gnu-social/config/packages/security.yaml

71 lines
2.5 KiB
YAML
Raw Normal View History

security:
enable_authenticator_manager: true
password_hashers:
App\Entity\LocalUser:
algorithm: auto
# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
providers:
local_user:
chain:
providers: [local_user_by_nickname, local_user_by_email]
local_user_by_nickname:
entity:
class: 'App\Entity\LocalUser'
property: 'nickname'
local_user_by_email:
entity:
class: 'App\Entity\LocalUser'
property: 'outgoing_email'
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
2022-01-15 18:03:07 +00:00
oauth_token:
2022-01-15 20:05:28 +00:00
pattern: ^/oauth/(token|authorize)$
2022-01-15 18:03:07 +00:00
security: false
api_apps:
pattern: ^/api/v1/apps$
security: false
api:
guard:
authenticators:
- Trikoder\Bundle\OAuth2Bundle\Security\Guard\Authenticator\OAuth2Authenticator
provider: local_user
pattern: ^/api/
security: true
stateless: true
main:
entry_point: App\Security\Authenticator
guard:
authenticators:
- App\Security\Authenticator
provider: local_user
form_login:
login_path: security_login
check_path: security_login
enable_csrf: true
logout:
path: security_logout
# where to redirect after logout
target: root
remember_me:
secret: '%kernel.secret%'
secure: true
httponly: '%remember_me_httponly%'
samesite: '%remember_me_samesite%'
token_provider: 'Symfony\Bridge\Doctrine\Security\RememberMe\DoctrineTokenProvider'
# activate different ways to authenticate
# https://symfony.com/doc/current/security.html#firewalls-authentication
# https://symfony.com/doc/current/security/impersonating_user.html
# switch_user: true
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
- { path: ^/admin, roles: ROLE_ADMIN }
- { path: ^/settings, roles: ROLE_USER }
2022-01-14 14:30:55 +00:00
- { path: ^/authorize, roles: IS_AUTHENTICATED_REMEMBERED }