diff --git a/framework/core/src/Discussion/DiscussionPolicy.php b/framework/core/src/Discussion/DiscussionPolicy.php
index 73f7fbc0d..d59e37637 100644
--- a/framework/core/src/Discussion/DiscussionPolicy.php
+++ b/framework/core/src/Discussion/DiscussionPolicy.php
@@ -11,7 +11,6 @@
 
 namespace Flarum\Discussion;
 
-use Carbon\Carbon;
 use Flarum\Event\ScopeModelVisibility;
 use Flarum\Settings\SettingsRepositoryInterface;
 use Flarum\User\AbstractPolicy;
@@ -129,7 +128,7 @@ class DiscussionPolicy extends AbstractPolicy
 
             if ($allowRenaming === '-1'
                 || ($allowRenaming === 'reply' && $discussion->participant_count <= 1)
-                || ($discussion->created_at->diffInMinutes(new Carbon) < $allowRenaming)) {
+                || ($discussion->created_at->diffInMinutes() < $allowRenaming)) {
                 return true;
             }
         }
diff --git a/framework/core/src/Formatter/Formatter.php b/framework/core/src/Formatter/Formatter.php
index 58dfddd16..7de98bdbb 100644
--- a/framework/core/src/Formatter/Formatter.php
+++ b/framework/core/src/Formatter/Formatter.php
@@ -117,10 +117,10 @@ class Formatter
         $configurator->Autolink;
         $configurator->tags->onDuplicate('replace');
 
-        $this->events->dispatch(new Configuring($configurator));
-
         $this->configureExternalLinks($configurator);
 
+        $this->events->dispatch(new Configuring($configurator));
+
         return $configurator;
     }
 
diff --git a/framework/core/tests/Api/Controller/ShowDiscussionControllerTest.php b/framework/core/tests/Api/Controller/ShowDiscussionControllerTest.php
new file mode 100644
index 000000000..5c4b8ae28
--- /dev/null
+++ b/framework/core/tests/Api/Controller/ShowDiscussionControllerTest.php
@@ -0,0 +1,86 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\Api\Controller;
+
+use Flarum\Api\Controller\ShowDiscussionController;
+use Flarum\Discussion\Discussion;
+use Flarum\Tests\Test\Concerns\ManagesContent;
+
+class ShowDiscussionControllerTest extends ApiControllerTestCase
+{
+    use ManagesContent;
+
+    protected $controller = ShowDiscussionController::class;
+
+    /**
+     * @var Discussion
+     */
+    protected $discussion;
+
+    protected function init()
+    {
+        $this->discussion = Discussion::start(__CLASS__, $this->getNormalUser());
+    }
+
+    /**
+     * @test
+     */
+    public function author_can_see_discussion()
+    {
+        $this->discussion->save();
+
+        $this->actor = $this->getNormalUser();
+
+        $response = $this->callWith([], ['id' => $this->discussion->id]);
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     * @expectedException \Illuminate\Database\Eloquent\ModelNotFoundException
+     */
+    public function guest_cannot_see_empty_discussion()
+    {
+        $this->discussion->save();
+
+        $response = $this->callWith([], ['id' => $this->discussion->id]);
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     */
+    public function guest_can_see_discussion()
+    {
+        $this->discussion->save();
+
+        $this->addPostByNormalUser();
+
+        $response = $this->callWith([], ['id' => $this->discussion->id]);
+
+        $this->assertEquals(200, $response->getStatusCode());
+    }
+
+    /**
+     * @test
+     * @expectedException \Illuminate\Database\Eloquent\ModelNotFoundException
+     */
+    public function guests_cannot_see_private_discussion()
+    {
+        $this->discussion->is_private = true;
+        $this->discussion->save();
+
+        $this->callWith([], ['id' => $this->discussion->id]);
+    }
+}
diff --git a/framework/core/tests/Api/Controller/TokenControllerTest.php b/framework/core/tests/Api/Controller/TokenControllerTest.php
new file mode 100644
index 000000000..a350fa823
--- /dev/null
+++ b/framework/core/tests/Api/Controller/TokenControllerTest.php
@@ -0,0 +1,44 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\Api\Controller;
+
+use Flarum\Api\Controller\TokenController;
+use Flarum\Http\AccessToken;
+use Flarum\Tests\Test\Concerns\RetrievesAuthorizedUsers;
+
+class TokenControllerTest extends ApiControllerTestCase
+{
+    use RetrievesAuthorizedUsers;
+
+    protected $controller = TokenController::class;
+
+    /**
+     * @test
+     */
+    public function user_generates_token()
+    {
+        $user = $this->getNormalUser();
+
+        $response = $this->call($this->controller, null, [], [
+            'identification' => $user->username,
+            'password' => $this->userAttributes['password']
+        ]);
+
+        $data = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals($user->id, $data['userId']);
+
+        $token = $data['token'];
+
+        $this->assertEquals($user->id, AccessToken::findOrFail($token)->user_id);
+    }
+}
diff --git a/framework/core/tests/Test/Concerns/ManagesContent.php b/framework/core/tests/Test/Concerns/ManagesContent.php
new file mode 100644
index 000000000..9d1d687cb
--- /dev/null
+++ b/framework/core/tests/Test/Concerns/ManagesContent.php
@@ -0,0 +1,45 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * (c) Toby Zerner <toby.zerner@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Flarum\Tests\Test\Concerns;
+
+use Flarum\Post\CommentPost;
+use Flarum\Post\Event\Posted;
+
+trait ManagesContent
+{
+    use RetrievesAuthorizedUsers;
+
+    protected function addPostByNormalUser(): CommentPost
+    {
+        $actor = $this->getNormalUser();
+
+        $post = CommentPost::reply(
+            $this->discussion->id,
+            'a normal reply - too-obscure',
+            $actor->id,
+            '127.0.0.1'
+        );
+
+        $post->save();
+
+        if (! $this->discussion->startPost) {
+            $this->discussion->setStartPost($post);
+            $this->discussion->setLastPost($post);
+
+            $this->discussion->save();
+
+            event(new Posted($post, $actor));
+        }
+
+        return $post;
+    }
+}
diff --git a/framework/core/tests/Test/Concerns/RetrievesAuthorizedUsers.php b/framework/core/tests/Test/Concerns/RetrievesAuthorizedUsers.php
index c11e9c911..07f33b693 100644
--- a/framework/core/tests/Test/Concerns/RetrievesAuthorizedUsers.php
+++ b/framework/core/tests/Test/Concerns/RetrievesAuthorizedUsers.php
@@ -21,12 +21,12 @@ trait RetrievesAuthorizedUsers
         'email' => 'normal@machine.local'
     ];
 
-    public function getAdminUser()
+    public function getAdminUser(): User
     {
         return User::find(1);
     }
 
-    public function getNormalUser()
+    public function getNormalUser(): User
     {
         return User::unguarded(function () {
             return User::firstOrCreate([