first implementation of security

author: Nicolas Lœuillet <nicolas@loeuillet.org> 2015-01-31 15:14:10 +0100
committer: Nicolas Lœuillet <nicolas@loeuillet.org> 2015-01-31 15:14:10 +0100
commit: c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf (patch)
tree: 271305a039d31059c7af8be220da08b9331baeec /app/config/security.yml
parent: 71691fe44a7b2a80f3b9d96d54720cce7994ad08 (diff)
download: wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.gz
wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.zst
wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.zip
1 files changed, 44 insertions, 38 deletions
diff --git a/app/config/security.yml b/app/config/security.yml
index a28b1db9..f4fefe2e 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -1,52 +1,58 @@
-# you can read more about security in the related section of the documentation
-# http://symfony.com/doc/current/book/security.html
 security:
-    # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
    encoders:
-        Symfony\Component\Security\Core\User\User: plaintext
+        Wallabag\CoreBundle\Entity\Users:
+            algorithm:        sha1
+            encode_as_base64: false
+            iterations:       1
-    # http://symfony.com/doc/current/book/security.html#hierarchical-roles
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
-        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
+        ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
-    # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
    providers:
-        in_memory:
+        administrators:
-            memory:
+            entity: { class: WallabagCoreBundle:Users, property: username }
-                users:
-                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
-                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
    # the main part of the security, where you can set up firewalls
    # for specific sections of your app
    firewalls:
-        # disables authentication for assets and the profiler, adapt it according to your needs
+        #wsse_secured:
-        dev:
+        #    pattern:   /api/.*
-            pattern:  ^/(_(profiler|wdt)|css|images|js)/
+        #    wsse:      true
-            security: false
+        login_firewall:
-        # the login page has to be accessible for everybody
+            pattern:    ^/login$
-        demo_login:
+            anonymous:  ~
-            pattern:  ^/demo/secured/login$
-            security: false
+        secured_area:
+            pattern:    ^/
-        # secures part of the application
+            anonymous: ~
-        demo_secured_area:
-            pattern:    ^/demo/secured/
-            # it's important to notice that in this case _demo_security_check and _demo_login
-            # are route names and that they are specified in the AcmeDemoBundle
            form_login:
-                check_path: _demo_security_check
+                login_path:                     /login
-                login_path: _demo_login
+                use_forward:                    false
+                check_path:                     /login_check
+                post_only:                      true
+                always_use_default_target_path: true
+                default_target_path:            /
+                target_path_parameter:          redirect_url
+                use_referer:                    true
+                failure_path:                   null
+                failure_forward:                false
+                username_parameter:             _username
+                password_parameter:             _password
+                csrf_parameter:                 _csrf_token
+                intention:                      authenticate
            logout:
-                path:   _demo_logout
+                path:   /logout
-                target: _demo
+                target: /
-            #anonymous: ~
-            #http_basic:
-            #    realm: "Secured Demo Area"
-    # with these settings you can restrict or allow access for different parts
-    # of your application based on roles, ip, host or methods
-    # http://symfony.com/doc/current/cookbook/security/access_control.html
    access_control:
-        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
-\ No newline at end of file
+        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/, roles: ROLE_USER }
author	Nicolas Lœuillet <nicolas@loeuillet.org>	2015-01-31 15:14:10 +0100
committer	Nicolas Lœuillet <nicolas@loeuillet.org>	2015-01-31 15:14:10 +0100
commit	c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf (patch)
tree	271305a039d31059c7af8be220da08b9331baeec /app/config/security.yml
parent	71691fe44a7b2a80f3b9d96d54720cce7994ad08 (diff)
download	wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.gz wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.zst wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.zip

diff --git a/app/config/security.yml b/app/config/security.yml index a28b1db9..f4fefe2e 100644 --- a/app/config/security.yml +++ b/app/config/security.yml
@@ -1,52 +1,58 @@
1	# you can read more about security in the related section of the documentation
2	# http://symfony.com/doc/current/book/security.html
3	security:	1	security:
4	# http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
5	encoders:	2	encoders:
6	Symfony\Component\Security\Core\User\User: plaintext	3	Wallabag\CoreBundle\Entity\Users:
		4	algorithm: sha1
		5	encode_as_base64: false
		6	iterations: 1
7		7
8	# http://symfony.com/doc/current/book/security.html#hierarchical-roles
9	role_hierarchy:	8	role_hierarchy:
10	ROLE_ADMIN: ROLE_USER	9	ROLE_ADMIN: ROLE_USER
11	ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]	10	ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
12		11
13	# http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
14	providers:	12	providers:
15	in_memory:	13	administrators:
16	memory:	14	entity: { class: WallabagCoreBundle:Users, property: username }
17	users:
18	user: { password: userpass, roles: [ 'ROLE_USER' ] }
19	admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
20		15
21	# the main part of the security, where you can set up firewalls	16	# the main part of the security, where you can set up firewalls
22	# for specific sections of your app	17	# for specific sections of your app
23	firewalls:	18	firewalls:
24	# disables authentication for assets and the profiler, adapt it according to your needs	19	#wsse_secured:
25	dev:	20	# pattern: /api/.*
26	pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/	21	# wsse: true
27	security: false	22	login_firewall:
28	# the login page has to be accessible for everybody	23	pattern: ^/login$
29	demo_login:	24	anonymous: ~
30	pattern: ^/demo/secured/login$	25
31	security: false	26	secured_area:
32		27	pattern: ^/
33	# secures part of the application	28	anonymous: ~
34	demo_secured_area:
35	pattern: ^/demo/secured/
36	# it's important to notice that in this case _demo_security_check and _demo_login
37	# are route names and that they are specified in the AcmeDemoBundle
38	form_login:	29	form_login:
39	check_path: _demo_security_check	30	login_path: /login
40	login_path: _demo_login	31
		32	use_forward: false
		33
		34	check_path: /login_check
		35
		36	post_only: true
		37
		38	always_use_default_target_path: true
		39	default_target_path: /
		40	target_path_parameter: redirect_url
		41	use_referer: true
		42
		43	failure_path: null
		44	failure_forward: false
		45
		46	username_parameter: _username
		47	password_parameter: _password
		48
		49	csrf_parameter: _csrf_token
		50	intention: authenticate
		51
41	logout:	52	logout:
42	path: _demo_logout	53	path: /logout
43	target: _demo	54	target: /
44	#anonymous: ~	55
45	#http_basic:
46	# realm: "Secured Demo Area"
47
48	# with these settings you can restrict or allow access for different parts
49	# of your application based on roles, ip, host or methods
50	# http://symfony.com/doc/current/cookbook/security/access_control.html
51	access_control:	56	access_control:
52	#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } \ No newline at end of file	57	- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
		58	- { path: ^/, roles: ROLE_USER }