Lucky-Loek
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎.travis.yml
Lines changed: 5 additions & 0 deletions b/‎.travis.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 97 additions & 33 deletions b/‎README.md
Lines changed: 97 additions & 33 deletions
diff --git a/‎app/AppKernel.php
Lines changed: 1 addition & 0 deletions b/‎app/AppKernel.php
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/DoctrineMigrations/Version20170116124527.php
Lines changed: 34 additions & 0 deletions b/‎app/DoctrineMigrations/Version20170116124527.php
Lines changed: 34 additions & 0 deletions
diff --git a/‎app/config/config.yml
Lines changed: 6 additions & 0 deletions b/‎app/config/config.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎app/config/parameters.yml.dist
Lines changed: 8 additions & 2 deletions b/‎app/config/parameters.yml.dist
Lines changed: 8 additions & 2 deletions
diff --git a/‎app/config/security.yml
Lines changed: 14 additions & 9 deletions b/‎app/config/security.yml
Lines changed: 14 additions & 9 deletions
diff --git a/‎app/config/services.yml
Lines changed: 4 additions & 0 deletions b/‎app/config/services.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎behat.yml
Lines changed: 0 additions & 1 deletion b/‎behat.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎composer.json
Lines changed: 4 additions & 2 deletions b/‎composer.json
Lines changed: 4 additions & 2 deletions
@@ -10,6 +10,7 @@
 !var/logs/.gitkeep
 !/var/sessions
 /var/sessions/*
+!/var/jwt
 !var/sessions/.gitkeep
 !var/SymfonyRequirements.php
 /vendor/
 
@@ -9,10 +9,15 @@ before_script:
   - composer self-update
   - composer install --no-interaction
   - php bin/console doc:mig:mig --env=test --no-interaction
+  - cat app/config/parameters.yml
+  - php bin/console server:start
 
 script:
   - vendor/bin/phpmd src/ text phpmd.xml
   - vendor/bin/phpcs --extensions=php --warning-severity=0 --report=full --standard=phpcs.xml src
   - vendor/bin/phpcpd --exclude src/AppBundle/Entity src
   - vendor/bin/phpunit --colors=auto
   - vendor/bin/behat --colors --format=pretty
+
+after_script:
+  - php bin/console server:stop
@@ -1,14 +1,18 @@
 # Symfony API Example
 
-[![Build Status](https://travis-ci.org/loekiedepo/Symfony-API-Example.svg?branch=master)](https://travis-ci.org/loekiedepo/Symfony-API-Example)
-[![StyleCI](https://styleci.io/repos/75643731/shield?branch=master)](https://styleci.io/repos/75643731)
+[![Build Status](https://travis-ci.org/loekiedepo/Symfony-API-Example.svg?branch=with-authentication)](https://travis-ci.org/loekiedepo/Symfony-API-Example)
+[![StyleCI](https://styleci.io/repos/75643731/shield?branch=with-authentication)](https://styleci.io/repos/75643731)
 
 A small example of how an API could be written in Symfony. This project allow a user to receive/add/update/delete cars.
 
 All output is standardized so that it is easy to parse in any language on any environment.
 
+This branch features an implementation of [JSON Web Tokens](https://jwt.io/) for authenticating users.
+
 ## Features
 
+- JWT Authentication
+   - [GET token](#get-a-token)
 - Data retrieval
    - [GET all entities](#get-all-entities)
    - [GET entity by id](#get-entity-by-id)
@@ -20,20 +24,23 @@ All output is standardized so that it is easy to parse in any language on any en
 
 ## URLS
 
-```
-// GET
+```bash
+# POST retrieve a token
+symfony.app/api/token
+
+# GET car
 symfony.app/car
 
