Issue #422: Split the /security/token endpoint into two separate endpoints

Signed-off-by: alexmerlin <[email protected]>

Author: alexmerlin

config/autoload/authorization.global.php

@@ -72,8 +72,8 @@
                 'user::update-account-reset-password',
                 'user::create-account-reset-password',
                 'user::create-account',
-                'security::token',
-                'security::token',
+                'security::generate-token',
+                'security::refresh-token',
             ],
         ],
     ],

documentation/Dotkernel_API.postman_collection.json

@@ -1,6 +1,6 @@
 {
 	"info": {
-		"_postman_id": "f837d47b-cc12-4897-8b1a-ecd26b4bbe44",
+		"_postman_id": "f9da948e-3325-4595-a55b-ca31958433d0",
 		"name": "Dotkernel_API",
 		"description": "Dotkernel API documentation.",
 		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
@@ -357,13 +357,13 @@
 									}
 								},
 								"url": {
-									"raw": "{{APPLICATION_URL}}/security/token",
+									"raw": "{{APPLICATION_URL}}/security/generate-token",
 									"host": [
 										"{{APPLICATION_URL}}"
 									],
 									"path": [
 										"security",
-										"token"
+										"generate-token"
 									]
 								},
 								"description": "Generate OAuth2 Bearer token for identity with admin privileges."
@@ -407,13 +407,13 @@
 									}
 								},
 								"url": {
-									"raw": "{{APPLICATION_URL}}/security/token",
+									"raw": "{{APPLICATION_URL}}/security/refresh-token",
 									"host": [
 										"{{APPLICATION_URL}}"
 									],
 									"path": [
 										"security",
-										"token"
+										"refresh-token"
 									]
 								},
 								"description": "Refresh OAuth2 Bearer token for identity with admin privileges."
@@ -982,13 +982,13 @@
 									}
 								},
 								"url": {
-									"raw": "{{APPLICATION_URL}}/security/token",
+									"raw": "{{APPLICATION_URL}}/security/generate-token",
 									"host": [
 										"{{APPLICATION_URL}}"
 									],
 									"path": [
 										"security",
-										"token"
+										"generate-token"
 									]
 								},
 								"description": "Generate OAuth2 Bearer token for identity with regular user privileges."
@@ -1022,13 +1022,13 @@
 									}
 								},
 								"url": {
-									"raw": "{{APPLICATION_URL}}/security/token",
+									"raw": "{{APPLICATION_URL}}/security/refresh-token",
 									"host": [
 										"{{APPLICATION_URL}}"
 									],
 									"path": [
 										"security",
-										"token"
+										"refresh-token"
 									]
 								},
 								"description": "Refresh OAuth2 Bearer token for identity with regular user privileges."

