Enlightn integration (#598)

* 'Illuminate\Contracts\Validation\Rule' is deprecated. #547

* integrate Enlightn security checks

* integrate Enlightn security checks

* Remove Enlightn security checks on tests - too many issues with CI mode.

.env.ci

@@ -8,6 +8,7 @@ FRONTEND_URL=http://127.0.0.1:8000/
 LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
+TELESCOPE_ENABLED=false
 
 DB_CONNECTION=sqlite
 
@@ -35,6 +36,4 @@ VITE_IDLE_TIMER_MIN=30
 ORCID_REDIRECT_URI="${FRONTEND_URL}/#/auth/orcid-callback?"
 ORCID_CLIENT_ID=""
 
-TELESCOPE_ENABLED=false
-
 MEDIA_DISK=media

.env.example

@@ -8,6 +8,7 @@ FRONTEND_URL=http://localhost/
 LOG_CHANNEL=stack
 LOG_DEPRECATIONS_CHANNEL=null
 LOG_LEVEL=debug
+TELESCOPE_ENABLED=false
 
 DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
@@ -39,9 +40,6 @@ MAIL_FROM_ADDRESS="[email protected]"
 MAIL_FROM_NAME="${APP_NAME}"
 MAIL_LOG_CHANNEL=stack
 
-POSTMARK_TOKEN=
-POSTMARK_MESSAGE_STREAM_ID=
-
 DO_SPACES_KEY=
 DO_SPACES_SECRET=
 DO_SPACES_REGION=
@@ -80,4 +78,7 @@ OHDEAR_URL=""
 ORCID_USE_SANDBOX=false
 ORCID_REDIRECT_URI="${FRONTEND_URL}api/orcid/redirect"
 ORCID_CLIENT_ID=""
-ORCID_CLIENT_SECRET=""
+ORCID_CLIENT_SECRET=""
+
+# required to migrate hash algorithm. Remove after migration
+HASH_VERIFY=false

.phpstorm.meta.php

@@ -13,6 +13,9 @@
     */
     override(new \Illuminate\Contracts\Container\Container, map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -274,6 +277,9 @@
         ]));
     override(\Illuminate\Container\Container::makeWith(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -535,6 +541,9 @@
         ]));
     override(\Illuminate\Contracts\Container\Container::get(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -796,6 +805,9 @@
         ]));
     override(\Illuminate\Contracts\Container\Container::make(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -1057,6 +1069,9 @@
         ]));
     override(\Illuminate\Contracts\Container\Container::makeWith(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -1318,6 +1333,9 @@
         ]));
     override(\App::get(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -1579,6 +1597,9 @@
         ]));
     override(\App::make(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -1840,6 +1861,9 @@
         ]));
     override(\App::makeWith(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -2101,6 +2125,9 @@
         ]));
     override(\app(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -2362,6 +2389,9 @@
         ]));
     override(\resolve(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,
@@ -2623,6 +2653,9 @@
         ]));
     override(\Psr\Container\ContainerInterface::get(0), map([
         '' => '@',
+            'Enlightn\Enlightn\Composer' => \Enlightn\Enlightn\Composer::class,
+            'Enlightn\Enlightn\NPM' => \Enlightn\Enlightn\NPM::class,
+            'Enlightn\Enlightn\Reporting\API' => \Enlightn\Enlightn\Reporting\API::class,
             'Illuminate\Auth\Console\ClearResetsCommand' => \Illuminate\Auth\Console\ClearResetsCommand::class,
             'Illuminate\Auth\Middleware\RequirePassword' => \Illuminate\Auth\Middleware\RequirePassword::class,
             'Illuminate\Broadcasting\BroadcastManager' => \Illuminate\Broadcasting\BroadcastManager::class,

