Sylius/config/packages/security.yaml

152 lines
7.1 KiB
YAML

parameters:
sylius.security.admin_regex: "^/%sylius_admin.path_name%"
sylius.security.api_regex: "^/api"
sylius.security.shop_regex: "^/(?!%sylius_admin.path_name%|new-api|api/.*|api$|media/.*)[^/]++"
sylius.security.new_api_route: "/new-api"
sylius.security.new_api_regex: "^%sylius.security.new_api_route%"
sylius.security.new_api_admin_route: "%sylius.security.new_api_route%/admin"
sylius.security.new_api_admin_regex: "^%sylius.security.new_api_admin_route%"
sylius.security.new_api_shop_route: "%sylius.security.new_api_route%/shop"
sylius.security.new_api_shop_regex: "^%sylius.security.new_api_shop_route%"
sylius.security.new_api_user_account_route: "%sylius.security.new_api_shop_route%/account"
sylius.security.new_api_user_account_regex: "^%sylius.security.new_api_user_account_route%"
security:
always_authenticate_before_granting: true
providers:
sylius_admin_user_provider:
id: sylius.admin_user_provider.email_or_name_based
sylius_api_admin_user_provider:
id: sylius.admin_user_provider.email_or_name_based
sylius_shop_user_provider:
id: sylius.shop_user_provider.email_or_name_based
sylius_api_shop_user_provider:
id: sylius.shop_user_provider.email_or_name_based
encoders:
Sylius\Component\User\Model\UserInterface: argon2i
firewalls:
admin:
switch_user: true
context: admin
pattern: "%sylius.security.admin_regex%"
provider: sylius_admin_user_provider
form_login:
provider: sylius_admin_user_provider
login_path: sylius_admin_login
check_path: sylius_admin_login_check
failure_path: sylius_admin_login
default_target_path: sylius_admin_dashboard
use_forward: false
use_referer: true
csrf_token_generator: security.csrf.token_manager
csrf_parameter: _csrf_admin_security_token
csrf_token_id: admin_authenticate
remember_me:
secret: "%env(APP_SECRET)%"
path: "/%sylius_admin.path_name%"
name: APP_ADMIN_REMEMBER_ME
lifetime: 31536000
remember_me_parameter: _remember_me
logout:
path: sylius_admin_logout
target: sylius_admin_login
anonymous: true
oauth_token:
pattern: "%sylius.security.api_regex%/oauth/v2/token"
security: false
new_api_admin_user:
pattern: "%sylius.security.new_api_admin_regex%/.*"
provider: sylius_api_admin_user_provider
stateless: true
anonymous: true
json_login:
check_path: "%sylius.security.new_api_route%/admin/authentication-token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
new_api_shop_user:
pattern: "%sylius.security.new_api_shop_regex%/.*"
provider: sylius_api_shop_user_provider
stateless: true
anonymous: true
json_login:
check_path: "%sylius.security.new_api_route%/shop/authentication-token"
username_path: email
password_path: password
success_handler: lexik_jwt_authentication.handler.authentication_success
failure_handler: lexik_jwt_authentication.handler.authentication_failure
guard:
authenticators:
- lexik_jwt_authentication.jwt_token_authenticator
api:
pattern: "%sylius.security.api_regex%/.*"
provider: sylius_admin_user_provider
fos_oauth: true
stateless: true
anonymous: true
shop:
switch_user: { role: ROLE_ALLOWED_TO_SWITCH }
context: shop
pattern: "%sylius.security.shop_regex%"
provider: sylius_shop_user_provider
form_login:
success_handler: sylius.authentication.success_handler
failure_handler: sylius.authentication.failure_handler
provider: sylius_shop_user_provider
login_path: sylius_shop_login
check_path: sylius_shop_login_check
failure_path: sylius_shop_login
default_target_path: sylius_shop_homepage
use_forward: false
use_referer: true
csrf_token_generator: security.csrf.token_manager
csrf_parameter: _csrf_shop_security_token
csrf_token_id: shop_authenticate
remember_me:
secret: "%env(APP_SECRET)%"
name: APP_SHOP_REMEMBER_ME
lifetime: 31536000
remember_me_parameter: _remember_me
logout:
path: sylius_shop_logout
target: sylius_shop_login
invalidate_session: false
success_handler: sylius.handler.shop_user_logout
anonymous: true
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
access_control:
- { path: "%sylius.security.admin_regex%/_partial", role: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.admin_regex%/_partial", role: ROLE_NO_ACCESS }
- { path: "%sylius.security.shop_regex%/_partial", role: IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1] }
- { path: "%sylius.security.shop_regex%/_partial", role: ROLE_NO_ACCESS }
- { path: "%sylius.security.admin_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.api_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/login", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/register", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.shop_regex%/verify", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.admin_regex%", role: ROLE_ADMINISTRATION_ACCESS }
- { path: "%sylius.security.api_regex%/.*", role: ROLE_API_ACCESS }
- { path: "%sylius.security.shop_regex%/account", role: ROLE_USER }
- { path: "%sylius.security.new_api_admin_regex%/.*", role: ROLE_API_ACCESS }
- { path: "%sylius.security.new_api_route%/admin/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.new_api_shop_regex%/.*", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.new_api_route%/shop/authentication-token", role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: "%sylius.security.new_api_user_account_regex%/.*", role: ROLE_USER }