documentation/command/route-list.md

@@ -12,7 +12,7 @@ The command runs through all routes and extracts endpoint information in realtim
 The output should be similar to the following:
 
 ```text
-+------+----------------+-------------------- 37 Routes ------+-------------------------------------+
++------+----------------+-------------------- 38 Routes ------+-------------------------------------+
 |    # | Request method | Route name                          | Route path                          |
 +------+----------------+-------------------------------------+-------------------------------------+
 |    1 | GET            | app::view-index                     | /                                   |
@@ -26,32 +26,33 @@ The output should be similar to the following:
 |    9 | GET            | admin::view-admin                   | /admin/{uuid}                       |
 |   10 | PATCH          | admin::update-admin                 | /admin/{uuid}                       |
 |   11 | POST           | app::create-error-report            | /error-report                       |
-|   12 | POST           | security::token                     | /security/token                     |
-|   13 | GET            | user::list-user                     | /user                               |
-|   14 | POST           | user::create-user                   | /user                               |
-|   15 | DELETE         | user::delete-account                | /user/account                       |
-|   16 | GET            | user::view-account                  | /user/account                       |
-|   17 | PATCH          | user::update-account                | /user/account                       |
-|   18 | POST           | user::create-account                | /user/account                       |
-|   19 | POST           | user::request-activate-account      | /user/account/activate              |
-|   20 | PATCH          | user::activate-account              | /user/account/activate/{hash}       |
-|   21 | DELETE         | user::delete-account-avatar         | /user/account/avatar                |
-|   22 | GET            | user::view-account-avatar           | /user/account/avatar                |
-|   23 | POST           | user::create-account-avatar         | /user/account/avatar                |
-|   24 | POST           | user::recover-account               | /user/account/recover               |
-|   25 | POST           | user::create-account-reset-password | /user/account/reset-password        |
-|   26 | GET            | user::check-account-reset-password  | /user/account/reset-password/{hash} |
-|   27 | PATCH          | user::update-account-reset-password | /user/account/reset-password/{hash} |
-|   28 | GET            | user::list-role                     | /user/role                          |
-|   29 | GET            | user::view-role                     | /user/role/{uuid}                   |
-|   30 | DELETE         | user::delete-user                   | /user/{uuid}                        |
-|   31 | GET            | user::view-user                     | /user/{uuid}                        |
-|   32 | PATCH          | user::update-user                   | /user/{uuid}                        |
-|   33 | PATCH          | user::activate-user                 | /user/{uuid}/activate               |
-|   34 | DELETE         | user::delete-user-avatar            | /user/{uuid}/avatar                 |
-|   35 | GET            | user::view-user-avatar              | /user/{uuid}/avatar                 |
-|   36 | POST           | user::create-user-avatar            | /user/{uuid}/avatar                 |
-|   37 | PATCH          | user::deactivate-user               | /user/{uuid}/deactivate             |
+|   12 | POST           | security::generate-token            | /security/generate-token            |
+|   13 | POST           | security::refresh-token             | /security/refresh-token             |
+|   14 | GET            | user::list-user                     | /user                               |
+|   15 | POST           | user::create-user                   | /user                               |
+|   16 | DELETE         | user::delete-account                | /user/account                       |
+|   17 | GET            | user::view-account                  | /user/account                       |
+|   18 | PATCH          | user::update-account                | /user/account                       |
+|   19 | POST           | user::create-account                | /user/account                       |
+|   20 | POST           | user::request-activate-account      | /user/account/activate              |
+|   21 | PATCH          | user::activate-account              | /user/account/activate/{hash}       |
+|   22 | DELETE         | user::delete-account-avatar         | /user/account/avatar                |
+|   23 | GET            | user::view-account-avatar           | /user/account/avatar                |
+|   24 | POST           | user::create-account-avatar         | /user/account/avatar                |
+|   25 | POST           | user::recover-account               | /user/account/recover               |
+|   26 | POST           | user::create-account-reset-password | /user/account/reset-password        |
+|   27 | GET            | user::check-account-reset-password  | /user/account/reset-password/{hash} |
+|   28 | PATCH          | user::update-account-reset-password | /user/account/reset-password/{hash} |
+|   29 | GET            | user::list-role                     | /user/role                          |
+|   30 | GET            | user::view-role                     | /user/role/{uuid}                   |
+|   31 | DELETE         | user::delete-user                   | /user/{uuid}                        |
+|   32 | GET            | user::view-user                     | /user/{uuid}                        |
+|   33 | PATCH          | user::update-user                   | /user/{uuid}                        |
+|   34 | PATCH          | user::activate-user                 | /user/{uuid}/activate               |
+|   35 | DELETE         | user::delete-user-avatar            | /user/{uuid}/avatar                 |
+|   36 | GET            | user::view-user-avatar              | /user/{uuid}/avatar                 |
+|   37 | POST           | user::create-user-avatar            | /user/{uuid}/avatar                 |
+|   38 | PATCH          | user::deactivate-user               | /user/{uuid}/deactivate             |
 +------+----------------+-------------------------------------+-------------------------------------+
 ```
 

src/Security/src/OpenAPI.php

@@ -12,7 +12,7 @@
  * @see TokenEndpointHandler::handle()
  */
 #[OA\Post(
-    path: '/security/token',
+    path: '/security/generate-token',
     description: 'Client generates access token using username and password',
     summary: 'Generate access token',
     requestBody: new OA\RequestBody(
@@ -49,7 +49,7 @@
  * @see TokenEndpointHandler::handle()
  */
 #[OA\Post(
-    path: '/security/token',
+    path: '/security/refresh-token',
     description: 'Client refreshes access token using refresh token',
     summary: 'Refresh access token',
     requestBody: new OA\RequestBody(

src/Security/src/RoutesDelegator.php

@@ -24,7 +24,8 @@ public function __invoke(ContainerInterface $container, string $serviceName, cal
         $routeCollector = $container->get(RouteCollectorInterface::class);
 
