Showfom
/
gist
forked from deblan/gist
1
0
Fork 0
Code Releases Activity

Fix issue #5 - Enforce registration

This commit is contained in:
Simon Vieille 2016-09-19 15:12:53 +02:00
parent 71bfa8f7cb
commit 229f532ac0
2 changed files with 68 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -225,6 +225,20 @@ Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable_registration']` with `false`.
#### Force registration/login
##### Login required to edit a gist
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_edit_gist']` with `true`.
##### Login required to view a gist
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_gist']` with `true`.
##### Login required to view an embeded gist
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_embeded_gist']` with `true`.
### Debug
`app_dev.php` is the development router. Access is granted for an IP range defined in the same file.

83
app/bootstrap.php.d/70-security.php
View File

@ -13,6 +13,10 @@ use Symfony\Component\Security\Http\HttpUtils;
$app['enable_registration'] = true;
$app['enable_login'] = true;
$app['login_required_to_edit_gist'] = false;
$app['login_required_to_view_gist'] = false;
$app['login_required_to_view_embeded_gist'] = false;
$app['token'] = 'ThisTokenIsNotSoSecretChangeIt';
$app['salt_generator'] = $app->share(function($app) {
@ -45,39 +49,60 @@ $app['security.authentication_listener.factory.form'] = $app->protect(function (
'pre_auth'
];
});
$app->register(
new SecurityServiceProvider(),
[
'security.firewalls' => [
'default' => [
'pattern' => '^/',
'anonymous' => true,
'form' => [
'login_path' => '_login',
'check_path' => '/login_check',
'always_use_default_target_path' => false,
'default_target_path' => '/',
],
'logout' => [
'path' => '/logout',
],
'users' => $app->share(function () use ($app) {
return $app['user.provider'];
}),
'remember_me' => [
'key' => $app['token'],
'path' => '/',
'always_remember_me' => false,
],
$firewall = [
'security.firewalls' => [
'default' => [
'pattern' => '^/',
'anonymous' => true,
'form' => [
'login_path' => '_login',
'check_path' => '/login_check',
'always_use_default_target_path' => false,
'default_target_path' => '/',
],
'logout' => [
'path' => '/logout',
],
'users' => $app->share(function () use ($app) {
return $app['user.provider'];
}),
'remember_me' => [
'key' => $app['token'],
'path' => '/',
'always_remember_me' => false,
],
],
'security.access_rules' => [
['^/[a-z]{2}/my.*$', 'ROLE_USER'],
]
],
'security.access_rules' => [
['^/[a-z]{2}/my.*$', 'ROLE_USER'],
]
);
];
if ($app['login_required_to_edit_gist'] || $app['login_required_to_view_gist'] || $app['login_required_to_view_embeded_gist']) {
$securityRegexp = '^/[a-z]{2}';
$exceptedUriPattern = ['login', 'register'];
if ($app['login_required_to_view_gist'] === true) {
$firewall['security.access_rules'][] = ['^/[a-z]{2}/view.*$', 'ROLE_USER'];
$firewall['security.access_rules'][] = ['^/[a-z]{2}/revs.*$', 'ROLE_USER'];
} else {
$exceptedUriPattern[] = 'view';
$exceptedUriPattern[] = 'revs';
}
if ($app['login_required_to_view_embeded_gist'] === true) {
$firewall['security.access_rules'][] = ['^/[a-z]{2}/embed.*$', 'ROLE_USER'];
} else {
$exceptedUriPattern[] = 'embed';
}
if ($app['login_required_to_edit_gist'] === true) {
$firewall['security.access_rules'][] = ['^/[a-z]{2}/(?!('.implode('|', $exceptedUriPattern).')).*$', 'ROLE_USER'];
}
}
$app->register(new SecurityServiceProvider(), $firewall);
$app->register(new SessionServiceProvider());
$app->register(new RememberMeServiceProvider());