Framework: Upgrade from Laravel 9 to 10

app/Access/Controllers/MfaTotpController.php

@@ -19,20 +19,25 @@ class MfaTotpController extends Controller
 
     protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-totp-secret';
 
+    public function __construct(
+        protected TotpService $totp
+    ) {
+    }
+
     /**
      * Show a view that generates and displays a TOTP QR code.
      */
-    public function generate(TotpService $totp)
+    public function generate()
     {
         if (session()->has(static::SETUP_SECRET_SESSION_KEY)) {
             $totpSecret = decrypt(session()->get(static::SETUP_SECRET_SESSION_KEY));
         } else {
-            $totpSecret = $totp->generateSecret();
+            $totpSecret = $this->totp->generateSecret();
             session()->put(static::SETUP_SECRET_SESSION_KEY, encrypt($totpSecret));
         }
 
-        $qrCodeUrl = $totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
-        $svg = $totp->generateQrCodeSvg($qrCodeUrl);
+        $qrCodeUrl = $this->totp->generateUrl($totpSecret, $this->currentOrLastAttemptedUser());
+        $svg = $this->totp->generateQrCodeSvg($qrCodeUrl);
 
         $this->setPageTitle(trans('auth.mfa_gen_totp_title'));
 
@@ -56,7 +61,7 @@ public function confirm(Request $request)
             'code' => [
                 'required',
                 'max:12', 'min:4',
-                new TotpValidationRule($totpSecret),
+                new TotpValidationRule($totpSecret, $this->totp),
             ],
         ]);
 
@@ -87,7 +92,7 @@ public function verify(Request $request, LoginService $loginService, MfaSession
             'code' => [
                 'required',
                 'max:12', 'min:4',
-                new TotpValidationRule($totpSecret),
+                new TotpValidationRule($totpSecret, $this->totp),
             ],
         ]);
 

app/Access/Mfa/TotpValidationRule.php

@@ -2,36 +2,26 @@
 
 namespace BookStack\Access\Mfa;
 
-use Illuminate\Contracts\Validation\Rule;
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
 
-class TotpValidationRule implements Rule
+class TotpValidationRule implements ValidationRule
 {
-    protected $secret;
-    protected $totpService;
-
     /**
      * Create a new rule instance.
      * Takes the TOTP secret that must be system provided, not user provided.
      */
-    public function __construct(string $secret)
-    {
-        $this->secret = $secret;
-        $this->totpService = app()->make(TotpService::class);
+    public function __construct(
+        protected string $secret,
+        protected TotpService $totpService,
+    ) {
     }
 
-    /**
-     * Determine if the validation rule passes.
-     */
-    public function passes($attribute, $value)
-    {
-        return $this->totpService->verifyCode($value, $this->secret);
-    }
-
-    /**
-     * Get the validation error message.
-     */
-    public function message()
+    public function validate(string $attribute, mixed $value, Closure $fail): void
     {
-        return trans('validation.totp');
+        $passes = $this->totpService->verifyCode($value, $this->secret);
+        if (!$passes) {
+            $fail(trans('validation.totp'));
+        }
     }
 }

app/App/Providers/AppServiceProvider.php

@@ -25,28 +25,36 @@ class AppServiceProvider extends ServiceProvider
      * Custom container bindings to register.
      * @var string[]
      */
-    public $bindings = [
+    public array $bindings = [
         ExceptionRenderer::class => BookStackExceptionHandlerPage::class,
     ];
 
     /**
      * Custom singleton bindings to register.
      * @var string[]
      */
-    public $singletons = [
+    public array $singletons = [
         'activity' => ActivityLogger::class,
         SettingService::class => SettingService::class,
         SocialDriverManager::class => SocialDriverManager::class,
         CspService::class => CspService::class,
         HttpRequestService::class => HttpRequestService::class,
     ];
 
