|
- security:
- # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
- password_hashers:
- App\Entity\Central\User:
- algorithm: auto
-
- # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
- providers:
- app_user_provider:
- entity:
- class: App\Entity\Central\User
- property: email
- # users_in_memory: { memory: null }
-
- firewalls:
- dev:
- # Ensure dev tools and static assets are always allowed
- pattern: ^/(_(profiler|wdt)|css|images|js)/
- security: false
- main:
- lazy: true
- user_checker: App\Security\ArchivedUserChecker
- provider: app_user_provider
- access_denied_handler: App\Security\AccessDeniedHandler
- form_login:
- login_path: app_login
- check_path: app_login
- default_target_path: /week
- username_parameter: email
- password_parameter: password
- enable_csrf: true
- logout:
- path: app_logout
- target: app_login
- remember_me:
- secret: '%kernel.secret%'
- lifetime: 2592000 # 30 Tage
- path: /
- name: REMEMBERME
-
- # Activate different ways to authenticate:
- # https://symfony.com/doc/current/security.html#the-firewall
-
- # https://symfony.com/doc/current/security/impersonating_user.html
- # switch_user: true
-
- # Note: Only the *first* matching rule is applied
- access_control:
- - { path: ^/login, roles: PUBLIC_ACCESS }
- - { path: ^/register, roles: PUBLIC_ACCESS }
- - { path: ^/api/register, roles: PUBLIC_ACCESS }
- - { path: ^/verify/, roles: PUBLIC_ACCESS }
- - { path: ^/invite/, roles: PUBLIC_ACCESS }
- - { path: ^/$, roles: PUBLIC_ACCESS }
- - { path: ^/, roles: ROLE_USER }
-
- when@test:
- security:
- password_hashers:
- # Password hashers are resource-intensive by design to ensure security.
- # In tests, it's safe to reduce their cost to improve performance.
- Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
- algorithm: auto
- cost: 4 # Lowest possible value for bcrypt
- time_cost: 3 # Lowest possible value for argon
- memory_cost: 10 # Lowest possible value for argon
|
