security:
    password_hashers:
        App\Entity\User:
            algorithm: auto

    # https://symfony.com/doc/current/security/experimental_authenticators.html
    enable_authenticator_manager: true
    # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
    providers:
        # used to reload user from session & other features (e.g. switch_user)
        app_user_provider:
            entity:
                class: App\Entity\User
                property: email
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            lazy: true
            provider: app_user_provider
            switch_user: { role: ROLE_ADMIN, parameter: _want_to_be_this_user }
            custom_authenticator: App\Security\FormAuthenticator
            user_checker: App\Security\UserChecker
            login_throttling:
                max_attempts: 3
                interval: '15 minutes'
            logout:
                path: app_logout
            remember_me:
                secret:   '%kernel.secret%'
                lifetime: 604800 # 1 week in seconds
                path:     /
                always_remember_me: true
                name: "vision_remember"

    # Easy way to control access for large sections of your site
    # Note: Only the *first* access control that matches will be used
    access_control:
        - { path: ^/login, roles: PUBLIC_ACCESS }
        - { path: ^/register, roles: PUBLIC_ACCESS }
        - { path: ^/verify/email, roles: PUBLIC_ACCESS }
        - { path: ^/verify/password, roles: PUBLIC_ACCESS }
        - { path: ^/reset-password, roles: PUBLIC_ACCESS }
        - { path: ^/share, roles: PUBLIC_ACCESS }
        - { path: ^/admin, roles: ROLE_ADMIN }
        - { path: ^/, roles: IS_AUTHENTICATED_REMEMBERED } #IS_AUTHENTICATED_REMEMBERED= user is logged, with form or with cookie