security: # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: App\Entity\Central\User: algorithm: auto # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: app_user_provider: entity: class: App\Entity\Central\User property: email # users_in_memory: { memory: null } firewalls: dev: # Ensure dev tools and static assets are always allowed pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: lazy: true provider: app_user_provider access_denied_handler: App\Security\AccessDeniedHandler form_login: login_path: app_login check_path: app_login default_target_path: /week username_parameter: email password_parameter: password enable_csrf: true logout: path: app_logout target: app_login remember_me: secret: '%kernel.secret%' lifetime: 2592000 # 30 Tage path: / name: REMEMBERME # Activate different ways to authenticate: # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Note: Only the *first* matching rule is applied access_control: - { path: ^/login, roles: PUBLIC_ACCESS } - { path: ^/register, roles: PUBLIC_ACCESS } - { path: ^/api/register, roles: PUBLIC_ACCESS } - { path: ^/verify/, roles: PUBLIC_ACCESS } - { path: ^/invite/, roles: PUBLIC_ACCESS } - { path: ^/$, roles: PUBLIC_ACCESS } - { path: ^/, roles: ROLE_USER } when@test: security: password_hashers: # Password hashers are resource-intensive by design to ensure security. # In tests, it's safe to reduce their cost to improve performance. Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: algorithm: auto cost: 4 # Lowest possible value for bcrypt time_cost: 3 # Lowest possible value for argon memory_cost: 10 # Lowest possible value for argon