From 99c983c3ea4a557b889f66fac66aee6850e5a2ac Mon Sep 17 00:00:00 2001
From: ErickSkrauch <erickskrauch@yandex.ru>
Date: Sat, 10 Dec 2022 03:56:19 +0100
Subject: [PATCH] Fixes #16. Correctly wrap Yii2's request into the PSR's
 ServerRequest object

---
 api/config/config.php                                 |  2 ++
 .../oauth/controllers/AuthorizationController.php     | 10 +++++++++-
 api/tests/functional/oauth/AccessTokenCest.php        | 11 ++++++-----
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/api/config/config.php b/api/config/config.php
index 0b3dda6..507bd82 100644
--- a/api/config/config.php
+++ b/api/config/config.php
@@ -78,6 +78,8 @@ return [
             'baseUrl' => '/api',
             'enableCsrfCookie' => false,
             'parsers' => [
+                'application/json' => yii\web\JsonParser::class,
+                'multipart/form-data' => yii\web\MultipartFormDataParser::class,
                 '*' => api\request\RequestParser::class,
             ],
         ],
diff --git a/api/modules/oauth/controllers/AuthorizationController.php b/api/modules/oauth/controllers/AuthorizationController.php
index d54d21d..45cf070 100644
--- a/api/modules/oauth/controllers/AuthorizationController.php
+++ b/api/modules/oauth/controllers/AuthorizationController.php
@@ -63,7 +63,15 @@ class AuthorizationController extends Controller {
     }
 
     private function getServerRequest(): ServerRequestInterface {
-        return ServerRequest::fromGlobals();
+        $request = Yii::$app->request;
+
+        return (new ServerRequest(
+            $request->getMethod(),
+            $request->getAbsoluteUrl() . '?' . $request->getQueryString(),
+            $request->getHeaders()->toArray(),
+        ))
+            ->withParsedBody($request->getBodyParams())
+            ->withQueryParams($request->getQueryParams());
     }
 
 }
diff --git a/api/tests/functional/oauth/AccessTokenCest.php b/api/tests/functional/oauth/AccessTokenCest.php
index d3b2132..c470667 100644
--- a/api/tests/functional/oauth/AccessTokenCest.php
+++ b/api/tests/functional/oauth/AccessTokenCest.php
@@ -5,9 +5,9 @@ namespace api\tests\functional\oauth;
 
 use api\tests\functional\_steps\OauthSteps;
 
-class AccessTokenCest {
+final class AccessTokenCest {
 
-    public function successfullyIssueToken(OauthSteps $I) {
+    public function successfullyIssueTokenWithUrlEncodedBody(OauthSteps $I): void {
         $I->wantTo('complete oauth flow and obtain access_token');
         $authCode = $I->obtainAuthCode();
         $I->sendPOST('/api/oauth2/v1/token', [
@@ -26,16 +26,17 @@ class AccessTokenCest {
         $I->cantSeeResponseJsonMatchesJsonPath('$.refresh_token');
     }
 
-    public function successfullyIssueOfflineToken(OauthSteps $I) {
+    public function successfullyIssueOfflineTokenWithJsonEncodedBody(OauthSteps $I): void {
         $I->wantTo('complete oauth flow with offline_access scope and obtain access_token and refresh_token');
         $authCode = $I->obtainAuthCode(['offline_access']);
-        $I->sendPOST('/api/oauth2/v1/token', [
+        $I->haveHttpHeader('Content-Type', 'application/json');
+        $I->sendPOST('/api/oauth2/v1/token', json_encode([
             'grant_type' => 'authorization_code',
             'code' => $authCode,
             'client_id' => 'ely',
             'client_secret' => 'ZuM1vGchJz-9_UZ5HC3H3Z9Hg5PzdbkM',
             'redirect_uri' => 'http://ely.by',
-        ]);
+        ]));
         $I->canSeeResponseCodeIs(200);
         $I->canSeeResponseContainsJson([
             'token_type' => 'Bearer',