349b4629be
Also implemented more elegant solution to allowing session auth for API routes; A new 'StartSessionIfCookieExists' middleware, which wraps the default 'StartSession' middleware will run for API routes which only sets up the session if a session cookie is found on the request. Also decrypts only the session cookie. Also cleaned some TokenController codeclimate warnings.
71 lines
2.2 KiB
PHP
71 lines
2.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Authentication configuration options.
|
|
*
|
|
* Changes to these config files are not supported by BookStack and may break upon updates.
|
|
* Configuration should be altered via the `.env` file or environment variables.
|
|
* Do not edit this file unless you're happy to maintain any changes yourself.
|
|
*/
|
|
|
|
return [
|
|
|
|
// Method of authentication to use
|
|
// Options: standard, ldap
|
|
'method' => env('AUTH_METHOD', 'standard'),
|
|
|
|
// Authentication Defaults
|
|
// This option controls the default authentication "guard" and password
|
|
// reset options for your application.
|
|
'defaults' => [
|
|
'guard' => 'web',
|
|
'passwords' => 'users',
|
|
],
|
|
|
|
// Authentication Guards
|
|
// All authentication drivers have a user provider. This defines how the
|
|
// users are actually retrieved out of your database or other storage
|
|
// mechanisms used by this application to persist your user's data.
|
|
// Supported: "session", "token"
|
|
'guards' => [
|
|
'web' => [
|
|
'driver' => 'session',
|
|
'provider' => 'users',
|
|
],
|
|
|
|
'api' => [
|
|
'driver' => 'api-token',
|
|
],
|
|
],
|
|
|
|
// User Providers
|
|
// All authentication drivers have a user provider. This defines how the
|
|
// users are actually retrieved out of your database or other storage
|
|
// mechanisms used by this application to persist your user's data.
|
|
// Supported: database, eloquent, ldap
|
|
'providers' => [
|
|
'users' => [
|
|
'driver' => env('AUTH_METHOD', 'standard') === 'standard' ? 'eloquent' : env('AUTH_METHOD'),
|
|
'model' => \BookStack\Auth\User::class,
|
|
],
|
|
|
|
// 'users' => [
|
|
// 'driver' => 'database',
|
|
// 'table' => 'users',
|
|
// ],
|
|
],
|
|
|
|
// Resetting Passwords
|
|
// The expire time is the number of minutes that the reset token should be
|
|
// considered valid. This security feature keeps tokens short-lived so
|
|
// they have less time to be guessed. You may change this as needed.
|
|
'passwords' => [
|
|
'users' => [
|
|
'provider' => 'users',
|
|
'email' => 'emails.password',
|
|
'table' => 'password_resets',
|
|
'expire' => 60,
|
|
],
|
|
],
|
|
|
|
];
|