From c44f7bb0bbf375eb7d3f63dfba011560585b983b Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Sun, 23 Mar 2025 11:13:03 +0100 Subject: [PATCH 1/6] simplifying-regex --- .../7.3/config/packages/security.yaml | 39 +++++++++++++++++++ .../7.3/config/routes/security.yaml | 3 ++ symfony/security-bundle/7.3/manifest.json | 12 ++++++ 3 files changed, 54 insertions(+) create mode 100644 symfony/security-bundle/7.3/config/packages/security.yaml create mode 100644 symfony/security-bundle/7.3/config/routes/security.yaml create mode 100644 symfony/security-bundle/7.3/manifest.json diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml new file mode 100644 index 000000000..2dc9172d9 --- /dev/null +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -0,0 +1,39 @@ +security: + # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords + password_hashers: + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' + # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider + providers: + users_in_memory: { memory: null } + firewalls: + dev: + pattern: ^/_profiler|_wdt|assets|build/ # `assets` is for AssetMapper; `build` is for Webpack Encore + security: false + main: + lazy: true + provider: users_in_memory + + # activate different ways to authenticate + # https://symfony.com/doc/current/security.html#the-firewall + + # https://symfony.com/doc/current/security/impersonating_user.html + # switch_user: true + + # Easy way to control access for large sections of your site + # Note: Only the *first* access control that matches will be used + access_control: + # - { path: ^/admin, roles: ROLE_ADMIN } + # - { path: ^/profile, roles: ROLE_USER } + +when@test: + security: + password_hashers: + # By default, password hashers are resource intensive and take time. This is + # important to generate secure password hashes. In tests however, secure hashes + # are not important, waste resources and increase test times. The following + # reduces the work factor to the lowest possible values. + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: + algorithm: auto + cost: 4 # Lowest possible value for bcrypt + time_cost: 3 # Lowest possible value for argon + memory_cost: 10 # Lowest possible value for argon diff --git a/symfony/security-bundle/7.3/config/routes/security.yaml b/symfony/security-bundle/7.3/config/routes/security.yaml new file mode 100644 index 000000000..f853be15c --- /dev/null +++ b/symfony/security-bundle/7.3/config/routes/security.yaml @@ -0,0 +1,3 @@ +_security_logout: + resource: security.route_loader.logout + type: service diff --git a/symfony/security-bundle/7.3/manifest.json b/symfony/security-bundle/7.3/manifest.json new file mode 100644 index 000000000..4a48e0cf2 --- /dev/null +++ b/symfony/security-bundle/7.3/manifest.json @@ -0,0 +1,12 @@ +{ + "bundles": { + "Symfony\\Bundle\\SecurityBundle\\SecurityBundle": ["all"] + }, + "copy-from-recipe": { + "config/": "%CONFIG_DIR%/" + }, + "aliases": ["security"], + "conflict": { + "symfony/framework-bundle": "<5.3" + } +} From 7a5a211b3be7d21be714560d3e09c05da7bb1f2d Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Sun, 23 Mar 2025 11:22:41 +0100 Subject: [PATCH 2/6] fixing indentation --- symfony/security-bundle/7.3/config/packages/security.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml index 2dc9172d9..6726a5c94 100644 --- a/symfony/security-bundle/7.3/config/packages/security.yaml +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -7,7 +7,7 @@ security: users_in_memory: { memory: null } firewalls: dev: - pattern: ^/_profiler|_wdt|assets|build/ # `assets` is for AssetMapper; `build` is for Webpack Encore + pattern: ^/_profiler|_wdt|assets|build/ # `assets` is for AssetMapper; `build` is for Webpack Encore security: false main: lazy: true From b930566f3165763788550ed96962dbb6f8d64e8a Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Mon, 14 Apr 2025 13:37:50 +0200 Subject: [PATCH 3/6] Update symfony/security-bundle/7.3/config/packages/security.yaml Co-authored-by: Mathias Arlaud --- symfony/security-bundle/7.3/config/packages/security.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml index 6726a5c94..b6443df96 100644 --- a/symfony/security-bundle/7.3/config/packages/security.yaml +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -7,7 +7,7 @@ security: users_in_memory: { memory: null } firewalls: dev: - pattern: ^/_profiler|_wdt|assets|build/ # `assets` is for AssetMapper; `build` is for Webpack Encore + pattern: ^/(_profiler|_wdt|assets|build)/ # `assets` is for AssetMapper; `build` is for Webpack Encore security: false main: lazy: true From d068087d854e18b2d96a8055afbac13d537f5be1 Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Mon, 14 Apr 2025 13:40:03 +0200 Subject: [PATCH 4/6] Update security.yaml --- symfony/security-bundle/7.3/config/packages/security.