        if err != nil {
-               log.Errorf(ctx, "QueryUnescape(%q) = %v", rawSig, err)
-               return false
-       }
-       signatureGot, err := base64.StdEncoding.DecodeString(base64Sig)
-       if err != nil {
-               log.Errorf(ctx, "base64.StdEncoding.DecodeString(%q) = %v", base64Sig, err)
+               log.Errorf(ctx, "base64.StdEncoding.DecodeString(%q) = %v", rawSig, err)
                return false
        }