Upgrade to Laravel 12 and PHP 8.4

.gitignore

@@ -51,3 +51,4 @@ devhub/pm-font/dist
 test-db-snapshot.db
 snapshot_*.db
 storage/transitions
+.envrc

ProcessMaker/Console/Commands/CreateDataLakeViews.php

@@ -181,9 +181,10 @@ protected function getTableColumns(string $tableName): array
      */
     protected function getTables(): array
     {
+        $database = \DB::connection()->getDatabaseName();
         $tables = array_map(function ($item) {
             return $item['name'];
-        }, Schema::getTables());
+        }, Schema::getTables($database));
 
         return $tables;
     }
@@ -193,9 +194,10 @@ protected function getTables(): array
      */
     protected function getViews(): array
     {
+        $database = \DB::connection()->getDatabaseName();
         $views = array_map(function ($item) {
             return $item['name'];
-        }, Schema::getViews());
+        }, Schema::getViews($database));
 
         return $views;
     }

ProcessMaker/Http/Controllers/Admin/DevLinkController.php

@@ -43,7 +43,7 @@ public function getOauthClient(Request $request)
 
         if (!$client) {
             $clientRepository = app('Laravel\Passport\ClientRepository');
-            $client = $clientRepository->create(null, 'devlink', $redirectUri);
+            $client = $clientRepository->createAuthorizationCodeGrantClient('devlink', [$redirectUri]);
         }
 
         $query = http_build_query([

ProcessMaker/Http/Controllers/Api/UserTokenController.php

@@ -92,7 +92,7 @@ public function index(Request $request, User $user)
             throw new AuthorizationException(__('Not authorized to update this user.'));
         }
 
-        $tokens = $this->tokenRepository->forUser($user->id);
+        $tokens = $this->tokenRepository->forUser($user);
 
         $results = $tokens->load('client')->filter(function ($token) {
             return $token->client->personal_access_client && !$token->revoked;
@@ -202,7 +202,7 @@ public function show(Request $request, User $user, $tokenId)
 
         $token = $this->tokenRepository->findForUser(
             $tokenId,
-            $user->getKey()
+            $user
         );
 
         if (is_null($token)) {
@@ -256,7 +256,7 @@ public function destroy(Request $request, User $user, $tokenId)
 
         $token = $this->tokenRepository->findForUser(
             $tokenId,
-            $user->getKey()
+            $user
         );
 
         if (is_null($token)) {

ProcessMaker/Http/Controllers/Auth/ClientController.php

@@ -3,48 +3,39 @@
 namespace ProcessMaker\Http\Controllers\Auth;
 
 use Illuminate\Http\Request;
-use Laravel\Passport\Http\Controllers\ClientController as PassportClientController;
+use Illuminate\Http\Response;
+use Laravel\Passport\ClientRepository;
 use ProcessMaker\Events\AuthClientCreated;
 use ProcessMaker\Events\AuthClientDeleted;
 use ProcessMaker\Events\AuthClientUpdated;
 use ProcessMaker\Http\Resources\AuthClient as AuthClientResource;
 
-class ClientController extends PassportClientController
+class ClientController
 {
-    /**
-     * List auth clients
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return array
-     */
+    public function __construct(
+        protected ClientRepository $clients,
+        protected \Illuminate\Contracts\Validation\Factory $validation,
+    ) {
+    }
+
     public function index(Request $request)
     {
         $clients = \Laravel\Passport\Client::where('revoked', false)->get();
 
         return AuthClientResource::collection($clients);
     }
 
-    /**
-     * Get an individual auth client
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  string $clientId
-     * @return array
-     */
     public function show(Request $request, $clientId)
     {
-        // $client = $this->clients->find($clientId);
-        $client = parent::show($request, $clientId);
+        $client = $this->clients->findForUser($clientId, $request->user());
+
+        if (!$client) {
+            return new Response('', 404);
+        }
 
         return new AuthClientResource($client);
     }
 
-    /**
-     * Store a new client.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return \Laravel\Passport\Client
-     */
     public function store(Request $request)
     {
         $this->validate($request);
@@ -53,36 +44,42 @@ public function store(Request $request)
         $password = in_array('password_client', $request->types);
         $redirect = in_array('authorization_code_grant', $request->types) ? $request->redirect : '';
 
-        $client = $this->clients->create(
-            $request->user()->getKey(),
-            $request->name,
-            $redirect,
-            null,
-            $personalAccess,
-            $password
-        )->makeVisible('secret');
+        // Use ClientRepository methods based on type
+        if ($personalAccess) {
+            $client = $this->clients->createPersonalAccessGrantClient(
+                $request->name
+            );
+        } elseif ($password) {
+            $client = $this->clients->createPasswordGrantClient(
+                $request->name,
+                null, // provider
+                false // confidential
+            );
+        } else {
+            // Authorization code grant
+            $client = $this->clients->createAuthorizationCodeGrantClient(
+                $request->name,
+                $redirect ? explode(',', $redirect) : [],
+                true, // confidential
+                $request->user()
+            );
+        }
 
