Update to Kirby 5

2025-07-11 14:41:34 +02:00 · 2025-07-11 14:41:34 +02:00 · 0fefc5e2e1
commit 0fefc5e2e1
parent 5d9979fca8
472 changed files with 30853 additions and 10301 deletions
--- a/kirby/config/api/authentication.php
+++ b/kirby/config/api/authentication.php
@ -11,17 +11,17 @@ return function () {
 		$auth->type($allowImpersonation) === 'session' &&
 		$auth->csrf() === false
 	) {
-		throw new AuthException('Unauthenticated');
+		throw new AuthException(message: 'Unauthenticated');
 	}

 	// get user from session or basic auth
 	if ($user = $auth->user(null, $allowImpersonation)) {
 		if ($user->role()->permissions()->for('access', 'panel') === false) {
-			throw new AuthException(['key' => 'access.panel']);
+			throw new AuthException(key: 'access.panel');
 		}

 		return $user;
 	}

-	throw new AuthException('Unauthenticated');
+	throw new AuthException(message: 'Unauthenticated');
 };
--- a/kirby/config/api/routes.php
+++ b/kirby/config/api/routes.php
@ -4,25 +4,25 @@
 * Api Routes Definitions
 */
 return function ($kirby) {
-	$routes = array_merge(
-		include __DIR__ . '/routes/auth.php',
-		include __DIR__ . '/routes/pages.php',
-		include __DIR__ . '/routes/roles.php',
-		include __DIR__ . '/routes/site.php',
-		include __DIR__ . '/routes/users.php',
-		include __DIR__ . '/routes/files.php',
-		include __DIR__ . '/routes/lock.php',
-		include __DIR__ . '/routes/system.php',
-		include __DIR__ . '/routes/translations.php'
-	);
+	$routes = [
+		...include __DIR__ . '/routes/auth.php',
+		...include __DIR__ . '/routes/changes.php',
+		...include __DIR__ . '/routes/pages.php',
+		...include __DIR__ . '/routes/roles.php',
+		...include __DIR__ . '/routes/site.php',
+		...include __DIR__ . '/routes/users.php',
+		...include __DIR__ . '/routes/files.php',
+		...include __DIR__ . '/routes/system.php',
+		...include __DIR__ . '/routes/translations.php'
+	];

 	// only add the language routes if the
 	// multi language setup is activated
 	if ($kirby->option('languages', false) !== false) {
-		$routes = array_merge(
-			$routes,
-			include __DIR__ . '/routes/languages.php'
-		);
+		$routes = [
+			...$routes,
+			...include __DIR__ . '/routes/languages.php'
+		];
 	}

 	return $routes;
--- a/kirby/config/api/routes/auth.php
+++ b/kirby/config/api/routes/auth.php
@ -15,7 +15,9 @@ return [
 				return $this->resolve($user)->view('auth');
 			}

-			throw new NotFoundException('The user cannot be found');
+			throw new NotFoundException(
+				message: 'The user cannot be found'
+			);
 		}
 	],
 	[
@ -27,7 +29,9 @@ return [

 			// csrf token check
 			if ($auth->type() === 'session' && $auth->csrf() === false) {
-				throw new InvalidArgumentException('Invalid CSRF token');
+				throw new InvalidArgumentException(
+					message: 'Invalid CSRF token'
+				);
 			}

 			$user = $auth->verifyChallenge($this->requestBody('code'));
@ -49,7 +53,9 @@ return [

 			// csrf token check
 			if ($auth->type() === 'session' && $auth->csrf() === false) {
-				throw new InvalidArgumentException('Invalid CSRF token');
+				throw new InvalidArgumentException(
+					message: 'Invalid CSRF token'
+				);
 			}

 			$email    = $this->requestBody('email');
@ -58,7 +64,9 @@ return [

 			if ($password) {
 				if (isset($methods['password']) !== true) {
-					throw new InvalidArgumentException('Login with password is not enabled');
+					throw new InvalidArgumentException(
+						message: 'Login with password is not enabled'
+					);
 				}

 				if (
@ -73,7 +81,9 @@ return [
 				$mode = match (true) {
 					isset($methods['code']) 		  => 'login',
 					isset($methods['password-reset']) => 'password-reset',
-					default => throw new InvalidArgumentException('Login without password is not enabled')
+					default => throw new InvalidArgumentException(
+						message: 'Login without password is not enabled'
+					)
 				};

