partkeepr/PartKeepr

View on GitHub
app/config/security.yml

Summary

Maintainability
Test Coverage
security:
    encoders:
        Symfony\Component\Security\Core\User\User:
          algorithm: sha512
          iterations: 1
        FOS\UserBundle\Model\UserInterface:
          algorithm: sha512
          iterations: 1
        PartKeepr\AuthBundle\Entity\User:
          algorithm: md5
          iterations: 1
          encode_as_base64: false

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: ROLE_ADMIN

    providers:
        chain_provider:
            chain:
                providers: [in_memory, fos_userbundle, fr3d_ldapbundle, legacy]
        legacy:
            id: partkeepr_legacy_user_provider
        in_memory:
            memory: ~
        fos_userbundle:
            id: fos_user.user_provider.username
        fr3d_ldapbundle:
            id: fr3d_ldap.security.user.provider

    firewalls:
        login:
            pattern: ^/api/users/getSalt
            security: false
        main:
            stateless: false # Stores authentification within a cookie. This is important to allow file uploads without having to send authentification data.
            pattern: ^/api/.*
            provider: chain_provider
            fr3d_ldap_httpbasic:
                provider: chain_provider
            http_basic:
                provider: chain_provider
            remote_user:
                provider: chain_provider
            wsse:
                realm: "Secured with WSSE" #identifies the set of resources to which the authentication information will apply (WWW-Authenticate)
                profile: "UsernameToken" #WSSE profile (WWW-Authenticate)
                encoder: #digest algorithm
                    algorithm: sha512
                    encodeHashAsBase64:    true
                    iterations: 1

    access_control:
        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }