From 6b0f0d31b97de25ed68c32fefd025fe5d7bd4225 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Mon, 9 Oct 2023 00:13:56 +0200
Subject: [PATCH] Allow to authenticate using Authorization: Token header,
 which the KiCAD API uses

---
 config/services.yaml                     | 13 +++++++++++++
 src/Security/ApiTokenAuthenticator.php   |  2 +-
 tests/API/APITokenAuthenticationTest.php | 18 ++++++++++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/config/services.yaml b/config/services.yaml
index 7f442fb3..44831820 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -141,6 +141,19 @@ services:
             $saml_role_mapping: '%env(json:SAML_ROLE_MAPPING)%'
             $update_group_on_login: '%env(bool:SAML_UPDATE_GROUP_ON_LOGIN)%'
 
+
+    security.access_token_extractor.header.token:
+        class: Symfony\Component\Security\Http\AccessToken\HeaderAccessTokenExtractor
+        arguments:
+            $tokenType: 'Token'
+
+    security.access_token_extractor.main:
+        class: Symfony\Component\Security\Http\AccessToken\ChainAccessTokenExtractor
+        arguments:
+            $accessTokenExtractors:
+                - '@security.access_token_extractor.header'
+                - '@security.access_token_extractor.header.token'
+
     ####################################################################################################################
     # Cache
     ####################################################################################################################
diff --git a/src/Security/ApiTokenAuthenticator.php b/src/Security/ApiTokenAuthenticator.php
index d274ca1a..23ab68b9 100644
--- a/src/Security/ApiTokenAuthenticator.php
+++ b/src/Security/ApiTokenAuthenticator.php
@@ -46,7 +46,7 @@ use Symfony\Contracts\Translation\TranslatorInterface;
 class ApiTokenAuthenticator implements AuthenticatorInterface
 {
     public function __construct(
-        #[Autowire(service: 'security.access_token_extractor.header')]
+        #[Autowire(service: 'security.access_token_extractor.main')]
         private readonly AccessTokenExtractorInterface $accessTokenExtractor,
         private readonly TranslatorInterface $translator,
         private readonly EntityManagerInterface $entityManager,
diff --git a/tests/API/APITokenAuthenticationTest.php b/tests/API/APITokenAuthenticationTest.php
index 3e1ca599..dad2645f 100644
--- a/tests/API/APITokenAuthenticationTest.php
+++ b/tests/API/APITokenAuthenticationTest.php
@@ -96,6 +96,24 @@ class APITokenAuthenticationTest  extends ApiTestCase
         self::assertResponseIsSuccessful();
     }
 
+    public function testWithAuthorizationToken(): void
+    {
+        //For the KICAD API it should also work with Authorization: Token header instead of Bearer
+        self::ensureKernelShutdown();
+        $client = static::createClient([], ['headers' => ['authorization' => 'Token '.APITokenFixtures::TOKEN_ADMIN]]);;
+
+        //Read should be possible
+        $client->request('GET', '/api/parts');
+        self::assertResponseIsSuccessful();
+
+        //Trying to list all users
+        $client->request('GET', '/api/users');
+        self::assertResponseIsSuccessful();
+
+        $client->request('POST', '/api/footprints', ['json' => ['name' => 'post test']]);
+        self::assertResponseIsSuccessful();
+    }
+
     protected function createClientWithCredentials(string $token): Client
     {
         return static::createClient([], ['headers' => ['authorization' => 'Bearer '.$token]]);