mirror of
				https://github.com/firefly-iii/firefly-iii.git
				synced 2025-10-26 13:36:15 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			142 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			142 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| 
 | |
| /**
 | |
|  * auth.php
 | |
|  * Copyright (c) 2019 james@firefly-iii.org.
 | |
|  *
 | |
|  * This file is part of Firefly III (https://github.com/firefly-iii).
 | |
|  *
 | |
|  * This program is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU Affero General Public License as
 | |
|  * published by the Free Software Foundation, either version 3 of the
 | |
|  * License, or (at your option) any later version.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU Affero General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Affero General Public License
 | |
|  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 | |
|  */
 | |
| 
 | |
| declare(strict_types=1);
 | |
| 
 | |
| use FireflyIII\User;
 | |
| 
 | |
| return [
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Authentication Defaults
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | This option controls the default authentication "guard" and password
 | |
|     | reset options for your application. You may change these defaults
 | |
|     | as required, but they're a perfect start for most applications.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'defaults'         => [
 | |
|         'guard'     => envNonEmpty('AUTHENTICATION_GUARD', 'web'),
 | |
|         'passwords' => 'users',
 | |
|     ],
 | |
|     'guard_header'     => envNonEmpty('AUTHENTICATION_GUARD_HEADER', 'REMOTE_USER'),
 | |
|     'guard_email'      => envNonEmpty('AUTHENTICATION_GUARD_EMAIL', null),
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Authentication Guards
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | Next, you may define every authentication guard for your application.
 | |
|     | Of course, a great default configuration has been defined for you
 | |
|     | here which uses session storage and the Eloquent user provider.
 | |
|     |
 | |
|     | All authentication drivers have a user provider. This defines how the
 | |
|     | users are actually retrieved out of your database or other storage
 | |
|     | mechanisms used by this application to persist your user's data.
 | |
|     |
 | |
|     | Supported: "session", "token"
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'guards'           => [
 | |
|         'web'               => [
 | |
|             'driver'   => 'session',
 | |
|             'provider' => 'users',
 | |
|         ],
 | |
|         'remote_user_guard' => [
 | |
|             'driver'   => 'remote_user_guard',
 | |
|             'provider' => 'remote_user_provider',
 | |
|         ],
 | |
|         'api'               => [
 | |
|             'driver'   => 'passport',
 | |
|             'provider' => 'users',
 | |
|         ],
 | |
|     ],
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | User Providers
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | All authentication drivers have a user provider. This defines how the
 | |
|     | users are actually retrieved out of your database or other storage
 | |
|     | mechanisms used by this application to persist your user's data.
 | |
|     |
 | |
|     | If you have multiple user tables or models you may configure multiple
 | |
|     | sources which represent each model / table. These sources may then
 | |
|     | be assigned to any extra authentication guards you have defined.
 | |
|     |
 | |
|     | Supported: "database", "eloquent"
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'providers'        => [
 | |
|         'users'                => [
 | |
|             'driver' => 'eloquent',
 | |
|             'model'  => User::class,
 | |
|         ],
 | |
|         'remote_user_provider' => [
 | |
|             'driver' => 'remote_user_provider',
 | |
|             'model'  => User::class,
 | |
|         ],
 | |
|     ],
 | |
| 
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Resetting Passwords
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | You may specify multiple password reset configurations if you have more
 | |
|     | than one user table or model in the application and you want to have
 | |
|     | separate password reset settings based on the specific user types.
 | |
|     |
 | |
|     | The expire time is the number of minutes that the reset token should be
 | |
|     | considered valid. This security feature keeps tokens short-lived so
 | |
|     | they have less time to be guessed. You may change this as needed.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'passwords'        => [
 | |
|         'users' => [
 | |
|             'provider' => 'users',
 | |
|             'table'    => 'password_resets',
 | |
|             'expire'   => 60,
 | |
|             'throttle' => 300, // Allows a user to request 1 token per 300 seconds
 | |
|         ],
 | |
|     ],
 | |
|     /*
 | |
|     |--------------------------------------------------------------------------
 | |
|     | Password Confirmation Timeout
 | |
|     |--------------------------------------------------------------------------
 | |
|     |
 | |
|     | Here you may define the amount of seconds before a password confirmation
 | |
|     | times out and the user is prompted to re-enter their password via the
 | |
|     | confirmation screen. By default, the timeout lasts for three hours.
 | |
|     |
 | |
|     */
 | |
| 
 | |
|     'password_timeout' => 10800,
 | |
| ];
 |