BUGFIX: better security

2022-05-30 13:31:11 +02:00 · 2022-05-30 13:31:11 +02:00 · dd0635e35b
commit dd0635e35b
parent 01f385f6d5
2 changed files with 19 additions and 14 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -11,13 +11,13 @@ security:
                property: email
    firewalls:
        dev:
-            pattern: ^/(_(profiler|wdt)|css|images|js|health)/
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
-            pattern: ^/?(%enabled_locales%)/(login|login_check|health)(?=.*)
+            pattern: ^/?(%enabled_locales%)?/(health)$
            security: false
        main:
-            pattern: ^\/(.*)
+            pattern: ^/(.*)
            provider: app_user_provider

            form_login:
@ -41,5 +41,5 @@ security:
    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
-        - { path: ^/(?!login|login_check|health)(?=.*), roles: ROLE_USER }
+        - { path: ^/?(%enabled_locales%)?/job, roles: ROLE_USER }
        # - { path: ^/profile, roles: ROLE_USER }
--- a/config/routes.yaml
+++ b/config/routes.yaml
@ -3,22 +3,27 @@ default:
  defaults:
    _controller: App\Controller\SecurityController::loginAction

-health:
-  path: '/health'
-  defaults:
-    _controller: App\Controller\SiteController::healthAction
-
-login:
-  path: '/{_locale}/login'
-  defaults:
-    _controller: App\Controller\SecurityController::loginAction
-
 login_check:
  path: '/login_check'

 logout:
  path: '/logout'

+health:
+  path: '/health'
+  defaults:
+    _controller: App\Controller\SiteController::healthAction
+
+default_locale:
+  path: '/{_locale}'
+  defaults:
+    _controller: App\Controller\SecurityController::loginAction
+
+login:
+  path: '/{_locale}/login'
+  defaults:
+    _controller: App\Controller\SecurityController::loginAction
+
 job_index:
  path: '/{_locale}/job'
  defaults: