[1.x] Route Confirm Password remains active even when I disable all features

[leo95batista]

• Fortify Version: 1.5.0
• Laravel Version: 8.6.0
• PHP Version: 7.4.7
• Database Driver & Version:

Description:

When I disable all the features within the fortify.php configuration file

    'features' => [
        //
    ],

the default Fortify routes are disabled, but the password confirmation route is still enabled. Is this a bug, or is it intentionally defined that way?

Steps To Reproduce:

1. Run laraven new app
2. Run composer require laravel/fortify
3. Run php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider"
4. Go to config/fortify.php and remove all keys within features array
5. Run php artisan route:list

I think there should be a conditional that groups these routes in the routes.php file.

fortify/routes/routes.php

Lines 95 to 104 in 77bd46a

	Route::get('/user/confirm-password', [ConfirmablePasswordController::class, 'show'])
	->middleware(['auth'])
	->name('password.confirm');
	Route::post('/user/confirm-password', [ConfirmablePasswordController::class, 'store'])
	->middleware(['auth']);
	Route::get('/user/confirmed-password-status', [ConfirmedPasswordStatusController::class, 'show'])
	->middleware(['auth'])
	->name('password.confirmation');

[DarthShmev]

Make sure you've cached your config and routes after making those changes.

php artisan config:cache
Then:
php artisan route:cache

[driesvints]

Sounds like a feature request. Feel free to PR something 👍