Squashed commit of the following:

commit fcebc08f6d89437ba84288a25498ae094fd4f16d
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:59:33 2018 +0000

    update changelog

commit 74491698857cb2e111006efb349e1f10c2e3cf1d
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:58:25 2018 +0000

    Modify the micropub controller to look for the token in the right palce (as set by the token middleware

commit 0fd11ff8391062fbe70f3a28d6a98694dc25b36b
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:57:40 2018 +0000

    If the access token is sent as a bearer token in the http headers, merge it into the request data so the controllers only have one place to look

commit 9e154ec4bc17be3071280409a3f6bb7f02dad816
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:56:33 2018 +0000

    Add a test with the access token being form encoded

app/Http/Controllers/MicropubController.php

@@ -45,7 +45,8 @@ class MicropubController extends Controller
     public function post()
     {
         try {
-            $tokenData = $this->tokenService->validateToken(request()->bearerToken());
+            info(request()->input('access_token'));
+            $tokenData = $this->tokenService->validateToken(request()->input('access_token'));
         } catch (InvalidTokenException $e) {
             return $this->invalidTokenResponse();
         }
@@ -254,7 +255,7 @@ class MicropubController extends Controller
     private function getClientId(): string
     {
         return resolve(TokenService::class)
-            ->validateToken(request()->bearerToken())
+            ->validateToken(request()->input('access_token'))
             ->getClaim('client_id');
     }
 

app/Http/Middleware/VerifyMicropubToken.php

@@ -15,14 +15,20 @@ class VerifyMicropubToken
      */
     public function handle($request, Closure $next)
     {
-        if ($request->bearerToken() === null) {
-            return response()->json([
-                'response' => 'error',
-                'error' => 'unauthorized',
-                'error_description' => 'No access token was provided in the request',
-            ], 401);
+        if ($request->input('access_token')) {
+            return $next($request);
         }
 
-        return $next($request);
+        if ($request->bearerToken()) {
+            return $next($request->merge([
+                'access_token' => $request->bearerToken(),
+            ]));
+        }
+
+        return response()->json([
+            'response' => 'error',
+            'error' => 'unauthorized',
+            'error_description' => 'No access token was provided in the request',
+        ], 401);
     }
 }

changelog.md

@@ -1,5 +1,8 @@
 # Changelog
 
+## Version {next}
+  - Update micropub endpoint to support access tokens being sent in either acceptable form
+
 ## Version 0.15.1 (2018-01-06)
   - Update dependencies and recompile frontend assets, fix tests
   - Only normalise tags in the URL, not in the actual link text

tests/Feature/MicropubControllerTest.php

@@ -875,4 +875,22 @@ class MicropubControllerTest extends TestCase
         $response->assertStatus(400);
         $response->assertJson(['error_description' => 'The uploaded file failed validation']);
     }
+
+    public function test_access_token_form_encoded()
+    {
+        $faker = \Faker\Factory::create();
+        $note = $faker->text;
+        $response = $this->call(
+            'POST',
+            '/api/post',
+            [
+                'h' => 'entry',
+                'content' => $note,
+                'published' => Carbon::now()->toW3CString(),
+                'access_token' => $this->getToken(),
+            ]
+        );
+        $response->assertJson(['response' => 'created']);
+        $this->assertDatabaseHas('notes', ['note' => $note]);
+    }
 }