aboutsummaryrefslogtreecommitdiffhomepage
path: root/app
diff options
context:
space:
mode:
authorNicolas LÅ“uillet <nicolas@loeuillet.org>2015-01-31 15:14:10 +0100
committerNicolas LÅ“uillet <nicolas@loeuillet.org>2015-01-31 15:14:10 +0100
commitc3235553ddc2bb5965f6fe00e750cfe4aac9ccdf (patch)
tree271305a039d31059c7af8be220da08b9331baeec /app
parent71691fe44a7b2a80f3b9d96d54720cce7994ad08 (diff)
downloadwallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.gz
wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.tar.zst
wallabag-c3235553ddc2bb5965f6fe00e750cfe4aac9ccdf.zip
first implementation of security
Diffstat (limited to 'app')
-rw-r--r--app/config/routing.yml8
-rw-r--r--app/config/security.yml82
2 files changed, 52 insertions, 38 deletions
diff --git a/app/config/routing.yml b/app/config/routing.yml
index 8e04a0c8..426dcdcf 100644
--- a/app/config/routing.yml
+++ b/app/config/routing.yml
@@ -10,6 +10,14 @@ doc-api:
10 resource: "@NelmioApiDocBundle/Resources/config/routing.yml" 10 resource: "@NelmioApiDocBundle/Resources/config/routing.yml"
11 prefix: /api/doc 11 prefix: /api/doc
12 12
13login:
14 pattern: /login
15 defaults: { _controller: WallabagCoreBundle:Security:login }
16login_check:
17 pattern: /login_check
18logout:
19 path: /logout
20
13#wallabag_api: 21#wallabag_api:
14# resource: "@WallabagApiBundle/Controller/" 22# resource: "@WallabagApiBundle/Controller/"
15# type: annotation 23# type: annotation
diff --git a/app/config/security.yml b/app/config/security.yml
index a28b1db9..f4fefe2e 100644
--- a/app/config/security.yml
+++ b/app/config/security.yml
@@ -1,52 +1,58 @@
1# you can read more about security in the related section of the documentation
2# http://symfony.com/doc/current/book/security.html
3security: 1security:
4 # http://symfony.com/doc/current/book/security.html#encoding-the-user-s-password
5 encoders: 2 encoders:
6 Symfony\Component\Security\Core\User\User: plaintext 3 Wallabag\CoreBundle\Entity\Users:
4 algorithm: sha1
5 encode_as_base64: false
6 iterations: 1
7 7
8 # http://symfony.com/doc/current/book/security.html#hierarchical-roles
9 role_hierarchy: 8 role_hierarchy:
10 ROLE_ADMIN: ROLE_USER 9 ROLE_ADMIN: ROLE_USER
11 ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] 10 ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
12 11
13 # http://symfony.com/doc/current/book/security.html#where-do-users-come-from-user-providers
14 providers: 12 providers:
15 in_memory: 13 administrators:
16 memory: 14 entity: { class: WallabagCoreBundle:Users, property: username }
17 users:
18 user: { password: userpass, roles: [ 'ROLE_USER' ] }
19 admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
20 15
21 # the main part of the security, where you can set up firewalls 16 # the main part of the security, where you can set up firewalls
22 # for specific sections of your app 17 # for specific sections of your app
23 firewalls: 18 firewalls:
24 # disables authentication for assets and the profiler, adapt it according to your needs 19 #wsse_secured:
25 dev: 20 # pattern: /api/.*
26 pattern: ^/(_(profiler|wdt)|css|images|js)/ 21 # wsse: true
27 security: false 22 login_firewall:
28 # the login page has to be accessible for everybody 23 pattern: ^/login$
29 demo_login: 24 anonymous: ~
30 pattern: ^/demo/secured/login$ 25
31 security: false 26 secured_area:
32 27 pattern: ^/
33 # secures part of the application 28 anonymous: ~
34 demo_secured_area:
35 pattern: ^/demo/secured/
36 # it's important to notice that in this case _demo_security_check and _demo_login
37 # are route names and that they are specified in the AcmeDemoBundle
38 form_login: 29 form_login:
39 check_path: _demo_security_check 30 login_path: /login
40 login_path: _demo_login 31
32 use_forward: false
33
34 check_path: /login_check
35
36 post_only: true
37
38 always_use_default_target_path: true
39 default_target_path: /
40 target_path_parameter: redirect_url
41 use_referer: true
42
43 failure_path: null
44 failure_forward: false
45
46 username_parameter: _username
47 password_parameter: _password
48
49 csrf_parameter: _csrf_token
50 intention: authenticate
51
41 logout: 52 logout:
42 path: _demo_logout 53 path: /logout
43 target: _demo 54 target: /
44 #anonymous: ~ 55
45 #http_basic:
46 # realm: "Secured Demo Area"
47
48 # with these settings you can restrict or allow access for different parts
49 # of your application based on roles, ip, host or methods
50 # http://symfony.com/doc/current/cookbook/security/access_control.html
51 access_control: 56 access_control:
52 #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } \ No newline at end of file 57 - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
58 - { path: ^/, roles: ROLE_USER }