tarlepp/security.yaml

## security.yaml
security:
    # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
    password_hashers:
        Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

    # https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
    providers:
        chain_user_provider:
            chain:
                providers: [security_user_provider, api_key_user_provider]
        security_user_provider:
            id: App\Security\Provider\SecurityUserFactory
        api_key_user_provider:
            id: App\Security\Provider\ApiKeyUserProvider

    # https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        login:
            pattern: ^/v1/auth/get_token$
            stateless: true
            json_login:
                provider: security_user_provider
                check_path: /v1/auth/get_token
                success_handler: lexik_jwt_authentication.handler.authentication_success
                failure_handler: App\Security\Handler\TranslatedAuthenticationFailureHandler
        root:
            pattern: ^/$
            stateless: true
        api:
            pattern: ^/
            stateless: true
            lazy: true
            provider: chain_user_provider
            jwt: ~
            custom_authenticators:
                - App\Security\Authenticator\ApiKeyAuthenticator

    role_hierarchy:
        ROLE_API: [ROLE_LOGGED]
        ROLE_USER: [ROLE_LOGGED]
        ROLE_ADMIN: [ROLE_USER]
        ROLE_ROOT: [ROLE_ADMIN]

    access_decision_manager:
        strategy: unanimous

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        # - { path: ^/admin, roles: ROLE_ADMIN }
        # - { path: ^/profile, roles: ROLE_USER }

when@test:
    security:
        password_hashers:
            # By default, password hashers are resource intensive and take time. This is
            # important to generate secure password hashes. In tests however, secure hashes
            # are not important, waste resources and increase test times. The following
            # reduces the work factor to the lowest possible values.
            Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
                algorithm: auto
                cost: 4 # Lowest possible value for bcrypt
                time_cost: 3 # Lowest possible value for argon
                memory_cost: 10 # Lowest possible value for argon
	security:
	# https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
	password_hashers:
	Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'

	# https://symfony.com/doc/current/security.html#loading-the-user-the-user-provider
	providers:
	chain_user_provider:
	chain:
	providers: [security_user_provider, api_key_user_provider]
	security_user_provider:
	id: App\Security\Provider\SecurityUserFactory
	api_key_user_provider:
	id: App\Security\Provider\ApiKeyUserProvider

	# https://symfony.com/doc/current/security.html#a-configuring-how-your-users-will-authenticate
	firewalls:
	dev:
	pattern: ^/(_(profiler\|wdt)\|css\|images\|js)/
	security: false
	login:
	pattern: ^/v1/auth/get_token$
	stateless: true
	json_login:
	provider: security_user_provider
	check_path: /v1/auth/get_token
	success_handler: lexik_jwt_authentication.handler.authentication_success
	failure_handler: App\Security\Handler\TranslatedAuthenticationFailureHandler
	root:
	pattern: ^/$
	stateless: true
	api:
	pattern: ^/
	stateless: true
	lazy: true
	provider: chain_user_provider
	jwt: ~
	custom_authenticators:
	- App\Security\Authenticator\ApiKeyAuthenticator

	role_hierarchy:
	ROLE_API: [ROLE_LOGGED]
	ROLE_USER: [ROLE_LOGGED]
	ROLE_ADMIN: [ROLE_USER]
	ROLE_ROOT: [ROLE_ADMIN]

	access_decision_manager:
	strategy: unanimous

	# Easy way to control access for large sections of your site
	# Note: Only the first access control that matches will be used
	access_control:
	# - { path: ^/admin, roles: ROLE_ADMIN }
	# - { path: ^/profile, roles: ROLE_USER }

	when@test:
	security:
	password_hashers:
	# By default, password hashers are resource intensive and take time. This is
	# important to generate secure password hashes. In tests however, secure hashes
	# are not important, waste resources and increase test times. The following
	# reduces the work factor to the lowest possible values.
	Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
	algorithm: auto
	cost: 4 # Lowest possible value for bcrypt
	time_cost: 3 # Lowest possible value for argon
	memory_cost: 10 # Lowest possible value for argon