Project wide changes to fix authentication and ensure all tests are passing.

Author: dant89

.env

@@ -16,7 +16,7 @@
 ###> symfony/framework-bundle ###
 APP_DEBUG=false
 APP_ENV=dev
-APP_SECRET=9971165787381817cca7e6ce4161c760
+APP_SECRET=s3cr3t
 ###< symfony/framework-bundle ###
 
 ###> doctrine/doctrine-bundle ###
@@ -25,7 +25,7 @@ APP_SECRET=9971165787381817cca7e6ce4161c760
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
 # DATABASE_URL="postgresql://symfony:[email protected]:5432/app?serverVersion=13&charset=utf8"
-DATABASE_URL="mysql://root:root@localhost:3306/api?serverVersion=5.7"
+DATABASE_URL="mysql://root:root@localhost:3306/api?serverVersion=8.0"
 ###< doctrine/doctrine-bundle ###
 
 ###> nelmio/cors-bundle ###
@@ -35,10 +35,16 @@ CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 ###> lexik/jwt-authentication-bundle ###
 JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
-JWT_PASSPHRASE=2fde84aa1be4b44e4b7f674d1fb2e5cd
+JWT_PASSPHRASE=changeMe
 JWT_TOKEN_TTL=900
 ###< lexik/jwt-authentication-bundle ###
 
 ###> dant89/ix-api-framework ###
 APP_VERSION=2.0.0
-###< dant89/ix-api-framework ###
+###< dant89/ix-api-framework ###
+
+###> docker ###
+HTTP_PORT=80
+HTTPS_PORT=433
+MYSQL_PORT=3303
+###< docker ###

.env.test

@@ -8,8 +8,11 @@ SYMFONY_DEPRECATIONS_HELPER=999999
 PANTHER_APP_ENV=panther
 PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
-DATABASE_URL="mysql://user:password@database:3306/ix_api_framework?serverVersion=5.7"
+DATABASE_URL="mysql://root:root@localhost:3306/api?serverVersion=8.0"
 JWT_SECRET_KEY=%kernel.project_dir%/config/jwt/private.pem
 JWT_PUBLIC_KEY=%kernel.project_dir%/config/jwt/public.pem
-JWT_PASSPHRASE=
+JWT_PASSPHRASE=test
 JWT_TOKEN_TTL=900
+HTTP_PORT=80
+HTTPS_PORT=443
+MYSQL_PORT=3303

.gitignore

@@ -1,5 +1,6 @@
 .idea/
 /bin/
+/docker/mysql/
 
 ###> symfony/framework-bundle ###
 /.env.local

README.md

@@ -4,9 +4,10 @@
 - IX-API V2 Schema: https://docs.ix-api.net/v2/redoc
 
 ## What is this framework?
-This project provides a base template for IX-API to make it simpler and faster to implement IX-API.
+The project provides a base template for IX-API to make it simpler and faster to implement.
 
-The project is written in PHP using the Symfony [API Platform](https://api-platform.com/) framework.
+The implementation framework is written in PHP using [Symfony](https://symfony.com/), [API Platform](https://api-platform.com/) framework. 
+API Platform has extensive documentation which it is recommended to be familiar with to understand the inner workings.
 
 ## How does this framework work?
 API Platform maps class based entities to RESTful API endpoints, this suits the IX-API schema.
@@ -21,16 +22,34 @@ business logic to and from these classes to have a functioning implementation.
 - Swagger UI auto generated via API Platform
 - Docker image for quick development setup
 
+## Installation
+1. Setup JWT keys with a password, **keep a note of this for the next step**
+   ```bash
+   openssl genpkey -out config/jwt/private.pem -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096`
+   openssl pkey -in config/jwt/private.pem -out config/jwt/public.pem -pubout
+   ```
+2. Run `cp .env .env.local`
+3. Setup your local environment variables
+    * Change `DATABASE_URL` if required, defaults to local Docker
+    * Update `JWT_PASSPHRASE=` according to the step **1**.
+4. Run `docker-compose up`
+5. Browse to `https://localhost`
+
 ## Swagger UI
 ![alt text](public/images/example1.png)
 
 ## How to enable certain entities only?
-It is possible to toggle enabled entities via the `config/packages/api_platform.yaml` config file:
+It is possible to toggle enabled entities via `config/packages/api_platform.yaml` config file:
 ```yaml
 api_platform:
     mapping:
         paths:
 ```
 
+## Tests
+Tests can be run via the script: `run_tests.sh`.
+
+Tests run on a separate `api_test` database that is populated with fixtures found in `/fixtures`.
+
 ## Version Support
-This branch supports the V2 schema, future branches will support further versions.
+This branch supports V2 schema, future branches will support further versions.

