security.yaml

1. security:
2.    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
3.     enable_authenticator_manager: true
4.     password_hashers:
5.         Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
6.  
7.     providers:
8.         app_user_provider:
9.             entity:
10.                 class: App\Entity\Langilea
11.                 property: NA
12.     firewalls:
13.         dev:
14.             pattern: ^/(_(profiler|wdt)|css|images|js)/
15.             security: false
16.         giltza:
17.             pattern: ^/login/giltza
18.             lazy: true
19.             provider: app_user_provider
20.             custom_authenticator:
21.                - App\Security\OauthAuthenticator
22.  
23.             logout:
24.                 path: app_logout
25.                 target: /
26.                 invalidate_session: true
27.  
28.             # activate different ways to authenticate
29.             # https://symfony.com/doc/current/security.html#the-firewall
30.  
31.             # https://symfony.com/doc/current/security/impersonating_user.html
32.             # switch_user: true
33.  
34.         ldap:
35. #            pattern: ^/login
36.             lazy: true
37.             provider: app_user_provider
38.             custom_authenticator: App\Security\FormLoginAuthenticator
39.             entry_point: App\Security\FormLoginAuthenticator
40.             logout:
41.                 path: app_logout
42.                 target: /
43.                 invalidate_session: true
44.             remember_me:
45.                 secret: '%kernel.secret%' # required
46.                 lifetime: 2419200 # 1 month in seconds
47.                 # by default, the feature is enabled by checking a
48.                 # checkbox in the login form (see below), uncomment the
49.                 # following line to always enable it.
50.                 # always_remember_me: true
51.  
52.             # configure the maximum login attempts
53.             login_throttling:
54.                 max_attempts: 5          # per minute ...
55.                 # interval: '15 minutes' # ... or in a custom period
56.  
57.     # Easy way to control access for large sections of your site
58.     # Note: Only the *first* access control that matches will be used
59.     access_control:
60.         - { path: ^/admin, roles: ROLE_USER }
61.         - { path: ^/profile, roles: ROLE_USER }
62.  
63. when@test:
64.     security:
65.         password_hashers:
66.            # By default, password hashers are resource intensive and take time. This is
67.             # important to generate secure password hashes. In tests however, secure hashes
68.             # are not important, waste resources and increase test times. The following
69.             # reduces the work factor to the lowest possible values.
70.             Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
71.                 algorithm: auto
72.                 cost: 4 # Lowest possible value for bcrypt
73.                 time_cost: 3 # Lowest possible value for argon
74.                 memory_cost: 10 # Lowest possible value for argon
75.