diff --git a/app/Http/Controllers/MicropubController.php b/app/Http/Controllers/MicropubController.php index 629cb4e6..8a395ee0 100644 --- a/app/Http/Controllers/MicropubController.php +++ b/app/Http/Controllers/MicropubController.php @@ -67,7 +67,12 @@ class MicropubController extends Controller $this->logMicropubRequest($request->all()); if (($request->input('h') === 'entry') || ($request->input('type.0') === 'h-entry')) { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -81,7 +86,11 @@ class MicropubController extends Controller } if ($request->input('h') === 'card' || $request->input('type.0') === 'h-card') { - if (stripos($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -95,7 +104,11 @@ class MicropubController extends Controller } if ($request->input('action') === 'update') { - if (stripos($tokenData->claims()->get('scope'), 'update') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (! in_array('update', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/app/Http/Controllers/MicropubMediaController.php b/app/Http/Controllers/MicropubMediaController.php index b3cdd3e2..e07e979f 100644 --- a/app/Http/Controllers/MicropubMediaController.php +++ b/app/Http/Controllers/MicropubMediaController.php @@ -17,7 +17,6 @@ use Illuminate\Http\Response; use Illuminate\Http\UploadedFile; use Illuminate\Support\Carbon; use Illuminate\Support\Facades\Storage; -use Illuminate\Support\Str; use Intervention\Image\ImageManager; use Lcobucci\JWT\Token\InvalidTokenStructure; use Lcobucci\JWT\Validation\RequiredConstraintsViolated; @@ -51,7 +50,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); @@ -119,7 +122,11 @@ class MicropubMediaController extends Controller return $micropubResponses->tokenHasNoScopeResponse(); } - if (Str::contains($tokenData->claims()->get('scope'), 'create') === false) { + $scopes = $tokenData->claims()->get('scope'); + if (is_string($scopes)) { + $scopes = explode(' ', $scopes); + } + if (! in_array('create', $scopes)) { $micropubResponses = new MicropubResponses(); return $micropubResponses->insufficientScopeResponse(); diff --git a/tests/TestToken.php b/tests/TestToken.php index 5b54d497..397967dc 100644 --- a/tests/TestToken.php +++ b/tests/TestToken.php @@ -14,8 +14,8 @@ trait TestToken return $config->builder() ->issuedAt(new DateTimeImmutable()) ->withClaim('client_id', 'https://quill.p3k.io') - ->withClaim('me', 'https://jonnybarnes.localhost') - ->withClaim('scope', 'create update') + ->withClaim('me', 'http://jonnybarnes.localhost') + ->withClaim('scope', ['create', 'update']) ->getToken($config->signer(), $config->signingKey()) ->toString(); }