mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Merge 058ec42699 into fc8f18a534
This commit is contained in:
commit
2774796a1f
9 changed files with 113 additions and 2 deletions
|
|
@ -6,6 +6,7 @@ use App\Models\User;
|
|||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Laravel\Fortify\Contracts\ResetsUserPasswords;
|
||||
|
||||
class ResetUserPassword implements ResetsUserPasswords
|
||||
|
|
@ -17,6 +18,14 @@ class ResetUserPassword implements ResetsUserPasswords
|
|||
*/
|
||||
public function reset(User $user, array $input): void
|
||||
{
|
||||
$settings = instanceSettings();
|
||||
// Prevent OAuth-only users from resetting passwords
|
||||
if ($settings->oauth_only || $user->oauth_only) {
|
||||
throw ValidationException::withMessages([
|
||||
'email' => __('Password reset is disabled for OAuth-only accounts.'),
|
||||
]);
|
||||
}
|
||||
|
||||
Validator::make($input, [
|
||||
'password' => ['required', Password::defaults(), 'confirmed'],
|
||||
])->validate();
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use App\Models\User;
|
|||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Validation\Rules\Password;
|
||||
use Illuminate\Validation\ValidationException;
|
||||
use Laravel\Fortify\Contracts\UpdatesUserPasswords;
|
||||
|
||||
class UpdateUserPassword implements UpdatesUserPasswords
|
||||
|
|
@ -17,6 +18,14 @@ class UpdateUserPassword implements UpdatesUserPasswords
|
|||
*/
|
||||
public function update(User $user, array $input): void
|
||||
{
|
||||
$settings = instanceSettings();
|
||||
// Prevent OAuth-only users from updating passwords
|
||||
if ($settings->oauth_only || $user->oauth_only) {
|
||||
throw ValidationException::withMessages([
|
||||
'current_password' => __('Password update is disabled for OAuth-only accounts.'),
|
||||
]);
|
||||
}
|
||||
|
||||
Validator::make($input, [
|
||||
'current_password' => ['required', 'string', 'current_password:web'],
|
||||
'password' => ['required', Password::defaults(), 'confirmed'],
|
||||
|
|
|
|||
|
|
@ -22,13 +22,15 @@ class OauthController extends Controller
|
|||
$user = User::whereEmail($oauthUser->email)->first();
|
||||
if (! $user) {
|
||||
$settings = instanceSettings();
|
||||
if (! $settings->is_registration_enabled) {
|
||||
// Allow OAuth registration if either general registration OR OAuth-specific registration is enabled
|
||||
if (! $settings->is_registration_enabled && ! $settings->oauth_registration_enabled) {
|
||||
abort(403, 'Registration is disabled');
|
||||
}
|
||||
|
||||
$user = User::create([
|
||||
'name' => $oauthUser->name,
|
||||
'email' => $oauthUser->email,
|
||||
'oauth_only' => $settings->oauth_only,
|
||||
]);
|
||||
}
|
||||
Auth::login($user);
|
||||
|
|
|
|||
|
|
@ -14,6 +14,12 @@ class Advanced extends Component
|
|||
#[Validate('boolean')]
|
||||
public bool $is_registration_enabled;
|
||||
|
||||
#[Validate('boolean')]
|
||||
public bool $oauth_registration_enabled;
|
||||
|
||||
#[Validate('boolean')]
|
||||
public bool $oauth_only;
|
||||
|
||||
#[Validate('boolean')]
|
||||
public bool $do_not_track;
|
||||
|
||||
|
|
@ -41,6 +47,8 @@ class Advanced extends Component
|
|||
{
|
||||
return [
|
||||
'is_registration_enabled' => 'boolean',
|
||||
'oauth_registration_enabled' => 'boolean',
|
||||
'oauth_only' => 'boolean',
|
||||
'do_not_track' => 'boolean',
|
||||
'is_dns_validation_enabled' => 'boolean',
|
||||
'custom_dns_servers' => 'nullable|string',
|
||||
|
|
@ -62,6 +70,8 @@ class Advanced extends Component
|
|||
$this->allowed_ips = $this->settings->allowed_ips;
|
||||
$this->do_not_track = $this->settings->do_not_track;
|
||||
$this->is_registration_enabled = $this->settings->is_registration_enabled;
|
||||
$this->oauth_registration_enabled = $this->settings->oauth_registration_enabled ?? false;
|
||||