-// GET by id
+# GET car by id
 symfony.app/car/{id}
 
-// POST new
+# POST new car
 symfony.app/car
 
-// PATCH update
+# PATCH update car
 symfony.app/car/{id}
 
-// DELETE remove
+# DELETE remove car
 symfony.app/car/{id}
 ```
 
@@ -50,23 +57,62 @@ symfony.app/car/{id}
 1. Clone this repo
 2. Run `composer install`
 3. Run `php bin/console doc:mig:mig`
+4. Run `php bin/console doc:fixtures:load`
 
 ### Testing
 
 1. Run `php bin/console doc:mig:mig --env=test`
-2. Run `composer test`
+2. Run `php bin/console doc:fixtures:load --env=test`
+3. Run `composer test`
 
-For more information which tests are run, please refer to the `"test"` section of `composer.json`
+For more information which tests are run, please refer to the `"test"` section of `composer.json`.
+You can run the given tests separately, i.e. `composer behat` or `composer phpunit`
 
 ## Technical Docs
 
+### Error messages
+
+All error messages have the same format, so they can be easily parsed in any language:
+
+```JSON
+{
+    "error": {
+        "code": 401,
+        "message": "Not privileged to request the resource."
+    }
+}
+```
+
+### GET a token
+
+#### Request
+```bash
+$ curl --request POST \
+    --url http://symfony.app/api/token \
+    --header 'password: unsafepassword' \
+    --header 'username: admin'
+```
+
+#### Response
+```JSON
+{
+	"token": "eyJhbGciOiJSUzI1NiJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwiZXhwIjoxNDg0NTgyNTc4LCJpYXQiOjE0ODQ1ODE5Nzh9.t31C2jYVHWybZ2szEFwkGEzspYFyg9BlTyolnYtznnm8eFPIZI00hZPYCPFX2Ka7-gBFb3keM_2WVhfXKvreQpaFzge2HQ1lfMgVBCCUsxoiESUo6qCkna0Vb6ttv1qLyBRAqui_ijjANaAqEgO648vnIP0BMOYkjzw9-jNJNRQ25Bv4Y7bc_LGcGJQc2wGlg5sxWqMYhHwwCncBNPpdwTj9e9WULGBv0U1Hc_8I5eCrQFrCJGeQaKnEiy1GKXdRCSqwfCqEDrbXhgkBGygUbPGAYrfU8SnrtxFRI_EN92PByo2rjpy_M5gL-Md6czN5xDSxJHmswValR-I1ga1WkqEf194erD7KJmRRXUpz1HwNDWPDm1RJfzVgj0vTlW7kCKdLqGkkvaVnPuToxLhAPnp-kfdFkprtND0J8CajdiKaYVia4DwOjK4w_lbnfLMzZp6s6o7eKQ4h7_vkZAGu_DA0f6fVOuGQc5cqef_1oMqbKKrhVWL4xMg9wovpkAm_AF-iii-cjaXejArKzZ_4sKku5fc7BleSIHH0sXXLWlE_bI6ftc3AAxTl1buIOwpqrKDwlU_YfO8d9YkuZCRG-I0B8Nu0hfW6qh3jwIaqlqaAP6ZqAfAk8Sd6cQw8eqSqjhFjtSKA2J-DYn4lP2DC-0-_6ydj8sl3pB-DV7MEVVI"
+}
+```
+
 ### GET all entities
-```shell
-# Request
+
+#### Request
+
+```bash
 $ curl --request GET \
-    --url http://symfony.app/car
-  
-# Response
+    --url http://symfony.app/car \
+    --header 'Authorization: Bearer {token}'
+```
+
+#### Response
+
+```JSON
 [
     {
         "id": 1,
@@ -85,12 +131,17 @@ $ curl --request GET \
 ```
 
 ### GET entity by id
-```shell
-# Request
+
+#### Request
+
+```bash
 $ curl --request GET \
-    --url http://symfony.app/car/1
-  
-# Response
+    --url http://symfony.app/car/{id} \
+    --header 'Authorization: Bearer {token}'
+```
+
+#### Response
+```JSON
 {
     "id": 1,
     "brand": "Ford",
@@ -100,18 +151,23 @@ $ curl --request GET \
 ```
 
 ### POST new entity
-```shell
-# Request
+
+#### Request
+
+```bash
 $ curl --request POST \
     --url http://symfony.app/car \
     --header 'content-type: application/json' \
+    --header 'Authorization: Bearer {token}'
     --data '{
 	  "brand": "Ford",
 	  "name": "Mustang",
 	  "year": 1972
   }'
-  
-# Response
+```
+
+#### Response
+```JSON
 {
     "id": 1,
     "brand": "Ford",
@@ -121,16 +177,20 @@ $ curl --request POST \
 ```
 
