feat: UserBundle configuration

roadiz · Jun 13, 2022 · 09a670f · 09a670f
1 parent 37dbc5a
commit 09a670f
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 15 deletions.
diff --git a/.env b/.env
@@ -103,3 +103,6 @@ MAILER_DSN=smtp://mailer:1025
 ###> nelmio/cors-bundle ###
 CORS_ALLOW_ORIGIN='^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$'
 ###< nelmio/cors-bundle ###
+
+USER_PASSWORD_RESET_URL=https://roadiz-core-app.test/front/user/reset
+USER_PASSWORD_RESET_EXPIRES_IN=600
diff --git a/config/api_resources/user.yaml b/config/api_resources/user.yaml
@@ -11,13 +11,18 @@ RZ\Roadiz\CoreBundle\Entity\User:
             output: RZ\Roadiz\UserBundle\Api\Dto\UserOutput
             openapi_context:
                 summary: Create a new public user
+                parameters: ~
                 description: |
                     Create a new public user. User won't be validated and will not be granted with any role
+
         password_request:
             method: 'POST'
             path: '/users/password_request'
             controller: RZ\Roadiz\UserBundle\Controller\PasswordRequestController
             input: RZ\Roadiz\UserBundle\Api\Dto\UserPasswordRequestInput
+            output: RZ\Roadiz\UserBundle\Api\Dto\VoidOutput
+            # Password request must not call WriteListener to let PasswordRequestController persist changes.
+            validate: false
             openapi_context:
                 summary: Request a public user new password
                 description: |
@@ -35,23 +40,30 @@ RZ\Roadiz\CoreBundle\Entity\User:
                 description: |
                     Get current user (JWT) information
 
-        validate:
-            method: 'PATCH'
-            path: '/users/{id}/validate'
-            controller: RZ\Roadiz\UserBundle\Controller\ValidateController
-            input: RZ\Roadiz\UserBundle\Api\Dto\UserTokenInput
-            output: RZ\Roadiz\UserBundle\Api\Dto\UserOutput
-            openapi_context:
-                summary: Validate a public user email
-                description: |
-                    Validate a public user email with a unique and temporary token
         password_reset:
-            method: 'PATCH'
-            path: '/users/{id}/password_reset'
+            method: 'PUT'
+            path: '/users/password_reset'
             controller: RZ\Roadiz\UserBundle\Controller\PasswordResetController
             input: RZ\Roadiz\UserBundle\Api\Dto\UserPasswordTokenInput
-            output: RZ\Roadiz\UserBundle\Api\Dto\UserOutput
+            output: RZ\Roadiz\UserBundle\Api\Dto\VoidOutput
+            # Password reset must not call ReadListener to let DataTransformer provide User.
+            read: false
+            validate: false
             openapi_context:
                 summary: Reset a public user password
+                parameters: ~
                 description: |
                     Change a public user password against a unique temporary token (forgot my password)
+
+        validate:
+            method: 'PUT'
+            path: '/users/validate'
+            controller: RZ\Roadiz\UserBundle\Controller\ValidateController
+            input: RZ\Roadiz\UserBundle\Api\Dto\UserTokenInput
+            output: RZ\Roadiz\UserBundle\Api\Dto\VoidOutput
+            read: false
+            validate: false
+            openapi_context:
+                summary: Validate a public user email
+                description: |
+                    Validate a public user email with a unique and temporary token
diff --git a/config/packages/cache.yaml b/config/packages/cache.yaml
@@ -19,4 +19,6 @@ framework:
             cache.contact_form_limiter: ~
             cache.custom_form_limiter: ~
             cache.user_signup_limiter: ~
+            cache.password_request_limiter: ~
+            cache.password_reset_limiter: ~
             #my.dedicated.cache: null
diff --git a/config/packages/dev/framework.yaml b/config/packages/dev/framework.yaml
@@ -0,0 +1,28 @@
+# see https://symfony.com/doc/current/reference/configuration/framework.html
+framework:
+    rate_limiter:
+        contact_form:
+            policy: 'token_bucket'
+            limit: 20
+            rate: { interval: '1 minutes', amount: 20 }
+            cache_pool: 'cache.contact_form_limiter'
+        custom_form:
+            policy: 'token_bucket'
+            limit: 20
+            rate: { interval: '1 minutes', amount: 20 }
+            cache_pool: 'cache.custom_form_limiter'
+        user_signup:
+            policy: 'token_bucket'
+            limit: 20
+            rate: { interval: '1 minutes', amount: 20 }
+            cache_pool: 'cache.user_signup_limiter'
+        password_request:
+            policy: 'token_bucket'
+            limit: 20
+            rate: { interval: '1 minutes', amount: 20 }
+            cache_pool: 'cache.password_request_limiter'
+        password_reset:
+            policy: 'token_bucket'
+            limit: 20
+            rate: { interval: '1 minutes', amount: 20 }
+            cache_pool: 'cache.password_reset_limiter'
diff --git a/config/packages/framework.yaml b/config/packages/framework.yaml
@@ -38,6 +38,16 @@ framework:
             limit: 5
             rate: { interval: '1 minutes', amount: 3 }
             cache_pool: 'cache.user_signup_limiter'
+        password_request:
+            policy: 'token_bucket'
+            limit: 3
+            rate: { interval: '1 minutes', amount: 3 }
+            cache_pool: 'cache.password_request_limiter'
+        password_reset:
+            policy: 'token_bucket'
+            limit: 3
+            rate: { interval: '1 minutes', amount: 3 }
+            cache_pool: 'cache.password_reset_limiter'
 
     csrf_protection:
         enabled: true

diff --git a/config/packages/roadiz_user.yaml b/config/packages/roadiz_user.yaml
@@ -0,0 +1,6 @@
+---
+parameters:
+    env(USER_PASSWORD_RESET_URL): 'loginResetPage'
+
+roadiz_user:
+    password_reset_url: '%env(string:USER_PASSWORD_RESET_URL)%'
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
@@ -77,6 +77,7 @@ security:
         - { path: "^/api/contact_form/post", methods: [ POST ], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: "^/api/users/signup", methods: [ POST ], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: "^/api/users/password_request", methods: [ POST ], roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: "^/api/users/password_reset", methods: [ PUT ], roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: "^/api/users", methods: [ GET, PUT, PATCH, POST ], roles: ROLE_USER }
         - { path: ^/api, roles: ROLE_BACKEND_USER, methods: [ POST, PUT, PATCH, DELETE ] }
         # - { path: ^/profile, roles: ROLE_USER }
diff --git a/config/services.yaml b/config/services.yaml
@@ -3,8 +3,6 @@
 
 # Put parameters here that don't need to change on each machine where the app is deployed
 # https://symfony.com/doc/current/best_practices.html#use-parameters-for-application-configuration
-parameters:
-
 services:
     # default configuration for services in *this* file
     _defaults: