Incorrect signature generated

[renaatdemuynck]

When passing a request object created via ServerRequest::fromGlobals() an incorrect signature is generated. It seems that the parameter 'oauth_signature' is unset and then re-added after adding the body contents to the params in method getSignature(). Clearing the body fixes the issue.

Code to reproduce the issue:

use GuzzleHttp\Subscriber\Oauth\Oauth1;
use GuzzleHttp\Psr7\ServerRequest;
use function GuzzleHttp\Psr7\stream_for;

$oauth = new Oauth1([
    'consumer_key' => 'key',
    'consumer_secret' => 'secret',
    'token_secret' => ''
]);

$signature = $oauth->getSignature(ServerRequest::fromGlobals(), $_POST);
var_dump($signature === $_POST['oauth_signature']); // false

$signature = $oauth->getSignature(ServerRequest::fromGlobals()->withBody(stream_for()), $_POST);
var_dump($signature === $_POST['oauth_signature']); // true

Possible fix:
Move the line that unsets the 'oauth_signature' parameter after the code that adds the body contents and query parameters:

public function getSignature(RequestInterface $request, array $params)
{
    // Add POST fields if the request uses POST fields and no files
    if ($request->getHeaderLine('Content-Type') == 'application/x-www-form-urlencoded') {
        $body = \GuzzleHttp\Psr7\parse_query($request->getBody()->getContents());
        $params += $body;
    }

    // Parse & add query string parameters as base string parameters
    $query = $request->getUri()->getQuery();
    $params += \GuzzleHttp\Psr7\parse_query($query);

    // Remove oauth_signature if present
    // Ref: Spec: 9.1.1 ("The oauth_signature parameter MUST be excluded.")
    unset($params['oauth_signature']);

[lwohlhart]

Just ran into the same issue.
I supposed the suggestion is a valid fix.