Calling Developers!
We are reenergizing our code contribution process! Learn More

What are the Slack Archives?

It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.

Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..

Zed Route Security / Auth: Hi, can someone maybe point me in the right direction :slightly_smiling_

Options
U01BZ7Q3XRV
U01BZ7Q3XRV Posts: 148 πŸ§‘πŸ»β€πŸš€ - Cadet

Zed Route Security / Auth:

Hi, can someone maybe point me in the right direction πŸ™‚

Basically I want to have a Zed Controller to consume Akeneo Webhooks and disable the default Zed Auth and instead check the request signature.

I found the \Spryker\Shared\SecurityExtension\Dependency\Plugin\SecurityPluginInterface which could be the right place, but I also did nod find out yet how to use it

Comments

  • U02MQRQHG3E
    U02MQRQHG3E Posts: 2 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    Hi David!
    You could look into /src/Pyz/Zed/Security/SecurityDependencyProvider.php for plugin examples. To allow anonymous access to some endpoint you need to add your custom security plugin to the top of the list and use both addFirewall and addAccesRules methods in it. UserSecurityPlugin seems like good example to start with.
    This is where I ended up while solving similar problem, so I could miss something or get wrong, please correct me in this case :)

  • U01BZ7Q3XRV
    U01BZ7Q3XRV Posts: 148 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    @U02MQRQHG3E thanks! then I'm at least not completely wrong here πŸ˜‰ ok I'm trying the addAccessRules to allow access at first. But for some reason it's not working. I guess I have to keep debugging somewhere where the access rules are applied

  • U02MQRQHG3E
    U02MQRQHG3E Posts: 2 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    Like I mentioned, in my case using both firewall and access rule was necessary. So, if nothing helps, try something like:

    class MySecurityPlugin extends AbstractPlugin implements SecurityPluginInterface
    {
        protected const SECURITY_FIREWALL_NAME = 'MyFirewall';
        protected const MY_ROUTE_PATTERN = '^/my-endpoint';
        protected const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
    
        public function extend(SecurityBuilderInterface $securityBuilder, ContainerInterface $container): SecurityBuilderInterface
        {
            $securityBuilder = $this->addFirewall($securityBuilder);
            $securityBuilder = $this->addAccessRules($securityBuilder);
    
            return $securityBuilder;
        }
    
        protected function addFirewall(SecurityBuilderInterface $securityBuilder): SecurityBuilderInterface
        {
            $securityBuilder->addFirewall(static::SECURITY_FIREWALL_NAME, [
                'anonymous' => true,
                'pattern' => static::MY_ROUTE_PATTERN,
            ]);
    
            return $securityBuilder;
        }
    
        protected function addAccessRules(SecurityBuilderInterface $securityBuilder): SecurityBuilderInterface
        {
            $accessRules = [
                [
                    static::MY_ROUTE_PATTERN,
                    static::IS_AUTHENTICATED_ANONYMOUSLY,
                ],
            ];
    
            $securityBuilder->addAccessRules($accessRules);
            return $securityBuilder;
        }
    
    }
    

    And don't forget, plugins order matters - because route patterns might intersect.

  • U01BZ7Q3XRV
    U01BZ7Q3XRV Posts: 148 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    thx πŸ‘ it seems to work, but then later he still tries to get a user from the session. It seems I still have to add the route to the ignorable paths in the acl module somewhere

  • giovanni.piemontese
    giovanni.piemontese Technical Lead @ LΓΆffelhardt Spryker Solution Partner Posts: 871 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    u have to ignore your route here -> \Pyz\Zed\SecurityGui\SecurityGuiConfig::IGNORABLE_ROUTE_PATTERN and here -> \Spryker\Shared\Acl\AclConstants::ACL_DEFAULT_RULES

  • U01BZ7Q3XRV
    U01BZ7Q3XRV Posts: 148 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    ok this works, but I'll check if I can add the rules maybe somewhere using a plugin

  • U01BZ7Q3XRV
    U01BZ7Q3XRV Posts: 148 πŸ§‘πŸ»β€πŸš€ - Cadet
    Options

    but it works for now! Thank you πŸ‘