From d1a16e1320d71df10401aa3490d3be7252817407 Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Mon, 8 Apr 2024 13:45:18 +0200
Subject: [PATCH 1/7] 1127: Updated oidc internal documentation

---
 CHANGELOG.md |  2 ++
 README.md    | 13 ++++++++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8ee32761..e1cf9e2e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,8 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- [#199](https://github.com/os2display/display-api-service/pull/199)
+  - Updated oidc internal documentation.
 - [#198](https://github.com/os2display/display-api-service/pull/198)
   - Changed route prefix to v2.
 - [#197](https://github.com/os2display/display-api-service/pull/197)
diff --git a/README.md b/README.md
index bf734424..3a24753b 100644
--- a/README.md
+++ b/README.md
@@ -128,9 +128,16 @@ The internal oidc provider gets that user's name, email and tenants from claims.
 
 The claim keys needed are set in the env variables:
 
-- INTERNAL_OIDC_CLAIM_NAME
-- INTERNAL_OIDC_CLAIM_EMAIL
-- INTERNAL_OIDC_CLAIM_GROUPS
+- `INTERNAL_OIDC_CLAIM_NAME`
+- `INTERNAL_OIDC_CLAIM_EMAIL`
+- `INTERNAL_OIDC_CLAIM_GROUPS`
+
+The value of the claim with the name that is defined in the env variable `INTERNAL_OIDC_CLAIM_GROUPS` is mapped to
+the user's access to tenants in `App\Security\AzureOidcAuthenticator`. The claim field should consist of an array of
+names that should follow the following structure `<TENANT_NAME><ROLE_IN_TENANT>`.
+`<ROLE_IN_TENANT>` can be `Admin` or `Redaktoer` (editor).
+E.g. `Example1Admin` will map to the tenant with name `Example1` with `ROLE_ADMIN`.
+If the tenant does not exist it will be created when the user logs in.
 
 ### External
 

From 1c8a9405e5d67073782f74f386f5e5d92438dca2 Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Wed, 17 Apr 2024 11:23:59 +0200
Subject: [PATCH 2/7] 1190: Added post redirect

---
 CHANGELOG.md                               |  3 +++
 config/packages/nelmio_cors.yaml           |  3 ++-
 config/packages/security.yaml              |  3 ++-
 src/Controller/ApiV1RedirectController.php | 13 ++++++++++---
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 656af09f..bb100fa6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
 
+- [#205](https://github.com/os2display/display-api-service/pull/205)
+  - Fixed redirecting post requests.
+
 ## [2.0.3] - 2024-04-10
 
 - [#203](https://github.com/os2display/display-api-service/pull/203)
diff --git a/config/packages/nelmio_cors.yaml b/config/packages/nelmio_cors.yaml
index 2ae9f080..f815f4e3 100644
--- a/config/packages/nelmio_cors.yaml
+++ b/config/packages/nelmio_cors.yaml
@@ -8,6 +8,7 @@ nelmio_cors:
         expose_headers: ['Link']
         max_age: 3600
     paths:
-        '^/v2/authentication/':
+        # v1 is added for backwards compatability: See App/Controller/ApiV1RedirectController
+        '^/(v1|v2)/authentication/':
             allow_credentials: true
         '^/': null
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 9f55876f..e9310ab1 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -33,8 +33,9 @@ security:
         login_oidc:
             pattern: ^/v2/authentication/oidc
             security: false
+        # v1 is added for backwards compatability: See App/Controller/ApiV1RedirectController
         api_token_refresh:
-            pattern: ^/v2/authentication/token/refresh
+            pattern: ^/(v1|v2)/authentication/token/refresh
             stateless: true
             refresh_jwt:
                 provider: user_provider
diff --git a/src/Controller/ApiV1RedirectController.php b/src/Controller/ApiV1RedirectController.php
index 246caf1d..d95b6f71 100644
--- a/src/Controller/ApiV1RedirectController.php
+++ b/src/Controller/ApiV1RedirectController.php
@@ -6,13 +6,20 @@
 
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
 
 class ApiV1RedirectController extends AbstractController
 {
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET'])]
-    public function index(string $endpoint): RedirectResponse
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_get', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET'])]
+    public function redirectGets(string $endpoint): RedirectResponse
     {
-        return $this->redirect('/v2/'.$endpoint, \Symfony\Component\HttpFoundation\Response::HTTP_MOVED_PERMANENTLY);
+        return $this->redirect('/v2/'.$endpoint, Response::HTTP_MOVED_PERMANENTLY);
+    }
+
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_post', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['POST'])]
+    public function redirectPosts(string $endpoint): RedirectResponse
+    {
+        return $this->redirect('/v2/'.$endpoint, Response::HTTP_TEMPORARY_REDIRECT);
     }
 }

From 2e4cbb7ae58132af6977c1afeb033b9758aae48e Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Wed, 17 Apr 2024 11:31:00 +0200
Subject: [PATCH 3/7] 1190: Merged routes

---
 src/Controller/ApiV1RedirectController.php | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/Controller/ApiV1RedirectController.php b/src/Controller/ApiV1RedirectController.php
index d95b6f71..e318f0c6 100644
--- a/src/Controller/ApiV1RedirectController.php
+++ b/src/Controller/ApiV1RedirectController.php
@@ -11,15 +11,9 @@
 
 class ApiV1RedirectController extends AbstractController
 {
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_get', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET'])]
-    public function redirectGets(string $endpoint): RedirectResponse
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET', 'POST'])]
+    public function index(string $endpoint): RedirectResponse
     {
         return $this->redirect('/v2/'.$endpoint, Response::HTTP_MOVED_PERMANENTLY);
     }
-
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_post', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['POST'])]
-    public function redirectPosts(string $endpoint): RedirectResponse
-    {
-        return $this->redirect('/v2/'.$endpoint, Response::HTTP_TEMPORARY_REDIRECT);
-    }
 }

