Commit 06c1a1e5 authored by Mat's avatar Mat

un formulaire de login dans une modale, sécurise l'accès à l'API

parent ea05ba11
......@@ -3,10 +3,33 @@
<head>
<meta charset="UTF-8">
<title>Title</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script>
</head>
<body>
<!-- MODALE BOOTSTRAP -->
<div class="modal" data-backdrop="static" keyboard="false">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Login</h5>
</div>
<form id="form-login">
<div class="modal-body">
<input name="username" type="text" class="form-control">
<input name="password" type="password" class="form-control">
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary">Se connecter</button>
</div>
</form>
</div>
</div>
</div>
<!-- -->
<select id="pays"></select>
<ul id="brasserie"></ul>
<button id="new">New</button>
......@@ -23,6 +46,40 @@ $(document).ready(function()
{
let targetedId;
// au submit du formulaire de connexion
$('#form-login button').click(function(e)
{
e.preventDefault();
let username = $('input[name=username]').val();
let password = $('input[name=password]').val();
$.ajax({
url: "http://0.0.0.0:81/web/app_dev.php/API/login_check",
dataType: 'JSON',
method: 'POST',
data: JSON.stringify({"username": username, "password": password}),
success: function(data) {
sessionStorage.setItem('token', data.token);
token = sessionStorage.getItem('token');
$('.modal').modal('hide');
},
error: function(xhr) {
alert('login failed');
}
});
});
// pas de token, affiche la modale de connexion
let token = sessionStorage.getItem('token');
if (token === null) {
// affiche une page de connexion
$('.modal').modal();
}
// supprime une brasserie
$('#delete').click(function(e)
{
......@@ -31,10 +88,13 @@ $(document).ready(function()
url: "http://0.0.0.0:81/web/app_dev.php/API/v2/brasserie/" + targetedId,
dataType: 'JSON',
method: 'DELETE',
headers: {
'Authorization': "bearer " + sessionStorage.getItem('token')
},
success: function(data)
{
alert('success');
$("li[data-target="+ data.id +"]").remove();
$("li[data-target="+ targetedId +"]").remove();
targetedId = undefined;
},
......
......@@ -38,6 +38,7 @@ security:
api:
pattern: ^/API/
stateless: true
anonymous: true
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
......
......@@ -100,17 +100,19 @@ class BrasserieController extends FOSRestController
}
/**
* @param Brasserie $brasserieId
* @Rest\Delete(path="/brasserie/{brasserieId}")
* @param $id
* @Rest\Delete(path="/brasserie/{id}")
* @Rest\View()
* @return Brasserie
* @Security("has_role('ROLE_USER')")
*/
public function deleteAction(Brasserie $brasserieId)
public function deleteAction($id)
{
$em = $this->getDoctrine()->getManager();
$em->remove($brasserieId);
$brasserie = $em->getRepository(Brasserie::class)
->find($id);
$em->remove($brasserie);
$em->flush();
return $brasserieId;
return $brasserie;
}
}
File mode changed from 100644 to 100755
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment