downgrade to kirby v3

kirby/src/Cms/Auth/Challenge.php

@@ -3,7 +3,6 @@
 namespace Kirby\Cms\Auth;
 
 use Kirby\Cms\User;
-use SensitiveParameter;
 
 /**
  * Template class for authentication challenges
@@ -22,7 +21,8 @@ abstract class Challenge
 	 * for the passed user and purpose
 	 *
 	 * @param \Kirby\Cms\User $user User the code will be generated for
-	 * @param 'login'|'password-reset'|'2fa' $mode Purpose of the code
+	 * @param string $mode Purpose of the code ('login', 'reset' or '2fa')
+	 * @return bool
 	 */
 	abstract public static function isAvailable(User $user, string $mode): bool;
 
@@ -32,12 +32,12 @@ abstract class Challenge
 	 *
 	 * @param \Kirby\Cms\User $user User to generate the code for
 	 * @param array $options Details of the challenge request:
-	 *                       - 'mode': Purpose of the code ('login', 'password-reset' or '2fa')
+	 *                       - 'mode': Purpose of the code ('login', 'reset' or '2fa')
 	 *                       - 'timeout': Number of seconds the code will be valid for
 	 * @return string|null The generated and sent code or `null` in case
 	 *                     there was no code to generate by this algorithm
 	 */
-	abstract public static function create(User $user, array $options): string|null;
+	abstract public static function create(User $user, array $options): ?string;
 
 	/**
 	 * Verifies the provided code against the created one;
@@ -46,12 +46,10 @@ abstract class Challenge
 	 *
 	 * @param \Kirby\Cms\User $user User to check the code for
 	 * @param string $code Code to verify
+	 * @return bool
 	 */
-	public static function verify(
-		User $user,
-		#[SensitiveParameter]
-		string $code
-	): bool {
+	public static function verify(User $user, string $code): bool
+	{
 		$hash = $user->kirby()->session()->get('kirby.challenge.code');
 		if (is_string($hash) !== true) {
 			return false;

kirby/src/Cms/Auth/EmailChallenge.php

@@ -23,7 +23,8 @@ class EmailChallenge extends Challenge
 	 * for the passed user and purpose
 	 *
 	 * @param \Kirby\Cms\User $user User the code will be generated for
-	 * @param 'login'|'password-reset'|'2fa' $mode Purpose of the code
+	 * @param string $mode Purpose of the code ('login', 'reset' or '2fa')
+	 * @return bool
 	 */
 	public static function isAvailable(User $user, string $mode): bool
 	{
@@ -36,7 +37,7 @@ class EmailChallenge extends Challenge
 	 *
 	 * @param \Kirby\Cms\User $user User to generate the code for
 	 * @param array $options Details of the challenge request:
-	 *                       - 'mode': Purpose of the code ('login', 'password-reset' or '2fa')
+	 *                       - 'mode': Purpose of the code ('login', 'reset' or '2fa')
 	 *                       - 'timeout': Number of seconds the code will be valid for
 	 * @return string The generated and sent code
 	 */

kirby/src/Cms/Auth/Status.php

@@ -3,7 +3,6 @@
 namespace Kirby\Cms\Auth;
 
 use Kirby\Cms\App;
-use Kirby\Cms\User;
 use Kirby\Exception\InvalidArgumentException;
 use Kirby\Toolkit\Properties;
 
@@ -20,32 +19,44 @@ use Kirby\Toolkit\Properties;
  */
 class Status
 {
+	use Properties;
+
 	/**
 	 * Type of the active challenge
+	 *
+	 * @var string|null
 	 */
-	protected string|null $challenge = null;
+	protected $challenge = null;
 
 	/**
 	 * Challenge type to use as a fallback
 	 * when $challenge is `null`
+	 *
+	 * @var string|null
 	 */
-	protected string|null $challengeFallback = null;
+	protected $challengeFallback = null;
 
 	/**
 	 * Email address of the current/pending user
+	 *
+	 * @var string|null
 	 */
-	protected string|null $email;
+	protected $email = null;
 
 	/**
 	 * Kirby instance for user lookup
+	 *
+	 * @var \Kirby\Cms\App
 	 */
-	protected App $kirby;
+	protected $kirby;
 
 	/**
 	 * Authentication status:
 	 * `active|impersonated|pending|inactive`
+	 *
+	 * @var string
 	 */
-	protected string $status;
+	protected $status;
 
 	/**
 	 * Class constructor
@@ -54,24 +65,13 @@ class Status
 	 */
 	public function __construct(array $props)
 	{
-		if (in_array($props['status'], ['active', 'impersonated', 'pending', 'inactive']) !== true) {
-			throw new InvalidArgumentException([
-				'data' => [
-					'argument' => '$props[\'status\']',
-					'method'   => 'Status::__construct'
-				]
-			]);
-		}
-
-		$this->kirby 		 	 = $props['kirby'];
-		$this->challenge 		 = $props['challenge'] ?? null;
-		$this->challengeFallback = $props['challengeFallback'] ?? null;
-		$this->email 		 	 = $props['email'] ?? null;
-		$this->status 			 = $props['status'];
+		$this->setProperties($props);
 	}
 
