Merge pull request #11742 from firefly-iii/release-1771230440

🤖 Automatically merge the PR into the develop branch.

.github/mergify.yml

@@ -1,11 +1,4 @@
 pull_request_rules:
-  - name: Make sure PR are up to date before merging
-    description: This automatically updates PRs when they are out-of-date with the
-      base branch to avoid semantic conflicts (next step is using a merge
-      queue).
-    conditions: []
-    actions:
-      update:
   - name: Close all on main
     conditions:
       - base=main

app/Api/V1/Requests/Models/TransactionCurrency/UpdateRequest.php

@@ -63,6 +63,9 @@ class UpdateRequest extends FormRequest
     {
         /** @var TransactionCurrency $currency */
         $currency = $this->route()->parameter('currency_code');
+        if (is_string($currency)) {
+            $currency = TransactionCurrency::whereCode($currency)->first();
+        }
 
         return [
             'name'           => sprintf('min:1|max:255|unique:transaction_currencies,name,%d', $currency->id),

app/Console/Commands/Correction/CorrectsGroupAccounts.php

@@ -56,8 +56,8 @@ class CorrectsGroupAccounts extends Command
             }
         }
         $flags                    = new TransactionGroupEventFlags();
-        $flags->applyRules        = true;
-        $flags->fireWebhooks      = true;
+        $flags->applyRules        = false;
+        $flags->fireWebhooks      = false;
         $flags->recalculateCredit = true;
         $objects                  = new TransactionGroupEventObjects();
         foreach ($groups as $groupId) {

app/Console/Commands/System/CreatesDatabase.php

@@ -25,6 +25,7 @@ declare(strict_types=1);
 namespace FireflyIII\Console\Commands\System;
 
 use FireflyIII\Console\Commands\ShowsFriendlyMessages;
+use FireflyIII\Console\Commands\Tools\VerifiesDatabaseConnectionTrait;
 use Illuminate\Console\Command;
 use PDO;
 use PDOException;
@@ -32,6 +33,7 @@ use PDOException;
 class CreatesDatabase extends Command
 {
     use ShowsFriendlyMessages;
+    use VerifiesDatabaseConnectionTrait;
 
     protected $description = 'Tries to create the database if it doesn\'t exist yet.';
 
@@ -39,21 +41,27 @@ class CreatesDatabase extends Command
 
     public function handle(): int
     {
-        if ('mysql' !== env('DB_CONNECTION')) { // @phpstan-ignore larastan.noEnvCallsOutsideOfConfig */
-            $this->friendlyInfo(sprintf('CreateDB does not apply to "%s", skipped.', env('DB_CONNECTION')));
+        $connected = $this->verifyDatabaseConnection();
+        if (!$connected) {
+            $this->friendlyError('Failed to connect to the database. Is it up?');
+
+            return Command::FAILURE;
+        }
+        if ('mysql' !== config('database.default')) { // @phpstan-ignore larastan.noEnvCallsOutsideOfConfig */
+            $this->friendlyInfo(sprintf('CreateDB does not apply to "%s", skipped.', config('database.default')));
 
             return 0;
         }
         // try to set up a raw connection:
-        $exists  = false;
-        $dsn     = sprintf('mysql:host=%s;port=%d;charset=utf8mb4', env('DB_HOST'), env('DB_PORT'));
+        $exists    = false;
+        $dsn       = sprintf('mysql:host=%s;port=%d;charset=utf8mb4', env('DB_HOST'), env('DB_PORT'));
 
         if ('' !== (string) env('DB_SOCKET')) {
             $dsn = sprintf('mysql:unix_socket=%s;charset=utf8mb4', env('DB_SOCKET'));
         }
         $this->friendlyLine(sprintf('DSN is %s', $dsn));
 
-        $options = [
+        $options   = [
             PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
             PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
             PDO::ATTR_EMULATE_PREPARES   => false,
@@ -71,7 +79,7 @@ class CreatesDatabase extends Command
         // only continue when no error.
         // with PDO, try to list DB's (
         /** @var array $stmt */
-        $stmt    = $pdo->query('SHOW DATABASES;');
+        $stmt      = $pdo->query('SHOW DATABASES;');
         // slightly more complex but less error-prone.
         foreach ($stmt as $row) {
             $name = $row['Database'] ?? false;

app/Console/Commands/Tools/VerifiesDatabaseConnection.php

@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * VerifiesDatabaseConnection.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace FireflyIII\Console\Commands\Tools;
+
+use FireflyIII\Console\Commands\ShowsFriendlyMessages;
+use Illuminate\Console\Command;
+
+class VerifiesDatabaseConnection extends Command
+{
+    use ShowsFriendlyMessages;
+    use VerifiesDatabaseConnectionTrait;
+
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature   = 'firefly-iii:verify-database-connection';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'This command tries to connect to the database.';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle(): int
+    {
+        $connected = $this->verifyDatabaseConnection();
+        if ($connected) {
+            $this->friendlyPositive('Connected to the database.');
+
+            return Command::SUCCESS;
+        }
+        $this->friendlyError('Failed to connect to the database. Is it up?');
+
+        return Command::FAILURE;
+    }
+}

