downgrade to kirby v3

kirby/src/Cms/UserRules.php

@@ -7,9 +7,7 @@ use Kirby\Exception\InvalidArgumentException;
 use Kirby\Exception\LogicException;
 use Kirby\Exception\PermissionException;
 use Kirby\Toolkit\Str;
-use Kirby\Toolkit\Totp;
 use Kirby\Toolkit\V;
-use SensitiveParameter;
 
 /**
  * Validators for all user actions
@@ -25,6 +23,9 @@ class UserRules
 	/**
 	 * Validates if the email address can be changed
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $email
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the address
 	 */
 	public static function changeEmail(User $user, string $email): bool
@@ -42,6 +43,9 @@ class UserRules
 	/**
 	 * Validates if the language can be changed
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $language
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the language
 	 */
 	public static function changeLanguage(User $user, string $language): bool
@@ -59,6 +63,9 @@ class UserRules
 	/**
 	 * Validates if the name can be changed
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $name
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the name
 	 */
 	public static function changeName(User $user, string $name): bool
@@ -76,13 +83,13 @@ class UserRules
 	/**
 	 * Validates if the password can be changed
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $password
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the password
 	 */
-	public static function changePassword(
-		User $user,
-		#[SensitiveParameter]
-		string $password
-	): bool {
+	public static function changePassword(User $user, string $password): bool
+	{
 		if ($user->permissions()->changePassword() !== true) {
 			throw new PermissionException([
 				'key'  => 'user.changePassword.permission',
@@ -96,6 +103,9 @@ class UserRules
 	/**
 	 * Validates if the role can be changed
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $role
+	 * @return bool
 	 * @throws \Kirby\Exception\LogicException If the user is the last admin
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the role
 	 */
@@ -141,38 +151,12 @@ class UserRules
 		return true;
 	}
 
-	/**
-	 * Validates if the TOTP can be changed
-	 * @since 4.0.0
-	 *
-	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to change the password
-	 */
-	public static function changeTotp(
-		User $user,
-		#[SensitiveParameter]
-		string|null $secret
-	): bool {
-		$currentUser = $user->kirby()->user();
-
-		if (
-			$currentUser->is($user) === false &&
-			$currentUser->isAdmin() === false
-		) {
-			throw new PermissionException('You cannot change the time-based code for ' . $user->email());
-		}
-
-		// safety check to avoid accidental insecure secrets;
-		// throws an exception for secrets of the wrong length
-		if ($secret !== null) {
-			new Totp($secret);
-		}
-
-		return true;
-	}
-
 	/**
 	 * Validates if the user can be created
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param array $props
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to create a new user
 	 */
 	public static function create(User $user, array $props = []): bool
@@ -195,27 +179,26 @@ class UserRules
 		$currentUser = $user->kirby()->user();
 
 		// admins are allowed everything
-		if ($currentUser?->isAdmin() === true) {
+		if ($currentUser && $currentUser->isAdmin() === true) {
 			return true;
 		}
 
 		// only admins are allowed to add admins
 		$role = $props['role'] ?? null;
 
-		if ($role === 'admin' && $currentUser?->isAdmin() === false) {
+		if ($role === 'admin' && $currentUser && $currentUser->isAdmin() === false) {
 			throw new PermissionException([
 				'key' => 'user.create.permission'
 			]);
 		}
 
 		// check user permissions (if not on install)
-		if (
-			$user->kirby()->users()->count() > 0 &&
-			$user->permissions()->create() !== true
-		) {
-			throw new PermissionException([
-				'key' => 'user.create.permission'
-			]);
+		if ($user->kirby()->users()->count() > 0) {
+			if ($user->permissions()->create() !== true) {
+				throw new PermissionException([
+					'key' => 'user.create.permission'
+				]);
+			}
 		}
 
 		return true;
@@ -224,6 +207,8 @@ class UserRules
 	/**
 	 * Validates if the user can be deleted
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @return bool
 	 * @throws \Kirby\Exception\LogicException If this is the last user or last admin, which cannot be deleted
 	 * @throws \Kirby\Exception\PermissionException If the user is not allowed to delete this user
 	 */
@@ -252,13 +237,14 @@ class UserRules
 	/**
 	 * Validates if the user can be updated
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param array $values
+	 * @param array $strings
+	 * @return bool
 	 * @throws \Kirby\Exception\PermissionException If the user it not allowed to update this user
 	 */
-	public static function update(
-		User $user,
-		array $values = [],
-		array $strings = []
-	): bool {
+	public static function update(User $user, array $values = [], array $strings = []): bool
+	{
 		if ($user->permissions()->update() !== true) {
 			throw new PermissionException([
 				'key'  => 'user.update.permission',
@@ -272,14 +258,15 @@ class UserRules
 	/**
 	 * Validates an email address
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $email
+	 * @param bool $strict
+	 * @return bool
 	 * @throws \Kirby\Exception\DuplicateException If the email address already exists
 	 * @throws \Kirby\Exception\InvalidArgumentException If the email address is invalid
 	 */
-	public static function validEmail(
-		User $user,
-		string $email,
-		bool $strict = false
-	): bool {
+	public static function validEmail(User $user, string $email, bool $strict = false): bool
+	{
 		if (V::email($email ?? null) === false) {
 			throw new InvalidArgumentException([
 				'key' => 'user.email.invalid',
@@ -305,12 +292,15 @@ class UserRules
 	/**
 	 * Validates a user id
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $id
+	 * @return bool
 	 * @throws \Kirby\Exception\DuplicateException If the user already exists
 	 */
 	public static function validId(User $user, string $id): bool
 	{
-		if (in_array($id, ['account', 'kirby', 'nobody']) === true) {
-			throw new InvalidArgumentException('"' . $id . '" is a reserved word and cannot be used as user id');
+		if ($id === 'account') {
+			throw new InvalidArgumentException('"account" is a reserved word and cannot be used as user id');
 		}
 
 		if ($user->kirby()->users()->find($id)) {
@@ -323,6 +313,9 @@ class UserRules
 	/**
 	 * Validates a user language code
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $language
+	 * @return bool
 	 * @throws \Kirby\Exception\InvalidArgumentException If the language does not exist
 	 */
 	public static function validLanguage(User $user, string $language): bool
@@ -339,13 +332,13 @@ class UserRules
 	/**
 	 * Validates a password
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $password
+	 * @return bool
 	 * @throws \Kirby\Exception\InvalidArgumentException If the password is too short
 	 */
-	public static function validPassword(
-		User $user,
-		#[SensitiveParameter]
-		string $password
-	): bool {
+	public static function validPassword(User $user, string $password): bool
+	{
 		// too short passwords are ineffective
 		if (Str::length($password ?? null) < 8) {
 			throw new InvalidArgumentException([
@@ -369,11 +362,14 @@ class UserRules
 	/**
 	 * Validates a user role
 	 *
+	 * @param \Kirby\Cms\User $user
+	 * @param string $role
+	 * @return bool
 	 * @throws \Kirby\Exception\InvalidArgumentException If the user role does not exist
 	 */
 	public static function validRole(User $user, string $role): bool
 	{
-		if ($user->kirby()->roles()->find($role) instanceof Role) {
+		if (is_a($user->kirby()->roles()->find($role), 'Kirby\Cms\Role') === true) {
 			return true;
 		}