+        $client->makeVisible('secret');
         AuthClientCreated::dispatch($client->getAttributes());
 
         return new AuthClientResource($client);
     }
 
-    /**
-     * Update the given client.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  string  $clientId
-     * @return \Illuminate\Http\Response|\Laravel\Passport\Client
-     */
     public function update(Request $request, $clientId)
     {
-        $client = $this->clients->find($clientId);
+        $client = $this->clients->findForUser($clientId, $request->user());
+
         if (!$client) {
             return new Response('', 404);
         }
 
-        $original_values = $client->getAttributes();
-
+        $originalValues = $client->getAttributes();
         $this->validate($request);
 
         $personalAccess = in_array('personal_access_client', $request->types);
@@ -97,33 +94,26 @@ public function update(Request $request, $clientId)
         ]);
 
         $original = array_intersect_key($client->getOriginal(), $client->getDirty());
-
         $client->save();
 
         AuthClientUpdated::dispatch($clientId, $original, $client->getChanges(), $request->name);
 
         return new AuthClientResource($client);
     }
 
-    /**
-     * Delete the given client.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @param  string  $clientId
-     * @return null
-     */
     public function destroy(Request $request, $clientId)
     {
-        $client = $this->clients->find($clientId);
+        $client = $this->clients->findForUser($clientId, $request->user());
 
         if (!$client) {
             return new Response('', 404);
         }
 
+        $attributes = $client->getAttributes();
         $this->clients->delete($client);
-        AuthClientDeleted::dispatch($client->getAttributes());
+        AuthClientDeleted::dispatch($attributes);
 
-        return response('', 204);
+        return new Response('', 204);
     }
 
     private function validate($request)
@@ -133,9 +123,11 @@ private function validate($request)
             'types'    => 'array|min:1|required',
             'types.*'  => 'in:authorization_code_grant,password_client,personal_access_client',
         ];
+
         if (is_array($request->types) && in_array('authorization_code_grant', $request->types)) {
             $rules['redirect'] = 'required|url|max:2000';
         }
+
         $this->validation->make($request->all(), $rules, [
             'min' => __('The Auth-Client must have at least :min item chosen.'),
         ])->validate();

ProcessMaker/Http/Kernel.php

@@ -96,19 +96,4 @@ class Kernel extends HttpKernel
         'etag' => Middleware\Etag\HandleEtag::class,
         'file_size_check' => Middleware\FileSizeCheck::class,
     ];
-
-    /**
-     * The auth:anon middleware must run after a session is set up to
-     * check if there is a user logged in before implying the user is
-     * anonymous.
-     *
-     * The auth:anon middleware is only used for the laravel echo
-     * server route: broadcasting/auth
-     *
-     * @var array
-     */
-    protected $middlewarePriority = [
-        \Illuminate\Session\Middleware\AuthenticateSession::class,
-        Middleware\ProcessMakerAuthenticate::class,
-    ];
 }

ProcessMaker/Http/Middleware/AuthenticateSession.php

@@ -2,8 +2,8 @@
 
 namespace ProcessMaker\Http\Middleware;
 
-use BadMethodCallException;
 use Closure;
+use Illuminate\Auth\SessionGuard;
 use Illuminate\Session\Middleware\AuthenticateSession as BaseAuthenticateSession;
 
 class AuthenticateSession extends BaseAuthenticateSession
@@ -12,42 +12,18 @@ class AuthenticateSession extends BaseAuthenticateSession
      * Handle an incoming request.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  \Closure  $next
+     * @param  Closure  $next
      *
      * @return mixed
      * @throws \Illuminate\Auth\AuthenticationException
      */
     public function handle($request, Closure $next)
     {
-        if (!$request->hasSession() || !$request->user()) {
+        // Only use on SessionGuard
+        if (!($this->guard() instanceof SessionGuard)) {
             return $next($request);
         }
 
-        // On occasion, the "auth" property is an empty array
-        // and trying to call the viaRemember() method off of
-        // it will throw a fatal error, this is a work around
-        try {
-            if ($this->auth->viaRemember()) {
-                $passwordHash = explode('|', $request->cookies->get($this->auth->getRecallerName()))[2] ?? null;
-
-                if (!$passwordHash || $passwordHash != $request->user()->getAuthPassword()) {
-                    $this->logout($request);
-                }
-            }
-        } catch (BadMethodCallException $exception) {
-            return $next($request);
-        }
-
-        if (!$request->session()->has('password_hash_' . $this->auth->getDefaultDriver())) {
-            $this->storePasswordHashInSession($request);
-        }
-
-        if ($request->session()->get('password_hash_' . $this->auth->getDefaultDriver()) !== $request->user()->getAuthPassword()) {
-            $this->logout($request);
-        }
-
-        return tap($next($request), function () use ($request) {
-            $this->storePasswordHashInSession($request);
-        });
+        return parent::handle($request, $next);
     }
 }