Skip to content
Snippets Groups Projects
Select Git revision
  • plugin_firefox
  • sens_prioritaire
  • master
  • dev_pierre_202401
  • multiling
  • master-no-group
  • main default protected
  • frontend
  • new_wikstraktor
  • 1-1-gestion-de-compte
  • 64-01-gestion-des-lexiques
  • v0.9
  • v1
  • v0.5
  • 0.5
15 results
Blame History Permalink
security.yaml 4.25 KiB 
security:
    enable_authenticator_manager: true
    role_hierarchy:
        ROLE_TEACHER: [ROLE_USER]
        ROLE_ADMIN: [ROLE_TEACHER]
        ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        all_users:
            chain:
                providers: ['users_in_memory', 'app_user_provider']
        users_in_memory:
            memory:
                users:
                    pierre:   { password: $2y$13$p3/KO6BkGuAx9Of5Nn2K4ujl5TDGv6WpgR2A.ODR0eUNdYKZi.hOa, roles: [ 'ROLE_SUPER_ADMIN' ] }
        app_user_provider:
            entity:
                class: App\Entity\User

    firewalls:
        # selon l'url, on va récupérer l'utilisateur de différentes manières (on choisit le mode d'authentification)
        api_token:
            pattern: ^/api/token$
            security: false
        api:
            pattern: ^/api(?!/doc$) # Accepts routes under /api except /api/doc (pour api/doc, on utilisera donc le firewall "main" ce qui permettra d'accéder au swagger quand on est authentifié via Session PHP avec le role Admin
            security: true
            stateless: true # Pas d'authentification, pas de session utilisateur (mais le compte user est vérifié via le token)
            oauth2: true
            provider: app_user_provider
            user_checker: App\Security\EasyUserChecker

        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
#            login_throttling:
#                max_attempts: 30
#                interval: '5 minutes'
            lazy: true
            provider: all_users
            entry_point: App\Security\AuthenticationEntryPoint # pour retourner une 403 quand une requête ajax est redirigée vers la page de login et pouvoir recharger la page depuis le JS des modals
            form_login:
                login_path: app_login
                check_path: app_login
                enable_csrf: true
                default_target_path: app_index
                use_referer: true
            logout:
                path: app_logout
                target: app_index
            user_checker: App\Security\EasyUserChecker
            # activate different ways to authenticate
            # https://symfony.com/doc/current/security.html#the-firewall

            # https://symfony.com/doc/current/security/impersonating_user.html
            switch_user: { role: ROLE_SUPER_ADMIN, parameter: _usurper }

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    # Quel que soit le mode d'authentification choisi dans firewalls, on peut contrôler l'accès ici
    access_control:
        - { path: ^/verify, roles: PUBLIC_ACCESS }
        - { path: ^/register, roles: PUBLIC_ACCESS }
        - { path: ^/reset-password, roles: PUBLIC_ACCESS }
        - { path: ^/authorize, roles: PUBLIC_ACCESS }