L'authentification (JWT)

<?php

namespace App\Entity;

use App\Repository\UserRepository;

use Doctrine\ORM\Mapping as ORM;

use Symfony\Component\Security\Core\User\UserInterface;

/**

 * @ORM\Entity(repositoryClass=UserRepository::class)

 */

class User implements UserInterface

{

    /**

     * @ORM\Id

     * @ORM\GeneratedValue

     * @ORM\Column(type="integer")

     */

    private $id;

    /**

     * @ORM\Column(type="string", length=180, unique=true)

     */

    private $username;

    /**

     * @ORM\Column(type="json")

     */

    private $roles = [];

    /**

     * @var string The hashed password

     * @ORM\Column(type="string")

     */

    private $password;

    public function getId(): ?int

    {

        return $this->id;

    }

    /**

     * A visual identifier that represents this user.

     *

     * @see UserInterface

     */

    public function getUsername(): string

    {

        return (string) $this->username;

    }

    public function setUsername(string $username): self

    {

        $this->username = $username;

        return $this;

    }

    /**

     * @see UserInterface

     */

    public function getRoles(): array

    {

        $roles = $this->roles;

        // guarantee every user at least has ROLE_USER

        $roles[] = 'ROLE_USER';

        return array_unique($roles);

    }

    public function setRoles(array $roles): self

    {

        $this->roles = $roles;

        return $this;

    }

    /**

     * @see UserInterface

     */

    public function getPassword(): string

    {

        return (string) $this->password;

    }

    public function setPassword(string $password): self

    {

        $this->password = $password;

        return $this;

    }

    /**

     * Returning a salt is only needed, if you are not using a modern

     * hashing algorithm (e.g. bcrypt or sodium) in your security.yaml.

     *

     * @see UserInterface

     */

    public function getSalt(): ?string

    {

        return null;

    }

    /**

     * @see UserInterface

     */

    public function eraseCredentials()

    {

        // If you store any temporary, sensitive data on the user, clear it here

        // $this->plainPassword = null;

    }

}

<?php

namespace App\Entity;

use App\Repository\UserRepository;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;

/**
 * @ORM\Entity(repositoryClass=UserRepository::class)
 */
class User implements UserInterface
{
    /**
     * @ORM\Id
     * @ORM\GeneratedValue
     * @ORM\Column(type="integer")
     */
    private $id;

    /**
     * @ORM\Column(type="string", length=180, unique=true)
     */
    private $username;

    /**
     * @ORM\Column(type="json")
     */
    private $roles = [];

    /**
     * @var string The hashed password
     * @ORM\Column(type="string")
     */
    private $password;

    public function getId(): ?int
    {
        return $this->id;
    }

    /**
     * A visual identifier that represents this user.
     *
     * @see UserInterface
     */
    public function getUsername(): string
    {
        return (string) $this->username;
    }

    public function setUsername(string $username): self
    {
        $this->username = $username;

        return $this;
    }

    /**
     * @see UserInterface
     */
    public function getRoles(): array
    {
        $roles = $this->roles;
        // guarantee every user at least has ROLE_USER
        $roles[] = 'ROLE_USER';

        return array_unique($roles);
    }

    public function setRoles(array $roles): self
    {
        $this->roles = $roles;

        return $this;
    }

    /**
     * @see UserInterface
     */
    public function getPassword(): string
    {
        return (string) $this->password;
    }

    public function setPassword(string $password): self
    {
        $this->password = $password;

        return $this;
    }

    /**
     * Returning a salt is only needed, if you are not using a modern
     * hashing algorithm (e.g. bcrypt or sodium) in your security.yaml.
     *
     * @see UserInterface
     */
    public function getSalt(): ?string
    {
        return null;
    }

    /**
     * @see UserInterface
     */
    public function eraseCredentials()
    {
        // If you store any temporary, sensitive data on the user, clear it here
        // $this->plainPassword = null;
    }
}

###> lexik/jwt-authentication-bundle ###

JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem

JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem

JWT_PASSPHRASE=xxxxx

###< lexik/jwt-authentication-bundle ###

###> lexik/jwt-authentication-bundle ###

JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem

JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem

JWT_PASSPHRASE=xxxxx

###< lexik/jwt-authentication-bundle ###

#config/packages/lexik_jwt_authentication.yaml

lexik_jwt_authentication:

    secret_key: '%env(resolve:JWT_SECRET_KEY)%'

    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'

    pass_phrase: ‘%env(JWT_PASSPHRASE)%'

#config/packages/lexik_jwt_authentication.yaml
lexik_jwt_authentication:
    secret_key: '%env(resolve:JWT_SECRET_KEY)%'
    public_key: '%env(resolve:JWT_PUBLIC_KEY)%'
    pass_phrase: ‘%env(JWT_PASSPHRASE)%'

#config/packages/security.yaml 

security:

    encoders:

        App\Entity\User:

            algorithm: auto

    providers:

        # used to reload user from session & other features (e.g. switch_user)

        app_user_provider:

            entity:

                class: App\Entity\User

                property: username

    firewalls:

        dev:

            pattern: ^/(_(profiler|wdt)|css|images|js)/

            security: false

        login:

            pattern:  ^/api/login

            stateless: true

            anonymous: true

            json_login:

                check_path: /api/login

                username_path: username

                password_path: password

                success_handler:          lexik_jwt_authentication.handler.authentication_success

                failure_handler:          lexik_jwt_authentication.handler.authentication_failure

        api:

            pattern:   ^/api

            stateless: true

            guard:

                authenticators:

                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:

        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }

        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

#config/packages/security.yaml 

security:
    encoders:
        App\Entity\User:
            algorithm: auto

    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: username

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern:  ^/api/login
            stateless: true
            anonymous: true
            json_login:
                check_path: /api/login
                username_path: username
                password_path: password
                success_handler:          lexik_jwt_authentication.handler.authentication_success
                failure_handler:          lexik_jwt_authentication.handler.authentication_failure
        api:
            pattern:   ^/api
            stateless: true
            guard:
                authenticators:
                    - lexik_jwt_authentication.jwt_token_authenticator

    access_control:
        - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/api,       roles: IS_AUTHENTICATED_FULLY }

#config/routes.yaml 

authentication_token:

  path: /api/login

  methods: ['POST']

#config/routes.yaml 

authentication_token:
  path: /api/login
  methods: ['POST']