From 00b0f163e58f13c8a5b2aa125589eff79b6e5aa8 Mon Sep 17 00:00:00 2001 From: tracer Date: Mon, 11 Apr 2022 17:34:31 +0200 Subject: [PATCH] added custom authenticator --- config/packages/security.yaml | 45 ++++++++++++++++++++++------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/config/packages/security.yaml b/config/packages/security.yaml index 031db6d..8cdfa08 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -1,18 +1,20 @@ security: + enable_authenticator_manager: true + + hide_user_not_found: false + + # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' App\Entity\User: algorithm: auto - # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers + # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: - # used to reload user from session & other features (e.g. switch_user) app_user_provider: entity: class: App\Entity\User property: username - - enable_authenticator_manager: true - firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ @@ -20,16 +22,15 @@ security: main: lazy: true provider: app_user_provider - guard: - authenticators: - - App\Security\AppAuthenticator - logout: - path: app_logout - # where to redirect after logout - # target: app_any_route + custom_authenticator: App\Security\LoginFormAuthenticator + logout: true + + remember_me: + secret: '%kernel.secret%' + signature_properties: [password] # activate different ways to authenticate - # https://symfony.com/doc/current/security.html#firewalls-authentication + # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true @@ -37,6 +38,18 @@ security: # Easy way to control access for large sections of your site # Note: Only the *first* access control that matches will be used access_control: - # - { path: ^/admin/login, roles: PUBLIC_ACCESS } - # - { path: ^/admin, roles: ROLE_ADMIN } - # - { path: ^/profile, roles: ROLE_USER } + - { path: ^/admin, roles: ROLE_ADMIN } + - { path: ^/profile/edit, roles: ROLE_USER } + +when@test: + security: + password_hashers: + # By default, password hashers are resource intensive and take time. This is + # important to generate secure password hashes. In tests however, secure hashes + # are not important, waste resources and increase test times. The following + # reduces the work factor to the lowest possible values. + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: + algorithm: auto + cost: 4 # Lowest possible value for bcrypt + time_cost: 3 # Lowest possible value for argon + memory_cost: 10 # Lowest possible value for argon