Commit 06c1a1e5 authored by Mat's avatar Mat

un formulaire de login dans une modale, sécurise l'accès à l'API

parent ea05ba11
...@@ -3,10 +3,33 @@ ...@@ -3,10 +3,33 @@
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>Title</title> <title>Title</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
</head> </head>
<body> <body>
<!-- MODALE BOOTSTRAP -->
<div class="modal" data-backdrop="static" keyboard="false">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Login</h5>
</div>
<form id="form-login">
<div class="modal-body">
<input name="username" type="text" class="form-control">
<input name="password" type="password" class="form-control">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary">Se connecter</button>
</div>
</form>
</div>
</div>
</div>
<!-- -->
<select id="pays"></select> <select id="pays"></select>
<ul id="brasserie"></ul> <ul id="brasserie"></ul>
<button id="new">New</button> <button id="new">New</button>
...@@ -23,6 +46,40 @@ $(document).ready(function() ...@@ -23,6 +46,40 @@ $(document).ready(function()
{ {
let targetedId; let targetedId;
// au submit du formulaire de connexion
$('#form-login button').click(function(e)
{
e.preventDefault();
let username = $('input[name=username]').val();
let password = $('input[name=password]').val();
$.ajax({
url: "http://0.0.0.0:81/web/app_dev.php/API/login_check",
dataType: 'JSON',
method: 'POST',
data: JSON.stringify({"username": username, "password": password}),
success: function(data) {
sessionStorage.setItem('token', data.token);
token = sessionStorage.getItem('token');
$('.modal').modal('hide');
},
error: function(xhr) {
alert('login failed');
}
});
});
// pas de token, affiche la modale de connexion
let token = sessionStorage.getItem('token');
if (token === null) {
// affiche une page de connexion
$('.modal').modal();
}
// supprime une brasserie // supprime une brasserie
$('#delete').click(function(e) $('#delete').click(function(e)
{ {
...@@ -31,10 +88,13 @@ $(document).ready(function() ...@@ -31,10 +88,13 @@ $(document).ready(function()
url: "http://0.0.0.0:81/web/app_dev.php/API/v2/brasserie/" + targetedId, url: "http://0.0.0.0:81/web/app_dev.php/API/v2/brasserie/" + targetedId,
dataType: 'JSON', dataType: 'JSON',
method: 'DELETE', method: 'DELETE',
headers: {
'Authorization': "bearer " + sessionStorage.getItem('token')
},
success: function(data) success: function(data)
{ {
alert('success'); alert('success');
$("li[data-target="+ data.id +"]").remove(); $("li[data-target="+ targetedId +"]").remove();
targetedId = undefined; targetedId = undefined;
}, },
......
...@@ -38,6 +38,7 @@ security: ...@@ -38,6 +38,7 @@ security:
api: api:
pattern: ^/API/ pattern: ^/API/
stateless: true stateless: true
anonymous: true
guard: guard:
authenticators: authenticators:
- lexik_jwt_authentication.jwt_token_authenticator - lexik_jwt_authentication.jwt_token_authenticator
......
...@@ -100,17 +100,19 @@ class BrasserieController extends FOSRestController ...@@ -100,17 +100,19 @@ class BrasserieController extends FOSRestController
} }
/** /**
* @param Brasserie $brasserieId * @param $id
* @Rest\Delete(path="/brasserie/{brasserieId}") * @Rest\Delete(path="/brasserie/{id}")
* @Rest\View() * @Rest\View()
* @return Brasserie * @return Brasserie
* @Security("has_role('ROLE_USER')") * @Security("has_role('ROLE_USER')")
*/ */
public function deleteAction(Brasserie $brasserieId) public function deleteAction($id)
{ {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$em->remove($brasserieId); $brasserie = $em->getRepository(Brasserie::class)
->find($id);
$em->remove($brasserie);
$em->flush(); $em->flush();
return $brasserieId; return $brasserie;
} }
} }
File mode changed from 100644 to 100755
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment