When you log in to the main DOMjudge, allow to use the API with the same user

nickygerritsen · nickygerritsen · commit c5988a0ea567 · 2024-06-03T16:18:06.000Z
diff --git a/webapp/config/packages/security.yaml b/webapp/config/packages/security.yaml
@@ -33,8 +33,8 @@ security:
         # API does Basic Auth and IP address auth
         api:
             pattern: ^/api
+            context: domjudge
             provider: domjudge_db_provider
-            stateless: true
             user_checker: App\Security\UserChecker
             entry_point: App\Security\DOMJudgeIPAuthenticator
             # SEE NOTE ABOVE IF CHANGING ANYTHING HERE
@@ -45,6 +45,7 @@ security:
         # Provides prometheus metrics
         metrics:
             pattern: ^/prometheus/metrics
+            context: domjudge
             provider: domjudge_db_provider
             stateless: true
             user_checker: App\Security\UserChecker
@@ -57,6 +58,7 @@ security:
         # rest of app does form_login
         main:
             pattern: ^/
+            context: domjudge
             provider: domjudge_db_provider
             user_checker: App\Security\UserChecker
             entry_point: App\Security\DOMJudgeXHeadersAuthenticator
diff --git a/webapp/src/EventListener/NoSessionCookieForApiListener.php b/webapp/src/EventListener/NoSessionCookieForApiListener.php
@@ -0,0 +1,24 @@
+<?php declare(strict_types=1);
+
+namespace App\EventListener;
+
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+
+// The AbstractSessionListener (which sets the cookie) has a priority of -1000, so we need to
+// set a priority of -1001 to run before it.
+#[AsEventListener(priority: -1001)]
+class NoSessionCookieForApiListener
+{
+    public function __invoke(ResponseEvent $event): void
+    {
+        // We do not want to set the session cookie for API requests. Since the firewall is
+        // stateful (because we want form logins to allow to access the API), we need to remove
+        // the cookie
+        $request = $event->getRequest();
+        $response = $event->getResponse();
+        if ($request->attributes->get('_firewall_context') === 'security.firewall.map.context.api') {
+            $response->headers->removeCookie($request->getSession()->getName());
+        }
+    }
+}
diff --git a/webapp/tests/Unit/BaseTestCase.php b/webapp/tests/Unit/BaseTestCase.php
@@ -143,7 +143,7 @@ protected function loginHelper(
      */
     protected function logIn(): void
     {
-        $this->client->loginUser($this->setupUser());
+        $this->client->loginUser($this->setupUser(), 'domjudge');
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ protected function loginHelper(`
`143`	`143`	`*/`
`144`	`144`	`protected function logIn(): void`
`145`	`145`	`{`
`146`		`- $this->client->loginUser($this->setupUser());`
	`146`	`+ $this->client->loginUser($this->setupUser(), 'domjudge');`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`/**`