$this->oauth_only = $this->settings->oauth_only ?? false;
|
||||
$this->is_dns_validation_enabled = $this->settings->is_dns_validation_enabled;
|
||||
$this->is_api_enabled = $this->settings->is_api_enabled;
|
||||
$this->disable_two_step_confirmation = $this->settings->disable_two_step_confirmation;
|
||||
|
|
@ -142,6 +152,8 @@ class Advanced extends Component
|
|||
{
|
||||
try {
|
||||
$this->settings->is_registration_enabled = $this->is_registration_enabled;
|
||||
$this->settings->oauth_registration_enabled = $this->oauth_registration_enabled;
|
||||
$this->settings->oauth_only = $this->oauth_only;
|
||||
$this->settings->do_not_track = $this->do_not_track;
|
||||
$this->settings->is_dns_validation_enabled = $this->is_dns_validation_enabled;
|
||||
$this->settings->custom_dns_servers = $this->custom_dns_servers;
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ class User extends Authenticatable implements SendsEmail
|
|||
'force_password_reset' => 'boolean',
|
||||
'show_boarding' => 'boolean',
|
||||
'email_change_code_expires_at' => 'datetime',
|
||||
'oauth_only' => 'boolean',
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -78,6 +78,16 @@ class FortifyServiceProvider extends ServiceProvider
|
|||
$user &&
|
||||
Hash::check($request->password, $user->password)
|
||||
) {
|
||||
$settings = instanceSettings();
|
||||
// Prevent password login when global OAuth-only is enabled
|
||||
if ($settings->oauth_only) {
|
||||
return null;
|
||||
}
|
||||
// Prevent OAuth-only users from logging in with password
|
||||
if ($user->oauth_only) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$user->updated_at = now();
|
||||
$user->save();
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,29 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('instance_settings', function (Blueprint $table) {
|
||||
$table->boolean('oauth_registration_enabled')->default(false)->after('is_registration_enabled');
|
||||
$table->boolean('oauth_only')->default(false)->after('oauth_registration_enabled');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('instance_settings', function (Blueprint $table) {
|
||||
$table->dropColumn(['oauth_registration_enabled', 'oauth_only']);
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
return new class extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*/
|
||||
public function up(): void
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table) {
|
||||
$table->boolean('oauth_only')->default(false)->after('password');
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*/
|
||||
public function down(): void
|
||||
{
|
||||
Schema::table('users', function (Blueprint $table) {
|
||||
$table->dropColumn('oauth_only');
|
||||
});
|
||||
}
|
||||
};
|
||||
|
|
@ -21,6 +21,17 @@
|
|||
helper="Allow users to self-register. If disabled, only administrators can create accounts."
|
||||
label="Registration Allowed" />
|
||||
</div>
|
||||
<h4 class="pt-4">OAuth Settings</h4>
|
||||
<div class="md:w-96">
|
||||
<x-forms.checkbox instantSave id="oauth_registration_enabled"
|
||||
helper="Allow users to self-register via OAuth providers even when general registration is disabled."
|
||||
label="OAuth Registration" />
|
||||
</div>
|
||||
<div class="md:w-96">
|
||||
<x-forms.checkbox instantSave id="oauth_only"
|
||||
helper="Restrict users to OAuth-only authentication. OAuth users cannot create or use passwords. This allows centralized access control via your OAuth provider."
|
||||
label="OAuth Only" />
|
||||
</div>
|
||||
<div class="md:w-96">
|
||||
<x-forms.checkbox instantSave id="do_not_track"
|
||||
helper="Opt out of reporting this instance to coolify.io's installation count. No other data is collected."
|
||||
|
|
@ -95,4 +106,4 @@
|
|||
</div>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in a new issue