jwt installed

a4c41b3f · Lech Sawon · 0ae2ac5f · a4c41b3f · a4c41b3f · a4c41b3f
Commit a4c41b3f authored Oct 28, 2021 by Lech Sawon
7 changed files
--- a/.env.dist
+++ b/.env.dist
@@ -34,3 +34,7 @@ APP_SECRET=6f2878f85842ad973667e9ed8a704b64
 # DATABASE_URL="mysql://db_user:db_password@127.0.0.1:3306/db_name?serverVersion=5.7"
 DATABASE_URL="postgresql://symfony:ChangeMe@127.0.0.1:5432/app?serverVersion=13&charset=utf8"
 ###< doctrine/doctrine-bundle ###
+
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=
--- a/.gitignore
+++ b/.gitignore
 .env
 .idea
+config/jwt
 ###> symfony/framework-bundle ###
 /.env.local
 /.env.local.php

--- a/composer.json
+++ b/composer.json
@@ -36,7 +36,7 @@
        "symfony/web-link": "4.4.*",
        "symfony/yaml": "4.4.*",
        "twig/extra-bundle": "^2.12|^3.0",
-        "twig/twig": "^2.12|^3.0",
+        "twig/twig": "^2.12|^3.0"
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.4",

--- a/config/bundles.php
+++ b/config/bundles.php
@@ -13,4 +13,5 @@ return [
    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
    Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
    Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
+    Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
 ];
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -24,6 +24,19 @@ security:
                path: app_logout
                # where to redirect after logout
                # target: app_any_route
+        login:
+            pattern: ^/api/login
+            stateless: true
+            json_login:
+                check_path: /api/login_check # or api_login_check as defined in config/routes.yaml
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+        api:
+            pattern:   ^/api
+            stateless: true
+            guard:
+                authenticators:
+                    - lexik_jwt_authentication.jwt_token_authenticator

            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#firewalls-authentication
@@ -34,10 +47,9 @@ security:
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-        - { path: ^/api, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/ , roles: ROLE_USER }


--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -2,3 +2,5 @@
 #    path: /
 #    controller: App\Controller\DefaultController::index

+api_login_check:
+  path: /api/login_check