diff --git a/src/app/Observers/TokenObserver.php b/src/app/Observers/TokenObserver.php --- a/src/app/Observers/TokenObserver.php +++ b/src/app/Observers/TokenObserver.php @@ -9,9 +9,9 @@ public function creating(Token $token): void { $scopes = $token->scopes; - $allowedScopes = $token->client->getAllowedScopes(); + $allowedScopes = (\App\PassportClient)($token->client)->getAllowedScopes(); if (!empty($allowedScopes)) { - $scopes = array_intersect($scopes, $token->client->getAllowedScopes()); + $scopes = array_intersect($scopes, (\App\PassportClient)($token->client)->getAllowedScopes()); } $scopes = array_unique($scopes, SORT_REGULAR); $token->scopes = $scopes; diff --git a/src/app/PassportClient.php b/src/app/PassportClient.php --- a/src/app/PassportClient.php +++ b/src/app/PassportClient.php @@ -9,14 +9,10 @@ */ class PassportClient extends \Laravel\Passport\Client { - public function __construct(array $attributes = []) - { - $this->mergeCasts([ - 'allowed_scopes' => 'array', - ]); - - parent::__construct($attributes); - } + /** @var array The attributes that should be cast */ + protected $casts = [ + 'allowed_scopes' => 'array', + ]; public function getAllowedScopes(): array { diff --git a/src/config/app.php b/src/config/app.php --- a/src/config/app.php +++ b/src/config/app.php @@ -278,5 +278,8 @@ 'woat_ns2' => env('WOAT_NS2', 'ns02.' . env('APP_DOMAIN')), 'ratelimit_whitelist' => explode(',', env('RATELIMIT_WHITELIST', '')), - 'companion_download_link' => env('COMPANION_DOWNLOAD_LINK', "https://mirror.apheleia-it.ch/pub/companion-app-beta.apk") + 'companion_download_link' => env( + 'COMPANION_DOWNLOAD_LINK', + "https://mirror.apheleia-it.ch/pub/companion-app-beta.apk" + ) ]; diff --git a/src/resources/lang/en/ui.php b/src/resources/lang/en/ui.php --- a/src/resources/lang/en/ui.php +++ b/src/resources/lang/en/ui.php @@ -69,8 +69,10 @@ 'list-empty' => "There are currently no devices", 'delete' => "Delete/Unpair", 'delete-companion' => "Delete/Unpair", - 'delete-text' => "You are about to delete this entry and unpair any paired companion app. This cannot be undone, but you can re-pair the device.", - 'pairing-successful' => "Your companion app is paired and ready to be used as multi-factor authentication device.", + 'delete-text' => "You are about to delete this entry and unpair any paired companion app. " . + "This cannot be undone, but you can re-pair the device.", + 'pairing-successful' => "Your companion app is paired and ready to be used " . + "as multi-factor authentication device.", ], 'dashboard' => [ diff --git a/src/routes/api.php b/src/routes/api.php --- a/src/routes/api.php +++ b/src/routes/api.php @@ -81,7 +81,8 @@ ], function () { Route::apiResource('companions', API\V4\CompanionAppsController::class); - //This must not be accessible with the 2fa token to prevent an attacker from pairing a new device with a stolen token. + // This must not be accessible with the 2fa token, + // to prevent an attacker from pairing a new device with a stolen token. Route::get('companions/{id}/pairing', [API\V4\CompanionAppsController::class, 'pairing']); Route::apiResource('domains', API\V4\DomainsController::class);