Fixed Laravel passport migrations

korridor · korridor · commit 3d58f570bd5a · 2025-07-17T11:47:34.000+02:00
diff --git a/database/migrations/2025_06_30_132538_update_oauth_clients_table.php b/database/migrations/2025_06_30_132538_update_oauth_clients_table.php
@@ -21,27 +21,45 @@ public function up(): void
             $table->renameColumn('user_id', 'owner_id');
             $table->string('owner_type')->after('owner_id')->nullable();
         });
+
         DB::table('oauth_clients')
-            ->where('personal_access_client', 1)
-            ->update(['grant_types' => ['personal_access']]);
-        DB::table('oauth_clients')
-            ->where('password_client', 1)
-            ->update(['grant_types' => ['password', 'refresh_token']]);
-        DB::table('oauth_clients')
-            ->where('password_client', 0)
-            ->where('personal_access_client', 0)
-            ->update(['grant_types' => ['client_credentials']]);
+            ->where('redirect', '=', 'http://localhost')
+            ->where('personal_access_client', '=', true)
+            ->update(['redirect' => '']);
 
         DB::table('oauth_clients')
             ->whereNotNull('owner_id')
             ->update(['owner_type' => 'user']); // Value might be class name of the owner model, depends on if you use "enforceMorphMap"
 
         DB::table('oauth_clients')->eachById(function ($client): void {
-            $redirectUris = [$client->redirect];
+            $grantTypes = ['urn:ietf:params:oauth:grant-type:device_code', 'refresh_token'];
+            $confidential = ! empty($client->secret);
+            $noRedirect = empty($client->redirect);
+            $redirectUris = $noRedirect ? [] : [$client->redirect];
+            $firstParty = empty($client->owner_id);
+
+            if (! $noRedirect) {
+                $grantTypes[] = 'authorization_code';
+                $grantTypes[] = 'implicit';
+            }
+
+            if ($confidential && $firstParty) {
+                $grantTypes[] = 'client_credentials';
+            }
+
+            if ($client->personal_access_client && $confidential) {
+                $grantTypes[] = 'personal_access';
+            }
+
+            if ($client->password_client) {
+                $grantTypes[] = 'password';
+            }
+
             DB::table('oauth_clients')
                 ->where('id', $client->id)
                 ->update([
                     'redirect_uris' => $redirectUris,
+                    'grant_types' => $grantTypes,
                 ]);
         });
 
diff --git a/database/migrations/2025_07_15_105949_hash_oauth_clients.php b/database/migrations/2025_07_15_105949_hash_oauth_clients.php
@@ -12,7 +12,7 @@
     public function up(): void
     {
         // This could be optimized to run all the updates in the eachById
-        DB::table('oauth_clients')->eachById(function ($client): void {
+        DB::table('oauth_clients')->whereNotNull('secret')->eachById(function ($client): void {
             $secret = $client->secret;
             if (Hash::isHashed($secret) && ! Hash::needsRehash($secret)) {
                 return; // Already hashed and not needing rehash

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`public function up(): void`
`13`	`13`	`{`
`14`	`14`	`// This could be optimized to run all the updates in the eachById`
`15`		`- DB::table('oauth_clients')->eachById(function ($client): void {`
	`15`	`+ DB::table('oauth_clients')->whereNotNull('secret')->eachById(function ($client): void {`
`16`	`16`	`$secret = $client->secret;`
`17`	`17`	`if (Hash::isHashed($secret) && ! Hash::needsRehash($secret)) {`
`18`	`18`	`return; // Already hashed and not needing rehash`