101 lines
3.3 KiB
PHP
101 lines
3.3 KiB
PHP
<?php
|
|
|
|
namespace App\Providers;
|
|
|
|
use App\Actions\Jetstream\DeleteUser;
|
|
use App\Http\Livewire\ProfileUser\UpdateProfilePersonalForm;
|
|
use App\Http\Livewire\Profile\DeleteUserForm;
|
|
use App\Http\Livewire\Profile\TwoFactorAuthenticationForm;
|
|
use App\Http\Livewire\Profile\UpdatePasswordForm;
|
|
use App\Http\Livewire\Profile\UpdateProfilePhoneForm;
|
|
use App\Models\User;
|
|
use Carbon\Carbon;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Blade;
|
|
use Illuminate\Support\Facades\Hash;
|
|
use Illuminate\Support\ServiceProvider;
|
|
use Laravel\Fortify\Fortify;
|
|
use Laravel\Jetstream\Jetstream;
|
|
use Livewire\Livewire;
|
|
|
|
|
|
class JetstreamServiceProvider extends ServiceProvider
|
|
{
|
|
/**
|
|
* Register any application services.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function register()
|
|
{
|
|
$this->registerComponent('toaster');
|
|
}
|
|
|
|
/**
|
|
* Bootstrap any application services.
|
|
*
|
|
* @return void
|
|
*/
|
|
public function boot()
|
|
{
|
|
// Jetstream::ignoreRoutes(); // Completely disable Jetstream routes, stops Jetstream-specific routes (teams, profile, API tokens, etc.).
|
|
|
|
$this->configurePermissions();
|
|
|
|
Jetstream::deleteUsersUsing(DeleteUser::class);
|
|
//TODO: fix this registration. Why is it registered here and like this?
|
|
Livewire::component('profile-user.update-profile-personal-form', UpdateProfilePersonalForm::class);
|
|
Livewire::component('profile-user.update-profile-phone-form', UpdateProfilePhoneForm::class);
|
|
|
|
// Register customized Jetstream DeleteUserForm
|
|
Livewire::component('profile.delete-user-form', DeleteUserForm::class);
|
|
|
|
// CRITICAL SECURITY: Register custom TwoFactorAuthenticationForm with authorization checks
|
|
// This overrides the vendor Jetstream component to prevent IDOR attacks
|
|
Livewire::component('profile.two-factor-authentication-form', TwoFactorAuthenticationForm::class);
|
|
|
|
// CRITICAL SECURITY: Register custom UpdatePasswordForm with authorization checks
|
|
// This overrides the vendor Jetstream component to prevent unauthorized password changes
|
|
Livewire::component('profile.update-password-form', UpdatePasswordForm::class);
|
|
|
|
|
|
// Register LoginResponse for conditional redirects in Http/Responses/LoginResponse.php
|
|
// This is used to load language preference after login
|
|
$this->app->singleton(
|
|
\Laravel\Fortify\Contracts\LoginResponse::class,
|
|
\App\Http\Responses\LoginResponse::class
|
|
);
|
|
|
|
// Register TwofactorLoginResponse for conditional redirects in Http/Responses/LoginResponse.php
|
|
// This is used to load language preference after login
|
|
$this->app->singleton(
|
|
\Laravel\Fortify\Contracts\TwoFactorLoginResponse::class,
|
|
\App\Http\Responses\LoginResponse::class
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Configure the permissions that are available within the application.
|
|
*
|
|
* @return void
|
|
*/
|
|
protected function configurePermissions()
|
|
{
|
|
Jetstream::defaultApiTokenPermissions(['read']);
|
|
|
|
Jetstream::permissions([
|
|
'create',
|
|
'read',
|
|
'update',
|
|
'delete',
|
|
]);
|
|
}
|
|
|
|
protected function registerComponent(string $component)
|
|
{
|
|
Blade::component('components.' . $component, $component);
|
|
}
|
|
|
|
}
|