X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=app%2Fconfig%2Fsecurity.yml;h=4a798e56fb16be9dfaeb27e4bf500bb4d5f8a343;hb=0ac38198ab1c00dfb290d5631fa7c1cf5ac2a48a;hp=a28b1db99c050e15dcce20243a53dc418ab3e1a6;hpb=93fd4692f6eb753cae16358131c8049d84cfbb41;p=github%2Fwallabag%2Fwallabag.git diff --git a/app/config/security.yml b/app/config/security.yml index a28b1db9..4a798e56 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -1,52 +1,61 @@ -# you can read more about security in the related section of the documentation -# http://symfony.com/doc/current/book/security.html security: - # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password encoders: - Symfony\Component\Security\Core\User\User: plaintext + Wallabag\CoreBundle\Entity\User: + algorithm: sha1 + encode_as_base64: false + iterations: 1 - # http://symfony.com/doc/current/book/security.html#hierarchical-roles role_hierarchy: ROLE_ADMIN: ROLE_USER - ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] + ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] - # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers providers: - in_memory: - memory: - users: - user: { password: userpass, roles: [ 'ROLE_USER' ] } - admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } + administrators: + entity: { class: WallabagCoreBundle:User, property: username } # the main part of the security, where you can set up firewalls # for specific sections of your app firewalls: - # disables authentication for assets and the profiler, adapt it according to your needs - dev: - pattern: ^/(_(profiler|wdt)|css|images|js)/ - security: false - # the login page has to be accessible for everybody - demo_login: - pattern: ^/demo/secured/login$ - security: false - - # secures part of the application - demo_secured_area: - pattern: ^/demo/secured/ - # it's important to notice that in this case _demo_security_check and _demo_login - # are route names and that they are specified in the AcmeDemoBundle + wsse_secured: + pattern: /api/.* + wsse: true + stateless: true + anonymous: true + login_firewall: + pattern: ^/login$ + anonymous: ~ + + secured_area: + pattern: ^/ + anonymous: ~ form_login: - check_path: _demo_security_check - login_path: _demo_login + login_path: /login + + use_forward: false + + check_path: /login_check + + post_only: true + + always_use_default_target_path: true + default_target_path: / + target_path_parameter: redirect_url + use_referer: true + + failure_path: null + failure_forward: false + + username_parameter: _username + password_parameter: _password + + csrf_parameter: _csrf_token + intention: authenticate + logout: - path: _demo_logout - target: _demo - #anonymous: ~ - #http_basic: - # realm: "Secured Demo Area" - - # with these settings you can restrict or allow access for different parts - # of your application based on roles, ip, host or methods - # http://symfony.com/doc/current/cookbook/security/access_control.html + path: /logout + target: / + access_control: - #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } \ No newline at end of file + - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/, roles: ROLE_USER }