Skip to content

[Security] Add remember me option for JSON logins #48899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chalasr merged 2 commits into from
Feb 24, 2023
Merged

[Security] Add remember me option for JSON logins #48899

chalasr merged 2 commits into from
Feb 24, 2023

Conversation

@baumerdev
Copy link
Contributor

@baumerdev baumerdev commented Jan 6, 2023
edited
Loading

Q A
Branch? 6.3
Bug fix? no
New feature? yes
Deprecations? no
Tickets Fix #40918
License MIT
Doc PR symfony/symfony-docs#17676

This resolves the above mentioned issue by adding a RememberMeBadge to JsonLoginAuthenticator and by extending CheckRememberMeConditionsListener to be able to read the remember me parameter from a JSON request body (if reading from ParameterBag was unsuccessful).

This means you can send a JSON request with a body like this and needn‘t use a fallback HTTP form login when building your API:

{
    "username": "dunglas",
    "password": "MyPassword",
    "_remember_me": true
}

@carsonbot
Copy link

carsonbot commented Jan 6, 2023

Hey!

To help keep things organized, we don't allow "Draft" pull requests. Could you please click the "ready for review" button or close this PR and open a new one when you are done?

Note that a pull request does not have to be "perfect" or "ready for merge" when you first open it. We just want it to be ready for a first review.

Cheers!

Carsonbot

@baumerdev baumerdev marked this pull request as ready for review January 6, 2023 18:09
@carsonbot carsonbot added this to the 6.3 milestone Jan 6, 2023
@carsonbot
Copy link

carsonbot commented Jan 6, 2023

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 6.3 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

baumerdev added a commit to baumerdev/symfony-docs that referenced this pull request Jan 6, 2023
@baumerdev
Add JSON login remember me symfony/symfony#48899
4397755
@baumerdev baumerdev mentioned this pull request Jan 6, 2023
Merged
chalasr
chalasr approved these changes Feb 7, 2023
View reviewed changes
@nicolas-grekas nicolas-grekas force-pushed the issue_40918_remember_me_json_login branch from 8350f8d to 8b257c9 Compare February 24, 2023 09:11
nicolas-grekas
nicolas-grekas approved these changes Feb 24, 2023
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I rebased the PR and more importantly I added a second commit to pass remember-me parameters via RememberMeBadge.

@nicolas-grekas nicolas-grekas force-pushed the issue_40918_remember_me_json_login branch from 8b257c9 to 5fe525f Compare February 24, 2023 09:15
@chalasr
Copy link
Member

chalasr commented Feb 24, 2023

Thank you @baumerdev.

@chalasr chalasr merged commit 41e8f3f into symfony:6.3 Feb 24, 2023
@chalasr
Copy link
Member

chalasr commented Feb 24, 2023

@baumerdev It would be nice if you could take Nicolas' commit into account for your doc PR 🙏

@Cryde Cryde mentioned this pull request Feb 26, 2023
Closed
javiereguiluz added a commit to javiereguiluz/symfony-docs that referenced this pull request Apr 11, 2023
@javiereguiluz
minor symfony#17676 [Security] Remember me JSON Login (baumerdev)
3b619b1 
This PR was merged into the 6.3 branch.

Discussion
----------

[Security] Remember me JSON Login

Add block with description, how to set up remember me functionality for JSON Login

Issue symfony/symfony#40918
Pull Request symfony/symfony#48899

Commits
-------

4397755 Add JSON login remember me symfony/symfony#48899
@fabpot fabpot mentioned this pull request May 1, 2023
Merged
zoidbergx added a commit to CandoImage/symfony that referenced this pull request Oct 24, 2023
@zoidbergx
feat: added adapted patch from symfony#48899
7e6fc2e
zoidbergx added a commit to CandoImage/security-http that referenced this pull request Oct 24, 2023
@zoidbergx
feat: added adapted patch for 5.4 from symfony/symfony#48899
8507862
@zoidbergx zoidbergx mentioned this pull request Oct 24, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr chalasr approved these changes

@wouterj wouterj Awaiting requested review from wouterj

+1 more reviewer

@WebMamba WebMamba WebMamba left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Feature Ready Security Status: Reviewed

Projects

None yet

Milestone

6.3

Development

Successfully merging this pull request may close these issues.

Allow Remember Me cookie with JSON Login

5 participants

@baumerdev @carsonbot @chalasr @nicolas-grekas @WebMamba