Skip to content
This repository was archived by the owner on Oct 15, 2025. It is now read-only.

Commit ae769fc

Browse files
pan93412pan93412
committed
refactor(config): Migrate security.yaml to PHP
1 parent 6b1719a commit ae769fc

File tree

2 files changed

+85
-64
lines changed

2 files changed

+85
-64
lines changed

config/packages/security.php

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
use App\Entity\User;
6+
use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
7+
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
8+
use Symfony\Config\Security\PasswordHasherConfig;
9+
use Symfony\Config\SecurityConfig;
10+
11+
use function Symfony\Component\DependencyInjection\Loader\Configurator\param;
12+
13+
return static function (ContainerConfigurator $containerConfigurator, SecurityConfig $securityConfig): void {
14+
$securityConfig->passwordHasher(PasswordAuthenticatedUserInterface::class, 'auto');
15+
16+
$securityConfig
17+
->provider('app_user_provider')
18+
->entity()
19+
->class(User::class)
20+
->property('email');
21+
22+
$securityConfig
23+
->firewall('dev')
24+
->pattern('^/(_(profiler|wdt)|css|images|js)/')
25+
->security(false);
26+
27+
$mainFirewall = $securityConfig->firewall('main');
28+
29+
$mainFirewall
30+
->lazy(true)
31+
->provider('app_user_provider');
32+
33+
$mainFirewall
34+
->formLogin()
35+
->loginPath('app_login')
36+
->checkPath('app_login')
37+
->enableCsrf(true);
38+
39+
$mainFirewall
40+
->logout()
41+
->path('app_logout')
42+
->target('app_home');
43+
44+
$mainFirewall
45+
->rememberMe()
46+
->secret(param('kernel.secret'))
47+
->lifetime(604800);
48+
49+
$mainFirewall->switchUser();
50+
51+
// Allow anonymous access to the login form.
52+
$securityConfig
53+
->accessControl()
54+
->route('app_login')
55+
->roles('PUBLIC_ACCESS');
56+
57+
// Allow anonymous access to the feedback form.
58+
$securityConfig
59+
->accessControl()
60+
->route('app_feedback')
61+
->roles('PUBLIC_ACCESS');
62+
63+
// Admin
64+
$securityConfig
65+
->accessControl()
66+
->path('^/admin')
67+
->roles('ROLE_ADMIN');
68+
69+
// Others (for example, apps)
70+
$securityConfig
71+
->accessControl()
72+
->path('^/')
73+
->roles('ROLE_USER');
74+
75+
if ('test' === $containerConfigurator->env()) {
76+
$passwordHasher = $securityConfig->passwordHasher(PasswordAuthenticatedUserInterface::class);
77+
assert($passwordHasher instanceof PasswordHasherConfig);
78+
79+
$passwordHasher
80+
->algorithm('auto')
81+
->cost(4)
82+
->timeCost(3)
83+
->memoryCost(10);
84+
}
85+
};

config/packages/security.yaml

Lines changed: 0 additions & 64 deletions
This file was deleted.

0 commit comments

Comments
 (0)