+    /**
+     * Register any application services.
+     */
+    public function register(): void
+    {
+        $this->app->singleton(PermissionApplicator::class, function ($app) {
+            return new PermissionApplicator(null);
+        });
+    }
+
     /**
      * Bootstrap any application services.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         // Set root URL
         $appUrl = config('app.url');
@@ -67,16 +75,4 @@ public function boot()
             'page'      => Page::class,
         ]);
     }
-
-    /**
-     * Register any application services.
-     *
-     * @return void
-     */
-    public function register()
-    {
-        $this->app->singleton(PermissionApplicator::class, function ($app) {
-            return new PermissionApplicator(null);
-        });
-    }
 }

app/App/Providers/AuthServiceProvider.php

@@ -18,10 +18,8 @@ class AuthServiceProvider extends ServiceProvider
 {
     /**
      * Bootstrap the application services.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         // Password Configuration
         // Changes here must be reflected in ApiDocsGenerate@getValidationAsString.
@@ -58,10 +56,8 @@ public function boot()
 
     /**
      * Register the application services.
-     *
-     * @return void
      */
-    public function register()
+    public function register(): void
     {
         Auth::provider('external-users', function ($app, array $config) {
             return new ExternalBaseUserProvider($config['model']);

app/App/Providers/EventServiceProvider.php

@@ -29,20 +29,16 @@ class EventServiceProvider extends ServiceProvider
 
     /**
      * Register any events for your application.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         //
     }
 
     /**
      * Determine if events and listeners should be automatically discovered.
-     *
-     * @return bool
      */
-    public function shouldDiscoverEvents()
+    public function shouldDiscoverEvents(): bool
     {
         return false;
     }

app/App/Providers/RouteServiceProvider.php

@@ -24,10 +24,8 @@ class RouteServiceProvider extends ServiceProvider
 
     /**
      * Define your route model bindings, pattern filters, etc.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         $this->configureRateLimiting();
 
@@ -41,10 +39,8 @@ public function boot()
      * Define the "web" routes for the application.
      *
      * These routes all receive session state, CSRF protection, etc.
-     *
-     * @return void
      */
-    protected function mapWebRoutes()
+    protected function mapWebRoutes(): void
     {
         Route::group([
             'middleware' => 'web',
@@ -65,10 +61,8 @@ protected function mapWebRoutes()
      * Define the "api" routes for the application.
      *
      * These routes are typically stateless.
-     *
-     * @return void
      */
-    protected function mapApiRoutes()
+    protected function mapApiRoutes(): void
     {
         Route::group([
             'middleware' => 'api',
@@ -81,10 +75,8 @@ protected function mapApiRoutes()
 
     /**
      * Configure the rate limiters for the application.
-     *
-     * @return void
      */
-    protected function configureRateLimiting()
+    protected function configureRateLimiting(): void
     {
         RateLimiter::for('api', function (Request $request) {
             return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());

app/App/Providers/ThemeServiceProvider.php

@@ -10,21 +10,17 @@ class ThemeServiceProvider extends ServiceProvider
 {
     /**
      * Register services.
-     *
-     * @return void
      */
-    public function register()
+    public function register(): void
     {
         // Register the ThemeService as a singleton
         $this->app->singleton(ThemeService::class, fn ($app) => new ThemeService());
     }
 
     /**
      * Bootstrap services.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         // Boot up the theme system
         $themeService = $this->app->make(ThemeService::class);

app/App/Providers/TranslationServiceProvider.php

@@ -11,10 +11,8 @@ class TranslationServiceProvider extends BaseProvider
 {
     /**
      * Register the service provider.
-     *
-     * @return void
      */
-    public function register()
+    public function register(): void
     {
         $this->registerLoader();
 