 	/**
 	 * Returns the authentication status
+	 *
+	 * @return string
 	 */
 	public function __toString(): string
 	{
@@ -84,8 +84,9 @@ class Status
 	 * @param bool $automaticFallback If set to `false`, no faked challenge is returned;
 	 *                                WARNING: never send the resulting `null` value to the
 	 *                                user to avoid leaking whether the pending user exists
+	 * @return string|null
 	 */
-	public function challenge(bool $automaticFallback = true): string|null
+	public function challenge(bool $automaticFallback = true): ?string
 	{
 		// never return a challenge type if the status doesn't match
 		if ($this->status() !== 'pending') {
@@ -94,30 +95,17 @@ class Status
 
 		if ($automaticFallback === false) {
 			return $this->challenge;
+		} else {
+			return $this->challenge ?? $this->challengeFallback;
 		}
-
-		return $this->challenge ?? $this->challengeFallback;
-	}
-
-	/**
-	 * Creates a new instance while
-	 * merging initial and new properties
-	 */
-	public function clone(array $props = []): static
-	{
-		return new static(array_replace_recursive([
-			'kirby' 			=> $this->kirby,
-			'challenge' 		=> $this->challenge,
-			'challengeFallback' => $this->challengeFallback,
-			'email' 			=> $this->email,
-			'status' 			=> $this->status,
-		], $props));
 	}
 
 	/**
 	 * Returns the email address of the current/pending user
+	 *
+	 * @return string|null
 	 */
-	public function email(): string|null
+	public function email(): ?string
 	{
 		return $this->email;
 	}
@@ -134,6 +122,8 @@ class Status
 
 	/**
 	 * Returns an array with all public status data
+	 *
+	 * @return array
 	 */
 	public function toArray(): array
 	{
@@ -146,8 +136,10 @@ class Status
 
 	/**
 	 * Returns the currently logged in user
+	 *
+	 * @return \Kirby\Cms\User
 	 */
-	public function user(): User|null
+	public function user()
 	{
 		// for security, only return the user if they are
 		// already logged in
@@ -157,4 +149,71 @@ class Status
 
 		return $this->kirby->user($this->email());
 	}
+
+	/**
+	 * Sets the type of the active challenge
+	 *
+	 * @param string|null $challenge
+	 * @return $this
+	 */
+	protected function setChallenge(?string $challenge = null)
+	{
+		$this->challenge = $challenge;
+		return $this;
+	}
+
+	/**
+	 * Sets the challenge type to use as
+	 * a fallback when $challenge is `null`
+	 *
+	 * @param string|null $challengeFallback
+	 * @return $this
+	 */
+	protected function setChallengeFallback(?string $challengeFallback = null)
+	{
+		$this->challengeFallback = $challengeFallback;
+		return $this;
+	}
+
+	/**
+	 * Sets the email address of the current/pending user
+	 *
+	 * @param string|null $email
+	 * @return $this
+	 */
+	protected function setEmail(?string $email = null)
+	{
+		$this->email = $email;
+		return $this;
+	}
+
+	/**
+	 * Sets the Kirby instance for user lookup
+	 *
+	 * @param \Kirby\Cms\App $kirby
+	 * @return $this
+	 */
+	protected function setKirby(App $kirby)
+	{
+		$this->kirby = $kirby;
+		return $this;
+	}
+
+	/**
+	 * Sets the authentication status
+	 *
+	 * @param string $status `active|impersonated|pending|inactive`
+	 * @return $this
+	 */
+	protected function setStatus(string $status)
+	{
+		if (in_array($status, ['active', 'impersonated', 'pending', 'inactive']) !== true) {
+			throw new InvalidArgumentException([
+				'data' => ['argument' => '$props[\'status\']', 'method' => 'Status::__construct']
+			]);
+		}
+
+		$this->status = $status;
+		return $this;
+	}
 }

kirby/src/Cms/Auth/TotpChallenge.php

@@ -1,65 +0,0 @@
-<?php
-
-namespace Kirby\Cms\Auth;
-
-use Kirby\Cms\User;
-use Kirby\Toolkit\Totp;
-
-/**
- * Verifies one-time time-based auth codes
- * that are generated with an authenticator app.
- * Users first have to set up time-based codes
- * (storing the TOTP secret in their user account).
- * @since 4.0.0
- *
- * @package   Kirby Cms
- * @author    Nico Hoffmann <nico@getkirby.com>
- * @link      https://getkirby.com
- * @copyright Bastian Allgeier
- * @license   https://getkirby.com/license
- */
-class TotpChallenge extends Challenge
-{
-	/**
-	 * Checks whether the challenge is available
-	 * for the passed user and purpose
-	 *
-	 * @param \Kirby\Cms\User $user User the code will be generated for
-	 * @param 'login'|'password-reset'|'2fa' $mode Purpose of the code
-	 */
-	public static function isAvailable(User $user, string $mode): bool
-	{
-		// user needs to have a TOTP secret set up
-		return $user->secret('totp') !== null;
-	}
-
-	/**
-	 * Generates a random one-time auth code and returns that code
-	 * for later verification
-	 *
-	 * @param \Kirby\Cms\User $user User to generate the code for
-	 * @param array $options Details of the challenge request:
-	 *                       - 'mode': Purpose of the code ('login', 'password-reset' or '2fa')
-	 *                       - 'timeout': Number of seconds the code will be valid for
-	 * @todo set return type to `null` once support for PHP 8.1 is dropped
-	 */
-	public static function create(User $user, array $options): string|null
-	{
-		// the user's app will generate the code, we only verify it
-		return null;
-	}
-
-	/**
-	 * Verifies the provided code against the created one
-	 *
-	 * @param \Kirby\Cms\User $user User to check the code for
-	 * @param string $code Code to verify
-	 */
-	public static function verify(User $user, string $code): bool
-	{
-		// verify if code is current, previous or next TOTP code
-		$secret = $user->secret('totp');
-		$totp   = new Totp($secret);
-		return $totp->verify($code);
-	}
-}