_ide_helper.php

@@ -5,7 +5,7 @@
 
 /**
  * A helper file for Laravel, to provide autocomplete information to your IDE
- * Generated for Laravel 11.4.0.
+ * Generated for Laravel 11.5.0.
  *
  * This file should not be included in your code, only analyzed by your IDE!
  *
@@ -2889,6 +2889,33 @@
         {
                         /** @var \Illuminate\Broadcasting\BroadcastManager $instance */
                         return $instance->socket($request);
+        }
+                    /**
+         * Begin sending an anonymous broadcast to the given channels.
+         *
+         * @static 
+         */        public static function on($channels)
+        {
+                        /** @var \Illuminate\Broadcasting\BroadcastManager $instance */
+                        return $instance->on($channels);
+        }
+                    /**
+         * Begin sending an anonymous broadcast to the given private channels.
+         *
+         * @static 
+         */        public static function private($channel)
+        {
+                        /** @var \Illuminate\Broadcasting\BroadcastManager $instance */
+                        return $instance->private($channel);
+        }
+                    /**
+         * Begin sending an anonymous broadcast to the given presence channels.
+         *
+         * @static 
+         */        public static function presence($channel)
+        {
+                        /** @var \Illuminate\Broadcasting\BroadcastManager $instance */
+                        return $instance->presence($channel);
         }
                     /**
          * Begin broadcasting an event.
@@ -10546,6 +10573,19 @@
         {
                         /** @var \Illuminate\Cache\RateLimiter $instance */
                         return $instance->increment($key, $decaySeconds, $amount);
+        }
+                    /**
+         * Decrement the counter for a given key for a given decay time by a given amount.
+         *
+         * @param string $key
+         * @param int $decaySeconds
+         * @param int $amount
+         * @return int 
+         * @static 
+         */        public static function decrement($key, $decaySeconds = 60, $amount = 1)
+        {
+                        /** @var \Illuminate\Cache\RateLimiter $instance */
+                        return $instance->decrement($key, $decaySeconds, $amount);
         }
                     /**
          * Get the number of attempts for the given key.
@@ -11152,7 +11192,7 @@
                         return $instance->mergeIfMissing($input);
         }
                     /**
-         * Replace the input for the current request.
+         * Replace the input values for the current request.
          *
          * @param array $input
          * @return \Illuminate\Http\Request 
@@ -16258,6 +16298,20 @@
         {
                         /** @var \Illuminate\Routing\UrlGenerator $instance */
                         return $instance->to($path, $extra, $secure);
+        }
+                    /**
+         * Generate an absolute URL with the given query parameters.
+         *
+         * @param string $path
+         * @param array $query
+         * @param mixed $extra
+         * @param bool|null $secure
+         * @return string 
+         * @static 
+         */        public static function query($path, $query = [], $extra = [], $secure = null)
+        {
+                        /** @var \Illuminate\Routing\UrlGenerator $instance */
+                        return $instance->query($path, $query, $extra, $secure);
         }
                     /**
          * Generate a secure, absolute URL to the given path.

app/Providers/AuthServiceProvider.php

@@ -2,6 +2,7 @@
 
 namespace App\Providers;
 
+use App\Models\User;
 use Illuminate\Auth\Notifications\VerifyEmail;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
 use Illuminate\Notifications\Messages\MailMessage;
@@ -26,11 +27,8 @@ public function boot()
     {
         $this->registerPolicies();
 
-        VerifyEmail::toMailUsing(function (object $notifiable, string $url) {
-            return (new MailMessage)->
-                subject(__('email.auth.verify.title'))->
-                markdown('authentication.verify_email', ['url' => $url, 'user' => $notifiable->first_name]);
+        VerifyEmail::toMailUsing(function (User $notifiable, string $url) {
+            return (new MailMessage)->subject(__('email.auth.verify.title'))->markdown('authentication.verify_email', ['url' => $url, 'user' => $notifiable->first_name]);
         });
-
     }
 }

app/Providers/TelescopeServiceProvider.php

@@ -26,10 +26,10 @@ public function register()
             }
 
             return $entry->isReportableException() ||
-                   $entry->isFailedRequest() ||
-                   $entry->isFailedJob() ||
-                   $entry->isScheduledTask() ||
-                   $entry->hasMonitoredTag();
+                $entry->isFailedRequest() ||
+                $entry->isFailedJob() ||
+                $entry->isScheduledTask() ||
+                $entry->hasMonitoredTag();
         });
     }
 
