update configuration of app for internal testing app

.env.test

@@ -4,6 +4,8 @@
 KERNEL_CLASS='App\Kernel'
 APP_SECRET='$ecretf0rt3st'
 
+TRUSTED_HOSTS=
+
 ADMIN_PASSWORD=password
 
 LOCALE=fr

tests/app/config/packages/framework.yaml

@@ -2,13 +2,17 @@
 framework:
     secret: '%env(APP_SECRET)%'
 
-    # DIRTY FIX un bug dans symfony4 empêche de récupérer un tableau de variables depuis .env
+    http_client:
-    # cfr. https://github.com/symfony/symfony/issues/28599
+        default_options:
+            verify_peer: false
+            verify_host: false
+
     trusted_hosts:
-        - '^(localhost|127.0.0.1)$'
+        - '^(localhost|127.0.0.1|web)$'
+        - '%env(resolve:TRUSTED_HOSTS)%'
 
     #csrf_protection: true
-    #http_method_override: true
+    http_method_override: false
 
     # Enables session support. Note that the session will ONLY be started if you read or write from it.
     # Remove or comment this section to explicitly disable session support.
@@ -16,12 +20,21 @@ framework:
         handler_id: null
         cookie_secure: auto
         cookie_samesite: lax
+        storage_factory_id: session.storage.factory.native
 
     #esi: true
     #fragments: true
     php_errors:
         log: true
 
+    #error_controller: App\Controller\ErrorController::show
+
     ## sf4 check: ou à déplacer dans un chill.yaml
     assets:
         json_manifest_path: '%kernel.project_dir%/public/build/manifest.json'
+
+when@test:
+    framework:
+        test: true
+        session:
+            storage_factory_id: session.storage.factory.mock_file

tests/app/config/packages/security.yaml

@@ -1,6 +1,14 @@
 security:
 
-    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
+    access_decision_manager:
+        strategy: unanimous
+        allow_if_all_abstain: false
+
+    enable_authenticator_manager: true
+    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
+    password_hashers:
+        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
+    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
     providers:
 
         chain_provider:
@@ -9,12 +17,11 @@ security:
         in_memory:
             memory:
                 users:
-                    admin: { password: '%env(resolve:ADMIN_PASSWORD)%', roles: ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'] }
+                    admin: { password: '%env(resolve:ADMIN_PASSWORD)%', roles: ['ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH', 'ROLE_USER'] }
         users:
             id: chill.main.user_provider
 
     encoders:
-
         Chill\MainBundle\Entity\User:
             algorithm: bcrypt
         Symfony\Component\Security\Core\User\User: plaintext
@@ -25,19 +32,30 @@ security:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
             security: false
 
+        wopi:
+            pattern: ^/wopi
+            provider: chain_provider
+            stateless: true
+            guard:
+                authenticators:
+                    - lexik_jwt_authentication.jwt_token_authenticator
+
         default:
-            anonymous: ~
+            # remove during upgrade from symfony 4 to symfony 5 TODO check this
+            #anonymous: ~
             provider: chain_provider
             form_login:
                 csrf_parameter: _csrf_token
                 csrf_token_id: authenticate
                 #csrf_provider: security.csrf.token_manager
-            logout_on_user_change: true
+            # remove during upgrade from symfony 4 to symfony 5 TODO check this
-            logout: ~
+            # logout_on_user_change: true
+            logout:
+                path: /logout
 
             # uncomment to enable impersonate mode in Chill
             # https://symfony.com/doc/current/security/impersonating_user.html
-            # switch_user: true
+            switch_user: true
 
             # activate different ways to authenticate
             # https://symfony.com/doc/current/security.html#firewalls-authentication
@@ -47,6 +65,7 @@ security:
     access_control:
         - { path: ^/(login|logout), roles: IS_AUTHENTICATED_ANONYMOUSLY }
         - { path: ^/public, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/wopi, roles: IS_AUTHENTICATED_FULLY }
         # access for homepage, the homepage redirect admin to admin section
         - { path: ^/$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
         - { path: ^/homepage$, roles: [ IS_AUTHENTICATED_REMEMBERED ] }
@@ -56,3 +75,16 @@ security:
         - { path: ^/([a-z]+/)?admin, roles: ROLE_ADMIN }
         # other pages, only for regular user (no admin)
         - { path: ^/, roles: ROLE_USER }
+
+when@test:
+    security:
+        password_hashers:
+            # By default, password hashers are resource intensive and take time. This is
+            # important to generate secure password hashes. In tests however, secure hashes
+            # are not important, waste resources and increase test times. The following
+            # reduces the work factor to the lowest possible values.
+            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
+                algorithm: auto
+                cost: 4 # Lowest possible value for bcrypt
+                time_cost: 3 # Lowest possible value for argon
+                memory_cost: 10 # Lowest possible value for argon

tests/app/config/packages/test/security.yaml

@@ -1,8 +1,9 @@
 ---
 # config/packages/test/security.yaml
 security:
-  firewalls:
+    firewalls:
-    default:
+        default:
-      http_basic: ~
+            entry_point: http_basic
-  role_hierarchy:
+            http_basic: ~
-    CHILL_MASTER_ROLE: [CHILL_INHERITED_ROLE_1]
+    role_hierarchy:
+        CHILL_MASTER_ROLE: [ CHILL_INHERITED_ROLE_1 ]