diff --git a/app/Http/Controllers/TokenEndpointController.php b/app/Http/Controllers/TokenEndpointController.php index edda2f25..f6c4fc19 100644 --- a/app/Http/Controllers/TokenEndpointController.php +++ b/app/Http/Controllers/TokenEndpointController.php @@ -5,8 +5,8 @@ declare(strict_types=1); namespace App\Http\Controllers; use IndieAuth\Client; -use Illuminate\Http\Response; use App\Services\TokenService; +use Illuminate\Http\JsonResponse; class TokenEndpointController extends Controller { @@ -37,9 +37,9 @@ class TokenEndpointController extends Controller /** * If the user has auth’d via the IndieAuth protocol, issue a valid token. * - * @return \Illuminate\Http\Response + * @return \Illuminate\Http\JsonResponse */ - public function create(): Response + public function create(): JsonResponse { $authorizationEndpoint = $this->client->discoverAuthorizationEndpoint(normalize_url(request()->input('me'))); if ($authorizationEndpoint) { @@ -58,21 +58,22 @@ class TokenEndpointController extends Controller 'scope' => $scope, ]; $token = $this->tokenService->getNewToken($tokenData); - $content = http_build_query([ + $content = [ 'me' => request()->input('me'), 'scope' => $scope, 'access_token' => $token, - ]); + ]; - return response($content)->header( - 'Content-Type', - 'application/x-www-form-urlencoded' - ); + return response()->json($content); } - return response('There was an error verifying the authorisation code.', 400); + return response()->json([ + 'error' => 'There was an error verifying the authorisation code.' + ], 401); } - return response('Can’t determine the authorisation endpoint.', 400); + return response()->json([ + 'error' => 'Can’t determine the authorisation endpoint.' + ], 400); } } diff --git a/changelog.md b/changelog.md index 493b3056..a951fa59 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,8 @@ # Changelog +## Version {next} + - Send tokens as a json response + ## Version 0.15.6 (2018-01-27) - Fix uploading files sent to the media endpoint to S3 diff --git a/tests/Feature/TokenEndpointTest.php b/tests/Feature/TokenEndpointTest.php index 67739729..19b2b49f 100644 --- a/tests/Feature/TokenEndpointTest.php +++ b/tests/Feature/TokenEndpointTest.php @@ -5,6 +5,7 @@ namespace Tests\Feature; use Mockery; use Tests\TestCase; use IndieAuth\Client; +use Illuminate\Http\JsonResponse; class TokenEndpointTest extends TestCase { @@ -28,9 +29,10 @@ class TokenEndpointTest extends TestCase 'client_id' => config('app.url') . '/micropub-client', 'state' => mt_rand(1000, 10000), ]); - parse_str($response->content(), $output); - $this->assertEquals(config('app.url'), $output['me']); - $this->assertTrue(array_key_exists('access_token', $output)); + $response->assertJson([ + 'me' => config('app.url'), + 'scope' => 'create update', + ]); } public function test_token_endpoint_returns_error_when_auth_endpoint_lacks_me_data() @@ -52,8 +54,10 @@ class TokenEndpointTest extends TestCase 'client_id' => config('app.url') . '/micropub-client', 'state' => mt_rand(1000, 10000), ]); - $response->assertStatus(400); - $response->assertSeeText('There was an error verifying the authorisation code.'); + $response->assertStatus(401); + $response->assertJson([ + 'error' => 'There was an error verifying the authorisation code.' + ]); } public function test_token_endpoint_returns_error_when_no_auth_endpoint_found() @@ -72,6 +76,8 @@ class TokenEndpointTest extends TestCase 'state' => mt_rand(1000, 10000), ]); $response->assertStatus(400); - $response->assertSeeText('Can’t determine the authorisation endpoint.'); + $response->assertJson([ + 'error' => 'Can’t determine the authorisation endpoint.'] + ); } }