@@ -62,7 +62,7 @@ protected function hideSensitiveRequestDetails()
      */
     protected function gate()
     {
-        return Gate::define('viewTelescope', function ($user) {
+        Gate::define('viewTelescope', function ($user) {
             return $user->can('view_telescope');
         });
     }

app/Rules/Doi.php

@@ -2,22 +2,19 @@
 
 namespace App\Rules;
 
-use Illuminate\Contracts\Validation\InvokableRule;
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
 
-class Doi implements InvokableRule
+class Doi implements ValidationRule
 {
     /**
      * Check if the given value is a valid DOI.
      *
-     * @param  string  $attribute
-     * @param  mixed  $value
-     * @param  \Closure(string): \Illuminate\Translation\PotentiallyTranslatedString  $fail
-     * @return void
      */
-    public function __invoke($attribute, $value, $fail)
+    public function validate(string $attribute, mixed $value, Closure $fail): void
     {
         // check the value against the DOI regex
-        if (! preg_match('/^10\.\d{4,9}\/[-._;()\/:A-Z0-9]+$/i', $value)) {
+        if (!preg_match('/^10\.\d{4,9}\/[-._;()\/:A-Z0-9]+$/i', $value)) {
             $fail('The :attribute is not a valid DOI.');
         }
     }

app/Rules/UserNotAManuscriptAuthor.php

@@ -4,15 +4,18 @@
 
 use App\Models\ManuscriptRecord;
 use App\Models\User;
+use Closure;
 use Illuminate\Contracts\Validation\Rule;
+use Illuminate\Contracts\Validation\ValidationRule;
 
 /**
  * This rule is used to check if a user is not part of author list of the
  * given manuscript or it's owner. This is used to ensure that the
  * given user can be a reviewer of the manuscript.
  */
-class UserNotAManuscriptAuthor implements Rule
+class UserNotAManuscriptAuthor implements ValidationRule
 {
+
     /**
      * Create a new rule instance.
      *
@@ -22,30 +25,16 @@ public function __construct(public ManuscriptRecord $manuscriptRecord)
     {
     }
 
-    /**
-     * Determine if the validation rule passes.
-     *
-     * @param  string  $attribute
-     * @param  mixed  $value  a user id
-     * @return bool
-     */
-    public function passes($attribute, $value)
+
+    public function validate(string $attribute, mixed $value, Closure $fail): void
     {
         /** Gather a list of all user ids that cannot review this manuscript  */
         $emails = $this->manuscriptRecord->manuscriptAuthors()->with('author')->get()->pluck('author.email');
         $invalidUserIds = User::whereIn('email', $emails)->pluck('id');
         $invalidUserIds = $invalidUserIds->push($this->manuscriptRecord->user_id);
 
-        return ! in_array($value, $invalidUserIds->toArray());
-    }
-
-    /**
-     * Get the validation error message.
-     *
-     * @return string
-     */
-    public function message()
-    {
-        return 'The :attribute cannot be an author or owner of this manuscript.';
+        if (in_array($value, $invalidUserIds->toArray())) {
+            $fail('The :attribute cannot be an author or owner of this manuscript.');
+        }
     }
 }

composer.json

@@ -36,13 +36,14 @@
     },
     "require-dev": {
         "barryvdh/laravel-ide-helper": "^3.0.0",
+        "enlightn/enlightn": "^2.10",
         "fakerphp/faker": "^1.21",
+        "larastan/larastan": "^2.0",
         "laravel/breeze": "^2.0",
         "laravel/pint": "^1.4.0",
         "laravel/sail": "^1.18.1",
         "mockery/mockery": "^1.5.1",
         "nunomaduro/collision": "^8.1",
-        "larastan/larastan": "^2.0",
         "orangehill/iseed": "^3.0",
         "pestphp/pest": "^2.0",
         "pestphp/pest-plugin-laravel": "^2.0",