@@ -41,10 +39,8 @@ public function register()
     /**
      * Register the translation line loader.
      * Overrides the default register action from Laravel so a custom loader can be used.
-     *
-     * @return void
      */
-    protected function registerLoader()
+    protected function registerLoader(): void
     {
         $this->app->singleton('translation.loader', function ($app) {
             return new FileLoader($app['files'], $app['path.lang']);

app/App/Providers/ViewTweaksServiceProvider.php

@@ -12,10 +12,8 @@ class ViewTweaksServiceProvider extends ServiceProvider
 {
     /**
      * Bootstrap services.
-     *
-     * @return void
      */
-    public function boot()
+    public function boot(): void
     {
         // Set paginator to use bootstrap-style pagination
         Paginator::useBootstrap();

app/Config/app.php

@@ -9,6 +9,7 @@
  */
 
 use Illuminate\Support\Facades\Facade;
+use Illuminate\Support\ServiceProvider;
 
 return [
 
@@ -113,46 +114,22 @@
     ],
 
     // Application Service Providers
-    'providers' => [
-
-        // Laravel Framework Service Providers...
-        Illuminate\Auth\AuthServiceProvider::class,
-        Illuminate\Broadcasting\BroadcastServiceProvider::class,
-        Illuminate\Bus\BusServiceProvider::class,
-        Illuminate\Cache\CacheServiceProvider::class,
-        Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
-        Illuminate\Cookie\CookieServiceProvider::class,
-        Illuminate\Database\DatabaseServiceProvider::class,
-        Illuminate\Encryption\EncryptionServiceProvider::class,
-        Illuminate\Filesystem\FilesystemServiceProvider::class,
-        Illuminate\Foundation\Providers\FoundationServiceProvider::class,
-        Illuminate\Hashing\HashServiceProvider::class,
-        Illuminate\Mail\MailServiceProvider::class,
-        Illuminate\Notifications\NotificationServiceProvider::class,
-        Illuminate\Pagination\PaginationServiceProvider::class,
-        Illuminate\Pipeline\PipelineServiceProvider::class,
-        Illuminate\Queue\QueueServiceProvider::class,
-        Illuminate\Redis\RedisServiceProvider::class,
-        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
-        Illuminate\Session\SessionServiceProvider::class,
-        Illuminate\Validation\ValidationServiceProvider::class,
-        Illuminate\View\ViewServiceProvider::class,
-
+    'providers' => ServiceProvider::defaultProviders()->merge([
         // Third party service providers
         Barryvdh\DomPDF\ServiceProvider::class,
         Barryvdh\Snappy\ServiceProvider::class,
         SocialiteProviders\Manager\ServiceProvider::class,
 
         // BookStack custom service providers
-        \BookStack\App\Providers\ThemeServiceProvider::class,
-        \BookStack\App\Providers\AppServiceProvider::class,
-        \BookStack\App\Providers\AuthServiceProvider::class,
-        \BookStack\App\Providers\EventServiceProvider::class,
-        \BookStack\App\Providers\RouteServiceProvider::class,
-        \BookStack\App\Providers\TranslationServiceProvider::class,
-        \BookStack\App\Providers\ValidationRuleServiceProvider::class,
-        \BookStack\App\Providers\ViewTweaksServiceProvider::class,
-    ],
+        BookStack\App\Providers\ThemeServiceProvider::class,
+        BookStack\App\Providers\AppServiceProvider::class,
+        BookStack\App\Providers\AuthServiceProvider::class,
+        BookStack\App\Providers\EventServiceProvider::class,
+        BookStack\App\Providers\RouteServiceProvider::class,
+        BookStack\App\Providers\TranslationServiceProvider::class,
+        BookStack\App\Providers\ValidationRuleServiceProvider::class,
+        BookStack\App\Providers\ViewTweaksServiceProvider::class,
+    ])->toArray(),
 
     // Class Aliases
     // This array of class aliases to be registered on application start.

app/Config/cache.php

@@ -53,7 +53,8 @@
 
         'file' => [
             'driver' => 'file',
-            'path'   => storage_path('framework/cache'),
+            'path'   => storage_path('framework/cache/data'),
+            'lock_path' => storage_path('framework/cache/data'),
         ],
 
         'memcached' => [

app/Config/hashing.php

@@ -21,7 +21,8 @@
     // passwords are hashed using the Bcrypt algorithm. This will allow you
     // to control the amount of time it takes to hash the given password.
     'bcrypt' => [
-        'rounds' => env('BCRYPT_ROUNDS', 10),
+        'rounds' => env('BCRYPT_ROUNDS', 12),
+        'verify' => true,
     ],
 
     // Argon Options