[13.x] Validate key files' permissions (#1789)

hafezdivandari · web-flow · commit b9075861f95f · 2025-02-17T10:26:59.000-06:00
* validate key permissions

* oauth2-server handles Windows
diff --git a/src/Passport.php b/src/Passport.php
@@ -20,7 +20,7 @@ class Passport
     /**
      * Indicates if Passport should validate the permissions of its encryption keys.
      */
-    public static bool $validateKeyPermissions = false;
+    public static bool $validateKeyPermissions = true;
 
     /**
      * Indicates if the refresh token should be revoked after use.
diff --git a/src/PassportServiceProvider.php b/src/PassportServiceProvider.php
@@ -255,7 +255,7 @@ protected function makeCryptKey(string $type): CryptKey
             $key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');
         }
 
-        return new CryptKey($key, null, Passport::$validateKeyPermissions && ! windows_os());
+        return new CryptKey($key, null, Passport::$validateKeyPermissions);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ protected function makeCryptKey(string $type): CryptKey`
`255`	`255`	`$key = 'file://'.Passport::keyPath('oauth-'.$type.'.key');`
`256`	`256`	`}`
`257`	`257`
`258`		`- return new CryptKey($key, null, Passport::$validateKeyPermissions && ! windows_os());`
	`258`	`+ return new CryptKey($key, null, Passport::$validateKeyPermissions);`
`259`	`259`	`}`
`260`	`260`
`261`	`261`	`/**`