From 2a60c71bc411111aec90f6c30f84036538c25437 Mon Sep 17 00:00:00 2001 From: Marcelo Fernandes Date: Wed, 25 Sep 2024 12:23:19 +0000 Subject: [PATCH] Finally it's working properly https://github.com/swagger-api/swagger-ui/issues/4402 this link expains how it should work --- config/packages/api_platform.yaml | 8 +++--- src/Entity/Setting.php | 5 ++++ src/Entity/User.php | 46 ++++++++++++++++++++++++------- 3 files changed, 45 insertions(+), 14 deletions(-) diff --git a/config/packages/api_platform.yaml b/config/packages/api_platform.yaml index 87cc092..a80e25b 100644 --- a/config/packages/api_platform.yaml +++ b/config/packages/api_platform.yaml @@ -17,10 +17,10 @@ api_platform: rfc_7807_compliant_errors: true swagger: versions: [3] - ## api_keys: - ## Bearer: - ## name: Authorization - ## type: header + api_keys: + Bearer: + name: Authorization + type: header swagger_ui_extra_configuration: security: - BearerAuth: [] diff --git a/src/Entity/Setting.php b/src/Entity/Setting.php index dd673ba..929f35e 100644 --- a/src/Entity/Setting.php +++ b/src/Entity/Setting.php @@ -21,6 +21,11 @@ 'summary' => 'Get configuration settings', 'description' => 'This endpoint returns public values from the Setting entity and environment variables categorized by platform and provider.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'responses' => [ '200' => [ 'description' => 'Configuration settings retrieved successfully', diff --git a/src/Entity/User.php b/src/Entity/User.php index 75cee5d..008e8d0 100755 --- a/src/Entity/User.php +++ b/src/Entity/User.php @@ -30,20 +30,11 @@ shortName: 'User', paginationEnabled: false, name: 'api_get_current_user', - security: "is_granted('IS_AUTHENTICATED_FULLY')", + security: "is_granted('ROLE_USER')", securityMessage: 'Sorry, but you don\'t have permission to access this resource.', openapiContext: [ 'summary' => 'Retrieve current authenticated user', 'description' => 'This endpoint returns the details of the currently authenticated user.', - 'security' => [ - [ - 'BearerAuth' => [ - 'scheme' => 'Bearer', - 'bearerFormat' => 'JWT', - 'example' => 'Bearer ', - ], - ], - ], 'responses' => [ '200' => [ 'description' => 'User details retrieved successfully', @@ -189,6 +180,11 @@ openapiContext: [ 'summary' => 'Authenticate a user locally', 'description' => 'This endpoint authenticates a user using their UUID, password, and a CAPTCHA token.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'User credentials and CAPTCHA validation token', 'required' => true, @@ -395,6 +391,11 @@ 'description' => 'This endpoint authenticates a user using their SAML response. If the user is not found in the database, a new user will be created based on the SAML assertion. The response includes user details along with a JWT token if authentication is successful.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'SAML response required for user authentication. The request should be sent as `multipart/form-data` with the SAML response @@ -645,6 +646,11 @@ 'summary' => 'Authenticate a user via Google', 'description' => 'This endpoint authenticates a user using their Google account. A valid Google OAuth authorization code is required.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'Google authorization code', 'required' => true, @@ -809,6 +815,11 @@ 'description' => 'This endpoint registers a new user using their email and password, with CAPTCHA validation via the Turnstile token. It handles user creation, password hashing, and CAPTCHA verification. If the user already exists, it returns a conflict error.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'User registration data and CAPTCHA validation token. The request should include the user\'s email, password, and Turnstile CAPTCHA token.', @@ -975,6 +986,11 @@ 'summary' => 'Register a new user via SMS authentication', 'description' => 'This endpoint registers a new user using their phone number and validates the request with a CAPTCHA token.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'User registration data and CAPTCHA validation token', 'required' => true, @@ -1137,6 +1153,11 @@ The user must provide their email and a CAPTCHA validation token. The endpoint verifies if the user has an external auth with "PortalAccount" and "EMAIL" providerId, then proceeds with the password reset if the conditions are met.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'Password reset request data, including CAPTCHA validation token and user email', 'required' => true, @@ -1357,6 +1378,11 @@ 'description' => 'This endpoint sends an SMS with a new password and verification code if the user has a valid PortalAccount and has not exceeded SMS request limits. The endpoint also enforces the time interval between requests and limits the number of attempts allowed.', + 'security' => [ + [ + 'BearerAuth' => [], + ], + ], 'requestBody' => [ 'description' => 'Password reset request data including CAPTCHA token and user phone number.', 'required' => true,