# Security rules for Admin Application
# To get started with security, check out the documentation:
# https://symfony.com/doc/current/security.html
security:
  enable_authenticator_manager: true
  password_hashers:
    # auto hasher with custom options for all PasswordAuthenticatedUserInterface instances
    Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
      algorithm: 'auto'
      cost: 15

    Symfony\Component\Security\Core\User\User: plaintext

  # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
  providers:
    in_memory:
      memory: ~
    admin:
      id: prestashop.security.admin.provider

  firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    main:
      lazy: true
      provider: admin
      form_login:
        login_path: admin_login
        check_path: admin_login
        username_parameter: email
        password_parameter: passwd
        success_handler: PrestaShopBundle\Security\Admin\AdminAuthenticationSuccessHandler
      remember_me:
        secret: "%kernel.secret%"
        lifetime: "%prestashop.admin_cookie_lifetime%"
        remember_me_parameter: stay_logged_in
        signature_properties: [ 'password' ]
      logout:
        path: /logout
        target: admin_login

  access_control:
    - { route: 'admin_login', roles: PUBLIC_ACCESS }
    - { route: 'admin_homepage', roles: PUBLIC_ACCESS }
    - { route: 'admin_request_password_reset', roles: PUBLIC_ACCESS }
    - { route: 'admin_reset_password', roles: PUBLIC_ACCESS }
    # Check it the legacy anonymous attribute has been set on the request (set by LegacyRouterChecker)
    - { path: ^/, roles: IS_AUTHENTICATED, allow_if: 'request.attributes.has("_anonymous_controller") and request.attributes.get("_anonymous_controller") == true' }