Search by 
sf4 / api-security
Simple security package for Symfony 4
v1.0.7
2019-04-08 18:57 UTC
Requires
- php: ~7.1
- ext-json: *
- curl/curl: ^2.2
- google/apiclient: ^2.2
- sf4/api-user: ^1.4
- symfony/security-bundle: ^4.2
Requires (Dev)
- phpunit/phpunit: >=7.0
- squizlabs/php_codesniffer: ^3.0
This package is not auto-updated.
Last update: 2024-12-10 22:20:52 UTC
README
Structure
If any of the following are applicable to your project, then the directory structure should follow industry best practices by being named the following.
bin/
config/
src/
tests/
vendor/
Install
Via Composer
$ composer require sf4/api-security
Usage
config/bundles.php
<?php return [ # ... Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true] ];
config/services.yaml
services: # ... Sf4\ApiSecurity\Command\UserRightCreator: class: Sf4\ApiSecurity\Command\UserRightCreator tags: - { name: 'console.command', command: 'api-security:create-user-rights' } arguments: $requestHandler: '@Sf4\Api\RequestHandler\RequestHandlerInterface' Sf4\Api\Repository\RepositoryFactory: class: Sf4\Api\Repository\RepositoryFactory arguments: $entityManager: '@Doctrine\ORM\EntityManagerInterface' $entities: # user: Sf4\ApiUser\Entity\User # user_detail: Sf4\ApiUser\Entity\UserDetail user: Sf4\ApiSecurity\Entity\User user_detail: Sf4\ApiSecurity\Entity\UserDetail user_role: Sf4\ApiSecurity\Entity\UserRole user_right: Sf4\ApiSecurity\Entity\UserRight user_role_right: Sf4\ApiSecurity\Entity\UserRoleRight # ... Sf4\ApiSecurity\EventSubscriber\RequestSubscriber: ~ Sf4\ApiSecurity\Security\Authenticator\TokenAuthenticator: class: Sf4\ApiSecurity\Security\Authenticator\TokenAuthenticator arguments: - '@Doctrine\ORM\EntityManagerInterface'
config/packages/doctrine.yaml
doctrine: # ... orm: # ... mappings: # ... # Sf4\ApiUser: # is_bundle: false # type: annotation # dir: '%kernel.project_dir%/vendor/sf4/api-user/src/Entity' # prefix: 'Sf4\ApiUser\Entity' # alias: Sf4\ApiUser Sf4\ApiSecurity: is_bundle: false type: annotation dir: '%kernel.project_dir%/vendor/sf4/api-security/src/Entity' prefix: 'Sf4\ApiSecurity\Entity' alias: Sf4\ApiSecurity
config/packages/security.yaml
security: encoders: Sf4\ApiSecurity\Entity\User: algorithm: argon2i providers: app_user_provider: entity: class: Sf4\ApiSecurity\Entity\User property: email firewalls: dev: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false main: anonymous: true stateless: true logout: ~ guard: authenticators: - Sf4\ApiSecurity\Security\Authenticator\TokenAuthenticator access_control: - { path: ^/security, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/site, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/admin, roles: ROLE_ADMIN } - { path: ^/user, roles: ROLE_USER }
config/packages/translation.yaml
framework:
# ...
translator:
# ...
paths:
# ...
- '%kernel.project_dir%/vendor/sf4/api-security/src/translations'
Create super admin
bin/console api-security:create-super-admin
Create user rights
bin/console api-security:create-user-rights
Testing
$ composer test
Contributing
Please see CONTRIBUTING and CODE_OF_CONDUCT for details.
Security
If you discover any security related issues, please email siim.liimand@gmail.com instead of using the issue tracker.
Credits
License
The MIT License (MIT). Please see License File for more information.