Simon Kühn
11767f147a
Without always_remember_me: true, the RememberMeBadge was never activated (Symfony default requires an explicit _remember_me field in the request). Users were logged out after PHP session expiry (~24min) instead of the intended 48h. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
security:
|
|
password_hashers:
|
|
App\Entity\User:
|
|
algorithm: bcrypt
|
|
|
|
providers:
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_profiler|_wdt|assets|build)/
|
|
security: false
|
|
main:
|
|
lazy: true
|
|
provider: app_user_provider
|
|
custom_authenticators:
|
|
- App\Security\JsonLoginAuthenticator
|
|
logout:
|
|
path: app_auth_logout
|
|
invalidate_session: true
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 172800
|
|
always_remember_me: true
|
|
token_provider:
|
|
doctrine: true
|
|
|
|
access_control:
|
|
- { path: ^/api/login, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/logout, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/register, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/reset-request, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/reset-password, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/me, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api, roles: ROLE_USER }
|
|
- { path: ^/, roles: PUBLIC_ACCESS }
|
|
|
|
when@test:
|
|
security:
|
|
password_hashers:
|
|
App\Entity\User:
|
|
algorithm: auto
|
|
cost: 4
|