]>
Commit | Line | Data |
---|---|---|
1 | security: | |
2 | encoders: | |
3 | FOS\UserBundle\Model\UserInterface: sha512 | |
4 | ||
5 | role_hierarchy: | |
6 | ROLE_ADMIN: ROLE_USER | |
7 | ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] | |
8 | ||
9 | providers: | |
10 | administrators: | |
11 | entity: | |
12 | class: WallabagUserBundle:User | |
13 | property: username | |
14 | fos_userbundle: | |
15 | id: fos_user.user_provider.username_email | |
16 | ||
17 | # the main part of the security, where you can set up firewalls | |
18 | # for specific sections of your app | |
19 | firewalls: | |
20 | # disables authentication for assets and the profiler, adapt it according to your needs | |
21 | dev: | |
22 | pattern: ^/(_(profiler|wdt)|css|images|js)/ | |
23 | security: false | |
24 | ||
25 | oauth_token: | |
26 | pattern: ^/oauth/v2/token | |
27 | security: false | |
28 | ||
29 | api: | |
30 | pattern: /api/.* | |
31 | fos_oauth: true | |
32 | stateless: true | |
33 | anonymous: true | |
34 | provider: fos_userbundle | |
35 | ||
36 | login_firewall: | |
37 | logout_on_user_change: true | |
38 | pattern: ^/login$ | |
39 | anonymous: ~ | |
40 | ||
41 | secured_area: | |
42 | logout_on_user_change: true | |
43 | pattern: ^/ | |
44 | form_login: | |
45 | provider: fos_userbundle | |
46 | csrf_token_generator: security.csrf.token_manager | |
47 | ||
48 | anonymous: true | |
49 | remember_me: | |
50 | secret: "%secret%" | |
51 | lifetime: 31536000 | |
52 | path: / | |
53 | domain: ~ | |
54 | ||
55 | logout: | |
56 | path: /logout | |
57 | target: / | |
58 | ||
59 | two_factor: | |
60 | provider: fos_userbundle | |
61 | auth_form_path: 2fa_login | |
62 | check_path: 2fa_login_check | |
63 | ||
64 | access_control: | |
65 | - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
66 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
67 | # force role for logout otherwise when 2fa enable, you won't be able to logout | |
68 | # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478 | |
69 | - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] } | |
70 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } | |
71 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } | |
72 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
73 | - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY } | |
74 | - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
75 | - { path: ^/feed, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
76 | - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } # For backwards compatibility | |
77 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } | |
78 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } | |
79 | - { path: ^/annotations, roles: ROLE_USER } | |
80 | - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } | |
81 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } | |
82 | - { path: ^/, roles: ROLE_USER } |