diff options
Diffstat (limited to 'app/config')
-rw-r--r-- | app/config/config.yml | 11 | ||||
-rw-r--r-- | app/config/routing.yml | 8 | ||||
-rw-r--r-- | app/config/security.yml | 9 |
3 files changed, 26 insertions, 2 deletions
diff --git a/app/config/config.yml b/app/config/config.yml index 4b34af30..2d8f9bf0 100644 --- a/app/config/config.yml +++ b/app/config/config.yml | |||
@@ -198,10 +198,17 @@ fos_oauth_server: | |||
198 | refresh_token_lifetime: 1209600 | 198 | refresh_token_lifetime: 1209600 |
199 | 199 | ||
200 | scheb_two_factor: | 200 | scheb_two_factor: |
201 | trusted_computer: | 201 | trusted_device: |
202 | enabled: true | 202 | enabled: true |
203 | cookie_name: wllbg_trusted_computer | 203 | cookie_name: wllbg_trusted_computer |
204 | cookie_lifetime: 2592000 | 204 | lifetime: 2592000 |
205 | |||
206 | backup_codes: | ||
207 | enabled: "%twofactor_auth%" | ||
208 | |||
209 | google: | ||
210 | enabled: "%twofactor_auth%" | ||
211 | template: WallabagUserBundle:Authentication:form.html.twig | ||
205 | 212 | ||
206 | email: | 213 | email: |
207 | enabled: "%twofactor_auth%" | 214 | enabled: "%twofactor_auth%" |
diff --git a/app/config/routing.yml b/app/config/routing.yml index 0bd2d130..a7c0f7e9 100644 --- a/app/config/routing.yml +++ b/app/config/routing.yml | |||
@@ -51,3 +51,11 @@ craue_config_settings_modify: | |||
51 | 51 | ||
52 | fos_js_routing: | 52 | fos_js_routing: |
53 | resource: "@FOSJsRoutingBundle/Resources/config/routing/routing.xml" | 53 | resource: "@FOSJsRoutingBundle/Resources/config/routing/routing.xml" |
54 | |||
55 | 2fa_login: | ||
56 | path: /2fa | ||
57 | defaults: | ||
58 | _controller: "scheb_two_factor.form_controller:form" | ||
59 | |||
60 | 2fa_login_check: | ||
61 | path: /2fa_check | ||
diff --git a/app/config/security.yml b/app/config/security.yml index 96489e26..6a21b4e5 100644 --- a/app/config/security.yml +++ b/app/config/security.yml | |||
@@ -56,9 +56,17 @@ security: | |||
56 | path: /logout | 56 | path: /logout |
57 | target: / | 57 | target: / |
58 | 58 | ||
59 | two_factor: | ||
60 | provider: fos_userbundle | ||
61 | auth_form_path: 2fa_login | ||
62 | check_path: 2fa_login_check | ||
63 | |||
59 | access_control: | 64 | access_control: |
60 | - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } | 65 | - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY } |
61 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 66 | - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
67 | # force role for logout otherwise when 2fa enable, you won't be able to logout | ||
68 | # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478 | ||
69 | - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] } | ||
62 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } | 70 | - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY } |
63 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } | 71 | - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY } |
64 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 72 | - { path: /(unread|starred|archive|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
@@ -67,5 +75,6 @@ security: | |||
67 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } | 75 | - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY } |
68 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } | 76 | - { path: ^/settings, roles: ROLE_SUPER_ADMIN } |
69 | - { path: ^/annotations, roles: ROLE_USER } | 77 | - { path: ^/annotations, roles: ROLE_USER } |
78 | - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS } | ||
70 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } | 79 | - { path: ^/users, roles: ROLE_SUPER_ADMIN } |
71 | - { path: ^/, roles: ROLE_USER } | 80 | - { path: ^/, roles: ROLE_USER } |