[12.x] Disable password grant by default (#1715)

hafezdivandari · taylorotwell · web-flow · commit f2d6e9ec3e98 · 2024-02-09T09:13:28.000-06:00
* disable password grant by default

* add `enablePasswordGrant` method

* update upgrade guide

* Update UPGRADE.md

---------

Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/UPGRADE.md b/UPGRADE.md
@@ -12,6 +12,17 @@ Passport 12.0 no longer automatically loads migrations from its own migrations d
 php artisan vendor:publish --tag=passport-migrations
 ```
 
+### Password Grant Type
+
+The password grant type is disabled by default. You may enable it by calling the `enablePasswordGrant` method in the `boot` method of your application's `App\Providers\AppServiceProvider` class:
+
+```php
+public function boot(): void
+{
+    Passport::enablePasswordGrant();
+}
+```
+
 ## Upgrading To 11.0 From 10.x
 
 ### Minimum PHP Version
diff --git a/src/Passport.php b/src/Passport.php
@@ -26,7 +26,7 @@ class Passport
      *
      * @var bool|null
      */
-    public static $passwordGrantEnabled = true;
+    public static $passwordGrantEnabled = false;
 
     /**
      * The default scope.
@@ -196,6 +196,18 @@ public static function enableImplicitGrant()
         return new static;
     }
 
+    /**
+     * Enable the password grant type.
+     *
+     * @return static
+     */
+    public static function enablePasswordGrant()
+    {
+        static::$passwordGrantEnabled = true;
+
+        return new static;
+    }
+
     /**
      * Set the default scope(s). Multiple scopes may be an array or specified delimited by spaces.
      *
diff --git a/tests/Feature/AccessTokenControllerTest.php b/tests/Feature/AccessTokenControllerTest.php
@@ -106,6 +106,8 @@ public function testGettingAccessTokenWithPasswordGrant()
     {
         $this->withoutExceptionHandling();
 
+        Passport::enablePasswordGrant();
+
         $password = 'foobar123';
         $user = UserFactory::new()->create([
             'email' => 'foo@gmail.com',
@@ -153,6 +155,8 @@ public function testGettingAccessTokenWithPasswordGrant()
 
     public function testGettingAccessTokenWithPasswordGrantWithInvalidPassword()
     {
+        Passport::enablePasswordGrant();
+
         $password = 'foobar123';
         $user = UserFactory::new()->create([
             'email' => 'foo@gmail.com',
@@ -196,6 +200,8 @@ public function testGettingAccessTokenWithPasswordGrantWithInvalidPassword()
 
     public function testGettingAccessTokenWithPasswordGrantWithInvalidClientSecret()
     {
+        Passport::enablePasswordGrant();
+
         $password = 'foobar123';
         $user = UserFactory::new()->create([
             'email' => 'foo@gmail.com',
