diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php index 629cb4e6..837c0953 100644 --- a/app/Http/Controllers/MicropubController.php +++ b/app/Http/Controllers/MicropubController.php @@ -13,6 +13,7 @@ use App\Services\Micropub\UpdateService; use App\Services\TokenService; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; +use illuminate\Support\Arr; use Lcobucci\JWT\Encoding\CannotDecodeContent; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -67,7 +68,12 @@ class MicropubController extends Controller $this->logMicropubRequest($request->all()); if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -81,7 +87,11 @@ class MicropubController extends Controller } if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -95,7 +105,11 @@ class MicropubController extends Controller } if ($request->input('action') === 'update') { - if (stripos($tokenData->claims()->get('scope'), 'update') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('update', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/app/Http/Controllers/MicropubMediaController.php b/app/Http/Controllers/MicropubMediaController.php index b3cdd3e2..4f66398f 100644 --- a/app/Http/Controllers/MicropubMediaController.php +++ b/app/Http/Controllers/MicropubMediaController.php @@ -51,7 +51,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -119,7 +123,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (!in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/tests/TestToken.php b/tests/TestToken.php index 5b54d497..397967dc 100644 --- a/tests/TestToken.php +++ b/tests/TestToken.php @@ -14,8 +14,8 @@ trait TestToken return $config->builder() ->issuedAt(new DateTimeImmutable()) ->withClaim('client_id', 'https://quill.p3k.io') - ->withClaim('me', 'https://jonnybarnes.localhost') - ->withClaim('scope', 'create update') + ->withClaim('me', 'http://jonnybarnes.localhost') + ->withClaim('scope', ['create', 'update']) ->getToken($config->signer(), $config->signingKey()) ->toString(); }