diff options
Diffstat (limited to 'app/config/security.yml')
| -rw-r--r-- | app/config/security.yml | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/app/config/security.yml b/app/config/security.yml index 02afc9ea..760b2550 100644 --- a/app/config/security.yml +++ b/app/config/security.yml | |||
| @@ -31,12 +31,15 @@ security: | |||
| 31 | fos_oauth: true | 31 | fos_oauth: true |
| 32 | stateless: true | 32 | stateless: true |
| 33 | anonymous: true | 33 | anonymous: true |
| 34 | provider: fos_userbundle | ||
| 34 | 35 | ||
| 35 | login_firewall: | 36 | login_firewall: |
| 37 | logout_on_user_change: true | ||
| 36 | pattern: ^/login$ | 38 | pattern: ^/login$ |
| 37 | anonymous: ~ | 39 | anonymous: ~ |
| 38 | 40 | ||
| 39 | secured_area: | 41 | secured_area: |
| 42 | logout_on_user_change: true | ||
| 40 | pattern: ^/ | 43 | pattern: ^/ |
| 41 | form_login: | 44 | form_login: |
| 42 | provider: fos_userbundle | 45 | provider: fos_userbundle |
| @@ -53,17 +56,27 @@ security: | |||
| 53 | path: /logout | 56 | path: /logout |
| 54 | target: / | 57 | target: / |
| 55 | 58 | ||
| 59 | two_factor: | ||
| 60 | provider: fos_userbundle | ||
| 61 | auth_form_path: 2fa_login | ||
| 62 | check_path: 2fa_login_check | ||
| 63 | |||
| 56 | access_control: | 64 | access_control: |
| 57 | - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 65 | - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } |
| 58 | - { path: ^/api/version, roles: IS_AUTHENTICATED_ANONYMOUSLY } | ||
| 59 | - { path: ^/api/user, roles: IS_AUTHENTICATED_ANONYMOUSLY } | ||
| 60 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 66 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
| 67 | # force role for logout otherwise when 2fa enable, you won't be able to logout | ||
| 68 | # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478 | ||
| 69 | - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] } | ||
| 61 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } | 70 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } |
| 62 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } | 71 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } |
| 63 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 72 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
| 73 | - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY } | ||
| 64 | - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 74 | - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
| 75 | - { path: ^/feed, roles: IS_AUTHENTICATED_ANONYMOUSLY } | ||
| 76 | - { path: /(unread|starred|archive).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } # For backwards compatibility | ||
| 65 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 77 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
| 66 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } | 78 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } |
| 67 | - { path: ^/annotations, roles: ROLE_USER } | 79 | - { path: ^/annotations, roles: ROLE_USER } |
| 80 | - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } | ||
| 68 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } | 81 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } |
| 69 | - { path: ^/, roles: ROLE_USER } | 82 | - { path: ^/, roles: ROLE_USER } |