forked from deblan/gist
Fix issue #5 - Enforce registration
This commit is contained in:
parent
71bfa8f7cb
commit
229f532ac0
14
README.md
14
README.md
|
|
@ -225,6 +225,20 @@ Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable
|
||||||
|
|
||||||
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable_registration']` with `false`.
|
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['enable_registration']` with `false`.
|
||||||
|
|
||||||
|
#### Force registration/login
|
||||||
|
|
||||||
|
##### Login required to edit a gist
|
||||||
|
|
||||||
|
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_edit_gist']` with `true`.
|
||||||
|
|
||||||
|
##### Login required to view a gist
|
||||||
|
|
||||||
|
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_gist']` with `true`.
|
||||||
|
|
||||||
|
##### Login required to view an embeded gist
|
||||||
|
|
||||||
|
Edit `app/bootstrap.php.d/70-security.php` and modify the value of `$app['login_required_to_view_embeded_gist']` with `true`.
|
||||||
|
|
||||||
### Debug
|
### Debug
|
||||||
|
|
||||||
`app_dev.php` is the development router. Access is granted for an IP range defined in the same file.
|
`app_dev.php` is the development router. Access is granted for an IP range defined in the same file.
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,10 @@ use Symfony\Component\Security\Http\HttpUtils;
|
||||||
|
|
||||||
$app['enable_registration'] = true;
|
$app['enable_registration'] = true;
|
||||||
$app['enable_login'] = true;
|
$app['enable_login'] = true;
|
||||||
|
$app['login_required_to_edit_gist'] = false;
|
||||||
|
$app['login_required_to_view_gist'] = false;
|
||||||
|
$app['login_required_to_view_embeded_gist'] = false;
|
||||||
|
|
||||||
$app['token'] = 'ThisTokenIsNotSoSecretChangeIt';
|
$app['token'] = 'ThisTokenIsNotSoSecretChangeIt';
|
||||||
|
|
||||||
$app['salt_generator'] = $app->share(function($app) {
|
$app['salt_generator'] = $app->share(function($app) {
|
||||||
|
|
@ -45,39 +49,60 @@ $app['security.authentication_listener.factory.form'] = $app->protect(function (
|
||||||
'pre_auth'
|
'pre_auth'
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
$app->register(
|
$firewall = [
|
||||||
new SecurityServiceProvider(),
|
'security.firewalls' => [
|
||||||
[
|
'default' => [
|
||||||
'security.firewalls' => [
|
'pattern' => '^/',
|
||||||
'default' => [
|
'anonymous' => true,
|
||||||
'pattern' => '^/',
|
'form' => [
|
||||||
'anonymous' => true,
|
'login_path' => '_login',
|
||||||
'form' => [
|
'check_path' => '/login_check',
|
||||||
'login_path' => '_login',
|
'always_use_default_target_path' => false,
|
||||||
'check_path' => '/login_check',
|
'default_target_path' => '/',
|
||||||
'always_use_default_target_path' => false,
|
],
|
||||||
'default_target_path' => '/',
|
'logout' => [
|
||||||
],
|
'path' => '/logout',
|
||||||
'logout' => [
|
],
|
||||||
'path' => '/logout',
|
'users' => $app->share(function () use ($app) {
|
||||||
],
|
return $app['user.provider'];
|
||||||
'users' => $app->share(function () use ($app) {
|
}),
|
||||||
return $app['user.provider'];
|
'remember_me' => [
|
||||||
}),
|
'key' => $app['token'],
|
||||||
'remember_me' => [
|
'path' => '/',
|
||||||
'key' => $app['token'],
|
'always_remember_me' => false,
|
||||||
'path' => '/',
|
|
||||||
'always_remember_me' => false,
|
|
||||||
],
|
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'security.access_rules' => [
|
],
|
||||||
['^/[a-z]{2}/my.*$', 'ROLE_USER'],
|
'security.access_rules' => [
|
||||||
]
|
['^/[a-z]{2}/my.*$', 'ROLE_USER'],
|
||||||
]
|
]
|
||||||
);
|
];
|
||||||
|
|
||||||
|
if ($app['login_required_to_edit_gist'] || $app['login_required_to_view_gist'] || $app['login_required_to_view_embeded_gist']) {
|
||||||
|
$securityRegexp = '^/[a-z]{2}';
|
||||||
|
$exceptedUriPattern = ['login', 'register'];
|
||||||
|
|
||||||
|
if ($app['login_required_to_view_gist'] === true) {
|
||||||
|
$firewall['security.access_rules'][] = ['^/[a-z]{2}/view.*$', 'ROLE_USER'];
|
||||||
|
$firewall['security.access_rules'][] = ['^/[a-z]{2}/revs.*$', 'ROLE_USER'];
|
||||||
|
} else {
|
||||||
|
$exceptedUriPattern[] = 'view';
|
||||||
|
$exceptedUriPattern[] = 'revs';
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($app['login_required_to_view_embeded_gist'] === true) {
|
||||||
|
$firewall['security.access_rules'][] = ['^/[a-z]{2}/embed.*$', 'ROLE_USER'];
|
||||||
|
} else {
|
||||||
|
$exceptedUriPattern[] = 'embed';
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($app['login_required_to_edit_gist'] === true) {
|
||||||
|
$firewall['security.access_rules'][] = ['^/[a-z]{2}/(?!('.implode('|', $exceptedUriPattern).')).*$', 'ROLE_USER'];
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$app->register(new SecurityServiceProvider(), $firewall);
|
||||||
$app->register(new SessionServiceProvider());
|
$app->register(new SessionServiceProvider());
|
||||||
$app->register(new RememberMeServiceProvider());
|
$app->register(new RememberMeServiceProvider());
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue