From d57b7f4faa9cf660739679fdb1af01a122209693 Mon Sep 17 00:00:00 2001
From: Vincent Chalamon <407859+vincentchalamon@users.noreply.github.com>
Date: Fri, 15 Mar 2024 10:34:44 +0100
Subject: [PATCH] fix: review

---
 api/composer.json                                         | 1 -
 api/composer.lock                                         | 2 +-
 api/config/packages/framework.yaml                        | 1 +
 api/config/packages/security.yaml                         | 8 ++++----
 api/src/Entity/Bookmark.php                               | 2 +-
 api/src/Entity/Review.php                                 | 4 ++--
 api/src/Entity/User.php                                   | 2 +-
 .../Http/AccessToken/Oidc/OidcDiscoveryTokenHandler.php   | 2 +-
 8 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/api/composer.json b/api/composer.json
index d122f6d4..7741b5bd 100644
--- a/api/composer.json
+++ b/api/composer.json
@@ -34,7 +34,6 @@
         "symfony/validator": "7.0.*",
         "symfony/yaml": "7.0.*",
         "web-token/jwt-bundle": "^3.3",
-        "web-token/jwt-library": "^3.3",
         "webonyx/graphql-php": "^15.8",
         "zenstruck/foundry": "^1.36"
     },
diff --git a/api/composer.lock b/api/composer.lock
index 82ca4b18..206900af 100644
--- a/api/composer.lock
+++ b/api/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "fcefc5290ee2c6a1aa412d0bfecf2cad",
+    "content-hash": "d797761ca0800aecf9f19c7bb39d7aa3",
     "packages": [
         {
             "name": "api-platform/core",
diff --git a/api/config/packages/framework.yaml b/api/config/packages/framework.yaml
index 2610ba9e..ec3dcaa2 100644
--- a/api/config/packages/framework.yaml
+++ b/api/config/packages/framework.yaml
@@ -26,6 +26,7 @@ framework:
 
     http_client:
         scoped_clients:
+            # use scoped client to ease mock on functional tests
             security.authorization.client:
                 base_uri: '%env(OIDC_SERVER_URL_INTERNAL)%/'
 
diff --git a/api/config/packages/security.yaml b/api/config/packages/security.yaml
index 653cf944..992f66fe 100644
--- a/api/config/packages/security.yaml
+++ b/api/config/packages/security.yaml
@@ -29,13 +29,13 @@ when@prod: &prod
             main:
                 access_token:
                     token_handler: App\Security\Http\AccessToken\Oidc\OidcDiscoveryTokenHandler
-                    # todo support Discovery in Symfony
-#                       oidc:
-#                           claim: 'email'
+                        # todo support Discovery in Symfony
+#                        oidc:
+#                            claim: 'email'
 #                            base_uri: '%env(OIDC_SERVER_URL)%'
 #                            audience: '%env(OIDC_AUD)%'
 #                            cache: '@cache.app' # default
-#                            cache_ttl: 3600 # default
+#                            cache_ttl: 600 # default
 
 when@dev: *prod
 
diff --git a/api/src/Entity/Bookmark.php b/api/src/Entity/Bookmark.php
index fde869e9..3021f05b 100644
--- a/api/src/Entity/Bookmark.php
+++ b/api/src/Entity/Bookmark.php
@@ -36,7 +36,7 @@
     operations: [
         new GetCollection(),
         new Delete(
-            security: 'object.user == user'
+            security: 'object.user === user'
         ),
         new Post(
             processor: BookmarkPersistProcessor::class
diff --git a/api/src/Entity/Review.php b/api/src/Entity/Review.php
index 442e8a50..d96dc270 100644
--- a/api/src/Entity/Review.php
+++ b/api/src/Entity/Review.php
@@ -111,7 +111,7 @@
                 'bookId' => new Link(toProperty: 'book', fromClass: Book::class),
                 'id' => new Link(fromClass: Review::class),
             ],
-            security: 'object.user == user or is_granted("ADMIN")',
+            security: 'object.user === user',
             // Mercure publish is done manually in MercureProcessor through ReviewPersistProcessor
             processor: ReviewPersistProcessor::class
         ),
@@ -121,7 +121,7 @@
                 'bookId' => new Link(toProperty: 'book', fromClass: Book::class),
                 'id' => new Link(fromClass: Review::class),
             ],
-            security: 'object.user == user or is_granted("ADMIN")',
+            security: 'object.user === user',
             // Mercure publish is done manually in MercureProcessor through ReviewRemoveProcessor
             processor: ReviewRemoveProcessor::class
         ),
diff --git a/api/src/Entity/User.php b/api/src/Entity/User.php
index 05c2063a..3d086648 100644
--- a/api/src/Entity/User.php
+++ b/api/src/Entity/User.php
@@ -40,7 +40,7 @@
         ),
         new Get(
             uriTemplate: '/users/{id}{._format}',
-            security: 'user.sub === object.sub'
+            security: 'object.sub === user.sub'
         ),
     ],
     normalizationContext: [
diff --git a/api/src/Security/Http/AccessToken/Oidc/OidcDiscoveryTokenHandler.php b/api/src/Security/Http/AccessToken/Oidc/OidcDiscoveryTokenHandler.php
index bbd53f08..6bf7dbe3 100644
--- a/api/src/Security/Http/AccessToken/Oidc/OidcDiscoveryTokenHandler.php
+++ b/api/src/Security/Http/AccessToken/Oidc/OidcDiscoveryTokenHandler.php
@@ -33,7 +33,7 @@ public function __construct(
         private JWSLoader $jwsLoader,
         private readonly HttpClientInterface $securityAuthorizationClient,
         private string $claim = 'email',
-        private int $ttl = 3600,
+        private int $ttl = 600,
         private ?LoggerInterface $logger = null,
     ) {
     }