app/Console/Commands/Tools/VerifiesDatabaseConnectionTrait.php

@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * VerifiesDatabaseConnectionTrait.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace FireflyIII\Console\Commands\Tools;
+
+use Exception;
+use Illuminate\Database\QueryException;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Log;
+
+trait VerifiesDatabaseConnectionTrait
+{
+    protected function verifyDatabaseConnection(): bool
+    {
+        $loops     = 30;
+        $loop      = 0;
+        $queries   = ['pgsql'  => 'SELECT * FROM pg_catalog.pg_tables;', 'sqlite' => 'SELECT name FROM sqlite_schema;', 'mysql'  => 'SHOW TABLES;'];
+        $default   = config('database.default');
+        if (!array_key_exists($default, $queries)) {
+            $this->friendlyWarning(sprintf('Cannot validate database connection for "%s"', $default));
+
+            return true;
+        }
+        $query     = $queries[$default];
+        $connected = false;
+        Log::debug(sprintf('Connecting to database "%s"...', config('database.default')));
+        while (!$connected && $loop < $loops) {
+            try {
+                DB::select($query);
+                $connected = true;
+            } catch (QueryException $e) {
+                Log::error(sprintf('Loop #%d: connection failed: %s', $loop, $e->getMessage()));
+                $this->friendlyWarning(sprintf('Database connection attempt #%d failed. Sleep for 10 seconds...', $loop + 1));
+                sleep(10);
+            } catch (Exception $e) {
+                Log::error(sprintf('Loop #%d: not connected yet because of a %s: %s', $loop, get_class($e), $e->getMessage()));
+                $this->friendlyWarning(sprintf('Database connection attempt #%d failed. Sleep for 10 seconds...', $loop + 1));
+                sleep(10);
+            }
+            ++$loop;
+        }
+
+        return $connected;
+    }
+}

app/Console/Commands/Upgrade/UpgradesDatabase.php

@@ -94,6 +94,7 @@ class UpgradesDatabase extends Command
 
     private function callInitialCommands(): void
     {
+        $this->call('firefly-iii:verify-database-connection');
         $this->call('migrate', ['--seed'           => true, '--force'          => true, '--no-interaction' => true]);
         $this->call('upgrade:600-pgsql-sequences');
         $this->call('upgrade:480-decrypt-all');

app/Console/Kernel.php

@@ -1,69 +0,0 @@
-<?php
-
-/**
- * Kernel.php
- * Copyright (c) 2020 james@firefly-iii.org
- *
- * This file is part of Firefly III (https://github.com/firefly-iii).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-declare(strict_types=1);
-
-namespace FireflyIII\Console;
-
-use Illuminate\Console\Scheduling\Schedule;
-use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
-use Illuminate\Support\Facades\Log;
-use Override;
-
-/**
- * File to make sure commands work.
- */
-class Kernel extends ConsoleKernel
-{
-    /**
-     * Register the commands for the application.
-     */
-    #[Override]
-    protected function commands(): void
-    {
-        $this->load(__DIR__.'/Commands');
-
-        require base_path('routes/console.php');
-    }
-
-    /**
-     * Define the application's command schedule.
-     */
-    #[Override]
-    protected function schedule(Schedule $schedule): void
-    {
-        $schedule->call(static function (): void {
-            Log::error('Firefly III no longer users the Laravel scheduler to do cron jobs! Please read the instructions at https://docs.firefly-iii.org/');
-            echo "\n";
-            echo '------------';
-            echo "\n";
-            echo wordwrap('Firefly III no longer users the Laravel scheduler to do cron jobs! Please read the instructions here:');
-            echo "\n";
-            echo 'https://docs.firefly-iii.org/';
-            echo "\n\n";
-            echo 'Disable this cron job!';
-            echo "\n";
-            echo '------------';
-            echo "\n";
-        })->daily();
-    }
-}

app/Handlers/ExchangeRate/ConvertsAmountToPrimaryAmount.php

@@ -36,13 +36,13 @@ class ConvertsAmountToPrimaryAmount
         $primaryAmountField                   = $params->primaryAmountField;
 
         if (!Amount::convertToPrimary($params->user)) {
-            Log::debug(sprintf(
-                'User does not want to do conversion, no need to convert "%s" and store it in field "%s" for %s #%d.',
-                $params->amountField,
-                $params->primaryAmountField,
-                get_class($params->model),
-                $params->model->id
-            ));
+            //            Log::debug(sprintf(
+            //                'User does not want to do conversion, no need to convert "%s" and store it in field "%s" for %s #%d.',
+            //                $params->amountField,
+            //                $params->primaryAmountField,
+            //                get_class($params->model),
+            //                $params->model->id
+            //            ));
             $params->model->{$primaryAmountField} = null;
             $params->model->saveQuietly();
 

app/Http/Controllers/Admin/ConfigurationController.php

@@ -115,6 +115,7 @@ class ConfigurationController extends Controller
         FireflyConfig::set('enable_external_map', $data['enable_external_map']);
         FireflyConfig::set('enable_external_rates', $data['enable_external_rates']);
         FireflyConfig::set('allow_webhooks', $data['allow_webhooks']);
+        FireflyConfig::set('enable_batch_processing', $data['enable_batch_processing']);
 
