feat: Added lexik_jwt_authentication

.env

@@ -77,3 +77,9 @@ TRUSTED_PROXIES=172.18.0.1,172.18.0.2,REMOTE_ADDR,varnish
 ###> sentry/sentry-symfony ###
 SENTRY_DSN=
 ###< sentry/sentry-symfony ###
+
+###> lexik/jwt-authentication-bundle ###
+JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
+JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
+JWT_PASSPHRASE=changeme
+###< lexik/jwt-authentication-bundle ###

.gitignore

@@ -166,3 +166,7 @@ fabric.properties
 /symfony.lock
 /src/GeneratedEntity/*.php
 /src/GeneratedEntity/Repository/*.php
+
+###> lexik/jwt-authentication-bundle ###
+/config/jwt/*.pem
+###< lexik/jwt-authentication-bundle ###

README.md

@@ -12,6 +12,16 @@ cd lib
 ln -s ../../rozier-bundle RoadizRozierBundle
 ```
 
+### Generate JWT private and public keys
+
+```shell script
+# Generate a strong secret
+openssl rand --base64 16; 
+# Fill JWT_PASSPHRASE env var in .env.local.
+openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096;
+openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout;
+```
+
 ### Run development server
 
 - Run docker-compose env to get a local database and Solr server

composer.json

@@ -10,6 +10,7 @@
         "ext-zip": "*",
         "ext-json": "*",
         "api-platform/core": "^2.6",
+        "lexik/jwt-authentication-bundle": "^2.13",
         "composer/package-versions-deprecated": "1.11.99.3",
         "doctrine/annotations": "^1.0",
         "doctrine/doctrine-bundle": "^2.3",

config/bundles.php

@@ -22,4 +22,5 @@
     Sentry\SentryBundle\SentryBundle::class => ['all' => true],
     ApiPlatform\Core\Bridge\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
     Limenius\LiformBundle\LimeniusLiformBundle::class => ['all' => true],
+    Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle::class => ['all' => true],
 ];

config/packages/lexik_jwt_authentication.yaml

@@ -0,0 +1,4 @@
+lexik_jwt_authentication:
+    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
+    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
+    pass_phrase: '%env(JWT_PASSPHRASE)%'

config/packages/security.yaml

@@ -22,6 +22,17 @@ security:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
+        api:
+            pattern: ^/api
+            stateless: true
+            provider: all_users
+            json_login:
+                check_path: /api/token
+                username_path: username
+                password_path: password
+                success_handler: lexik_jwt_authentication.handler.authentication_success
+                failure_handler: lexik_jwt_authentication.handler.authentication_failure
+            jwt: ~
         main:
             lazy: true
             provider: all_users
@@ -46,4 +57,6 @@ security:
     access_control:
         - { path: ^/rz-admin/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/rz-admin, roles: ROLE_BACKEND_USER }
+        - { path: ^/api/token, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/api, roles: ROLE_BACKEND_USER, methods: [ POST, PUT, PATCH, DELETE ] }
         # - { path: ^/profile, roles: ROLE_USER }

phpunit.xml.dist

@@ -25,6 +25,12 @@
         <!-- ###+ sentry/sentry-symfony ### -->
         <env name="SENTRY_DSN" value=""/>
         <!-- ###- sentry/sentry-symfony ### -->
+
+        <!-- ###+ lexik/jwt-authentication-bundle ### -->
+        <env name="JWT_SECRET_KEY" value="%kernel.project_dir%/config/jwt/private.pem"/>
+        <env name="JWT_PUBLIC_KEY" value="%kernel.project_dir%/config/jwt/public.pem"/>
+        <env name="JWT_PASSPHRASE" value="6e5690ad7417d7b8dea7d497e6d552f1"/>
+        <!-- ###- lexik/jwt-authentication-bundle ### -->
     </php>
 
     <testsuites>