added old Content-Type header replacing subscriber

phpstan-baseline-8.0.neon

@@ -1,10 +1,5 @@
 parameters:
 	ignoreErrors:
-		-
-			message: "#^Parameter \\#1 \\$filename of function file_put_contents expects string, string\\|false given\\.$#"
-			count: 1
-			path: src/lib/FieldTypeProcessor/BinaryInputProcessor.php
-
 		-
 			message: "#^Access to an undefined property DOMNode\\:\\:\\$data\\.$#"
 			count: 2
@@ -64,8 +59,3 @@ parameters:
 			message: "#^Parameter \\#1 \\$string of function base64_encode expects string, string\\|false given\\.$#"
 			count: 1
 			path: tests/bundle/Functional/BinaryContentTest.php
-
-		-
-			message: "#^Parameter \\#1 \\$directory of function mkdir expects string, string\\|false given\\.$#"
-			count: 1
-			path: tests/lib/FieldTypeProcessor/BinaryInputProcessorTest.php

phpstan-baseline.neon

@@ -5600,11 +5600,6 @@ parameters:
 			count: 1
 			path: tests/lib/FieldTypeProcessor/BinaryInputProcessorTest.php
 
-		-
-			message: "#^Parameter \\#1 \\$filename of function unlink expects string, string\\|false given\\.$#"
-			count: 1
-			path: tests/lib/FieldTypeProcessor/BinaryInputProcessorTest.php
-
 		-
 			message: "#^Property Ibexa\\\\Tests\\\\Rest\\\\FieldTypeProcessor\\\\BinaryInputProcessorTest\\:\\:\\$tempDir has no type specified\\.$#"
 			count: 1
@@ -8280,26 +8275,6 @@ parameters:
 			count: 1
 			path: tests/lib/Server/Output/ValueObjectVisitor/ImageVariationTest.php
 
-		-
-			message: "#^Instantiated class Ibexa\\\\Rest\\\\Server\\\\Output\\\\ValueObjectVisitor\\\\JWT not found\\.$#"
-			count: 1
-			path: tests/lib/Server/Output/ValueObjectVisitor/JWTTest.php
-
-		-
-			message: "#^Instantiated class Ibexa\\\\Rest\\\\Server\\\\Values\\\\JWT not found\\.$#"
-			count: 1
-			path: tests/lib/Server/Output/ValueObjectVisitor/JWTTest.php
-
-		-
-			message: "#^Method Ibexa\\\\Tests\\\\Rest\\\\Server\\\\Output\\\\ValueObjectVisitor\\\\JWTTest\\:\\:internalGetVisitor\\(\\) has invalid return type Ibexa\\\\Rest\\\\Server\\\\Output\\\\ValueObjectVisitor\\\\JWT\\.$#"
-			count: 1
-			path: tests/lib/Server/Output/ValueObjectVisitor/JWTTest.php
-
-		-
-			message: "#^Static method Ibexa\\\\Tests\\\\Rest\\\\Output\\\\ValueObjectVisitorBaseTest\\:\\:assertXMLTag\\(\\) invoked with 4 parameters, 2\\-3 required\\.$#"
-			count: 2
-			path: tests/lib/Server/Output/ValueObjectVisitor/JWTTest.php
-
 		-
 			message: "#^Method Ibexa\\\\Tests\\\\Rest\\\\Output\\\\ValueObjectVisitorBaseTest\\:\\:assertXMLTag\\(\\) invoked with 4 parameters, 2\\-3 required\\.$#"
 			count: 2

src/bundle/Resources/config/input_parsers.yml

@@ -82,11 +82,6 @@ services:
         tags:
             - { name: ibexa.rest.input.parser, mediaType: application/vnd.ibexa.api.FieldDefinitionUpdate }
 
-    Ibexa\Rest\Server\Input\Parser\JWTInput:
-        parent: Ibexa\Rest\Server\Common\Parser
-        tags:
-            - { name: ibexa.rest.input.parser, mediaType: application/vnd.ibexa.api.JWTInput }
-
     Ibexa\Rest\Server\Input\Parser\LocationCreate:
         parent: Ibexa\Rest\Server\Common\Parser
         class: Ibexa\Rest\Server\Input\Parser\LocationCreate

src/bundle/Resources/config/routing.yml

@@ -1246,5 +1246,4 @@ ibexa.rest.load_bookmarks:
 # JWT
 ibexa.rest.create_token:
     path: /user/token/jwt
-    controller: Ibexa\Rest\Server\Controller\JWT::createToken
     methods: [POST]

src/bundle/Resources/config/security.yml

@@ -17,7 +17,11 @@ services:
             - '@?security.csrf.token_storage'
             - '@?request_stack'
 
