Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication #67

Merged
merged 6 commits into from
Jul 1, 2024

Conversation

konradoboza
Copy link
Contributor

@konradoboza konradoboza commented Jun 12, 2024

🎫 Issue IBX-8356

Related PRs:

Description:

After going through multiple approaches we realized that Authentication mutation should not authenticate user. Instead we simply compare credentials without any security voodoo at this point and return newly generated JWT Token. From now on, it can be used as Authorization: Bearer <token_here> header to perform any operations in Ibexa Repository.

Example query:
Generating token via GraphQL mutation (fully backwards compatible with what it was before):

mutation CreateToken {
  createToken(username: "admin", password: "publish") {
    token
    message
  }
}

produces:

{
  "data": {
    "createToken": {
      "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkzMTk2MjIsImV4cCI6MTcxOTMyMzIyMiwicm9sZXMiOltdLCJ1c2VybmFtZSI6ImFkbWluIn0.PCPl-PhXU2RYEOSyr13usg4D_NyqijBt4CMO9smTpHU",
      "message": null
    }
  }
}

Then use the token as in:

curl -H "Content-Type: application/json" -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkzMTk2MjIsImV4cCI6MTcxOTMyMzIyMiwicm9sZXMiOltdLCJ1c2VybmFtZSI6ImFkbWluIn0.PCPl-PhXU2RYEOSyr13usg4D_NyqijBt4CMO9smTpHU' --data @json.json http://localhost:8001/graphql

where json.json file might contain some query (to increase readability):

{
    "query": "mutation {createFolder(language: eng_GB, parentLocationId: 2, input: {name: \"ddd\"}) {id}}"
}

Response should look mor or less as follows:

{"data":{"createFolder":{"id":"RG9tYWluQ29udGVudDo="}}}

For QA:

All related to JWT in GraphQL needs to be checked.

Documentation:

We should probably mention dropped code even though query and their responses are the same.

@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from 1205c27 to d5946ba Compare June 12, 2024 14:11
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch 4 times, most recently from 291aa09 to 74f5a21 Compare June 19, 2024 07:14
@konradoboza konradoboza marked this pull request as ready for review June 19, 2024 08:11
@konradoboza konradoboza added Doc needed The changes require some documentation Ready for review labels Jun 19, 2024
@konradoboza konradoboza requested a review from a team June 19, 2024 09:03
@konradoboza konradoboza changed the title IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface` usages to comply with Symfony-based authentication IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 19, 2024
@alongosz alongosz requested a review from a team June 19, 2024 09:37
…henticatorInterface usages to comply with Symfony-based authentication
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from 74f5a21 to 3884487 Compare June 19, 2024 10:06
@adamwojs
Copy link
Member

@konradoboza Could you please provide example of request with authentication using JWT?

@konradoboza
Copy link
Contributor Author

konradoboza commented Jun 24, 2024

@adamwojs since you cannot perform such queries via GraphiQL client (no way to specify additional headers), the only way is to make a cURL request with Authorization: Bearer <here_goes_your_jwt_token> formatted header. Unfortunately, I discovered some issues here, so making this one as work in progress again. For your reference I give some example query below:

curl -H "Content-Type: application/json" -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE3MTkyMTY5MzEsImV4cCI6MTcxOTIyMDUzMSwicm9sZXMiOlsiUk9MRV9VU0VSIl0sInVzZXJuYW1lIjoiYWRtaW4ifQ.VZp7Hs6p9qg_xWEJZVXz0PlAwjmUr87hCS_56Z05eBU' --data '{"query": "mutation {createFolder(language: eng_GB, parentLocationId: 2, input: {name: \"test folder\"}) {id}}"} ' localhost:8003/graphql

@konradoboza konradoboza changed the title IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication [WiP] IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 24, 2024
@konradoboza konradoboza changed the title [WiP] IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication IBX-8356: Reworked Ibexa\Core\MVC\Symfony\Security\Authentication\AuthenticatorInterface usages to comply with Symfony-based authentication Jun 25, 2024
@konradoboza konradoboza requested a review from alongosz June 25, 2024 13:15
@Steveb-p Steveb-p requested a review from a team June 25, 2024 13:20
@konradoboza konradoboza requested a review from webhdx June 25, 2024 13:22
@konradoboza konradoboza force-pushed the ibx-8356-removed-authenticatorinterface branch from f43c65e to 52e0d1f Compare June 25, 2024 13:29
@webhdx webhdx requested a review from a team June 25, 2024 13:41
@konradoboza konradoboza requested a review from Steveb-p June 26, 2024 11:06
Copy link

@micszo micszo removed their assignment Jul 1, 2024
@konradoboza konradoboza merged commit ba5e369 into main Jul 1, 2024
8 checks passed
@konradoboza konradoboza deleted the ibx-8356-removed-authenticatorinterface branch July 1, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Doc needed The changes require some documentation QA approved
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants