fix: OAuth-only enforcement and migration dates

- Fix migration dates from 2025 to 2026
- Add OAuth-only enforcement in Fortify authentication
- Prevent OAuth-only users from resetting passwords
- Prevent OAuth-only users from updating passwords
This commit is contained in:
Heyang Gong 2026-03-10 08:17:33 +08:00
parent 9832b210e2
commit 1ad047fb6b
5 changed files with 15 additions and 0 deletions

View file

@ -17,6 +17,11 @@ class ResetUserPassword implements ResetsUserPasswords
*/
public function reset(User $user, array $input): void
{
// Prevent OAuth-only users from resetting passwords
if ($user->oauth_only) {
throw new \Exception('OAuth-only users cannot reset passwords.');
}
Validator::make($input, [
'password' => ['required', Password::defaults(), 'confirmed'],
])->validate();

View file

@ -17,6 +17,11 @@ class UpdateUserPassword implements UpdatesUserPasswords
*/
public function update(User $user, array $input): void
{
// Prevent OAuth-only users from updating passwords
if ($user->oauth_only) {
throw new \Exception('OAuth-only users cannot update passwords.');
}
Validator::make($input, [
'current_password' => ['required', 'string', 'current_password:web'],
'password' => ['required', Password::defaults(), 'confirmed'],

View file

@ -78,6 +78,11 @@ class FortifyServiceProvider extends ServiceProvider
$user &&
Hash::check($request->password, $user->password)
) {
// Prevent OAuth-only users from logging in with password
if ($user->oauth_only) {
return null;
}
$user->updated_at = now();
$user->save();