]>
Commit | Line | Data |
---|---|---|
93fd4692 | 1 | security: |
93fd4692 | 2 | encoders: |
fcb1fba5 | 3 | FOS\UserBundle\Model\UserInterface: sha512 |
93fd4692 | 4 | |
93fd4692 | 5 | role_hierarchy: |
2bc9cad7 | 6 | ROLE_ADMIN: ROLE_USER |
c3235553 | 7 | ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] |
93fd4692 | 8 | |
93fd4692 | 9 | providers: |
c3235553 | 10 | administrators: |
2bc9cad7 JB |
11 | entity: |
12 | class: WallabagUserBundle:User | |
13 | property: username | |
a1691859 | 14 | fos_userbundle: |
08d6bedc | 15 | id: fos_user.user_provider.username_email |
93fd4692 NL |
16 | |
17 | # the main part of the security, where you can set up firewalls | |
18 | # for specific sections of your app | |
19 | firewalls: | |
5c895a7f JB |
20 | # disables authentication for assets and the profiler, adapt it according to your needs |
21 | dev: | |
22 | pattern: ^/(_(profiler|wdt)|css|images|js)/ | |
23 | security: false | |
24 | ||
fcb1fba5 NL |
25 | oauth_token: |
26 | pattern: ^/oauth/v2/token | |
27 | security: false | |
4c5e5441 | 28 | |
fcb1fba5 NL |
29 | api: |
30 | pattern: /api/.* | |
31 | fos_oauth: true | |
32 | stateless: true | |
cd1298d6 | 33 | anonymous: true |
115de64e | 34 | provider: fos_userbundle |
fcb1fba5 | 35 | |
c3235553 | 36 | login_firewall: |
115de64e | 37 | logout_on_user_change: true |
2bc9cad7 | 38 | pattern: ^/login$ |
c3235553 NL |
39 | anonymous: ~ |
40 | ||
d9169157 | 41 | secured_area: |
115de64e | 42 | logout_on_user_change: true |
a1691859 | 43 | pattern: ^/ |
d9169157 | 44 | form_login: |
a1691859 | 45 | provider: fos_userbundle |
5c895a7f | 46 | csrf_token_generator: security.csrf.token_manager |
d9169157 | 47 | |
2bc9cad7 | 48 | anonymous: true |
5a584614 | 49 | remember_me: |
2bc9cad7 | 50 | secret: "%secret%" |
5a584614 | 51 | lifetime: 31536000 |
2bc9cad7 JB |
52 | path: / |
53 | domain: ~ | |
5a584614 | 54 | |
d9169157 J |
55 | logout: |
56 | path: /logout | |
57 | target: / | |
c3235553 | 58 | |
a6b242a1 JB |
59 | two_factor: |
60 | provider: fos_userbundle | |
61 | auth_form_path: 2fa_login | |
62 | check_path: 2fa_login_check | |
63 | ||
93fd4692 | 64 | access_control: |
3bd65991 | 65 | - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } |
c3235553 | 66 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
a6b242a1 JB |
67 | # force role for logout otherwise when 2fa enable, you won't be able to logout |
68 | # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478 | |
69 | - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] } | |
fcb1fba5 | 70 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } |
1210dae1 | 71 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } |
a40a8038 | 72 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
be417ef2 | 73 | - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY } |
18c38dff | 74 | - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
531c8d0a TC |
75 | - { path: ^/feed, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
76 | - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } # For backwards compatibility | |
f3d0cb91 | 77 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
63e40f2d | 78 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } |
f38e03dc | 79 | - { path: ^/annotations, roles: ROLE_USER } |
a6b242a1 | 80 | - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } |
152fcccd | 81 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } |
07c9b1c9 | 82 | - { path: ^/, roles: ROLE_USER } |