WIP: Preparations for Symfony 6 upgrade #14
|
@ -7,6 +7,9 @@ framework:
|
||||||
# https://symfony.com/doc/5.4/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly
|
# https://symfony.com/doc/5.4/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly
|
||||||
trusted_proxies: '%env(TRUSTED_PROXIES)%'
|
trusted_proxies: '%env(TRUSTED_PROXIES)%'
|
||||||
|
|
||||||
|
router:
|
||||||
|
utf8: true
|
||||||
|
|
||||||
# Enables session support. Note that the session will ONLY be started if you read or write from it.
|
# Enables session support. Note that the session will ONLY be started if you read or write from it.
|
||||||
# Remove or comment this section to explicitly disable session support.
|
# Remove or comment this section to explicitly disable session support.
|
||||||
session:
|
session:
|
||||||
|
|
|
@ -11,7 +11,7 @@ abstract class AbstractApiController extends AbstractController
|
||||||
{
|
{
|
||||||
protected const DEFAULT_SERIALIZER_GROUPS = ['api'];
|
protected const DEFAULT_SERIALIZER_GROUPS = ['api'];
|
||||||
|
|
||||||
protected function createJsonResponse($data, array $groups = [], int $code = Response::HTTP_OK, string $message = null, string $status = ''): JsonResponse
|
protected function createJsonResponse($data = null, array $groups = [], int $code = Response::HTTP_OK, string $message = null, string $status = ''): JsonResponse
|
||||||
{
|
{
|
||||||
return $this->json(new ApiResponse($data, $code, $message, $status), $code, [], [
|
return $this->json(new ApiResponse($data, $code, $message, $status), $code, [], [
|
||||||
'groups' => array_merge(self::DEFAULT_SERIALIZER_GROUPS,$groups),
|
'groups' => array_merge(self::DEFAULT_SERIALIZER_GROUPS,$groups),
|
||||||
|
|
|
@ -5,11 +5,10 @@ namespace App\Api\V1\Controller;
|
||||||
|
|
||||||
use App\Entity\{ApiToken, User};
|
use App\Entity\{ApiToken, User};
|
||||||
use App\Repository\{ApiTokenRepository, UserRepository};
|
use App\Repository\{ApiTokenRepository, UserRepository};
|
||||||
use App\Security\Token\AuthenticatedApiToken;
|
use App\Security\ApiTokenAuthenticator;
|
||||||
use Doctrine\ORM\EntityManagerInterface;
|
use Doctrine\ORM\EntityManagerInterface;
|
||||||
use Symfony\Component\HttpFoundation\{JsonResponse, Request};
|
use Symfony\Component\HttpFoundation\{JsonResponse, Request};
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
|
||||||
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
|
|
||||||
|
|
||||||
class SecurityController extends AbstractApiController
|
class SecurityController extends AbstractApiController
|
||||||
{
|
{
|
||||||
|
@ -18,18 +17,18 @@ class SecurityController extends AbstractApiController
|
||||||
EntityManagerInterface $em,
|
EntityManagerInterface $em,
|
||||||
UserRepository $userRepo,
|
UserRepository $userRepo,
|
||||||
ApiTokenRepository $tokenRepo,
|
ApiTokenRepository $tokenRepo,
|
||||||
UserPasswordEncoderInterface $passwordEncoder
|
UserPasswordHasherInterface $passwordHasher,
|
||||||
): JsonResponse {
|
): JsonResponse {
|
||||||
$username = $request->request->get('username');
|
$username = $request->request->get('username');
|
||||||
$password = $request->request->get('password');
|
$password = $request->request->get('password');
|
||||||
|
|
||||||
/** @var User $user */
|
/** @var User $user */
|
||||||
if (null === $user = $userRepo->findOneBy(['username' => $username])) {
|
if (null === $user = $userRepo->findOneBy(['username' => $username])) {
|
||||||
return $this->createJsonResponse(null, [], JsonResponse::HTTP_UNAUTHORIZED, 'User not found');
|
return $this->createJsonResponse(code: JsonResponse::HTTP_UNAUTHORIZED, message: 'User not found');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$passwordEncoder->isPasswordValid($user, $password)) {
|
if (!$passwordHasher->isPasswordValid($user, $password)) {
|
||||||
return $this->createJsonResponse(null, [], JsonResponse::HTTP_UNAUTHORIZED, 'Invalid password');
|
return $this->createJsonResponse(code: JsonResponse::HTTP_UNAUTHORIZED, message: 'Invalid password');
|
||||||
}
|
}
|
||||||
|
|
||||||
$apiToken = new ApiToken($user);
|
$apiToken = new ApiToken($user);
|
||||||
|
@ -38,28 +37,19 @@ class SecurityController extends AbstractApiController
|
||||||
try {
|
try {
|
||||||
$em->flush();
|
$em->flush();
|
||||||
} catch (\Exception $ex) {
|
} catch (\Exception $ex) {
|