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml index b6443df96..f86477284 100644 --- a/symfony/security-bundle/7.3/config/packages/security.yaml +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -6,8 +6,8 @@ security: providers: users_in_memory: { memory: null } firewalls: - dev: - pattern: ^/(_profiler|_wdt|assets|build)/ # `assets` is for AssetMapper; `build` is for Webpack Encore + dev: # Exception for the web debug toolbar and assets (only needed if you have a broad `access_control`): + pattern: ^/(_profiler|_wdt|assets|build)/ # `assets` is for AssetMapper; `build` is for Webpack Encore. Regex delimiters `{}` are added automatically. security: false main: lazy: true From ea75df8e2fdff410551fa3797b0dd65482bd74e3 Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Wed, 28 May 2025 16:25:53 +0200 Subject: [PATCH 5/6] Update security.yaml --- .../7.3/config/packages/security.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml index f86477284..9ded21c2b 100644 --- a/symfony/security-bundle/7.3/config/packages/security.yaml +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -6,8 +6,11 @@ security: providers: users_in_memory: { memory: null } firewalls: - dev: # Exception for the web debug toolbar and assets (only needed if you have a broad `access_control`): - pattern: ^/(_profiler|_wdt|assets|build)/ # `assets` is for AssetMapper; `build` is for Webpack Encore. Regex delimiters `{}` are added automatically. + # Disable security for dev tools and static assets (only needed if access_control is broad) + dev: + # 'assets/' is for AssetMapper, 'build/' for Webpack Encore + # (note: no regex delimiters needed; Symfony adds `{}` automatically) + pattern: ^/(_profiler|_wdt|assets|build)/ security: false main: lazy: true @@ -28,10 +31,8 @@ security: when@test: security: password_hashers: - # By default, password hashers are resource intensive and take time. This is - # important to generate secure password hashes. In tests however, secure hashes - # are not important, waste resources and increase test times. The following - # reduces the work factor to the lowest possible values. + # Password hashers are resource-intensive by design to ensure security. + # In tests, it's safe to reduce their cost to improve performance. Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: algorithm: auto cost: 4 # Lowest possible value for bcrypt From b0e209ee10a9da2c0d711170a4f57b2e45b5ff54 Mon Sep 17 00:00:00 2001 From: Thomas Landauer Date: Wed, 28 May 2025 16:30:14 +0200 Subject: [PATCH 6/6] Update security.yaml --- .../7.3/config/packages/security.yaml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/symfony/security-bundle/7.3/config/packages/security.yaml b/symfony/security-bundle/7.3/config/packages/security.yaml index 9ded21c2b..1162c4051 100644 --- a/symfony/security-bundle/7.3/config/packages/security.yaml +++ b/symfony/security-bundle/7.3/config/packages/security.yaml @@ -2,28 +2,30 @@ security: # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords password_hashers: Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' + # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: users_in_memory: { memory: null } + firewalls: - # Disable security for dev tools and static assets (only needed if access_control is broad) + # Disable security for dev tools and static assets (only needed if access_control is broad): dev: - # 'assets/' is for AssetMapper, 'build/' for Webpack Encore - # (note: no regex delimiters needed; Symfony adds `{}` automatically) + # 'assets/' is for AssetMapper, 'build/' for Webpack Encore. + # (Note: no regex delimiters needed; Symfony adds `{}` automatically.) pattern: ^/(_profiler|_wdt|assets|build)/ security: false main: lazy: true provider: users_in_memory - # activate different ways to authenticate + # Activate different ways to authenticate: # https://symfony.com/doc/current/security.html#the-firewall # https://symfony.com/doc/current/security/impersonating_user.html # switch_user: true - # Easy way to control access for large sections of your site - # Note: Only the *first* access control that matches will be used + # Controls access to different sections of the application. + # Only the *first* matching rule is applied. access_control: # - { path: ^/admin, roles: ROLE_ADMIN } # - { path: ^/profile, roles: ROLE_USER }