Part-DB.Part-DB-server/config/packages/security.yaml

security:
    enable_authenticator_manager: true

    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\UserSystem\User
                property: name

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            provider: app_user_provider
            lazy: true
            user_checker: App\Security\UserChecker

            two_factor:
                auth_form_path: 2fa_login
                check_path: 2fa_login_check
                enable_csrf: true

            login_throttling:
                max_attempts: 5 # per minute

            # https://symfony.com/doc/current/security/form_login_setup.html
            form_login:
                login_path: login
                check_path: login
                enable_csrf: true
                use_referer: true
                default_target_path: '/'

            logout:
                path: logout
                target: homepage

            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 2592000 # 30 days in seconds

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # This makes the logout route available during two-factor authentication, allows the user to cancel
        - { path: ^/logout, role: PUBLIC_ACCESS }
        # This ensures that the form can only be accessed when two-factor authentication is in progress
        - { path: "^/\\w{2}/2fa", role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
        # We get into trouble with the U2F authentication, if the calls to the trees trigger an 2FA login
        # This settings should not do much harm, because a read only access to show available data structures is not really critical
        - { path: "^/\\w{2}/tree", role: PUBLIC_ACCESS }
Initial commit 2019-02-23 16:49:38 +01:00			`security:`
Use the new authenticator system introduced in symfony 5.1 2022-08-14 17:09:57 +02:00			`enable_authenticator_manager: true`

			`password_hashers:`
			`Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00
Initial commit 2019-02-23 16:49:38 +01:00			`# https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers`
			`providers:`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00			`# used to reload user from session & other features (e.g. switch_user)`
			`app_user_provider:`
			`entity:`
Added an option for mass creation of structured data. 2019-08-12 22:41:58 +02:00			`class: App\Entity\UserSystem\User`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00			`property: name`
Use the new authenticator system introduced in symfony 5.1 2022-08-14 17:09:57 +02:00
Initial commit 2019-02-23 16:49:38 +01:00			`firewalls:`
			`dev:`
			`pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/`
			`security: false`
			`main:`
Use the new authenticator system introduced in symfony 5.1 2022-08-14 17:09:57 +02:00			`provider: app_user_provider`
Use LogoutEvent listener instead of deprecated LogoutHandler. 2020-05-31 13:48:36 +02:00			`lazy: true`
Allow to disable a user in admin settings. When a user is disabled, he can not login. 2019-10-26 23:22:27 +02:00			`user_checker: App\Security\UserChecker`
Initial commit 2019-02-23 16:49:38 +01:00
Implemented the two factor auth login form. 2019-12-23 18:45:32 +01:00			`two_factor:`
			`auth_form_path: 2fa_login`
			`check_path: 2fa_login_check`
Use the newer scheb/2fa bundle instead of scheb/two_factor_bundle Currently the U2F auth is broken, as there is no plugin supporting it in the new system 2022-08-13 23:33:05 +02:00			`enable_csrf: true`
Implemented the two factor auth login form. 2019-12-23 18:45:32 +01:00
Added login rate throttling 2023-02-11 21:55:24 +01:00			`login_throttling:`
			`max_attempts: 5 # per minute`
Initial commit 2019-02-23 16:49:38 +01:00
			`# https://symfony.com/doc/current/security/form_login_setup.html`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00			`form_login:`
			`login_path: login`
			`check_path: login`
Use the new authenticator system introduced in symfony 5.1 2022-08-14 17:09:57 +02:00			`enable_csrf: true`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00			`use_referer: true`
Use language setting of users when logging in. 2019-09-12 17:50:33 +02:00			`default_target_path: '/'`
Added user entity and basic login/logout system. 2019-03-14 18:01:41 +01:00
			`logout:`
			`path: logout`
			`target: homepage`
Initial commit 2019-02-23 16:49:38 +01:00
Added a remember me function to the login form. 2019-03-14 18:27:29 +01:00			`remember_me:`
			`secret: '%kernel.secret%'`
			`lifetime: 2592000 # 30 days in seconds`

Initial commit 2019-02-23 16:49:38 +01:00			`# Easy way to control access for large sections of your site`
			`# Note: Only the first access control that matches will be used`
			`access_control:`
Implemented the two factor auth login form. 2019-12-23 18:45:32 +01:00			`# This makes the logout route available during two-factor authentication, allows the user to cancel`
Use PUBLIC_ACCESS role instead of IS_AUTHENTICATED_ANONYMOUSLY role 2022-08-14 19:11:42 +02:00			`- { path: ^/logout, role: PUBLIC_ACCESS }`
Implemented the two factor auth login form. 2019-12-23 18:45:32 +01:00			`# This ensures that the form can only be accessed when two-factor authentication is in progress`
Added 2FA with U2F keys. 2019-12-29 13:35:30 +01:00			`- { path: "^/\\w{2}/2fa", role: IS_AUTHENTICATED_2FA_IN_PROGRESS }`
			`# We get into trouble with the U2F authentication, if the calls to the trees trigger an 2FA login`
			`# This settings should not do much harm, because a read only access to show available data structures is not really critical`
Use PUBLIC_ACCESS role instead of IS_AUTHENTICATED_ANONYMOUSLY role 2022-08-14 19:11:42 +02:00			`- { path: "^/\\w{2}/tree", role: PUBLIC_ACCESS }`