diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 27ef1d173f1c3ba67299597c49e526d8cf866016..555e5ed45f027d64adecc78ab689a88e345a641c 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -1,5 +1,8 @@ security: enable_authenticator_manager: true + role_hierarchy: + ROLE_ADMIN: ROLE_USER + ROLE_SUPER_ADMIN: ROLE_ADMIN # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' @@ -9,26 +12,35 @@ security: app_user_provider: entity: class: App\Entity\User - property: email firewalls: + api_token: + pattern: ^/api/token$ + security: false api: pattern: ^/api security: true stateless: true oauth2: true - secured_area: - # ... - form_login: - # ... - enable_csrf: true + dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: +# login_throttling: +# max_attempts: 30 +# interval: '5 minutes' lazy: true provider: app_user_provider + form_login: + login_path: app_login + check_path: app_login + enable_csrf: true + default_target_path: app_index + use_referer: true logout: path: app_logout + target: app_index + # activate different ways to authenticate # https://symfony.com/doc/current/security.html#the-firewall @@ -38,12 +50,12 @@ security: # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - - { path: ^/authorize, roles: PUBLIC_ACCESS } - - { path: ^/login, role: PUBLIC_ACCESS } - - { path: ^/token, role: PUBLIC_ACCESS } - - { path: ^/.well-known, roles: PUBLIC_ACCESS } - - { path: ^/api/test, role: ROLE_OAUTH2_EMAIL } - - { path: ^/, role: ROLE_USER } + - { path: ^/authorize, roles: PUBLIC_ACCESS } + - { path: ^/login, role: PUBLIC_ACCESS } + - { path: ^/token, role: PUBLIC_ACCESS } + - { path: ^/.well-known, roles: PUBLIC_ACCESS } + - { path: ^/api, role: ROLE_OAUTH2_EMAIL } + - { path: ^/, role: ROLE_USER } when@test: security: @@ -56,4 +68,4 @@ when@test: algorithm: auto cost: 4 # Lowest possible value for bcrypt time_cost: 3 # Lowest possible value for argon - memory_cost: 10 # Lowest possible value for argon + memory_cost: 10 # Lowest possible value for argon \ No newline at end of file diff --git a/src/Controller/IndexController.php b/src/Controller/IndexController.php index d3cea5d8531f2ad8f2c450dc9ab603a880b6cdaf..547ca1a255f1b430c1487736dd0d4a1ca3538702 100644 --- a/src/Controller/IndexController.php +++ b/src/Controller/IndexController.php @@ -9,17 +9,8 @@ use Symfony\Component\Routing\Annotation\Route; class IndexController extends AbstractController { -// /** -// * @Route("/", name="app_index") -// */ -// public function index(): Response -// { -// return $this->render('index/index.html.twig', [ -// 'controller_name' => 'IndexController', -// ]); -// } /** - * @Route("/authorize", name="authorize") + * @Route("/", name="app_index") */ public function authorize(): Response {