-    Ibexa\Rest\Server\Security\EventListener\JWTAuthenticationSuccessSubscriber:
+    Ibexa\Rest\Server\Security\EventListener\JWT\AuthenticationSuccessSubscriber:
+        tags:
+            - { name: kernel.event_subscriber }
+
+    Ibexa\Rest\Server\Security\EventListener\JWT\JsonLoginHeaderReplacingSubscriber:
         tags:
             - { name: kernel.event_subscriber }
 

src/lib/Server/Controller/JWT.php

@@ -9,28 +9,13 @@
 namespace Ibexa\Rest\Server\Controller;
 
 use Ibexa\Rest\Server\Controller as RestController;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 
 final class JWT extends RestController
 {
-    public function __construct(private readonly UrlGeneratorInterface $urlGenerator)
+    public function createToken(Request $request): void
     {
-    }
-
-    public function createToken(Request $request): ?RedirectResponse
-    {
-        if ($request->headers->get('Content-Type') === 'application/json') {
-            return null;
-        }
-
-        return new RedirectResponse(
-            $this->urlGenerator->generate('ibexa.rest.create_token'),
-            307,
-            [
-                'Content-Type' => 'application/json',
-            ]
-        );
+        //empty method for Symfony json_login authenticator which is used by Lexik/JWT under the hood
+        // for more detail refer to: https://symfony.com/bundles/LexikJWTAuthenticationBundle/current/index.html#symfony-5-3-and-higher
     }
 }

src/lib/Server/Security/EventListener/JWTAuthenticationSuccessSubscriber.php → src/lib/Server/Security/EventListener/JWT/AuthenticationSuccessSubscriber.php

@@ -6,15 +6,15 @@
  */
 declare(strict_types=1);
 
-namespace Ibexa\Rest\Server\Security\EventListener;
+namespace Ibexa\Rest\Server\Security\EventListener\JWT;
 
 use Ibexa\Contracts\Core\Repository\PermissionResolver;
 use Ibexa\Core\MVC\Symfony\Security\UserInterface as IbexaUser;
 use Lexik\Bundle\JWTAuthenticationBundle\Event\AuthenticationSuccessEvent;
 use Lexik\Bundle\JWTAuthenticationBundle\Events;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
-final readonly class JWTAuthenticationSuccessSubscriber implements EventSubscriberInterface
+final readonly class AuthenticationSuccessSubscriber implements EventSubscriberInterface
 {
     public function __construct(private PermissionResolver $permissionResolver)
     {

src/lib/Server/Security/EventListener/JWT/JsonLoginHeaderReplacingSubscriber.php

@@ -0,0 +1,44 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Rest\Server\Security\EventListener\JWT;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+/**
+ * Since JWT authentication since Symfony 5.4 relies on `json_login` hence `application/json` header is required.
+ * Therefore, there has to be a way to replace prior `application/vnd.ibexa.api.JWTInput+json` header whenever JWT authentication
+ * is triggered.
+ */
+final readonly class JsonLoginHeaderReplacingSubscriber implements EventSubscriberInterface
+{
+    private const string CONTENT_TYPE_HEADER = 'Content-Type';
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::REQUEST => ['replaceJsonLoginHeader', 10],
+        ];
+    }
+
+    public function replaceJsonLoginHeader(RequestEvent $event): void
+    {
+        $request = $event->getRequest();
+        if (!$request->headers->has(self::CONTENT_TYPE_HEADER)) {
+            return;
+        }
+
+        if ($request->headers->get(self::CONTENT_TYPE_HEADER) !== 'application/vnd.ibexa.api.JWTInput+json') {
+            return;
+        }
+
+        $request->headers->set(self::CONTENT_TYPE_HEADER, 'application/json');
+    }
+}

tests/bundle/Functional/SessionTest.php

@@ -62,6 +62,7 @@ public function testRefreshSessionMissingCsrfToken(): void
             ->createRefreshRequest($session)
             ->withoutHeader('X-CSRF-Token');
         $response = $this->sendHttpRequest($refreshRequest);
+
         self::assertHttpResponseCodeEquals($response, 401);
     }