Draft: 2.x add config for cookie/jwt auth and check for CSRF token

added 14 commits

• 29ba4561...b2955d78 - 13 commits from branch project:2.x
• 134fe75f - use cookie auth and check for CSRF token

Compare with previous version

added 1 commit

• e01803f0 - make cookie auth configurable

Compare with previous version

added 2 commits

• 6557b1ee - rename config schema to match pattern
• 035363d1 - inject config by DI

Compare with previous version

added 2 commits

• 69f7ff6b - add argument
• 2de3e23c - schema: config type is boolean, not bool; revert rename

Compare with previous version

added 1 commit

• 6d9b46e2 - delete extra char

Compare with previous version

added 1 commit

• 8483b43e - add TypedConfigManager for D11; require core 10.2+

Compare with previous version

added 1 commit

• 2fd5d759 - add update hook

Compare with previous version

added 1 commit

• b1ba2d21 - add file comment

Compare with previous version

added 1 commit

• b0c1546a - add jwt_auth as an option

Compare with previous version

changed target branch from 2.x to 3.x

changed target branch from 3.x to 2.x

added 5 commits

• b0c1546a...f8c49f83 - 4 commits from branch project:2.x
• 61ff5db1 - Merge branch '2.x' into 'cookie_auth'

Compare with previous version

changed title from Draft: use cookie auth and check for CSRF token to Draft: 2.x add config for cookie/jwt auth and check for CSRF token

added 5 commits

• 61ff5db1...f99e14d5 - 2 commits from branch project:2.x
• 21e08dad - Merge branch '2.x' into cookie_auth
• 5fa3ca27 - refactor tests to add AuthTest
• 0190780d - add placeholder functions for cookie auth

Compare with previous version

added 2 commits

• da0d5265 - split auth tests into basic_auth + cookie files
• 21801f9a - only authorized users should have access to JSON-RPC

Compare with previous version

added 1 commit

• e111f27e - expect exception

Compare with previous version

added 1 commit

• 41280d22 - use try/catch to get exception message

Compare with previous version

added 1 commit

• af68d545 - update http anon test for exception check

Compare with previous version

added 1 commit

• d73c4015 - log in and try to send cookies in auth test

Compare with previous version

added 1 commit

• a164c249 - try passRaw instead of getPassword()

Compare with previous version

added 2 commits

• bc4c592b - coding standards
• 7a55980c - remove unused variables

Compare with previous version

added 3 commits

• 7a55980c...85708170 - 2 commits from branch project:2.x
• 15bd7836 - Merge branch '2.x' into 'cookie_auth'

Compare with previous version

added 2 commits

• 2005b23f - remove extra code after rebase
• 918446a8 - refactor tests to verify that requests fail when the auth method is disabled

Compare with previous version

added 2 commits

• 9ceeb11e - move config methods to JsonRpcTestBase
• 0f816dd5 - add test for MaintenanceModeEnabledTestCookie; refactor getRpc and postRpc to use cookies, too

Compare with previous version

added 5 commits

• e9db6c63 - consolidate basic auth and cookie auth tests for maintenance mode into one file
• 651aeb02 - refactor maintenance mode tests to remove duplicate code
• 7b84499d - coding standards
• fbfd2151 - spelling fix
• 9ba73f7c - refactor plugin list test to do both basic auth and cookies

Compare with previous version

added 3 commits

• 63c7f5ce - add missing auth_method arg
• 9e7241dc - coding standards
• 85e629a7 - add csrf token for cookies

Compare with previous version

added 1 commit

• c599b586 - get csrf token by url from route

Compare with previous version

added 1 commit

• dd89048e - throw exception if CSRF token is not obtained correctly

Compare with previous version

added 1 commit

• ab85aef7 - need to parse csrf token response

Compare with previous version

added 1 commit

• 30c9330d - for cookie auth, we need to log in to get the cookie

Compare with previous version

added 3 commits

• d421b790 - use Guzzle RequestOptions
• 1d1f4819 - remove unneeded admin save
• 10c7041f - refactor tests to use similar expressions

Compare with previous version

added 2 commits

• 6b760a81 - Revert "refactor tests to use similar expressions"
• 59df16c5 - refactor to use request_options

Compare with previous version

added 4 commits

• e7ae0633 - revise inaccurate comment
• df9f486a - add missing type
• 200f12a1 - simplify call
• 8bc75c9f - move user + admin creation into JsonRpcTestBase

Compare with previous version

added 4 commits

• 5cbac166 - fix deprecations
• 505f7f32 - add return type
• f2308bb5 - verify CSRF token length as assert
• 6b028a1f - provide request_options for csrf token request

Compare with previous version

added 9 commits

• edee293d - Issue #3471349 by ptmkenny: Add types for properties and arguments
• c903a911 - Issue #3471922 by ptmkenny: Add types for return functions
• 74fd35de - Issue #3216615 by ptmkenny, e0ipso, fadonascimento: [PP] 'object' is a...
• c8151948 - Issue #3472101 by ptmkenny, bradjones1: Remove 2.x deprecations from 3.x
• 2334d024 - Issue #3473362 by ptmkenny, cspitzlay: Crash when method with optional...
• e3f58d64 - Issue #3473531 by ptmkenny, cspitzlay: Crash on jsonrpc/methods route
• 9b94a846 - Issue #3473712 by ptmkenny: Add a test for jsonrpc_discovery that verifies the methods returned
• d226be58 - Issue #3474318 by ptmkenny: Drupal 11: No supported normalizer found
• e3cd4bf7 - Merge branch '3.x' into 'cookie_auth'

Compare with previous version

added 1 commit

• 0aa863ab - need to rebuild router table

Compare with previous version

added 1 commit

• 88225596 - log out if using cookie auth to see maintenance page

Compare with previous version

added 1 commit

• c3f14c6a - restore mistakenly commented out function

Compare with previous version

added 1 commit

• bc683fcc - test without a CSRF token and confirm access denied

Compare with previous version

added 1 commit

• ab582783 - coding standards

Compare with previous version

Closing to make a new MR.

closed