Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $this->getUser()
- $this->container->get('security.token_storage')->getToken()->getUser()
- $this->container->get('security.context')->getToken()->getUser()
- imports:
- - { resource: parameters.yml }
- - { resource: security.yml }
- - { resource: services.yml }
- - { resource: "@AdsElasticSearchBundle/Resources/config/services.yml" }
- - { resource: "@AdsElasticSearchBundle/Resources/config/fos_elastica.yml" }
- - { resource: "@AdsBotcoinBundle/Resources/config/services.yml" }
- # Put parameters here that don't need to change on each machine where the app is deployed
- # http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
- parameters:
- locale: en
- framework:
- #esi: ~
- translator: { fallbacks: ["%locale%"] }
- secret: "%secret%"
- router:
- resource: "%kernel.root_dir%/config/routing.yml"
- strict_requirements: ~
- form: ~
- csrf_protection: ~
- validation: { enable_annotations: true }
- #serializer: { enable_annotations: true }
- serializer:
- enabled: false
- templating:
- engines: ['twig']
- default_locale: fr
- trusted_hosts: ~
- trusted_proxies: ~
- session:
- # handler_id set to null will use default session handler from php.ini
- handler_id: ~
- fragments: ~
- http_method_override: true
- # Twig Configuration
- twig:
- debug: "%kernel.debug%"
- strict_variables: "%kernel.debug%"
- number_format:
- decimals: 0
- decimal_point: ','
- thousands_separator: ' '
- # Doctrine Configuration
- doctrine:
- dbal:
- driver: pdo_mysql
- host: "%database_host%"
- port: "%database_port%"
- dbname: "%database_name%"
- user: "%database_user%"
- password: "%database_password%"
- charset: UTF8
- types:
- json: SonataDoctrineTypesJsonType
- # if using pdo_sqlite as your database driver:
- # 1. add the path in parameters.yml
- # e.g. database_path: "%kernel.root_dir%/data/data.db3"
- # 2. Uncomment database_path in parameters.yml.dist
- # 3. Uncomment next line:
- #path: "%database_path%"
- orm:
- auto_generate_proxy_classes: "%kernel.debug%"
- naming_strategy: doctrine.orm.naming_strategy.underscore
- auto_mapping: true
- # Swiftmailer Configuration
- swiftmailer:
- transport: "%mailer_transport%"
- host: "%mailer_host%"
- username: "%mailer_user%"
- password: "%mailer_password%"
- spool: { type: memory }
- sonata_block:
- default_contexts: [cms]
- blocks:
- sonata.admin.block.admin_list:
- contexts: [admin]
- #sonata.admin_doctrine_orm.block.audit:
- # contexts: [admin]
- sonata.block.service.text:
- sonata.block.service.rss:
- # Some specific block from the SonataMediaBundle
- #sonata.media.block.media:
- #sonata.media.block.gallery:
- #sonata.media.block.feature_media:
- # Some block with different templates
- #acme.demo.block.demo:
- # templates:
- # - { name: 'Simple', template: 'AcmeDemoBundle:Block:demo_simple.html.twig' }
- # - { name: 'Big', template: 'AcmeDemoBundle:Block:demo_big.html.twig' }
- sonata_user:
- security_acl: true
- manager_type: orm # can be orm or mongodb
- sonata_block:
- blocks:
- #...
- sonata.user.block.menu: # used to display the menu in profile pages
- sonata.user.block.account: # used to display menu option (login option)
- sonata.block.service.text: # used to if you plan to use Sonata user routes
- # app/config/security.yml
- security:
- # [...]
- encoders:
- FOSUserBundleModelUserInterface: sha512
- acl:
- connection: default
- fos_user:
- db_driver: orm # can be orm or odm
- firewall_name: main
- user_class: ApplicationSonataUserBundleEntityUser
- group:
- group_class: ApplicationSonataUserBundleEntityGroup
- group_manager: sonata.user.orm.group_manager # If you're using doctrine orm (use sonata.user.mongodb.group_manager for mongodb)
- service:
- user_manager: sonata.user.orm.user_manager # If you're using doctrine orm (use sonata.user.mongodb.user_manager for mongodb)
- doctrine:
- dbal:
- types:
- json: SonataDoctrineTypesJsonType
- doctrine:
- orm:
- entity_managers:
- default:
- mappings:
- ApplicationSonataUserBundle: ~
- SonataUserBundle: ~
- FOSUserBundle: ~ # If SonataUserBundle extends it
- #fos_rest:
- # routing_loader:
- # include_format: false
- # view:
- # view_response_listener: true
- fos_rest:
- param_fetcher_listener: true
- body_listener: true
- format_listener: true
- view:
- view_response_listener: 'force'
- formats:
- xml: true
- json : true
- mime_types:
- json: ['application/json', 'application/x-json']
- jpg: ['image/jpeg']
- png: ['image/png']
- templating_formats:
- html: true
- force_redirects:
- html: true
- failed_validation: HTTP_BAD_REQUEST
- default_engine: twig
- routing_loader:
- default_format: json
- serializer:
- serialize_null: true
- jms_serializer:
- handlers:
- datetime:
- default_format: "Y-m-d\TH:i:sP"
- default_timezone: "UTC"
- lexik_jwt_authentication:
- private_key_path: '%jwt_private_key_path%'
- public_key_path: '%jwt_public_key_path%'
- pass_phrase: '%jwt_key_pass_phrase%'
- token_ttl: '%jwt_token_ttl%'
- # key under which the user identity will be stored in the token payload
- user_identity_field: username
- # token encoding/decoding settings
- encoder:
- # token encoder/decoder service - default implementation based on the namshi/jose library
- service: lexik_jwt_authentication.encoder.default
- # crypto engine used by the encoder service
- crypto_engine: openssl
- # encryption algorithm used by the encoder service
- signature_algorithm: RS256
- # token extraction settings
- token_extractors:
- authorization_header: # look for a token as Authorization Header
- enabled: true
- prefix: Bearer
- name: Authorization
- cookie: # check token in a cookie
- enabled: true
- name: BEARER
- query_parameter: # check token in query string parameter
- enabled: true
- name: bearer
- nelmio_cors:
- defaults:
- allow_credentials: false
- allow_origin: []
- allow_headers: []
- allow_methods: []
- expose_headers: []
- max_age: 0
- hosts: []
- origin_regex: false
- forced_allow_origin_value: ~
- paths:
- '^/api/':
- allow_origin: ['*']
- allow_headers: ['*']
- allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
- max_age: 3600
- '^/':
- origin_regex: true
- allow_origin: ['^http://localhost:[0-9]+']
- allow_headers: ['X-Custom-Auth']
- allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
- max_age: 3600
- hosts: ['^api.']
