security: encoders: App\Entity\User: algorithm: auto # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers providers: # used to reload user from session & other features (e.g. switch_user) app_user_provider: entity: class: App\Entity\User property: email role_hierarchy: ROLE_WRITER: ROLE_USER ROLE_ADMIN: ROLE_WRITER firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: ~ two_factor: auth_form_path: 2fa_login # The route name you have used in the routes.yaml check_path: 2fa_login_check # The route name you have used in the routes.yaml guard: authenticators: - App\Core\Authenticator\LoginFormAuthenticator form_login: login_path: auth_login check_path: auth_login csrf_token_generator: security.csrf.token_manager logout: path: auth_logout target: / remember_me: secret: '%kernel.secret%' lifetime: 604800 path: / # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/resetting, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } - { path: ^/admin/user, roles: ROLE_ADMIN } - { path: ^/admin/task, roles: ROLE_ADMIN } - { path: ^/admin/setting, roles: ROLE_ADMIN } - { path: ^/admin/site, roles: ROLE_WRITER } - { path: ^/admin/file_manager, roles: ROLE_WRITER } - { path: ^/admin, roles: ROLE_USER } - { path: ^/_internal, roles: IS_AUTHENTICATED_ANONYMOUSLY }