mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
fix(auth): enforce global oauth_only and return validation errors instead of exceptions
- Add global instanceSettings()->oauth_only check in FortifyServiceProvider - ResetUserPassword: Use ValidationException instead of Exception, add global check - UpdateUserPassword: Use ValidationException instead of Exception, add global check
This commit is contained in:
parent
1ad047fb6b
commit
058ec42699
3 changed files with 17 additions and 4 deletions
|
|
@ -6,6 +6,7 @@ use App\Models\User;
|
|||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Laravel\Fortify\Contracts\ResetsUserPasswords;
|
||||
|
||||
class ResetUserPassword implements ResetsUserPasswords
|
||||
|
|
@ -17,9 +18,12 @@ class ResetUserPassword implements ResetsUserPasswords
|
|||
*/
|
||||
public function reset(User $user, array $input): void
|
||||
{
|
||||
$settings = instanceSettings();
|
||||
// Prevent OAuth-only users from resetting passwords
|
||||
if ($user->oauth_only) {
|
||||
throw new \Exception('OAuth-only users cannot reset passwords.');
|
||||
if ($settings->oauth_only || $user->oauth_only) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('Password reset is disabled for OAuth-only accounts.'),
|
||||
]);
|
||||
}
|
||||
|
||||
Validator::make($input, [
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use App\Models\User;
|
|||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Laravel\Fortify\Contracts\UpdatesUserPasswords;
|
||||
|
||||
class UpdateUserPassword implements UpdatesUserPasswords
|
||||
|
|
@ -17,9 +18,12 @@ class UpdateUserPassword implements UpdatesUserPasswords
|
|||
*/
|
||||
public function update(User $user, array $input): void
|
||||
{
|
||||
$settings = instanceSettings();
|
||||
// Prevent OAuth-only users from updating passwords
|
||||
if ($user->oauth_only) {
|
||||
throw new \Exception('OAuth-only users cannot update passwords.');
|
||||
if ($settings->oauth_only || $user->oauth_only) {
|
||||
throw ValidationException::withMessages([
|
||||
'current_password' => __('Password update is disabled for OAuth-only accounts.'),
|
||||
]);
|
||||
}
|
||||
|
||||
Validator::make($input, [
|
||||
|
|
|
|||
|
|
@ -78,6 +78,11 @@ class FortifyServiceProvider extends ServiceProvider
|
|||
$user &&
|
||||
Hash::check($request->password, $user->password)
|
||||
) {
|
||||
$settings = instanceSettings();
|
||||
// Prevent password login when global OAuth-only is enabled
|
||||
if ($settings->oauth_only) {
|
||||
return null;
|
||||
}
|
||||
// Prevent OAuth-only users from logging in with password
|
||||
if ($user->oauth_only) {
|
||||
return null;
|
||||
|
|
|
|||
Loading…
Reference in a new issue