From 102a0ba99723521e9600e324043cda5bccf8be65 Mon Sep 17 00:00:00 2001
From: Vincent <vincent@iwit-systems.fr>
Date: Mon, 19 Aug 2024 13:41:02 +0200
Subject: [PATCH] fix: allow unsecure authentication cookies in dev

---
 config/services.yaml              | 2 ++
 src/Security/JWTAuthenticator.php | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/services.yaml b/config/services.yaml
index c7deee0..8e2f98a 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -32,6 +32,8 @@ services:
             - '../src/DependencyInjection/'
             - '../src/Entity/'
             - '../src/Kernel.php'
+        bind:
+            $appEnv: '%kernel.environment%'
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
index 2972003..4c1a24e 100644
--- a/src/Security/JWTAuthenticator.php
+++ b/src/Security/JWTAuthenticator.php
@@ -21,6 +21,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
     public function __construct(
         protected JWTTokenManagerInterface $jwtManager,
         protected EventDispatcherInterface $dispatcher,
+        private string $appEnv,
     ) {
     }
 
@@ -46,7 +47,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
                 time() + 604800, // expiration
                 '/',
                 null,
-                true,
+                'prod' === $this->appEnv,
                 true,
                 false,
                 'strict'