diff --git a/.env.test b/.env.test index 9245579c0..f84920e54 100644 --- a/.env.test +++ b/.env.test @@ -4,6 +4,8 @@ KERNEL_CLASS='App\Kernel' APP_SECRET='$ecretf0rt3st' +TRUSTED_HOSTS= + ADMIN_PASSWORD=password LOCALE=fr diff --git a/tests/app/config/packages/framework.yaml b/tests/app/config/packages/framework.yaml index 01c554356..011f5760c 100644 --- a/tests/app/config/packages/framework.yaml +++ b/tests/app/config/packages/framework.yaml @@ -2,13 +2,17 @@ framework: secret: '%env(APP_SECRET)%' - # DIRTY FIX un bug dans symfony4 empêche de récupérer un tableau de variables depuis .env - # cfr. https://github.com/symfony/symfony/issues/28599 + http_client: + default_options: + verify_peer: false + verify_host: false + trusted_hosts: - - '^(localhost|127.0.0.1)$' + - '^(localhost|127.0.0.1|web)$' + - '%env(resolve:TRUSTED_HOSTS)%' #csrf_protection: true - #http_method_override: true + http_method_override: false # Enables session support. Note that the session will ONLY be started if you read or write from it. # Remove or comment this section to explicitly disable session support. @@ -16,12 +20,21 @@ framework: handler_id: null cookie_secure: auto cookie_samesite: lax + storage_factory_id: session.storage.factory.native #esi: true #fragments: true php_errors: log: true + #error_controller: App\Controller\ErrorController::show + ## sf4 check: ou à déplacer dans un chill.yaml assets: json_manifest_path: '%kernel.project_dir%/public/build/manifest.json' + +when@test: + framework: + test: true + session: + storage_factory_id: session.storage.factory.mock_file diff --git a/tests/app/config/packages/security.yaml b/tests/app/config/packages/security.yaml index f93eb04c3..b028b50e5 100644 --- a/tests/app/config/packages/security.yaml +++ b/tests/app/config/packages/security.yaml @@ -1,6 +1,14 @@ security: - # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers + access_decision_manager: + strategy: unanimous + allow_if_all_abstain: false + + enable_authenticator_manager: true + # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords + password_hashers: + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto' + # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider providers: chain_provider: @@ -9,12 +17,11 @@ security: in_memory: memory: users: - admin: { password: '%env(resolve:ADMIN_PASSWORD)%', roles: ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'] } + admin: { password: '%env(resolve:ADMIN_PASSWORD)%', roles: ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH', 'ROLE_USER'] } users: id: chill.main.user_provider encoders: - Chill\MainBundle\Entity\User: algorithm: bcrypt Symfony\Component\Security\Core\User\User: plaintext @@ -25,19 +32,30 @@ security: pattern: ^/(_(profiler|wdt)|css|images|js)/ security: false + wopi: + pattern: ^/wopi + provider: chain_provider + stateless: true + guard: + authenticators: + - lexik_jwt_authentication.jwt_token_authenticator + default: - anonymous: ~ + # remove during upgrade from symfony 4 to symfony 5 TODO check this + #anonymous: ~ provider: chain_provider form_login: csrf_parameter: _csrf_token csrf_token_id: authenticate #csrf_provider: security.csrf.token_manager - logout_on_user_change: true - logout: ~ + # remove during upgrade from symfony 4 to symfony 5 TODO check this + # logout_on_user_change: true + logout: + path: /logout # uncomment to enable impersonate mode in Chill # https://symfony.com/doc/current/security/impersonating_user.html - # switch_user: true + switch_user: true # activate different ways to authenticate # https://symfony.com/doc/current/security.html#firewalls-authentication @@ -47,6 +65,7 @@ security: access_control: - { path: ^/(login|logout), roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/public, roles: IS_AUTHENTICATED_ANONYMOUSLY } + - { path: ^/wopi, roles: IS_AUTHENTICATED_FULLY } # access for homepage, the homepage redirect admin to admin section - { path: ^/$, roles: [ IS_AUTHENTICATED_REMEMBERED ] } - { path: ^/homepage$, roles: [ IS_AUTHENTICATED_REMEMBERED ] } @@ -56,3 +75,16 @@ security: - { path: ^/([a-z]+/)?admin, roles: ROLE_ADMIN } # other pages, only for regular user (no admin) - { path: ^/, roles: ROLE_USER } + +when@test: + security: + password_hashers: + # By default, password hashers are resource intensive and take time. This is + # important to generate secure password hashes. In tests however, secure hashes + # are not important, waste resources and increase test times. The following + # reduces the work factor to the lowest possible values. + Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: + algorithm: auto + cost: 4 # Lowest possible value for bcrypt + time_cost: 3 # Lowest possible value for argon + memory_cost: 10 # Lowest possible value for argon diff --git a/tests/app/config/packages/test/security.yaml b/tests/app/config/packages/test/security.yaml index 4ff914485..5aaa34ce0 100644 --- a/tests/app/config/packages/test/security.yaml +++ b/tests/app/config/packages/test/security.yaml @@ -1,8 +1,9 @@ --- # config/packages/test/security.yaml security: - firewalls: - default: - http_basic: ~ - role_hierarchy: - CHILL_MASTER_ROLE: [CHILL_INHERITED_ROLE_1] + firewalls: + default: + entry_point: http_basic + http_basic: ~ + role_hierarchy: + CHILL_MASTER_ROLE: [ CHILL_INHERITED_ROLE_1 ]