6fa970e60d
- Rename all references from E-Cosplay/Ecosplay to SITECONSEIL - Update entity from Association to SARL SITECONSEIL (Siret: 418664058) - Update address to 27 rue Le Serurier, 02100 Saint-Quentin - Update emails: contact@siteconseil.fr, rgpd@siteconseil.fr - Update hosting from GCP to OVHcloud (Roubaix, Gravelines, Strasbourg, Paris) - Update legal pages: mentions legales, CGV, RGPD, conformite, hebergement, cookies, CGU - Add tarifs page with tabs: Site Internet, E-Commerce, Nom de domaine, Esy-Mail, Esy-Mailer, Esy-Tchat, Esy-Meet, Esy-Defender - Add Discord webhook notification workflow - Disable deploy and sonarqube workflows - Update OAuth Keycloak realm to master - Update logo references to logo_facture.png - Remove forced image sizing in Liip Imagine filters - Update SonarQube project key and badge token - Update tribunal competent to Saint-Quentin - Move tarif tabs JS to app.js (CSP compliance) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
72 lines
2.6 KiB
YAML
72 lines
2.6 KiB
YAML
security:
|
|
# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
|
|
password_hashers:
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
|
|
|
# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
|
|
providers:
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_profiler|_wdt|assets|build)/
|
|
security: false
|
|
webhooks:
|
|
pattern: ^/webhooks/
|
|
security: false
|
|
main:
|
|
lazy: true
|
|
provider: app_user_provider
|
|
entry_point: form_login
|
|
custom_authenticators:
|
|
- App\Security\KeycloakAuthenticator
|
|
form_login:
|
|
login_path: app_home
|
|
check_path: app_home
|
|
username_parameter: _username
|
|
password_parameter: _password
|
|
success_handler: App\Security\LoginSuccessHandler
|
|
logout:
|
|
path: app_logout
|
|
two_factor:
|
|
auth_form_path: 2fa_login
|
|
check_path: 2fa_login_check
|
|
default_target_path: app_home
|
|
prepare_on_login: true
|
|
prepare_on_access_denied: true
|
|
enable_csrf: true
|
|
|
|
role_hierarchy:
|
|
ROLE_CUSTOMER: ROLE_USER
|
|
ROLE_REVENDEUR: ROLE_CUSTOMER
|
|
ROLE_MEMBER: ROLE_USER
|
|
ROLE_EMPLOYE: ROLE_MEMBER
|
|
ROLE_ROOT: [ROLE_EMPLOYE, ROLE_REVENDEUR]
|
|
|
|
# Note: Only the *first* matching rule is applied
|
|
access_control:
|
|
- { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
|
|
- { path: ^/admin, roles: ROLE_EMPLOYE }
|
|
- { path: ^/espace-client, roles: ROLE_CUSTOMER }
|
|
- { path: ^/espace-prestataire, roles: ROLE_REVENDEUR }
|
|
|
|
when@test:
|
|
security:
|
|
providers:
|
|
test_user_provider:
|
|
id: App\Tests\TestUserProvider
|
|
firewalls:
|
|
main:
|
|
provider: test_user_provider
|
|
password_hashers:
|
|
# Password hashers are resource-intensive by design to ensure security.
|
|
# In tests, it's safe to reduce their cost to improve performance.
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
|
|
algorithm: auto
|
|
cost: 4 # Lowest possible value for bcrypt
|
|
time_cost: 3 # Lowest possible value for argon
|
|
memory_cost: 10 # Lowest possible value for argon
|