symfony
diff --git a/‎config/packages/dev/mailer.yaml‎
Lines changed: 0 additions & 4 deletions b/‎config/packages/dev/mailer.yaml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎config/packages/framework.yaml‎
Lines changed: 7 additions & 0 deletions b/‎config/packages/framework.yaml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎config/packages/mailer.yaml‎
Lines changed: 12 additions & 0 deletions b/‎config/packages/mailer.yaml‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎config/packages/prod/routing.yaml‎
Lines changed: 0 additions & 3 deletions b/‎config/packages/prod/routing.yaml‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎config/packages/routing.yaml‎
Lines changed: 5 additions & 0 deletions b/‎config/packages/routing.yaml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎config/packages/security.yaml‎
Lines changed: 22 additions & 6 deletions b/‎config/packages/security.yaml‎
Lines changed: 22 additions & 6 deletions
diff --git a/‎config/packages/test/framework.yaml‎
Lines changed: 0 additions & 4 deletions b/‎config/packages/test/framework.yaml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎config/packages/test/mailer.yaml‎
Lines changed: 0 additions & 4 deletions b/‎config/packages/test/mailer.yaml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎config/packages/test/security.yaml‎
Lines changed: 0 additions & 6 deletions b/‎config/packages/test/security.yaml‎
Lines changed: 0 additions & 6 deletions
diff --git a/‎config/packages/test/twig.yaml‎
Lines changed: 0 additions & 2 deletions b/‎config/packages/test/twig.yaml‎
Lines changed: 0 additions & 2 deletions
@@ -10,6 +10,7 @@ framework:
         handler_id: null
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     # When using the HTTP Cache, ESI allows to render page fragments separately
     # and with different cache configurations for each fragment
@@ -25,3 +26,9 @@ framework:
     # When 'ide' is set to null the file is opened in your web browser.
     # See https://symfony.com/doc/current/reference/configuration/framework.html#ide
     ide: null
+
+when@test:
+    framework:
+        test: true
+        session:
+            storage_factory_id: session.storage.factory.mock_file
@@ -1,3 +1,15 @@
 framework:
     mailer:
         dsn: '%env(MAILER_DSN)%'
+
+when@dev:
+    framework:
+        mailer:
+            # this disables delivery of messages entirely
+            dsn: 'null://null'
+
+when@test:
+    framework:
+        mailer:
+            # this disables delivery of messages entirely
+            dsn: 'null://null'
@@ -5,3 +5,8 @@ framework:
         # Configure how to generate URLs in non-HTTP contexts, such as CLI commands.
         # See https://symfony.com/doc/current/routing.html#generating-urls-in-commands
         #default_uri: http://localhost
+
+when@prod:
+    framework:
+        router:
+            strict_requirements: null
@@ -1,5 +1,10 @@
 security:
-    encoders:
+    # a new authentication system is available since Symfony 5.1 to make
+    # Symfony security more extensible and easier to understand
+    # https://symfony.com/doc/current/security/experimental_authenticators.html
+    enable_authenticator_manager: true
+
+    password_hashers:
         # Our user class and the algorithm we'll use to encode passwords
         # 'auto' means to let Symfony choose the best possible password hasher (Argon2 or Bcrypt)
         # https://symfony.com/doc/current/security.html#c-encoding-passwords
@@ -23,9 +28,6 @@ security:
             # this firewall applies to all URLs
             pattern: ^/
 
-            # but the firewall does not require login on every page
-            # denying access is done in access_control or in your controllers
-            anonymous: true
             lazy: true
 
             # The user provider to use.
@@ -40,8 +42,8 @@ security:
                 # When the user tries to access a protected page, they are redirected here
                 login_path: security_login
                 # Secure the login form against CSRF
-                # Reference: https://symfony.com/doc/current/security/csrf.html#csrf-protection-in-login-forms
-                csrf_token_generator: security.csrf.token_manager
+                # Reference: https://symfony.com/doc/current/security/csrf.html
+                enable_csrf: true
                 # The page users are redirect to when there is no previous page stored in the
                 # session (for example when the users access directly to the login page).
                 default_target_path: blog_index
@@ -52,6 +54,12 @@ security:
                 # The name of the route to redirect to after logging out
                 target: homepage
 
+            # needed because in tests we redefine the 'main' firewall to use
+            # HTTP Basic instead of he login form, so this firewall has
+            # multiple authenticators
+            # See https://symfony.com/doc/current/security/experimental_authenticators.html#configuring-the-authentication-entry-point
+            entry_point: 'form_login'
+
     # Easy way to control access for large sections of your site
     # Note: Only the *first* access control that matches will be used
     access_control:
@@ -61,3 +69,11 @@ security:
 
     role_hierarchy:
         ROLE_ADMIN: ROLE_USER
+
+when@test:
+    # this configuration simplifies testing URLs protected by the security mechanism
+    # See https://symfony.com/doc/current/testing/http_authentication.html
+    security:
+        firewalls:
+            main:
+                http_basic: ~