Skip to content
This repository was archived by the owner on Oct 15, 2025. It is now read-only.

Commit e2cf70d

Browse files
pan93412pan93412
committed
refactor(config): Migrate security.yaml to PHP
1 parent 48bae10 commit e2cf70d

File tree

2 files changed

+87
-64
lines changed

2 files changed

+87
-64
lines changed

config/packages/security.php

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
use App\Entity\User;
6+
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
7+
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
8+
use Symfony\Config\Security\PasswordHasherConfig;
9+
use Symfony\Config\SecurityConfig;
10+
11+
use function Symfony\Component\DependencyInjection\Loader\Configurator\param;
12+
13+
return static function (ContainerConfigurator $containerConfigurator, SecurityConfig $securityConfig): void {
14+
$securityConfig->passwordHasher(PasswordAuthenticatedUserInterface::class, 'auto');
15+
16+
// used to reload user from session & other features (e.g. switch_user)
17+
$securityConfig
18+
->provider('app_user_provider')
19+
->entity()
20+
->class(User::class)
21+
->property('email');
22+
23+
$securityConfig
24+
->firewall('dev')
25+
->pattern('^/(_(profiler|wdt)|css|images|js)/')
26+
->security(false);
27+
28+
$mainFirewall = $securityConfig->firewall('main');
29+
30+
$mainFirewall
31+
->lazy(true)
32+
->provider('app_user_provider');
33+
34+
$mainFirewall
35+
->formLogin()
36+
->loginPath('app_login')
37+
->checkPath('app_login')
38+
->enableCsrf(true);
39+
40+
$mainFirewall
41+
->logout()
42+
->path('app_logout')
43+
->target('app_home');
44+
45+
$mainFirewall
46+
->rememberMe()
47+
->secret(param('kernel.secret'))
48+
->lifetime(604800 /* 1 week in seconds */);
49+
50+
// https://symfony.com/doc/current/security/impersonating_user.html
51+
$mainFirewall->switchUser();
52+
53+
// Allow anonymous access to the login form.
54+
$securityConfig
55+
->accessControl()
56+
->route('app_login')
57+
->roles('PUBLIC_ACCESS');
58+
59+
// Allow anonymous access to the feedback form.
60+
$securityConfig
61+
->accessControl()
62+
->route('app_feedback')
63+
->roles('PUBLIC_ACCESS');
64+
65+
// Admin
66+
$securityConfig
67+
->accessControl()
68+
->path('^/admin')
69+
->roles('ROLE_ADMIN');
70+
71+
// Others (for example, apps)
72+
$securityConfig
73+
->accessControl()
74+
->path('^/')
75+
->roles('ROLE_USER');
76+
77+
if ('test' === $containerConfigurator->env()) {
78+
$passwordHasher = $securityConfig->passwordHasher(PasswordAuthenticatedUserInterface::class);
79+
assert($passwordHasher instanceof PasswordHasherConfig);
80+
81+
$passwordHasher
82+
->algorithm('auto')
83+
->cost(4)
84+
->timeCost(3)
85+
->memoryCost(10);
86+
}
87+
};

config/packages/security.yaml

Lines changed: 0 additions & 64 deletions
This file was deleted.

0 commit comments

Comments
 (0)