||||||
return $this->createJsonResponse(null, [], JsonResponse::HTTP_INTERNAL_SERVER_ERROR, 'Token persisting error');
|
return $this->createJsonResponse(code: JsonResponse::HTTP_INTERNAL_SERVER_ERROR, message: 'Token persisting error');
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->createJsonResponse($apiToken->getKey());
|
return $this->createJsonResponse($apiToken->getKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function logout(TokenStorageInterface $tokenStorage, ApiTokenRepository $apiTokenRepo, EntityManagerInterface $em): JsonResponse
|
public function logout(Request $request, ApiTokenRepository $apiTokenRepo, EntityManagerInterface $em): JsonResponse {
|
||||||
{
|
if (null === $tokenKey = ApiTokenAuthenticator::getTokenKeyFromRequest($request)) {
|
||||||
if (null === $token = $tokenStorage->getToken()) {
|
return $this->createJsonResponse(null, code:JsonResponse::HTTP_INTERNAL_SERVER_ERROR, message: 'No API token provided.');
|
||||||
return $this->createJsonResponse(null,[],JsonResponse::HTTP_INTERNAL_SERVER_ERROR, 'Can\'t retrieve user token.');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$token instanceof AuthenticatedApiToken) {
|
|
||||||
return $this->createJsonResponse(null, [], JsonResponse::HTTP_INTERNAL_SERVER_ERROR, 'Invalid session token type retrieved.');
|
|
||||||
}
|
|
||||||
|
|
||||||
if (null === $tokenKey = $token->getTokenKey()) {
|
|
||||||
return $this->createJsonResponse(null,[],JsonResponse::HTTP_INTERNAL_SERVER_ERROR, 'Can\'t retrieve token key from the session.');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null === $apiToken = $apiTokenRepo->findOneBy(['key' => $tokenKey])) {
|
if (null === $apiToken = $apiTokenRepo->findOneBy(['key' => $tokenKey])) {
|
||||||
return $this->createJsonResponse(null,[],JsonResponse::HTTP_INTERNAL_SERVER_ERROR, 'API token with such key not found in the database.');
|
return $this->createJsonResponse(null, code:JsonResponse::HTTP_INTERNAL_SERVER_ERROR, message: 'API token with such key not found in the database.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$em->remove($apiToken);
|
$em->remove($apiToken);
|
||||||
|
|
|
@ -32,18 +32,12 @@ class ApiTokenAuthenticator extends AbstractAuthenticator
|
||||||
*/
|
*/
|
||||||
public function supports(Request $request): bool
|
public function supports(Request $request): bool
|
||||||
{
|
{
|
||||||
// Let's also support cookies and query params for some cases like torrent clients.
|
return static::requestHasToken($request);
|
||||||
return $request->headers->has(self::TOKEN_HEADER) ||
|
|
||||||
$request->cookies->has(self::TOKEN_HEADER) ||
|
|
||||||
$request->query->has(self::TOKEN_HEADER);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function authenticate(Request $request): Passport
|
public function authenticate(Request $request): Passport
|
||||||
{
|
{
|
||||||
$tokenKey = $request?->headers?->get(self::TOKEN_HEADER) ?:
|
$tokenKey = static::getTokenKeyFromRequest($request);
|
||||||
$request?->cookies?->get(self::TOKEN_HEADER) ?:
|
|
||||||
$request?->query?->get(self::TOKEN_HEADER)
|
|
||||||
;
|
|
||||||
|
|
||||||
if (null === $tokenKey) {
|
if (null === $tokenKey) {
|
||||||
throw new CustomUserMessageAuthenticationException('No API token provided');
|
throw new CustomUserMessageAuthenticationException('No API token provided');
|
||||||
|
@ -73,4 +67,19 @@ class ApiTokenAuthenticator extends AbstractAuthenticator
|
||||||
|
|
||||||
return new JsonResponse($json, JsonResponse::HTTP_UNAUTHORIZED, json: true);
|
return new JsonResponse($json, JsonResponse::HTTP_UNAUTHORIZED, json: true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function getTokenKeyFromRequest(Request $request): ?string
|
||||||
|
{
|
||||||
|
$request?->headers?->get(self::TOKEN_HEADER) ?:
|
||||||
|
$request?->cookies?->get(self::TOKEN_HEADER) ?:
|
||||||
|
$request?->query?->get(self::TOKEN_HEADER);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function requestHasToken(Request $request): bool
|
||||||
|
{
|
||||||
|
// Let's also support cookies and query params for some cases like torrent clients.
|
||||||
|
return $request->headers->has(self::TOKEN_HEADER) ||
|
||||||
|
$request->cookies->has(self::TOKEN_HEADER) ||
|
||||||
|
$request->query->has(self::TOKEN_HEADER);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue