From 227a96c950bd4faae9e240de1dfddffa62d33000 Mon Sep 17 00:00:00 2001
From: Naoki Kanatani <k12naoki@gmail.com>
Date: Sat, 6 Nov 2021 00:14:25 +0900
Subject: [PATCH] fix: don't add API token as a query string in users.setPhoto
 method

resolve #992
---
 users.go      | 4 +---
 users_test.go | 4 +++-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/users.go b/users.go
index 3696e37fc..873115690 100644
--- a/users.go
+++ b/users.go
@@ -469,9 +469,7 @@ func (api *Client) SetUserPhoto(image string, params UserSetPhotoParams) error {
 // SetUserPhotoContext changes the currently authenticated user's profile image using a custom context
 func (api *Client) SetUserPhotoContext(ctx context.Context, image string, params UserSetPhotoParams) (err error) {
 	response := &SlackResponse{}
-	values := url.Values{
-		"token": {api.token},
-	}
+	values := url.Values{}
 	if params.CropX != DEFAULT_USER_PHOTO_CROP_X {
 		values.Add("crop_x", strconv.Itoa(params.CropX))
 	}
diff --git a/users_test.go b/users_test.go
index 26e691837..58b3788b5 100644
--- a/users_test.go
+++ b/users_test.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"reflect"
 	"strconv"
+	"strings"
 	"sync/atomic"
 	"testing"
 )
@@ -509,7 +510,8 @@ func setUserPhotoHandler(wantBytes []byte, wantParams UserSetPhotoParams) http.H
 		}
 
 		// Test for expected token
-		if v := r.Form.Get("token"); v != validToken {
+		actualToken := strings.Split(r.Header.Get("Authorization"), "Bearer ")[1]
+		if actualToken != validToken {
 			httpTestErrReply(w, true, fmt.Sprintf("expected multipart form value token=%v", validToken))
 			return
 		}