public function testApiClientIdIsRecordedWhenUploadingTrack() { $user = factory(User::class)->make(); $accessTokenInfo = new \Poniverse\AccessTokenInfo('nonsense-token'); $accessTokenInfo->setIsActive(true); $accessTokenInfo->setClientId('Unicorns and rainbows'); $accessTokenInfo->setScopes(['basic', 'ponyfm:tracks:upload']); $poniverse = Mockery::mock('overload:Poniverse'); $poniverse->shouldReceive('getUser')->andReturn(['username' => $user->username, 'display_name' => $user->display_name, 'email' => $user->email]); $poniverse->shouldReceive('setAccessToken'); $poniverse->shouldReceive('getAccessTokenInfo')->andReturn($accessTokenInfo); $this->callUploadWithParameters(['access_token' => $accessTokenInfo->getToken()]); $this->assertSessionHas('api_client_id', $accessTokenInfo->getClientId()); $this->seeInDatabase('tracks', ['source' => $accessTokenInfo->getClientId()]); }
/** * Gets information about the given access token. * * @link https://tools.ietf.org/html/draft-richer-oauth-introspection-06 * * @param $accessTokenToIntrospect * @return \Poniverse\AccessTokenInfo * @throws InvalidAccessTokenException * @throws \Symfony\Component\HttpKernel\Exception\HttpException */ public function getAccessTokenInfo($accessTokenToIntrospect) { $token = $this->client->getAccessToken(Config::get('poniverse.urls.token'), Client::GRANT_TYPE_CLIENT_CREDENTIALS, [])['result']['access_token']; $request = \Httpful\Request::post($this->urls['api'] . 'meta/introspect?token=' . $accessTokenToIntrospect); /** @var Httpful\Response $result */ $result = $request->addHeader('Accept', 'application/json')->addHeader('Authorization', 'Bearer ' . $token)->send(); $data = json_decode($result, true); if (404 === $result->code) { throw new InvalidAccessTokenException('This access token is expired or invalid!'); } if (200 !== $result->code) { throw new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'An unknown error occurred while contacting the Poniverse API.'); } $tokenInfo = new \Poniverse\AccessTokenInfo($accessTokenToIntrospect); $tokenInfo->setIsActive($data['active'])->setScopes($data['scope'])->setClientId($data['client_id']); return $tokenInfo; }