From 0e82229121030e94323c9a5046f0bcc62c73bc96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gangloff?= <contact@maelgangloff.fr>
Date: Tue, 23 Jul 2024 13:21:50 +0200
Subject: [PATCH] feat: add API cookie auth

---
 config/packages/lexik_jwt_authentication.yaml | 10 +++++++++-
 config/packages/security.yaml                 | 10 ++++------
 config/routes.yaml                            |  2 +-
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/config/packages/lexik_jwt_authentication.yaml b/config/packages/lexik_jwt_authentication.yaml
index c599768..7c1d3c3 100644
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
@@ -3,7 +3,15 @@ lexik_jwt_authentication:
     public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
     pass_phrase: '%env(JWT_PASSPHRASE)%'
     token_ttl: 3600 # in seconds, default is 3600
-
+    token_extractors:
+        authorization_header:
+            enabled: true
+        cookie:
+            enabled: true
+            name: BEARER
+    set_cookies:
+        BEARER: ~
+    remove_token_from_body_when_cookies_used: false
     api_platform:
         check_path: /api/login
         username_path: email
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 5a64a31..ccdd888 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -43,6 +43,7 @@ security:
             stateless: true
             json_login:
                 check_path: api_login
+                username_path: email
                 success_handler: lexik_jwt_authentication.handler.authentication_success
                 failure_handler: lexik_jwt_authentication.handler.authentication_failure
             login_throttling:
@@ -59,7 +60,6 @@ security:
             logout:
                 path: /logout
                 target: /
-
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#the-firewall
 
@@ -69,11 +69,9 @@ security:
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
-        - { path: ^/api/login$, roles: PUBLIC_ACCESS }
-        - { path: ^/api$,      roles: PUBLIC_ACCESS }
-        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
-        # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
+        - { path: ^/api, roles: PUBLIC_ACCESS }
+        - { path: ^/api/docs, roles: PUBLIC_ACCESS }
+        - { path: ^/api/, roles: IS_AUTHENTICATED_FULLY }
 
 when@test:
     security:
diff --git a/config/routes.yaml b/config/routes.yaml
index d81cec5..8abbd39 100644
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -6,7 +6,7 @@ controllers:
 
 api_login:
     path: /api/login
-    methods: [ 'POST' ]
+#    methods: [ 'POST' ]
 
 oauth_connect_check:
     path: /login/oauth/check