Squashed commit of the following:

commit fcebc08f6d89437ba84288a25498ae094fd4f16d Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Wed Jan 10 21:59:33 2018 +0000 update changelog commit 74491698857cb2e111006efb349e1f10c2e3cf1d Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Wed Jan 10 21:58:25 2018 +0000 Modify the micropub controller to look for the token in the right palce (as set by the token middleware commit 0fd11ff8391062fbe70f3a28d6a98694dc25b36b Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Wed Jan 10 21:57:40 2018 +0000 If the access token is sent as a bearer token in the http headers, merge it into the request data so the controllers only have one place to look commit 9e154ec4bc17be3071280409a3f6bb7f02dad816 Author: Jonny Barnes <jonny@jonnybarnes.uk> Date: Wed Jan 10 21:56:33 2018 +0000 Add a test with the access token being form encoded
2018-01-10 22:00:03 +00:00 · 2018-01-10 22:00:03 +00:00 · 8772db973b
commit 8772db973b
parent a5f17944d2
4 changed files with 37 additions and 9 deletions
--- a/app/Http/Controllers/MicropubController.php
+++ b/app/Http/Controllers/MicropubController.php
@ -45,7 +45,8 @@ class MicropubController extends Controller
    public function post()
    {
        try {
-            $tokenData = $this->tokenService->validateToken(request()->bearerToken());
+            info(request()->input('access_token'));
            $tokenData = $this->tokenService->validateToken(request()->input('access_token'));
        } catch (InvalidTokenException $e) {
            return $this->invalidTokenResponse();
        }
@ -254,7 +255,7 @@ class MicropubController extends Controller
    private function getClientId(): string
    {
        return resolve(TokenService::class)
-            ->validateToken(request()->bearerToken())
+            ->validateToken(request()->input('access_token'))
            ->getClaim('client_id');
    }
--- a/app/Http/Middleware/VerifyMicropubToken.php
+++ b/app/Http/Middleware/VerifyMicropubToken.php
@ -15,14 +15,20 @@ class VerifyMicropubToken
     */
    public function handle($request, Closure $next)
    {
-        if ($request->bearerToken() === null) {
+        if ($request->input('access_token')) {
            return $next($request);
        }
        if ($request->bearerToken()) {
            return $next($request->merge([
                'access_token' => $request->bearerToken(),
            ]));
        }
        return response()->json([
            'response' => 'error',
            'error' => 'unauthorized',
            'error_description' => 'No access token was provided in the request',
        ], 401);
    }
        return $next($request);
    }
 }
--- a/changelog.md
+++ b/changelog.md
@ -1,5 +1,8 @@
 # Changelog
 ## Version {next}
  - Update micropub endpoint to support access tokens being sent in either acceptable form
 ## Version 0.15.1 (2018-01-06)
  - Update dependencies and recompile frontend assets, fix tests
  - Only normalise tags in the URL, not in the actual link text
--- a/tests/Feature/MicropubControllerTest.php
+++ b/tests/Feature/MicropubControllerTest.php
@ -875,4 +875,22 @@ class MicropubControllerTest extends TestCase
        $response->assertStatus(400);
        $response->assertJson(['error_description' => 'The uploaded file failed validation']);
    }
    public function test_access_token_form_encoded()
    {
        $faker = \Faker\Factory::create();
        $note = $faker->text;
        $response = $this->call(
            'POST',
            '/api/post',
            [
                'h' => 'entry',
                'content' => $note,
                'published' => Carbon::now()->toW3CString(),
                'access_token' => $this->getToken(),
            ]
        );
        $response->assertJson(['response' => 'created']);
        $this->assertDatabaseHas('notes', ['note' => $note]);
    }
 }