         $routeCollector->group('/security', ErrorResponseMiddleware::class)
-            ->post('/token', TokenEndpointHandler::class, 'security::token');
+            ->post('/generate-token', TokenEndpointHandler::class, 'security::generate-token')
+            ->post('/refresh-token', TokenEndpointHandler::class, 'security::refresh-token');
 
         return $callback();
     }

test/Functional/AuthenticationTest.php

@@ -37,7 +37,7 @@ public function testAuthenticateAdmin(): void
     {
         $this->createAdmin();
 
-        $response = $this->post('/security/token', $this->getValidAdminAccessTokenCredentials());
+        $response = $this->post('/security/generate-token', $this->getValidAdminAccessTokenCredentials());
 
         $data = json_decode($response->getBody()->getContents(), true);
 
@@ -59,7 +59,7 @@ public function testAuthenticateUser(): void
     {
         $this->createUser();
 
-        $response = $this->post('/security/token', $this->getValidFrontendAccessTokenCredentials());
+        $response = $this->post('/security/generate-token', $this->getValidFrontendAccessTokenCredentials());
 
         $data = json_decode($response->getBody()->getContents(), true);
 
@@ -76,7 +76,7 @@ public function testAuthenticateUser(): void
 
     public function testInvalidRefreshToken(): void
     {
-        $response = $this->post('/security/token', $this->getInvalidFrontendRefreshTokenCredentials());
+        $response = $this->post('/security/refresh-token', $this->getInvalidFrontendRefreshTokenCredentials());
 
         $data = json_decode($response->getBody()->getContents(), true);
 
@@ -99,7 +99,7 @@ public function testRefreshToken(): void
         $identity = $this->createUser()->getIdentity();
         $this->loginAs($identity, self::DEFAULT_PASSWORD);
 
-        $response = $this->post('/security/token', $this->getValidFrontendRefreshTokenCredentials());
+        $response = $this->post('/security/refresh-token', $this->getValidFrontendRefreshTokenCredentials());
         $this->assertResponseOk($response);
 
         $data = json_decode($response->getBody()->getContents(), true);
@@ -122,7 +122,7 @@ public function testAdminCannotAuthenticateAsUser(): void
         $admin         = $this->createAdmin();
         $errorMessages = $this->getContainer()->get('config')['authentication']['invalid_credentials'];
 
-        $response = $this->post('/security/token', $this->getValidFrontendAccessTokenCredentials([
+        $response = $this->post('/security/generate-token', $this->getValidFrontendAccessTokenCredentials([
             'username' => $admin->getIdentity(),
         ]));
 
@@ -146,7 +146,7 @@ public function testUserCannotAuthenticateAsAdmin(): void
         $errorMessages = $this->getContainer()->get('config')['authentication']['invalid_credentials'];
 
         $user     = $this->createUser();
-        $response = $this->post('/security/token', $this->getValidAdminAccessTokenCredentials([
+        $response = $this->post('/security/generate-token', $this->getValidAdminAccessTokenCredentials([
             'username' => $user->getIdentity(),
         ]));
 
@@ -170,7 +170,7 @@ private function authenticateInvalidIdentity(array $credentials): void
     {
         $errorMessages = $this->getContainer()->get('config')['authentication']['invalid_credentials'];
 
-        $response = $this->post('/security/token', $credentials);
+        $response = $this->post('/security/generate-token', $credentials);
         $this->assertResponseBadRequest($response);
 
         $data = json_decode($response->getBody()->getContents(), true);