X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=app%2Fconfig%2Fsecurity.yml;h=96489e2683f1fcc6aad294b1578108b970c93a9c;hb=3bd65991adc253715c6b74ab0ee19ff2cf3e6c69;hp=a28b1db99c050e15dcce20243a53dc418ab3e1a6;hpb=93fd4692f6eb753cae16358131c8049d84cfbb41;p=github%2Fwallabag%2Fwallabag.git diff --git a/app/config/security.yml b/app/config/security.yml index a28b1db9..96489e26 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -1,52 +1,71 @@ -# you can read more about security in the related section of the documentation -# http://symfony.com/doc/current/book/security.html security: - # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password encoders: - Symfony\Component\Security\Core\User\User: plaintext + FOS\UserBundle\Model\UserInterface: sha512 - # http://symfony.com/doc/current/book/security.html#hierarchical-roles role_hierarchy: - ROLE_ADMIN: ROLE_USER - ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] + ROLE_ADMIN: ROLE_USER + ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] - # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers providers: - in_memory: - memory: - users: - user: { password: userpass, roles: [ 'ROLE_USER' ] } - admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } + administrators: + entity: + class: WallabagUserBundle:User + property: username + fos_userbundle: + id: fos_user.user_provider.username_email # the main part of the security, where you can set up firewalls # for specific sections of your app firewalls: # disables authentication for assets and the profiler, adapt it according to your needs dev: - pattern: ^/(_(profiler|wdt)|css|images|js)/ + pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false - # the login page has to be accessible for everybody - demo_login: - pattern: ^/demo/secured/login$ + + oauth_token: + pattern: ^/oauth/v2/token security: false - # secures part of the application - demo_secured_area: - pattern: ^/demo/secured/ - # it's important to notice that in this case _demo_security_check and _demo_login - # are route names and that they are specified in the AcmeDemoBundle + api: + pattern: /api/.* + fos_oauth: true + stateless: true + anonymous: true + provider: fos_userbundle + + login_firewall: + logout_on_user_change: true + pattern: ^/login$ + anonymous: ~ + + secured_area: + logout_on_user_change: true + pattern: ^/ form_login: - check_path: _demo_security_check - login_path: _demo_login + provider: fos_userbundle + csrf_token_generator: security.csrf.token_manager + + anonymous: true + remember_me: + secret: "%secret%" + lifetime: 31536000 + path: / + domain: ~ + logout: - path: _demo_logout - target: _demo - #anonymous: ~ - #http_basic: - # realm: "Secured Demo Area" - - # with these settings you can restrict or allow access for different parts - # of your application based on roles, ip, host or methods - # http://symfony.com/doc/current/cookbook/security/access_control.html + path: /logout + target: / + access_control: - #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } \ No newline at end of file + - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/settings, roles: ROLE_SUPER_ADMIN } + - { path: ^/annotations, roles: ROLE_USER } + - { path: ^/users, roles: ROLE_SUPER_ADMIN } + - { path: ^/, roles: ROLE_USER }