Skip to content

Commit

Permalink
Update security for Sylius 1.12 and 1.13, remove generic file
Browse files Browse the repository at this point in the history
  • Loading branch information
@marekrzytki
marekrzytki committed May 6, 2024
1 parent 4a65164 commit 776a0f0
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 60 deletions.
7 changes: 7 additions & 0 deletions tests/Application/Kernel.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,18 @@ protected function configureContainer(ContainerBuilder $container, LoaderInterfa
$container->addResource(new FileResource($this->getProjectDir() . '/config/bundles.php'));
$container->setParameter('container.dumper.inline_class_loader', true);
$confDir = $this->getProjectDir() . '/config';
$syliusDir = $this->getProjectDir() . '/config/sylius/' . SyliusKernel::MAJOR_VERSION . '.' . SyliusKernel::MINOR_VERSION;

$loader->load($confDir . '/{packages}/*' . self::CONFIG_EXTS, 'glob');
$loader->load($confDir . '/{packages}/' . $this->environment . '/**/*' . self::CONFIG_EXTS, 'glob');
$loader->load($confDir . '/{services}' . self::CONFIG_EXTS, 'glob');
$loader->load($confDir . '/{services}_' . $this->environment . self::CONFIG_EXTS, 'glob');
if (is_dir($syliusDir)) {
$loader->load($syliusDir . '/{packages}/*' . self::CONFIG_EXTS, 'glob');
$loader->load($syliusDir . '/{packages}/' . $this->environment . '/**/*' . self::CONFIG_EXTS, 'glob');
$loader->load($syliusDir . '/{services}' . self::CONFIG_EXTS, 'glob');
$loader->load($syliusDir . '/{services}_' . $this->environment . self::CONFIG_EXTS, 'glob');
}
$loader->load($confDir . '/{api_resources}/*' . self::CONFIG_EXTS, 'glob');
}

Expand Down
86 changes: 31 additions & 55 deletions tests/Application/config/sylius/1.12/packages/security.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
parameters:
sylius.security.admin_regex: "^/%sylius_admin.path_name%"
sylius.security.api_regex: "^/api"
sylius.security.shop_regex: "^/(?!%sylius_admin.path_name%|new-api|api/.*|api$|media/.*)[^/]++"
sylius.security.new_api_route: "/new-api"
sylius.security.new_api_regex: "^%sylius.security.new_api_route%"
sylius.security.new_api_admin_route: "%sylius.security.new_api_route%/admin"
sylius.security.new_api_admin_regex: "^%sylius.security.new_api_admin_route%"
sylius.security.new_api_shop_route: "%sylius.security.new_api_route%/shop"
sylius.security.new_api_shop_regex: "^%sylius.security.new_api_shop_route%"

security:
always_authenticate_before_granting: true
enable_authenticator_manager: true
providers:
sylius_admin_user_provider:
id: sylius.admin_user_provider.email_or_name_based
Expand All @@ -20,11 +9,8 @@ security:
id: sylius.shop_user_provider.email_or_name_based
sylius_api_shop_user_provider:
id: sylius.shop_user_provider.email_or_name_based
sylius_api_chain_provider:
chain:
providers: [sylius_api_shop_user_provider, sylius_api_admin_user_provider]

encoders:
password_hashers:
Sylius\Component\User\Model\UserInterface: argon2i
firewalls:
admin:
Expand All @@ -40,7 +26,7 @@ security:
default_target_path: sylius_admin_dashboard
use_forward: false
use_referer: true
csrf_token_generator: security.csrf.token_manager
enable_csrf: true
csrf_parameter: _csrf_admin_security_token
csrf_token_id: admin_authenticate
remember_me:
Expand All @@ -52,46 +38,32 @@ security:
logout:
path: sylius_admin_logout
target: sylius_admin_login
anonymous: true

new_api_admin_user:
pattern: "%sylius.security.new_api_route%/admin-user-authentication-token"
provider: sylius_admin_user_provider
pattern: "%sylius.security.new_api_admin_regex%/.*"
provider: sylius_api_admin_user_provider
stateless: true
anonymous: true
entry_point: jwt
json_login:
check_path: "%sylius.security.new_api_route%/admin-user-authentication-token"
check_path: "%sylius.security.new_api_admin_route%/authentication-token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
jwt: true

