Revert "Upgrade Passport to v13 and move php-jwt to v7 to remediate JWT advisory"

2026-03-12 17:52:00 +08:00 · 2026-03-08 12:29:56 +00:00
parent a2efcf1ca9
commit 0a724cc49a
8 changed files with 553 additions and 819 deletions
--- a/.github/workflows/tests-mysql.yml
+++ b/.github/workflows/tests-mysql.yml
@@ -69,8 +69,6 @@ jobs:
          php artisan migrate --force
          php artisan passport:install --no-interaction
          chmod -R 777 storage bootstrap/cache
-          chmod 600 storage/oauth-private.key
-          chmod 660 storage/oauth-public.key

      - name: Execute tests (Unit and Feature tests) via PHPUnit
        env:
--- a/.github/workflows/tests-postgres.yml
+++ b/.github/workflows/tests-postgres.yml
@@ -67,8 +67,6 @@ jobs:
          php artisan migrate --force
          php artisan passport:install --no-interaction
          chmod -R 777 storage bootstrap/cache
-          chmod 600 storage/oauth-private.key
-          chmod 660 storage/oauth-public.key

      - name: Execute tests (Unit and Feature tests) via PHPUnit
        env:
--- a/.github/workflows/tests-sqlite.yml
+++ b/.github/workflows/tests-sqlite.yml
@@ -56,10 +56,7 @@ jobs:
        run: php artisan passport:keys

      - name: Directory Permissions
-        run: |
-          chmod -R 777 storage bootstrap/cache
-          chmod 600 storage/oauth-private.key
-          chmod 660 storage/oauth-public.key
+        run: chmod -R 777 storage bootstrap/cache

      - name: Execute tests (Unit and Feature tests) via PHPUnit
        env:
--- a/app/Http/Controllers/Api/ProfileController.php
+++ b/app/Http/Controllers/Api/ProfileController.php
@@ -166,17 +166,7 @@ class ProfileController extends Controller
        
        $tokens = $this->tokenRepository->forUser(auth()->user()->getAuthIdentifier());
        $token_values = $tokens->load('client')->filter(function ($token) {
-            if ($token->revoked || ! $token->client) {
-                return false;
-            }
-
-            $client = $token->client;
-
-            if (method_exists($client, 'hasGrantType')) {
-                return $client->hasGrantType('personal_access');
-            }
-
-            return in_array('personal_access', (array) ($client->grant_types ?? []), true);
+            return $token->client->personal_access_client && ! $token->revoked;
        })->values();

        return response()->json(Helper::formatStandardApiResponse('success', $token_values, null));
--- a/app/Http/Controllers/SetupController.php
+++ b/app/Http/Controllers/SetupController.php
@@ -265,4 +265,6 @@ class SetupController extends Controller



+
+
 }
--- a/composer.json
+++ b/composer.json
@@ -46,7 +46,7 @@
    "laravel-notification-channels/microsoft-teams": "^1.2",
    "laravel/framework": "^11.0",
    "laravel/helpers": "^1.4",
-    "laravel/passport": "^13.0",
+    "laravel/passport": "^12.0",
    "laravel/slack-notification-channel": "^3.4",
    "laravel/socialite": "^5.6",
    "laravel/tinker": "^2.6",
--- a/composer.lock
+++ b/composer.lock
--- a/upgrade.php
+++ b/upgrade.php
@@ -612,13 +612,6 @@ if ((!file_exists('storage/oauth-public.key')) || (!file_exists('storage/oauth-p
    echo $success_icon." OAuth keys detected. Skipping passport install.\n\n";
 }

-// Normalize key permissions for Passport 13 (covers both fresh installs and upgrades)
-if (PHP_OS !== 'WINNT') {
-    if (file_exists('storage/oauth-private.key')) chmod('storage/oauth-private.key', 0600);
-    if (file_exists('storage/oauth-public.key'))  chmod('storage/oauth-public.key', 0660);
-    echo $success_icon." OAuth key permissions normalized.\n\n";
-}
-

 echo "\e[95m--------------------------------------------------------\n";
 echo "STEP 11: Taking application out of maintenance mode:\n";
				`@@ -265,4 +265,6 @@ class SetupController extends Controller`





				`}`