From 8772db973ba0c1ecb5e7ed08685e2974d95fa905 Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Wed, 10 Jan 2018 22:00:03 +0000
Subject: [PATCH] Squashed commit of the following:

commit fcebc08f6d89437ba84288a25498ae094fd4f16d
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:59:33 2018 +0000

    update changelog

commit 74491698857cb2e111006efb349e1f10c2e3cf1d
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:58:25 2018 +0000

    Modify the micropub controller to look for the token in the right palce (as set by the token middleware

commit 0fd11ff8391062fbe70f3a28d6a98694dc25b36b
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:57:40 2018 +0000

    If the access token is sent as a bearer token in the http headers, merge it into the request data so the controllers only have one place to look

commit 9e154ec4bc17be3071280409a3f6bb7f02dad816
Author: Jonny Barnes <jonny@jonnybarnes.uk>
Date:   Wed Jan 10 21:56:33 2018 +0000

    Add a test with the access token being form encoded
---
 app/Http/Controllers/MicropubController.php |  5 +++--
 app/Http/Middleware/VerifyMicropubToken.php | 20 +++++++++++++-------
 changelog.md                                |  3 +++
 tests/Feature/MicropubControllerTest.php    | 18 ++++++++++++++++++
 4 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php
index a817526f..a0fd24b0 100644
--- a/app/Http/Controllers/MicropubController.php
+++ b/app/Http/Controllers/MicropubController.php
@@ -45,7 +45,8 @@ class MicropubController extends Controller
     public function post()
     {
         try {
-            $tokenData = $this->tokenService->validateToken(request()->bearerToken());
+            info(request()->input('access_token'));
+            $tokenData = $this->tokenService->validateToken(request()->input('access_token'));
         } catch (InvalidTokenException $e) {
             return $this->invalidTokenResponse();
         }
@@ -254,7 +255,7 @@ class MicropubController extends Controller
     private function getClientId(): string
     {
         return resolve(TokenService::class)
-            ->validateToken(request()->bearerToken())
+            ->validateToken(request()->input('access_token'))
             ->getClaim('client_id');
     }
 
diff --git a/app/Http/Middleware/VerifyMicropubToken.php b/app/Http/Middleware/VerifyMicropubToken.php
index 93e2edf6..73edd404 100644
--- a/app/Http/Middleware/VerifyMicropubToken.php
+++ b/app/Http/Middleware/VerifyMicropubToken.php
@@ -15,14 +15,20 @@ class VerifyMicropubToken
      */
     public function handle($request, Closure $next)
     {
-        if ($request->bearerToken() === null) {
-            return response()->json([
-                'response' => 'error',
-                'error' => 'unauthorized',
-                'error_description' => 'No access token was provided in the request',
-            ], 401);
+        if ($request->input('access_token')) {
+            return $next($request);
         }
 
-        return $next($request);
+        if ($request->bearerToken()) {
+            return $next($request->merge([
+                'access_token' => $request->bearerToken(),
+            ]));
+        }
+
+        return response()->json([
+            'response' => 'error',
+            'error' => 'unauthorized',
+            'error_description' => 'No access token was provided in the request',
+        ], 401);
     }
 }
diff --git a/changelog.md b/changelog.md
index c8c0e91f..c1a7de7a 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,8 @@
 # Changelog
 
+## Version {next}
+  - Update micropub endpoint to support access tokens being sent in either acceptable form
+
 ## Version 0.15.1 (2018-01-06)
   - Update dependencies and recompile frontend assets, fix tests
   - Only normalise tags in the URL, not in the actual link text
diff --git a/tests/Feature/MicropubControllerTest.php b/tests/Feature/MicropubControllerTest.php
index 764410ed..81a86591 100644
--- a/tests/Feature/MicropubControllerTest.php
+++ b/tests/Feature/MicropubControllerTest.php
@@ -875,4 +875,22 @@ class MicropubControllerTest extends TestCase
         $response->assertStatus(400);
         $response->assertJson(['error_description' => 'The uploaded file failed validation']);
     }
+
+    public function test_access_token_form_encoded()
+    {
+        $faker = \Faker\Factory::create();
+        $note = $faker->text;
+        $response = $this->call(
+            'POST',
+            '/api/post',
+            [
+                'h' => 'entry',
+                'content' => $note,
+                'published' => Carbon::now()->toW3CString(),
+                'access_token' => $this->getToken(),
+            ]
+        );
+        $response->assertJson(['response' => 'created']);
+        $this->assertDatabaseHas('notes', ['note' => $note]);
+    }
 }