From 9d88599d86193b1467fc3e4bce0f1c61c553189c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gangloff?= <contact@maelgangloff.fr>
Date: Thu, 18 Jul 2024 11:45:46 +0200
Subject: [PATCH] fix: update JWT authentication

---
 config/packages/lexik_jwt_authentication.yaml |  1 +
 config/packages/security.yaml                 | 16 ++++++++++------
 config/routes.yaml                            |  3 ++-
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/config/packages/lexik_jwt_authentication.yaml b/config/packages/lexik_jwt_authentication.yaml
index cf9a84b..c599768 100644
--- a/config/packages/lexik_jwt_authentication.yaml
+++ b/config/packages/lexik_jwt_authentication.yaml
@@ -2,6 +2,7 @@ lexik_jwt_authentication:
     secret_key: '%env(resolve:JWT_SECRET_KEY)%'
     public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
     pass_phrase: '%env(JWT_PASSPHRASE)%'
+    token_ttl: 3600 # in seconds, default is 3600
 
     api_platform:
         check_path: /api/login
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index c940005..5b2dca0 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -13,14 +13,17 @@ security:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
+        login:
+            pattern: ^/api/login
+            stateless: true
+            json_login:
+                check_path: /api/login
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+
         api:
             pattern: ^/api
             stateless: true
-            entry_point: jwt
-            json_login:
-                check_path: /api/login # or, if you have defined a route for your login path, the route name you used
-                success_handler: lexik_jwt_authentication.handler.authentication_success
-                failure_handler: lexik_jwt_authentication.handler.authentication_failure
             jwt: ~
 
             # activate different ways to authenticate
@@ -32,8 +35,9 @@ security:
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
-        - { path: ^/api/login, roles: PUBLIC_ACCESS }
+        - { path: ^/api/login$, roles: PUBLIC_ACCESS }
         - { path: ^/api$,      roles: PUBLIC_ACCESS }
+        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }
         # - { path: ^/admin, roles: ROLE_ADMIN }
         # - { path: ^/profile, roles: ROLE_USER }
 
diff --git a/config/routes.yaml b/config/routes.yaml
index 3482a37..d860126 100644
--- a/config/routes.yaml
+++ b/config/routes.yaml
@@ -3,5 +3,6 @@ controllers:
         path: ../src/Controller/
         namespace: App\Controller
     type: attribute
-api_login_check:
+
+api_login:
     path: /api/login