security: # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: app_user_provider: entity: class: App\Entity\User property: email firewalls: dev: # Ensure dev tools and static assets are always allowed pattern: ^/(_profiler|_wdt|assets|build)/ security: false login: pattern: ^/api/login stateless: true provider: app_user_provider json_login: check_path: /api/login username_path: email password_path: password success_handler: lexik_jwt_authentication.handler.authentication_success failure_handler: lexik_jwt_authentication.handler.authentication_failure main: pattern: ^/api lazy: true stateless: true provider: app_user_provider jwt: ~ # Activate different ways to authenticate: # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true # Note: Only the *first* matching rule is applied access_control: - { path: ^/api/login, roles: PUBLIC_ACCESS } - { path: ^/api, roles: PUBLIC_ACCESS } when@test: security: password_hashers: # Password hashers are resource-intensive by design to ensure security. # In tests, it's safe to reduce their cost to improve performance. Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: algorithm: auto cost: 4 # Lowest possible value for bcrypt time_cost: 3 # Lowest possible value for argon memory_cost: 10 # Lowest possible value for argon