From 289664662d51a4eae11a9ba48867f8557d76bb3c Mon Sep 17 00:00:00 2001 From: Ruben van der Linde Date: Fri, 21 Feb 2020 13:57:16 +0100 Subject: [PATCH] Fixes on security --- api/config/packages/security.yaml | 9 ++++++++- api/public/schema/publiccode.yaml | 2 +- api/src/Security/User/CommongroundApplication.php | 2 +- .../Security/User/CommongroundApplicationProvider.php | 8 ++++---- api/src/Security/User/CommongroundUser.php | 2 +- api/src/Security/User/CommongroundUserProvider.php | 8 ++++---- 6 files changed, 19 insertions(+), 12 deletions(-) diff --git a/api/config/packages/security.yaml b/api/config/packages/security.yaml index 73b63636..ddfc66c6 100644 --- a/api/config/packages/security.yaml +++ b/api/config/packages/security.yaml @@ -1,7 +1,13 @@ security: # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: - in_memory: { memory: ~ } + chain_provider: + chain: + providers: [CommongroundApplicationProvider, CommongroundUserProvider] + commongroundUserProvider: + id: App\Security\User\CommongroundUserProvider + commongroundApplicationProvider: + id: App\Security\User\CommongroundApplicationProvider firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ @@ -12,6 +18,7 @@ security: pattern: ^/$ methods: [GET] main: + provider: chain_provider guard: authenticators: - App\Security\CommongroundApplicationAuthenticator diff --git a/api/public/schema/publiccode.yaml b/api/public/schema/publiccode.yaml index 68215362..47afb251 100644 --- a/api/public/schema/publiccode.yaml +++ b/api/public/schema/publiccode.yaml @@ -6,7 +6,7 @@ url: "https://github.com/ConductionNL/Proto-component-commonground" landingURL: "test.conduction.nl" isBasedOn: "https://github.com/ConductionNL/Proto-component-commonground.git" softwareVersion: "V.0.1" -releaseDate: "2020-19-02" +releaseDate: "2020-20-02" logo: pc.zaakonline.nl monochromeLogo: img/logo-mono.svg diff --git a/api/src/Security/User/CommongroundApplication.php b/api/src/Security/User/CommongroundApplication.php index d2b6396b..91eb89b4 100644 --- a/api/src/Security/User/CommongroundApplication.php +++ b/api/src/Security/User/CommongroundApplication.php @@ -13,7 +13,7 @@ class CommongroundApplication implements UserInterface, EquatableInterface private $salt; private $roles; - public function __construct($username, $password, $salt, array $roles) + public function __construct(string $username = '', string $password = '', string $salt = null, array $roles = []) { $this->username = $username; $this->password = $password; diff --git a/api/src/Security/User/CommongroundApplicationProvider.php b/api/src/Security/User/CommongroundApplicationProvider.php index dcd60d88..9d116d19 100644 --- a/api/src/Security/User/CommongroundApplicationProvider.php +++ b/api/src/Security/User/CommongroundApplicationProvider.php @@ -40,13 +40,13 @@ private function fetchUser($uuid) // $userData = ... // pretend it returns an array on success, false if there is no user - if ($userData) { - $password = '...'; + //if ($userData) { + // $password = '...'; // ... - return new CommongroundApplication($username, $password, $salt, $roles); - } + return new CommongroundApplication('Default Application', $uuid, null, ['user']); + //} throw new UsernameNotFoundException( sprintf('Application "%s" does not exist.', $uuid) diff --git a/api/src/Security/User/CommongroundUser.php b/api/src/Security/User/CommongroundUser.php index 2a0ddea4..444805aa 100644 --- a/api/src/Security/User/CommongroundUser.php +++ b/api/src/Security/User/CommongroundUser.php @@ -13,7 +13,7 @@ class CommongroundUser implements UserInterface, EquatableInterface private $salt; private $roles; - public function __construct($username, $password, $salt, array $roles) + public function __construct(string $username = '', string $password = '', string $salt = null, array $roles = []) { $this->username = $username; $this->password = $password; diff --git a/api/src/Security/User/CommongroundUserProvider.php b/api/src/Security/User/CommongroundUserProvider.php index 0ae0eeba..9c9419ef 100644 --- a/api/src/Security/User/CommongroundUserProvider.php +++ b/api/src/Security/User/CommongroundUserProvider.php @@ -40,13 +40,13 @@ private function fetchUser($uuid) //$userData = ... // pretend it returns an array on success, false if there is no user - if ($userData) { - $password = '...'; + //if ($userData) { + // $password = '...'; // ... - return new CommongroundUser($username, $password, $salt, $roles); - } + return new CommongroundUser('Default User', $uuid, null, ['user']); + //} throw new UsernameNotFoundException( sprintf('User "%s" does not exist.', $uuid)