From bf7f63c2ac46e03066ae58a34e1d28a356b44a39 Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Wed, 17 Apr 2024 11:54:57 +0200
Subject: [PATCH 4/7] 1190: Updated baseline for ThemeProcessor

---
 psalm-baseline.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index a98c5bdd..b9b3cf40 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -751,8 +751,8 @@
       <code><![CDATA[$theme]]></code>
     </NullableReturnStatement>
     <PossiblyNullReference>
-      <code><![CDATA[addLogo]]></code>
       <code><![CDATA[removeLogo]]></code>
+      <code><![CDATA[setLogo]]></code>
       <code><![CDATA[setCreatedBy]]></code>
       <code><![CDATA[setCssStyles]]></code>
       <code><![CDATA[setDescription]]></code>

From 4294cb83790b623fab158d2a96e758085ece01e2 Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Wed, 17 Apr 2024 13:13:41 +0200
Subject: [PATCH 5/7] 1190: Moved redirect for post into own function to use
 HTTP_TEMPORARY_REDIRECT

---
 src/Controller/ApiV1RedirectController.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Controller/ApiV1RedirectController.php b/src/Controller/ApiV1RedirectController.php
index e318f0c6..1597f9b4 100644
--- a/src/Controller/ApiV1RedirectController.php
+++ b/src/Controller/ApiV1RedirectController.php
@@ -11,9 +11,15 @@
 
 class ApiV1RedirectController extends AbstractController
 {
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET', 'POST'])]
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET'])]
     public function index(string $endpoint): RedirectResponse
     {
         return $this->redirect('/v2/'.$endpoint, Response::HTTP_MOVED_PERMANENTLY);
     }
+
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_post', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['POST'])]
+    public function indexPost(string $endpoint): RedirectResponse
+    {
+        return $this->redirect('/v2/'.$endpoint, Response::HTTP_TEMPORARY_REDIRECT);
+    }
 }

From 0310d31fcf8d871e492e0b94eca47b14ee85ad60 Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Thu, 18 Apr 2024 06:57:11 +0200
Subject: [PATCH 6/7] 1190: Changed to HTTP_PERMANENTLY_REDIRECT

---
 src/Controller/ApiV1RedirectController.php | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/src/Controller/ApiV1RedirectController.php b/src/Controller/ApiV1RedirectController.php
index 1597f9b4..f176c94c 100644
--- a/src/Controller/ApiV1RedirectController.php
+++ b/src/Controller/ApiV1RedirectController.php
@@ -11,15 +11,9 @@
 
 class ApiV1RedirectController extends AbstractController
 {
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['GET'])]
+    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null])]
     public function index(string $endpoint): RedirectResponse
     {
-        return $this->redirect('/v2/'.$endpoint, Response::HTTP_MOVED_PERMANENTLY);
-    }
-
-    #[Route('/v1/{endpoint}', name: 'app_api_v1_redirect_post', requirements: ['endpoint' => '.+'], defaults: ['endpoint' => null], methods: ['POST'])]
-    public function indexPost(string $endpoint): RedirectResponse
-    {
-        return $this->redirect('/v2/'.$endpoint, Response::HTTP_TEMPORARY_REDIRECT);
+        return $this->redirect('/v2/'.$endpoint, Response::HTTP_PERMANENTLY_REDIRECT);
     }
 }

From ed32213d9cc5389d3fc845c3e833c7147ee3e50d Mon Sep 17 00:00:00 2001
From: Troels Ugilt Jensen <6103205+tuj@users.noreply.github.com>
Date: Thu, 18 Apr 2024 07:27:50 +0200
Subject: [PATCH 7/7] 1190: Fixed tests

---
 tests/Controller/ApiV1RedirectControllerTest.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/tests/Controller/ApiV1RedirectControllerTest.php b/tests/Controller/ApiV1RedirectControllerTest.php
index 0b2b6ec4..cfd8f9fa 100644
--- a/tests/Controller/ApiV1RedirectControllerTest.php
+++ b/tests/Controller/ApiV1RedirectControllerTest.php
@@ -5,14 +5,19 @@
 namespace App\Tests\Controller;
 
 use App\Tests\AbstractBaseApiTestCase;
+use Symfony\Component\HttpFoundation\Request;
 
 class ApiV1RedirectControllerTest extends AbstractBaseApiTestCase
 {
     public function testIndex()
     {
         $client = $this->getAuthenticatedClient('ROLE_ADMIN');
-        $crawler = $client->request('GET', '/v1/screens/01GN9PW2Z03V8VQG7SN6Q9R17H');
+        $client->request(Request::METHOD_GET, '/v1/screens/01GN9PW2Z03V8VQG7SN6Q9R17H');
 
-        $this->assertResponseRedirects('/v2/screens/01GN9PW2Z03V8VQG7SN6Q9R17H', 301);
+        $this->assertResponseRedirects('/v2/screens/01GN9PW2Z03V8VQG7SN6Q9R17H', 308);
+
+        $client->request(Request::METHOD_POST, '/v1/authentication/screen');
+
+        $this->assertResponseRedirects('/v2/authentication/screen', 308);
     }
 }