new_api_shop_user:
pattern: "%sylius.security.new_api_route%/shop-user-authentication-token"
provider: sylius_shop_user_provider
pattern: "%sylius.security.new_api_shop_regex%/.*"
provider: sylius_api_shop_user_provider
stateless: true
anonymous: true
entry_point: jwt
json_login:
check_path: "%sylius.security.new_api_route%/shop-user-authentication-token"
check_path: "%sylius.security.new_api_shop_route%/authentication-token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator

new_api:
pattern: "%sylius.security.new_api_regex%/*"
provider: sylius_api_chain_provider
stateless: true
anonymous: lazy
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
jwt: true

shop:
switch_user: { role: ROLE_ALLOWED_TO_SWITCH }
Expand All @@ -108,7 +80,7 @@ security:
default_target_path: sylius_shop_homepage
use_forward: false
use_referer: true
csrf_token_generator: security.csrf.token_manager
enable_csrf: true
csrf_parameter: _csrf_shop_security_token
csrf_token_id: shop_authenticate
remember_me:
Expand All @@ -118,31 +90,35 @@ security:
remember_me_parameter: _remember_me
logout:
path: sylius_shop_logout
target: sylius_shop_login
target: sylius_shop_homepage
invalidate_session: false
success_handler: sylius.handler.shop_user_logout
anonymous: true

dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false

image_resolver:
pattern: ^/media/cache/resolve
security: false

access_control:
- { path: "%sylius.security.admin_regex%/_partial", role: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.admin_regex%/_partial", role: PUBLIC_ACCESS, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.admin_regex%/_partial", role: ROLE_NO_ACCESS }
- { path: "%sylius.security.shop_regex%/_partial", role: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.shop_regex%/_partial", role: PUBLIC_ACCESS, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.shop_regex%/_partial", role: ROLE_NO_ACCESS }

- { path: "%sylius.security.admin_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.api_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.admin_regex%/login", role: PUBLIC_ACCESS }
- { path: "%sylius.security.shop_regex%/login", role: PUBLIC_ACCESS }

- { path: "%sylius.security.shop_regex%/register", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/verify", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/register", role: PUBLIC_ACCESS }
- { path: "%sylius.security.shop_regex%/verify", role: PUBLIC_ACCESS }

- { path: "%sylius.security.admin_regex%", role: ROLE_ADMINISTRATION_ACCESS }
- { path: "%sylius.security.api_regex%/.*", role: ROLE_API_ACCESS }
- { path: "%sylius.security.shop_regex%/account", role: ROLE_USER }

- { path: "%sylius.security.new_api_admin_route%/reset-password-requests", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_admin_regex%/.*", role: ROLE_API_ACCESS }
- { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.new_api_admin_route%/authentication-token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_user_account_regex%/.*", role: ROLE_USER }
- { path: "%sylius.security.new_api_shop_route%/authentication-token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_shop_regex%/.*", role: PUBLIC_ACCESS }
10 changes: 5 additions & 5 deletions ...Application/config/packages/security.yaml → ...config/sylius/1.13/packages/security.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ security:
stateless: true
entry_point: jwt
json_login:
check_path: "%sylius.security.new_api_admin_route%/authentication-token"
check_path: "%sylius.security.new_api_admin_route%/administrators/token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
Expand All @@ -58,7 +58,7 @@ security:
stateless: true
entry_point: jwt
json_login:
check_path: "%sylius.security.new_api_shop_route%/authentication-token"
check_path: "%sylius.security.new_api_shop_route%/customers/token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
Expand Down Expand Up @@ -116,9 +116,9 @@ security:
- { path: "%sylius.security.admin_regex%", role: ROLE_ADMINISTRATION_ACCESS }
- { path: "%sylius.security.shop_regex%/account", role: ROLE_USER }

- { path: "%sylius.security.new_api_admin_route%/reset-password-requests", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_admin_route%/administrators/reset-password", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_admin_regex%/.*", role: ROLE_API_ACCESS }
- { path: "%sylius.security.new_api_admin_route%/authentication-token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_admin_route%/administrators/token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_user_account_regex%/.*", role: ROLE_USER }
- { path: "%sylius.security.new_api_shop_route%/authentication-token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_shop_route%/customers/token", role: PUBLIC_ACCESS }
- { path: "%sylius.security.new_api_shop_regex%/.*", role: PUBLIC_ACCESS }

0 comments on commit 776a0f0

Please sign in to comment.