diff options
author | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-01-31 15:14:10 +0100 |
---|---|---|
committer | Nicolas LÅ“uillet <nicolas@loeuillet.org> | 2015-01-31 15:14:10 +0100 |
commit | c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf (patch) | |
tree | 271305a039d31059c7af8be220da08b9331baeec /app/config | |
parent | 71691fe44a7b2a80f3b9d96d54720cce7994ad08 (diff) | |
download | wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.gz wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.zst wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.zip |
first implementation of security
Diffstat (limited to 'app/config')
-rw-r--r-- | app/config/routing.yml | 8 | ||||
-rw-r--r-- | app/config/security.yml | 82 |
2 files changed, 52 insertions, 38 deletions
diff --git a/app/config/routing.yml b/app/config/routing.yml index 8e04a0c8..426dcdcf 100644 --- a/app/config/routing.yml +++ b/app/config/routing.yml | |||
@@ -10,6 +10,14 @@ doc-api: | |||
10 | resource: "@NelmioApiDocBundle/Resources/config/routing.yml" | 10 | resource: "@NelmioApiDocBundle/Resources/config/routing.yml" |
11 | prefix: /api/doc | 11 | prefix: /api/doc |
12 | 12 | ||
13 | login: | ||
14 | pattern: /login | ||
15 | defaults: { _controller: WallabagCoreBundle:Security:login } | ||
16 | login_check: | ||
17 | pattern: /login_check | ||
18 | logout: | ||
19 | path: /logout | ||
20 | |||
13 | #wallabag_api: | 21 | #wallabag_api: |
14 | # resource: "@WallabagApiBundle/Controller/" | 22 | # resource: "@WallabagApiBundle/Controller/" |
15 | # type: annotation | 23 | # type: annotation |
diff --git a/app/config/security.yml b/app/config/security.yml index a28b1db9..f4fefe2e 100644 --- a/app/config/security.yml +++ b/app/config/security.yml | |||
@@ -1,52 +1,58 @@ | |||
1 | # you can read more about security in the related section of the documentation | ||
2 | # http://symfony.com/doc/current/book/security.html | ||
3 | security: | 1 | security: |
4 | # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password | ||
5 | encoders: | 2 | encoders: |
6 | Symfony\Component\Security\Core\User\User: plaintext | 3 | Wallabag\CoreBundle\Entity\Users: |
4 | algorithm: sha1 | ||
5 | encode_as_base64: false | ||
6 | iterations: 1 | ||
7 | 7 | ||
8 | # http://symfony.com/doc/current/book/security.html#hierarchical-roles | ||
9 | role_hierarchy: | 8 | role_hierarchy: |
10 | ROLE_ADMIN: ROLE_USER | 9 | ROLE_ADMIN: ROLE_USER |
11 | ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] | 10 | ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] |
12 | 11 | ||
13 | # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers | ||
14 | providers: | 12 | providers: |
15 | in_memory: | 13 | administrators: |
16 | memory: | 14 | entity: { class: WallabagCoreBundle:Users, property: username } |
17 | users: | ||
18 | user: { password: userpass, roles: [ 'ROLE_USER' ] } | ||
19 | admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] } | ||
20 | 15 | ||
21 | # the main part of the security, where you can set up firewalls | 16 | # the main part of the security, where you can set up firewalls |
22 | # for specific sections of your app | 17 | # for specific sections of your app |
23 | firewalls: | 18 | firewalls: |
24 | # disables authentication for assets and the profiler, adapt it according to your needs | 19 | #wsse_secured: |
25 | dev: | 20 | # pattern: /api/.* |
26 | pattern: ^/(_(profiler|wdt)|css|images|js)/ | 21 | # wsse: true |
27 | security: false | 22 | login_firewall: |
28 | # the login page has to be accessible for everybody | 23 | pattern: ^/login$ |
29 | demo_login: | 24 | anonymous: ~ |
30 | pattern: ^/demo/secured/login$ | 25 | |
31 | security: false | 26 | secured_area: |
32 | 27 | pattern: ^/ | |
33 | # secures part of the application | 28 | anonymous: ~ |
34 | demo_secured_area: | ||
35 | pattern: ^/demo/secured/ | ||
36 | # it's important to notice that in this case _demo_security_check and _demo_login | ||
37 | # are route names and that they are specified in the AcmeDemoBundle | ||
38 | form_login: | 29 | form_login: |
39 | check_path: _demo_security_check | 30 | login_path: /login |
40 | login_path: _demo_login | 31 | |
32 | use_forward: false | ||
33 | |||
34 | check_path: /login_check | ||
35 | |||
36 | post_only: true | ||
37 | |||
38 | always_use_default_target_path: true | ||
39 | default_target_path: / | ||
40 | target_path_parameter: redirect_url | ||
41 | use_referer: true | ||
42 | |||
43 | failure_path: null | ||
44 | failure_forward: false | ||
45 | |||
46 | username_parameter: _username | ||
47 | password_parameter: _password | ||
48 | |||
49 | csrf_parameter: _csrf_token | ||
50 | intention: authenticate | ||
51 | |||
41 | logout: | 52 | logout: |
42 | path: _demo_logout | 53 | path: /logout |
43 | target: _demo | 54 | target: / |
44 | #anonymous: ~ | 55 | |
45 | #http_basic: | ||
46 | # realm: "Secured Demo Area" | ||
47 | |||
48 | # with these settings you can restrict or allow access for different parts | ||
49 | # of your application based on roles, ip, host or methods | ||
50 | # http://symfony.com/doc/current/cookbook/security/access_control.html | ||
51 | access_control: | 56 | access_control: |
52 | #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } \ No newline at end of file | 57 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
58 | - { path: ^/, roles: ROLE_USER } | ||