composer.lock

@@ -0,0 +1,23 @@
+<?php
+
+use Symfony\Component\Dotenv\Dotenv;
+
+require dirname(__DIR__) . '/vendor/autoload.php';
+
+// Load cached env vars if the .env.local.php file exists
+// Run "composer dump-env prod" to create it (requires symfony/flex >=1.2)
+if (is_array($env = @include dirname(__DIR__) . '/.env.local.php') && (!isset($env['APP_ENV']) || ($_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? $env['APP_ENV']) === $env['APP_ENV'])) {
+    foreach ($env as $k => $v) {
+        $_ENV[$k] = $_ENV[$k] ?? (isset($_SERVER[$k]) && 0 !== strpos($k, 'HTTP_') ? $_SERVER[$k] : $v);
+    }
+} elseif (!class_exists(Dotenv::class)) {
+    throw new RuntimeException('Please run "composer require symfony/dotenv" to load the ".env" files configuring the application.');
+} else {
+    // load all the .env files
+    (new Dotenv(false))->loadEnv(dirname(__DIR__) . '/.env');
+}
+
+$_SERVER += $_ENV;
+$_SERVER['APP_ENV'] = $_ENV['APP_ENV'] = ($_SERVER['APP_ENV'] ?? $_ENV['APP_ENV'] ?? null) ?: 'dev';
+$_SERVER['APP_DEBUG'] = $_SERVER['APP_DEBUG'] ?? $_ENV['APP_DEBUG'] ?? 'prod' !== $_SERVER['APP_ENV'];
+$_SERVER['APP_DEBUG'] = $_ENV['APP_DEBUG'] = (int) $_SERVER['APP_DEBUG'] || filter_var($_SERVER['APP_DEBUG'], FILTER_VALIDATE_BOOLEAN) ? '1' : '0';

config/bootstrap.php

@@ -26,7 +26,7 @@ api_platform:
             enabled: false
 
     title: 'IX-API Framework'
-    description: 'IX-API Implementation Framework for Internet Exchanges'
+    description: 'IX-API Implementation Framework'
     version: '%app_version%'
 
     name_converter: Symfony\Component\Serializer\NameConverter\CamelCaseToSnakeCaseNameConverter

config/packages/api_platform.yaml

@@ -85,6 +85,10 @@ services:
             - "%gesdinet_jwt_refresh_token.ttl_update%"
             - "@event_dispatcher"
 
+    App\Security\Authentication\RoleVoter:
+        tags:
+            - { name: security.voter }
+
     gesdinet.jwtrefreshtoken.authenticator:
         class: App\Security\Authenticator\ApiKeyRoleAwareRefreshTokenAuthenticator
         arguments:

config/services.yaml

@@ -0,0 +1,7 @@
+version: "3.4"
+
+# Test environment override
+services:
+  php:
+    environment:
+      APP_ENV: test

docker-compose.test.yml

@@ -63,9 +63,9 @@ services:
       MYSQL_USER: ${MYSQL_USER:-api-platform}
       MYSQL_PASSWORD: ${MYSQL_PASSWORD:-!ChangeMe!}
     volumes:
-      - db_data:/var/lib/mysql:rw
+      - ./docker/mysql:/var/lib/mysql:rw
     ports:
-      - 3306:3306
+      - ${MYSQL_PORT:-3306}:3306
     entrypoint:
       - /bin/bash
       - -c

docker-compose.yml

@@ -36,9 +36,14 @@ if [ "$1" = 'php-fpm' ] || [ "$1" = 'php' ] || [ "$1" = 'bin/console' ]; then
 			echo "The database is now ready and reachable"
 		fi
 
-		if [ "$( find ./migrations -iname '*.php' -print -quit )" ]; then
+		if [ "$( find ./src/Migrations -iname '*.php' -print -quit )" ]; then
 			php bin/console doctrine:migrations:migrate --no-interaction
 		fi
+
+    if [ "$APP_ENV" != 'prod' ]; then
+      php bin/console doctrine:database:create --env=test --if-not-exists
+      php bin/console doctrine:migrations:migrate --env=test
+    fi
 	fi
 fi
 

docker/php/docker-entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+set -e
+
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml up -d --build --wait
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml exec php bin/console doctrine:database:create --if-not-exists
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml exec php bin/console doctrine:migrations:migrate --no-interaction
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml exec php bin/console hautelook:fixtures:load --no-interaction
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml exec php bin/codecept run tests/functional/ProductOfferingsTest.php
+docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.test.yml down
+
+exit 1

run_tests.sh

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Security\Authentication;
+
+use App\Security\Role\RoleFactory;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\Role\Role;
+
+/**
+ * Custom RoleVoter to handle our roles that do not require a ROLE_ prefix.
+ *
+ * Class RoleVoter
+ * @package App\Security\Authentication
+ */
+class RoleVoter implements VoterInterface
+{
+    /**
+     * @var RoleFactory
+     */
+    private $roleFactory;
+
+    public function __construct(RoleFactory $roleFactory)
+    {
+        $this->roleFactory = $roleFactory;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function vote(TokenInterface $token, $subject, array $attributes)
+    {
+        $result = VoterInterface::ACCESS_ABSTAIN;
+        $roleNames = $this->extractRoles($token);
+
+        foreach ($attributes as $attribute) {
+            if (!$this->roleFactory->valid($attribute)) {
+                continue;
+            }
+
+            $result = VoterInterface::ACCESS_DENIED;
+            foreach ($roleNames as $roleName) {
+                if ($attribute === $roleName) {
+                    return VoterInterface::ACCESS_GRANTED;
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    protected function extractRoles(TokenInterface $token)
+    {
+        return $token->getRoleNames();
+    }
+}

src/Security/Authentication/RoleVoter.php

@@ -21,6 +21,6 @@ public function testGetProductOfferings()
 
         $this->assertEquals(200, $response->getStatusCode());
 
-        # TODO add further test coverage to suite your requirements
+        # TODO add further test coverage to suite requirements
     }
 }