[13.x] Validate key files' permissions (#1789)

* validate key permissions * oauth2-server handles Windows
laravel · Feb 17, 2025 · b907586 · b907586
1 parent 041a795
commit b907586
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/Passport.php b/src/Passport.php
@@ -20,7 +20,7 @@ class Passport
     /**
      * Indicates if Passport should validate the permissions of its encryption keys.
      */
-    public static bool $validateKeyPermissions = false;
+    public static bool $validateKeyPermissions = true;
 
     /**
      * Indicates if the refresh token should be revoked after use.

diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php
@@ -255,7 +255,7 @@ protected function makeCryptKey(string $type): CryptKey
             $key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');
         }
 
-        return new CryptKey($key, null, Passport::$validateKeyPermissions && ! windows_os());
+        return new CryptKey($key, null, Passport::$validateKeyPermissions);
     }
 
     /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -255,7 +255,7 @@ protected function makeCryptKey(string $type): CryptKey @@
                 $key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');
             }
-            return new CryptKey($key, null, Passport::$validateKeyPermissions && ! windows_os());
+            return new CryptKey($key, null, Passport::$validateKeyPermissions);
         }
         /**
@@ Expand Down @@