From 1ad047fb6bb4243efdb766a736099e03becd92d9 Mon Sep 17 00:00:00 2001 From: Heyang Gong Date: Tue, 10 Mar 2026 08:17:33 +0800 Subject: [PATCH] fix: OAuth-only enforcement and migration dates - Fix migration dates from 2025 to 2026 - Add OAuth-only enforcement in Fortify authentication - Prevent OAuth-only users from resetting passwords - Prevent OAuth-only users from updating passwords --- app/Actions/Fortify/ResetUserPassword.php | 5 +++++ app/Actions/Fortify/UpdateUserPassword.php | 5 +++++ app/Providers/FortifyServiceProvider.php | 5 +++++ ...=> 2026_03_10_080000_add_oauth_registration_settings.php} | 0 ...ers.php => 2026_03_10_080001_add_oauth_only_to_users.php} | 0 5 files changed, 15 insertions(+) rename database/migrations/{2025_03_10_080000_add_oauth_registration_settings.php => 2026_03_10_080000_add_oauth_registration_settings.php} (100%) rename database/migrations/{2025_03_10_080001_add_oauth_only_to_users.php => 2026_03_10_080001_add_oauth_only_to_users.php} (100%) diff --git a/app/Actions/Fortify/ResetUserPassword.php b/app/Actions/Fortify/ResetUserPassword.php index 158996c90..cc28b3036 100644 --- a/app/Actions/Fortify/ResetUserPassword.php +++ b/app/Actions/Fortify/ResetUserPassword.php @@ -17,6 +17,11 @@ class ResetUserPassword implements ResetsUserPasswords */ public function reset(User $user, array $input): void { + // Prevent OAuth-only users from resetting passwords + if ($user->oauth_only) { + throw new \Exception('OAuth-only users cannot reset passwords.'); + } + Validator::make($input, [ 'password' => ['required', Password::defaults(), 'confirmed'], ])->validate(); diff --git a/app/Actions/Fortify/UpdateUserPassword.php b/app/Actions/Fortify/UpdateUserPassword.php index 0c51ec56d..2b3f90207 100644 --- a/app/Actions/Fortify/UpdateUserPassword.php +++ b/app/Actions/Fortify/UpdateUserPassword.php @@ -17,6 +17,11 @@ class UpdateUserPassword implements UpdatesUserPasswords */ public function update(User $user, array $input): void { + // Prevent OAuth-only users from updating passwords + if ($user->oauth_only) { + throw new \Exception('OAuth-only users cannot update passwords.'); + } + Validator::make($input, [ 'current_password' => ['required', 'string', 'current_password:web'], 'password' => ['required', Password::defaults(), 'confirmed'], diff --git a/app/Providers/FortifyServiceProvider.php b/app/Providers/FortifyServiceProvider.php index 85f38b967..c062fbee3 100644 --- a/app/Providers/FortifyServiceProvider.php +++ b/app/Providers/FortifyServiceProvider.php @@ -78,6 +78,11 @@ class FortifyServiceProvider extends ServiceProvider $user && Hash::check($request->password, $user->password) ) { + // Prevent OAuth-only users from logging in with password + if ($user->oauth_only) { + return null; + } + $user->updated_at = now(); $user->save(); diff --git a/database/migrations/2025_03_10_080000_add_oauth_registration_settings.php b/database/migrations/2026_03_10_080000_add_oauth_registration_settings.php similarity index 100% rename from database/migrations/2025_03_10_080000_add_oauth_registration_settings.php rename to database/migrations/2026_03_10_080000_add_oauth_registration_settings.php diff --git a/database/migrations/2025_03_10_080001_add_oauth_only_to_users.php b/database/migrations/2026_03_10_080001_add_oauth_only_to_users.php similarity index 100% rename from database/migrations/2025_03_10_080001_add_oauth_only_to_users.php rename to database/migrations/2026_03_10_080001_add_oauth_only_to_users.php