 				$status = $auth->createChallenge($email, $long, $mode);
--- a/kirby/config/api/routes/changes.php
+++ b/kirby/config/api/routes/changes.php
@ -0,0 +1,37 @@
+<?php
+
+use Kirby\Api\Controller\Changes;
+use Kirby\Cms\App;
+use Kirby\Cms\Find;
+
+return [
+	[
+		'pattern' => '(:all)/changes/discard',
+		'method'  => 'POST',
+		'action'  => function (string $path) {
+			return Changes::discard(
+				model: Find::parent($path),
+			);
+		}
+	],
+	[
+		'pattern' => '(:all)/changes/publish',
+		'method'  => 'POST',
+		'action'  => function (string $path) {
+			return Changes::publish(
+				model: Find::parent($path),
+				input: App::instance()->request()->get()
+			);
+		}
+	],
+	[
+		'pattern' => '(:all)/changes/save',
+		'method'  => 'POST',
+		'action'  => function (string $path) {
+			return Changes::save(
+				model: Find::parent($path),
+				input: App::instance()->request()->get()
+			);
+		}
+	],
+];
--- a/kirby/config/api/routes/files.php
+++ b/kirby/config/api/routes/files.php
@ -47,7 +47,7 @@ return [
 			// move_uploaded_file() not working with unit test
 			// @codeCoverageIgnoreStart
 			return $this->upload(function ($source, $filename) use ($path) {
-				// move the source file from the temp dir
+				// move the source file to the content folder
 				return $this->parent($path)->createFile([
 					'content' => [
 						'sort' => $this->requestBody('sort')
--- a/kirby/config/api/routes/lock.php
+++ b/kirby/config/api/routes/lock.php
@ -1,56 +0,0 @@
-<?php
-
-
-/**
- * Content Lock Routes
- */
-
-use Kirby\Exception\NotFoundException;
-
-return [
-	[
-		'pattern' => '(:all)/lock',
-		'method'  => 'GET',
-		'action'  => function (string $path) {
-			return [
-				'lock' => $this->parent($path)->lock()?->toArray() ?? false
-			];
-		}
-	],
-	[
-		'pattern' => '(:all)/lock',
-		'method'  => 'PATCH',
-		'action'  => function (string $path) {
-			return $this->parent($path)->lock()?->create();
-		}
-	],
-	[
-		'pattern' => '(:all)/lock',
-		'method'  => 'DELETE',
-		'action'  => function (string $path) {
-			try {
-				return $this->parent($path)->lock()?->remove();
-			} catch (NotFoundException) {
-				return true;
-			}
-		}
-	],
-	[
-		'pattern' => '(:all)/unlock',
-		'method'  => 'PATCH',
-		'action'  => function (string $path) {
-			return  $this->parent($path)->lock()?->unlock();
-		}
-	],
-	[
-		'pattern' => '(:all)/unlock',
-		'method'  => 'DELETE',
-		'action'  => function (string $path) {
-			try {
-				return $this->parent($path)->lock()?->resolve();
-			} catch (NotFoundException) {
-				return true;
-			}
-		}
-	],
-];
--- a/kirby/config/api/routes/system.php
+++ b/kirby/config/api/routes/system.php
@ -31,18 +31,6 @@ return [
 			];
 		}
 	],
-	[
-		'pattern' => 'system/method-test',
-		'method'  => 'PATCH',
-		'action'  => function () {
-			return [
-				'status' => match ($this->kirby()->request()->method()) {
-					'PATCH' => 'ok',
-					default => 'fail'
-				}
-			];
-		}
-	],
 	[
 		'pattern' => 'system/register',
 		'method'  => 'POST',
@ -60,19 +48,27 @@ return [

 			// csrf token check
 			if ($auth->type() === 'session' && $auth->csrf() === false) {
-				throw new InvalidArgumentException('Invalid CSRF token');
+				throw new InvalidArgumentException(
+					message: 'Invalid CSRF token'
+				);
 			}

 			if ($system->isOk() === false) {
-				throw new Exception('The server is not setup correctly');
+				throw new Exception(
+					message: 'The server is not setup correctly'
+				);
 			}

 			if ($system->isInstallable() === false) {
-				throw new Exception('The Panel cannot be installed');
+				throw new Exception(
+					message: 'The Panel cannot be installed'
+				);
 			}

 			if ($system->isInstalled() === true) {
-				throw new Exception('The Panel is already installed');
+				throw new Exception(
+					message: 'The Panel is already installed'
+				);
 			}

 			// create the first user
--- a/kirby/config/api/routes/users.php
+++ b/kirby/config/api/routes/users.php
@ -86,18 +86,18 @@ return [
 				function ($source, $filename) use ($id) {
 					$type = F::type($filename);
 					if ($type !== 'image') {
-						throw new Exception([
-							'key'  => 'file.type.invalid',
-							'data' => compact('type')
-						]);
+						throw new Exception(
+							key: 'file.type.invalid',
+							data: compact('type')
+						);
 					}

 					$mime = F::mime($source);
 					if (Str::startsWith($mime, 'image/') !== true) {
-						throw new Exception([
-							'key'  => 'file.mime.invalid',
-							'data' => compact('mime')
-						]);
+						throw new Exception(
+							key: 'file.mime.invalid',
+							data: compact('mime')
+						);
 					}

 					// delete the old avatar
@ -184,7 +184,23 @@ return [
 		],
 		'method'  => 'PATCH',
 		'action'  => function (string $id) {
-			return $this->user($id)->changePassword($this->requestBody('password'));
+			$user = $this->user($id);
+
+			// validate password of acting user unless they have logged in to reset it;
+			// always validate password of acting user when changing password of other users
+			if ($this->session()->get('kirby.resetPassword') !== true || $this->user()->is($user) !== true) {
+				$this->user()->validatePassword($this->requestBody('currentPassword'));
+			}
+
+			$result = $user->changePassword($this->requestBody('password'));
+
+			// if we changed the password of the current user…
+			if ($user->isLoggedIn() === true) {
+				// …don't allow additional resets (now the password is known again)
+				$this->session()->remove('kirby.resetPassword');
+			}
+
+			return $result;
 		}
 	],
 	[