78 lines
3.1 KiB
YAML
78 lines
3.1 KiB
YAML
security:
|
|
encoders:
|
|
App\Entity\User:
|
|
algorithm: auto
|
|
|
|
access_decision_manager:
|
|
strategy: consensus
|
|
allow_if_all_abstain: false
|
|
|
|
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
|
|
enable_authenticator_manager: true
|
|
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
|
|
password_hashers:
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
|
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
|
|
providers:
|
|
# used to reload user from session & other features (e.g. switch_user)
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
role_hierarchy:
|
|
ROLE_WRITER: ROLE_USER
|
|
ROLE_ADMIN: ROLE_WRITER
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_(profiler|wdt)|css|images|js)/
|
|
security: false
|
|
main:
|
|
two_factor:
|
|
auth_form_path: 2fa_login # The route name you have used in the routes.yaml
|
|
check_path: 2fa_login_check # The route name you have used in the routes.yaml
|
|
guard:
|
|
authenticators:
|
|
- App\Core\Authenticator\LoginFormAuthenticator
|
|
form_login:
|
|
login_path: auth_login
|
|
check_path: auth_login
|
|
enable_csrf: true
|
|
logout:
|
|
path: auth_logout
|
|
target: /
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 604800
|
|
path: /
|
|
|
|
entry_point: form_login
|
|
|
|
# Easy way to control access for large sections of your site
|
|
# Note: Only the *first* access control that matches will be used
|
|
access_control:
|
|
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
- { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
|
|
- { path: ^/admin/user, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/task, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/setting, roles: ROLE_ADMIN }
|
|
- { path: ^/admin/site, roles: ROLE_WRITER }
|
|
- { path: ^/admin/file_manager, roles: ROLE_WRITER }
|
|
- { path: ^/admin, roles: ROLE_USER }
|
|
- { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
|
|
|
when@test:
|
|
security:
|
|
password_hashers:
|
|
# By default, password hashers are resource intensive and take time. This is
|
|
# important to generate secure password hashes. In tests however, secure hashes
|
|
# are not important, waste resources and increase test times. The following
|
|
# reduces the work factor to the lowest possible values.
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
|
|
algorithm: auto
|
|
cost: 4 # Lowest possible value for bcrypt
|
|
time_cost: 3 # Lowest possible value for argon
|
|
memory_cost: 10 # Lowest possible value for argon
|