football2801
3c1d5f0eae
- Login Twig template: styled to match register page; inline "Incorrect email or
password" on both fields (no email-existence disclosure); aria-invalid on error
- security.yaml: always_remember_me: true — REMEMBERME cookie set on every login
- Logout: /logout → session invalidated → 302 /login (Symfony firewall handles it)
Verified: correct creds → 302 / + REMEMBERME cookie; wrong creds → 302 /login +
inline error on re-render; logout → 302 /login; GET / after logout → 302 /login
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
security:
|
|
password_hashers:
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
|
|
|
|
providers:
|
|
app_user_provider:
|
|
entity:
|
|
class: App\Entity\User
|
|
property: email
|
|
|
|
firewalls:
|
|
dev:
|
|
pattern: ^/(_profiler|_wdt|build)/
|
|
security: false
|
|
main:
|
|
lazy: true
|
|
provider: app_user_provider
|
|
form_login:
|
|
login_path: /login
|
|
check_path: /login
|
|
default_target_path: /
|
|
enable_csrf: true
|
|
logout:
|
|
path: /logout
|
|
target: /login
|
|
remember_me:
|
|
secret: '%kernel.secret%'
|
|
lifetime: 2592000 # 30 days
|
|
always_remember_me: true
|
|
|
|
role_hierarchy:
|
|
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]
|
|
|
|
access_control:
|
|
- { path: ^/login, roles: PUBLIC_ACCESS }
|
|
- { path: ^/register, roles: PUBLIC_ACCESS }
|
|
- { path: ^/setup, roles: PUBLIC_ACCESS }
|
|
- { path: ^/token, roles: PUBLIC_ACCESS }
|
|
- { path: ^/api/device, roles: PUBLIC_ACCESS }
|
|
- { path: ^/, roles: ROLE_USER }
|
|
|
|
when@test:
|
|
security:
|
|
password_hashers:
|
|
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
|
|
algorithm: auto
|
|
cost: 4
|
|
time_cost: 3
|
|
memory_cost: 10
|