- # To get started with security, check out the documentation:
- # http://symfony.com/doc/current/security.html
- security:
- role_hierarchy:
- ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
- ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
- SONATA:
- - ROLE_SONATA_PAGE_ADMIN_PAGE_EDIT # if you are using acl then this line must be commented
- providers:
- #jwt:
- # lexik_jwt:
- # class: ApplicationSonataUserBundleEntityUser
- #chain_provider:
- # chain:
- # providers: [in_memory, fos_userbundle]
- fos_userbundle:
- #id: fos_user.user_manager
- id: fos_user.user_provider.username
- #in_memory:
- # memory:
- # users:
- # user: { password: password, roles: [ 'ROLE_USER' ] }
- # admin: { password: password, roles: [ 'ROLE_ADMIN' ] }
- encoders:
- FOSUserBundleModelUserInterface: bcrypt
- firewalls:
- # Disabling the security for the web debug toolbar, the profiler and Assetic.
- dev:
- pattern: ^/(_(profiler|wdt)|css|images|js)/
- security: false
- # -> custom firewall for the admin area of the URL
- admin:
- pattern: /admin(.*)
- context: user
- form_login:
- provider: fos_userbundle
- login_path: /admin/login
- use_forward: false
- check_path: /admin/login_check
- failure_path: null
- always_use_default_target_path: true
- default_target_path: /admin/dashboard
- logout:
- path: /admin/logout
- target: /admin/login
- anonymous: true
- api_login:
- pattern: ^/api/login
- stateless: true
- anonymous: false
- #provider: fos_userbundle
- form_login:
- provider: fos_userbundle
- check_path: /api/login_check
- success_handler: lexik_jwt_authentication.handler.authentication_success
- failure_handler: lexik_jwt_authentication.handler.authentication_failure
- require_previous_session: false
- username_parameter: username
- password_parameter: password
- logout: true
- api:
- pattern: ^/api
- #provider: fos_userbundle
- stateless: true
- lexik_jwt: ~
- guard:
- authenticators:
- - lexik_jwt_authentication.jwt_token_authenticator
- #- ads_elastic_search.jwt_token_authenticator
- #lexik_jwt:
- # authorization_header:
- # enabled: true
- # prefix: Bearer
- # query_parameter:
- # enabled: true
- # name: bearer
- #lexik_jwt:
- # authorization_header:
- # enabled: true
- # prefix: Bearer
- # query_parameter:
- # enabled: false
- # name: bearer
- # throw_exceptions: true
- # create_entry_point: false
- # authentication_provider: lexik_jwt_authentication.security.authentication.provider
- #guard:
- # authenticators:
- # - lexik_jwt_authentication.jwt_token_authenticator
- # -> end custom configuration
- # default login area for standard users
- # This firewall is used to handle the public login area
- # This part is handled by the FOS User Bundle
- main:
- pattern: .*
- context: user
- form_login:
- provider: fos_userbundle
- login_path: /login
- use_forward: false
- check_path: /login_check
- failure_path: null
- logout: true
- anonymous: true
- access_control:
- # URL of FOSUserBundle which need to be available to anonymous users
- - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # Admin login page needs to be accessed without credential
- - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/admin/login_check$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/admin/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # Secured part of the site
- # This config requires being logged for the whole site and having the admin role for the admin part.
- # Change these rules to adapt them to your needs
- - { path: ^/admin/, role: [ROLE_ADMIN, ROLE_SONATA_ADMIN] }
- - { path: ^/.*, role: IS_AUTHENTICATED_ANONYMOUSLY }
- # Api
- - { path: ^/api/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- - { path: ^/api, roles: IS_AUTHENTICATED_FULLY }
- - { path: ^/api/token/refresh, roles: IS_AUTHENTICATED_ANONYMOUSLY }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement