Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication #67

Merged
merged 6 commits into from
Jul 1, 2024
Merged

IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication #67

merged 6 commits into from
Jul 1, 2024

Conversation

konradoboza
Copy link
Contributor

@konradoboza konradoboza commented Jun 12, 2024
edited
Loading

🎫 Issue IBX-8356

Related PRs:

Description:

After going through multiple approaches we realized that Authentication mutation should not authenticate user. Instead we simply compare credentials without any security voodoo at this point and return newly generated JWT Token. From now on, it can be used as Authorization: Bearer <token_here> header to perform any operations in Ibexa Repository.

Example query:
Generating token via GraphQL mutation (fully backwards compatible with what it was before):

mutation CreateToken {
  createToken(username: "admin", password: "publish") {
    token
    message
  }
}

produces:

{
  "data": {
    "createToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkzMTk2MjIsImV4cCI6MTcxOTMyMzIyMiwicm9sZXMiOltdLCJ1c2VybmFtZSI6ImFkbWluIn0.PCPl-PhXU2RYEOSyr13usg4D_NyqijBt4CMO9smTpHU",
      "message": null
    }
  }
}

Then use the token as in:

curl -H "Content-Type: application/json" -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkzMTk2MjIsImV4cCI6MTcxOTMyMzIyMiwicm9sZXMiOltdLCJ1c2VybmFtZSI6ImFkbWluIn0.PCPl-PhXU2RYEOSyr13usg4D_NyqijBt4CMO9smTpHU' --data @json.json http://localhost:8001/graphql

where json.json file might contain some query (to increase readability):

{
    "query": "mutation {createFolder(language: eng_GB, parentLocationId: 2, input: {name: \"ddd\"}) {id}}"
}

Response should look mor or less as follows:

{"data":{"createFolder":{"id":"RG9tYWluQ29udGVudDo="}}}

For QA:

All related to JWT in GraphQL needs to be checked.

Documentation:

We should probably mention dropped code even though query and their responses are the same.

@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from 1205c27 to d5946ba Compare June 12, 2024 14:11
This was referenced Jun 13, 2024
Merged
Merged
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch 4 times, most recently from 291aa09 to 74f5a21 Compare June 19, 2024 07:14
@konradoboza konradoboza marked this pull request as ready for review June 19, 2024 08:11
@konradoboza konradoboza added Doc needed The changes require some documentation Ready for review labels Jun 19, 2024
@konradoboza konradoboza requested a review from a team June 19, 2024 09:03
@konradoboza konradoboza changed the title IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface` usages to comply with Symfony-based authentication IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 19, 2024
@alongosz alongosz requested a review from a team June 19, 2024 09:37
@konradoboza
IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\Aut…
36238c6 
…henticatorInterface usages to comply with Symfony-based authentication
@konradoboza
fixed phpstan
3884487
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from 74f5a21 to 3884487 Compare June 19, 2024 10:06
@adamwojs
Copy link
Member

@konradoboza Could you please provide example of request with authentication using JWT?

@konradoboza
Copy link
Contributor Author

konradoboza commented Jun 24, 2024
edited
Loading

@adamwojs since you cannot perform such queries via GraphiQL client (no way to specify additional headers), the only way is to make a cURL request with Authorization: Bearer <here_goes_your_jwt_token> formatted header. Unfortunately, I discovered some issues here, so making this one as work in progress again. For your reference I give some example query below:

curl -H "Content-Type: application/json" -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkyMTY5MzEsImV4cCI6MTcxOTIyMDUzMSwicm9sZXMiOlsiUk9MRV9VU0VSIl0sInVzZXJuYW1lIjoiYWRtaW4ifQ.VZp7Hs6p9qg_xWEJZVXz0PlAwjmUr87hCS_56Z05eBU' --data '{"query": "mutation {createFolder(language: eng_GB, parentLocationId: 2, input: {name: \"test folder\"}) {id}}"} ' localhost:8003/graphql

@konradoboza konradoboza changed the title IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication [WiP] IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 24, 2024
@konradoboza konradoboza changed the title [WiP] IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 25, 2024
@Steveb-p Steveb-p requested a review from a team June 25, 2024 13:20
@konradoboza konradoboza requested a review from webhdx June 25, 2024 13:22
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from f43c65e to 52e0d1f Compare June 25, 2024 13:29
@webhdx webhdx requested a review from a team June 25, 2024 13:41
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from 52e0d1f to 51e57fe Compare June 25, 2024 13:42
This was referenced Jun 25, 2024
Closed
Closed
Closed
Closed
@micszo micszo self-assigned this Jun 26, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jun 26, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@micszo micszo removed their assignment Jul 1, 2024
@konradoboza konradoboza merged commit ba5e369 into main Jul 1, 2024
8 checks passed
@konradoboza konradoboza deleted the ibx-8356-removed-authenticatorinterface branch July 1, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micszo micszo micszo approved these changes

@webhdx webhdx webhdx approved these changes

@ciastektk ciastektk ciastektk approved these changes

@Steveb-p Steveb-p Steveb-p approved these changes

@alongosz alongosz Awaiting requested review from alongosz

Assignees

@webhdx webhdx

@tischsoic tischsoic

@konradoboza konradoboza

Labels
Doc needed The changes require some documentation QA approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@konradoboza @adamwojs @Steveb-p @alongosz @ciastektk @webhdx @micszo @tischsoic