Move to Symfony Flex

The structure changed completely.
Bundles are gone. Everything is flatten in the folder `src`.
I separated import & api controllers to avoid _pollution_ in the main controller folder.

config/packages/security.yaml

@@ -0,0 +1,81 @@
+security:
+    encoders:
+        FOS\UserBundle\Model\UserInterface: sha512
+
+    role_hierarchy:
+        ROLE_ADMIN: ROLE_USER
+        ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ]
+
+    providers:
+        administrators:
+            entity:
+                class: 'App\Entity\User'
+                property: username
+        fos_userbundle:
+            id: fos_user.user_provider.username_email
+
+    # the main part of the security, where you can set up firewalls
+    # for specific sections of your app
+    firewalls:
+        # disables authentication for assets and the profiler, adapt it according to your needs
+        dev:
+            pattern: ^/(_(profiler|wdt)|css|images|js)/
+            security: false
+
+        oauth_token:
+            pattern: ^/oauth/v2/token
+            security: false
+
+        api:
+            pattern: /api/.*
+            fos_oauth: true
+            stateless: true
+            anonymous: true
+            provider: fos_userbundle
+
+        login_firewall:
+            pattern: ^/login$
+            anonymous:  ~
+
+        secured_area:
+            pattern: ^/
+            form_login:
+                provider: fos_userbundle
+                csrf_token_generator: security.csrf.token_manager
+
+            anonymous: true
+            remember_me:
+                secret: "%env(APP_SECRET)%"
+                lifetime: 31536000
+                path: /
+                domain: ~
+
+            logout:
+                path:   /logout
+                target: /
+
+            two_factor:
+                provider: fos_userbundle
+                auth_form_path: 2fa_login
+                check_path: 2fa_login_check
+
+    access_control:
+        - { path: ^/api/(doc|version|info|user), roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        # force role for logout otherwise when 2fa enable, you won't be able to logout
+        # https://github.com/scheb/two-factor-bundle/issues/168#issuecomment-430822478
+        - { path: ^/logout, roles: [IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_2FA_IN_PROGRESS] }
+        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: /(unread|starred|archive|annotated|all).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/locale, role: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: /tags/(.*).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/feed, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: /(unread|starred|archive|annotated).xml$, roles: IS_AUTHENTICATED_ANONYMOUSLY } # For backwards compatibility
+        - { path: ^/share, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+        - { path: ^/settings, roles: ROLE_SUPER_ADMIN }
+        - { path: ^/annotations, roles: ROLE_USER }
+        - { path: ^/2fa, role: IS_AUTHENTICATED_2FA_IN_PROGRESS }
+        - { path: ^/users, roles: ROLE_SUPER_ADMIN }
+        - { path: ^/ignore-origin-instance-rules, roles: ROLE_SUPER_ADMIN }
+        - { path: ^/, roles: ROLE_USER }