diff --git a/app/Actions/Fortify/ResetUserPassword.php b/app/Actions/Fortify/ResetUserPassword.php index cc28b3036..a5d9e56c2 100644 --- a/app/Actions/Fortify/ResetUserPassword.php +++ b/app/Actions/Fortify/ResetUserPassword.php @@ -6,6 +6,7 @@ use App\Models\User; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; use Illuminate\Validation\Rules\Password; +use Illuminate\Validation\ValidationException; use Laravel\Fortify\Contracts\ResetsUserPasswords; class ResetUserPassword implements ResetsUserPasswords @@ -17,9 +18,12 @@ class ResetUserPassword implements ResetsUserPasswords */ public function reset(User $user, array $input): void { + $settings = instanceSettings(); // Prevent OAuth-only users from resetting passwords - if ($user->oauth_only) { - throw new \Exception('OAuth-only users cannot reset passwords.'); + if ($settings->oauth_only || $user->oauth_only) { + throw ValidationException::withMessages([ + 'email' => __('Password reset is disabled for OAuth-only accounts.'), + ]); } Validator::make($input, [ diff --git a/app/Actions/Fortify/UpdateUserPassword.php b/app/Actions/Fortify/UpdateUserPassword.php index 2b3f90207..b00dab5c0 100644 --- a/app/Actions/Fortify/UpdateUserPassword.php +++ b/app/Actions/Fortify/UpdateUserPassword.php @@ -6,6 +6,7 @@ use App\Models\User; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; use Illuminate\Validation\Rules\Password; +use Illuminate\Validation\ValidationException; use Laravel\Fortify\Contracts\UpdatesUserPasswords; class UpdateUserPassword implements UpdatesUserPasswords @@ -17,9 +18,12 @@ class UpdateUserPassword implements UpdatesUserPasswords */ public function update(User $user, array $input): void { + $settings = instanceSettings(); // Prevent OAuth-only users from updating passwords - if ($user->oauth_only) { - throw new \Exception('OAuth-only users cannot update passwords.'); + if ($settings->oauth_only || $user->oauth_only) { + throw ValidationException::withMessages([ + 'current_password' => __('Password update is disabled for OAuth-only accounts.'), + ]); } Validator::make($input, [ diff --git a/app/Providers/FortifyServiceProvider.php b/app/Providers/FortifyServiceProvider.php index c062fbee3..a63e69503 100644 --- a/app/Providers/FortifyServiceProvider.php +++ b/app/Providers/FortifyServiceProvider.php @@ -78,6 +78,11 @@ class FortifyServiceProvider extends ServiceProvider $user && Hash::check($request->password, $user->password) ) { + $settings = instanceSettings(); + // Prevent password login when global OAuth-only is enabled + if ($settings->oauth_only) { + return null; + } // Prevent OAuth-only users from logging in with password if ($user->oauth_only) { return null;