 ### PATCH update existing entity
-```shell
-# Request
+
+#### Request
+```bash
 $ curl --request PATCH \
-    --url http://symfony.app/car/1 \
+    --url http://symfony.app/car/{id} \
     --header 'content-type: application/json' \
+    --header 'Authorization: Bearer {token} \
     --data '{
       "year": 2016
   }'
-  
-# Response
+```
+
+#### Response
+```JSON
 {
     "id": 1,
     "brand": "Ford",
@@ -140,12 +200,16 @@ $ curl --request PATCH \
 ```
 
 ### DELETE remove existing entity
-```shell
-# Request
+
+#### Request
+```bash
 $ curl --request DELETE \
-    --url http://symfony.app/car/1
+    --url http://symfony.app/car/{id} \
+    --header 'Authorization: Bearer {token}
+```
 
-# Response
+#### Response
+```JSON
 {
     "message": "Car deleted"
 }
 
@@ -20,6 +20,7 @@ public function registerBundles()
             new \JMS\SerializerBundle\JMSSerializerBundle(),
             new \Nelmio\CorsBundle\NelmioCorsBundle(),
             new Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle(),
+            new Lexik\Bundle\JWTAuthenticationBundle\LexikJWTAuthenticationBundle(),
         ];
 
         if (in_array($this->getEnvironment(), ['dev', 'test'], true)) {
 
@@ -0,0 +1,34 @@
+<?php
+
+namespace Application\Migrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+class Version20170116124527 extends AbstractMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('CREATE TABLE user (id INT AUTO_INCREMENT NOT NULL, username VARCHAR(255) NOT NULL, password VARCHAR(255) NOT NULL, UNIQUE INDEX UNIQ_8D93D649F85E0677 (username), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('DROP TABLE user');
+    }
+}
@@ -92,3 +92,9 @@ fos_rest:
         view_response_listener: 'force'
         formats:
             json: true
+
+lexik_jwt_authentication:
+    private_key_path: '%jwt_private_key_path%'
+    public_key_path:  '%jwt_public_key_path%'
+    pass_phrase:      '%jwt_key_pass_phrase%'
+    token_ttl:        '%jwt_token_ttl%'
@@ -2,9 +2,10 @@
 # Set parameters here that may be different on each deployment target of the app, e.g. development, staging, production.
 # http://symfony.com/doc/current/best_practices/configuration.html#infrastructure-related-configuration
 parameters:
+    app_url:           http://localhost:8000
     database_host:     127.0.0.1
-    database_port:     ~
-    database_name:     symfony
+    database_port:     3306
+    database_name:     symfony_test
     database_user:     root
     database_password: ~
     # You should uncomment this if you want use pdo_sqlite
@@ -17,3 +18,8 @@ parameters:
 
     # A secret key that's used to generate certain security-related tokens
     secret:            ThisTokenIsNotSoSecretChangeIt
+
+    jwt_private_key_path: '%kernel.root_dir%/../var/jwt/private.pem'
+    jwt_public_key_path: '%kernel.root_dir%/../var/jwt/public.pem'
+    jwt_key_pass_phrase: symfony_test
+    jwt_token_ttl: 600
@@ -2,10 +2,16 @@
 # http://symfony.com/doc/current/security.html
 security:
 
+    encoders:
+        AppBundle\Entity\User:
+            algorithm: bcrypt
+
     # http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
     providers:
-        in_memory:
-            memory: ~
+        database_provider:
+            entity:
+                class: AppBundle:User
+                property: username
 
     firewalls:
         # disables authentication for assets and the profiler, adapt it according to your needs
@@ -14,11 +20,10 @@ security:
             security: false
 
         main:
-            anonymous: ~
-            # activate different ways to authenticate
-
-            # http_basic: ~
-            # http://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
+            pattern: ^/car
+            anonymous: true
+            stateless: true
 
-            # form_login: ~
-            # http://symfony.com/doc/current/cookbook/security/form_login_setup.html
+            guard:
+                authenticators:
+                    - 'appbundle.jwt_token_authenticator'
@@ -29,3 +29,7 @@ services:
         arguments: ["@logger"]
         tags:
             - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest }
+
+    appbundle.jwt_token_authenticator:
+        class: AppBundle\Security\JwtTokenAuthenticator
+        arguments: ["@lexik_jwt_authentication.encoder", "@doctrine.orm.entity_manager"]
@@ -3,7 +3,6 @@ default:
         Behat\Symfony2Extension: ~
         Sanpi\Behatch\Extension: ~
         Behat\MinkExtension:
-            base_url: http://symfony.app
             sessions:
                 default:
                     symfony2: ~
 
@@ -27,7 +27,8 @@
         "nelmio/cors-bundle": "^1.4",
         "webmozart/assert": "^1.2",
         "doctrine/doctrine-migrations-bundle": "^1.2",
-        "behat/mink-browserkit-driver": "^1.3"
+        "guzzlehttp/guzzle": "^6.2",
+        "lexik/jwt-authentication-bundle": "^2.1"
     },
     "require-dev": {
         "sensio/generator-bundle": "^3.0",
@@ -40,7 +41,8 @@
         "behat/symfony2-extension": "^2.1",
         "behatch/contexts": "^2.5",
         "doctrine/doctrine-fixtures-bundle": "^2.3",
-        "sebastian/phpcpd": "^2.0"
+        "sebastian/phpcpd": "^2.0",
+        "behat/mink-browserkit-driver": "^1.3"
     },
     "scripts": {
         "symfony-scripts": [