Initial commit

app/Providers/JetstreamServiceProvider.php

@@ -0,0 +1,100 @@
+<?php
+
+namespace App\Providers;
+
+use App\Actions\Jetstream\DeleteUser;
+use App\Http\Livewire\ProfileUser\UpdateProfilePersonalForm;
+use App\Http\Livewire\Profile\DeleteUserForm;
+use App\Http\Livewire\Profile\TwoFactorAuthenticationForm;
+use App\Http\Livewire\Profile\UpdatePasswordForm;
+use App\Http\Livewire\Profile\UpdateProfilePhoneForm;
+use App\Models\User;
+use Carbon\Carbon;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Blade;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\ServiceProvider;
+use Laravel\Fortify\Fortify;
+use Laravel\Jetstream\Jetstream;
+use Livewire\Livewire;
+
+
+class JetstreamServiceProvider extends ServiceProvider
+{
+    /**
+     * Register any application services.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->registerComponent('toaster');
+    }
+
+    /**
+     * Bootstrap any application services.
+     *
+     * @return void
+     */
+    public function boot()
+    {
+        // Jetstream::ignoreRoutes(); // Completely disable Jetstream routes, stops Jetstream-specific routes (teams, profile, API tokens, etc.).
+
+        $this->configurePermissions();
+
+        Jetstream::deleteUsersUsing(DeleteUser::class);
+        //TODO: fix this registration.  Why is it registered here and like this?
+        Livewire::component('profile-user.update-profile-personal-form', UpdateProfilePersonalForm::class);
+        Livewire::component('profile-user.update-profile-phone-form', UpdateProfilePhoneForm::class);
+
+        // Register customized Jetstream DeleteUserForm
+        Livewire::component('profile.delete-user-form', DeleteUserForm::class);
+
+        // CRITICAL SECURITY: Register custom TwoFactorAuthenticationForm with authorization checks
+        // This overrides the vendor Jetstream component to prevent IDOR attacks
+        Livewire::component('profile.two-factor-authentication-form', TwoFactorAuthenticationForm::class);
+
+        // CRITICAL SECURITY: Register custom UpdatePasswordForm with authorization checks
+        // This overrides the vendor Jetstream component to prevent unauthorized password changes
+        Livewire::component('profile.update-password-form', UpdatePasswordForm::class);
+
+
+        // Register LoginResponse for conditional redirects in Http/Responses/LoginResponse.php
+        // This is used to load language preference after login
+        $this->app->singleton(
+            \Laravel\Fortify\Contracts\LoginResponse::class,
+            \App\Http\Responses\LoginResponse::class
+        );
+
+        // Register TwofactorLoginResponse for conditional redirects in Http/Responses/LoginResponse.php
+        // This is used to load language preference after login
+        $this->app->singleton(
+            \Laravel\Fortify\Contracts\TwoFactorLoginResponse::class,
+            \App\Http\Responses\LoginResponse::class
+        );
+    }
+
+    /**
+     * Configure the permissions that are available within the application.
+     *
+     * @return void
+     */
+    protected function configurePermissions()
+    {
+        Jetstream::defaultApiTokenPermissions(['read']);
+
+        Jetstream::permissions([
+            'create',
+            'read',
+            'update',
+            'delete',
+        ]);
+    }
+
+    protected function registerComponent(string $component)
+    {
+        Blade::component('components.' . $component, $component);
+    }
+
+}