From 102a0ba99723521e9600e324043cda5bccf8be65 Mon Sep 17 00:00:00 2001
From: Vincent <vincent@iwit-systems.fr>
Date: Mon, 19 Aug 2024 13:41:02 +0200
Subject: [PATCH 1/5] fix: allow unsecure authentication cookies in dev

---
 config/services.yaml              | 2 ++
 src/Security/JWTAuthenticator.php | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/services.yaml b/config/services.yaml
index c7deee0..8e2f98a 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -32,6 +32,8 @@ services:
             - '../src/DependencyInjection/'
             - '../src/Entity/'
             - '../src/Kernel.php'
+        bind:
+            $appEnv: '%kernel.environment%'
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
index 2972003..4c1a24e 100644
--- a/src/Security/JWTAuthenticator.php
+++ b/src/Security/JWTAuthenticator.php
@@ -21,6 +21,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
     public function __construct(
         protected JWTTokenManagerInterface $jwtManager,
         protected EventDispatcherInterface $dispatcher,
+        private string $appEnv,
     ) {
     }
 
@@ -46,7 +47,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
                 time() + 604800, // expiration
                 '/',
                 null,
-                true,
+                'prod' === $this->appEnv,
                 true,
                 false,
                 'strict'

From 188041ce05772617f6fe8982ec251ec85a7032aa Mon Sep 17 00:00:00 2001
From: Vincent <contact@vinceh121.me>
Date: Mon, 19 Aug 2024 21:21:41 +0200
Subject: [PATCH 2/5] Update src/Security/JWTAuthenticator.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Maël Gangloff <contact@maelgangloff.fr>
Signed-off-by: Vincent <contact@vinceh121.me>
---
 src/Security/JWTAuthenticator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
index 4c1a24e..feda611 100644
--- a/src/Security/JWTAuthenticator.php
+++ b/src/Security/JWTAuthenticator.php
@@ -47,7 +47,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
                 time() + 604800, // expiration
                 '/',
                 null,
-                'prod' === $this->appEnv,
+                !$this->kernel->isDebug()
                 true,
                 false,
                 'strict'

From 60022210bb48bb41a7bf1e09c0c21ed7c82412de Mon Sep 17 00:00:00 2001
From: Vincent <contact@vinceh121.me>
Date: Mon, 19 Aug 2024 21:21:48 +0200
Subject: [PATCH 3/5] Update src/Security/JWTAuthenticator.php
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Maël Gangloff <contact@maelgangloff.fr>
Signed-off-by: Vincent <contact@vinceh121.me>
---
 src/Security/JWTAuthenticator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
index feda611..b054f13 100644
--- a/src/Security/JWTAuthenticator.php
+++ b/src/Security/JWTAuthenticator.php
@@ -21,7 +21,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
     public function __construct(
         protected JWTTokenManagerInterface $jwtManager,
         protected EventDispatcherInterface $dispatcher,
-        private string $appEnv,
+        protected KernelInterface $kernel
     ) {
     }
 

From e7df759f8b72ccaa93e71addb44c400c390738dc Mon Sep 17 00:00:00 2001
From: Vincent <contact@vinceh121.me>
Date: Mon, 19 Aug 2024 21:21:52 +0200
Subject: [PATCH 4/5] Update config/services.yaml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Maël Gangloff <contact@maelgangloff.fr>
Signed-off-by: Vincent <contact@vinceh121.me>
---
 config/services.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/config/services.yaml b/config/services.yaml
index 8e2f98a..c7deee0 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -32,8 +32,6 @@ services:
             - '../src/DependencyInjection/'
             - '../src/Entity/'
             - '../src/Kernel.php'
-        bind:
-            $appEnv: '%kernel.environment%'
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones

From 8a5f7fc2a06f8d986e7a210b960f72c2e7a46564 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ma=C3=ABl=20Gangloff?= <contact@maelgangloff.fr>
Date: Mon, 19 Aug 2024 21:26:51 +0200
Subject: [PATCH 5/5] fix: missing comma

---
 src/Security/JWTAuthenticator.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Security/JWTAuthenticator.php b/src/Security/JWTAuthenticator.php
index b054f13..db57bc5 100644
--- a/src/Security/JWTAuthenticator.php
+++ b/src/Security/JWTAuthenticator.php
@@ -11,6 +11,7 @@ use Symfony\Component\HttpFoundation\Cookie;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
@@ -47,7 +48,7 @@ class JWTAuthenticator implements AuthenticationSuccessHandlerInterface
                 time() + 604800, // expiration
                 '/',
                 null,
-                !$this->kernel->isDebug()
+                !$this->kernel->isDebug(),
                 true,
                 false,
                 'strict'