chore: remove Fortify in preparation for ATProto OAuth
Tear down the password-based auth stack the starter kit installs via
Laravel Fortify so the branch is ready for ATProto OAuth through
Socialite + revolution/laravel-bluesky. The wire-up of the new auth
layer lands in a follow-up.
Removed:
- laravel/fortify from composer.json
- FortifyServiceProvider (+ bootstrap/providers.php registration)
- Fortify actions (CreateNewUser, ResetUserPassword)
- config/fortify.php
- SecurityController + password/2FA request classes
- 2FA migration (add_two_factor_columns_to_users_table)
- Fortify-shaped Inertia auth pages (login, register, forgot-password,
reset-password, verify-email, confirm-password, two-factor-challenge)
and settings/security page
- Two-factor React components + use-two-factor-auth hook + input-otp ui
- All tests/Feature/Auth Pest tests + tests/Feature/Settings/SecurityTest
Cleaned:
- routes/web.php (drop Fortify Features import, canRegister prop,
verified middleware on dashboard)
- routes/settings.php (drop security/password routes)
- User model (drop TwoFactorAuthenticatable trait, 2FA hidden fields,
two_factor_confirmed_at cast)
- tests/TestCase.php (drop skipUnlessFortifyHas helper)
- resources/js/types/auth.ts (drop 2FA types)
- resources/js/pages/welcome.tsx (drop login/register from @/routes,
drop canRegister prop, drop register CTA)
- resources/js/pages/settings/profile.tsx (drop verify-email section)
- resources/js/components/user-menu-content.tsx (swap logout() helper
for plain /logout path so the link survives until 6b adds the route)
Known broken state (to be fixed in Step 6b): /login + /logout routes
no longer exist; user-menu logout link and any /login visit return 404
until the ATProto wire-up adds replacements.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>