         FireflyConfig::set('valid_url_protocols', $data['valid_url_protocols']);
         FireflyConfig::set('is_demo_site', $data['is_demo_site']);

app/Http/Controllers/Auth/LoginController.php

@@ -190,6 +190,14 @@ class LoginController extends Controller
      */
     public function showLoginForm(Request $request): Factory|Redirector|RedirectResponse|View
     {
+        if ('remote_user_guard' === config('auth.defaults.guard')) {
+            $message = sprintf(
+                'Firefly III is configured to use the "remote user guard", but was unable to link you to a user. Are you sure the "%s" header is in place?',
+                config('auth.guard_header')
+            );
+
+            return view('errors.error', ['message' => $message]);
+        }
         Log::channel('audit')->info('Show login form (1.1).');
 
         $count             = DB::table('users')->count();

app/Http/Controllers/Controller.php

@@ -80,6 +80,14 @@ abstract class Controller extends BaseController
         View::share('FF_VERSION', config('firefly.version'));
         View::share('FF_BUILD_TIME', config('firefly.build_time'));
 
+        // this breaks when running < php 8.5 and is totally intentional.
+        //        $input            = ' James is cool';
+        //        $output           = $input
+        //            |> trim(...)
+        //            |> (fn (string $string) => str_replace(' ', '-', $string))
+        //            |> (fn (string $string) => str_replace(['.', '/', '…'], '', $string))
+        //            |> strtolower(...);
+
         // is webhooks enabled?
         View::share(
             'featuringWebhooks',

app/Http/Kernel.php

@@ -1,65 +0,0 @@
-<?php
-
-/**
- * Kernel.php
- * Copyright (c) 2019 james@firefly-iii.org
- *
- * This file is part of Firefly III (https://github.com/firefly-iii).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-declare(strict_types=1);
-
-namespace FireflyIII\Http;
-
-use FireflyIII\Http\Middleware\Authenticate;
-use FireflyIII\Http\Middleware\Binder;
-use FireflyIII\Http\Middleware\InstallationId;
-use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
-use FireflyIII\Http\Middleware\StartFireflySession;
-use FireflyIII\Http\Middleware\TrimStrings;
-use FireflyIII\Http\Middleware\TrustProxies;
-use Illuminate\Auth\Middleware\AuthenticateWithBasicAuth;
-use Illuminate\Auth\Middleware\Authorize;
-use Illuminate\Foundation\Http\Kernel as HttpKernel;
-use Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode;
-use Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull;
-use Illuminate\Foundation\Http\Middleware\ValidatePostSize;
-use Illuminate\Routing\Middleware\ThrottleRequests;
-use Illuminate\View\Middleware\ShareErrorsFromSession;
-
-/**
- * Class Kernel
- */
-class Kernel extends HttpKernel
-{
-    protected $middleware         = [
-        // SecureHeaders::class,
-        CheckForMaintenanceMode::class,
-        ValidatePostSize::class,
-        TrimStrings::class,
-        ConvertEmptyStringsToNull::class,
-        TrustProxies::class,
-        InstallationId::class,
-    ];
-    protected $middlewareAliases  = [
-        'auth'       => Authenticate::class,
-        'auth.basic' => AuthenticateWithBasicAuth::class,
-        'bindings'   => Binder::class,
-        'can'        => Authorize::class,
-        'guest'      => RedirectIfAuthenticated::class,
-        'throttle'   => ThrottleRequests::class,
-    ];
-    protected $middlewarePriority = [StartFireflySession::class, ShareErrorsFromSession::class, Authenticate::class, Binder::class, Authorize::class];
-}

app/Http/Middleware/Authenticate.php

@@ -82,22 +82,25 @@ class Authenticate
     protected function authenticate($request, array $guards)
     {
         if (0 === count($guards)) {
-            // go for default guard:
-            // @noinspection PhpUndefinedMethodInspection
-            if ($this->auth->check()) {
-                // do an extra check on user object.
-                /** @noinspection PhpUndefinedMethodInspection */
-
-                /** @var User $user */
-                $user = $this->auth->authenticate();
+            Log::debug('in Authenticate::authenticate() with zero guards.');
+            // There are no guards defined, go for the default guard:
+            if (auth()->check()) {
+                Log::debug('User is authenticated.');
+                $user = auth()->user();
                 $this->validateBlockedUser($user, $guards);
-            }
 
+                return;
+            }
             // @noinspection PhpUndefinedMethodInspection
-            return $this->auth->authenticate();
+            $this->auth->authenticate();
+            if (!$this->auth->check()) {
+                throw new AuthenticationException('The user is not logged in but must be.', $guards);
+            }
         }
 
+        exit('five');
         foreach ($guards as $guard) {
+            exit('six');
             if ('api' !== $guard) {
                 $this->auth->guard($guard)->authenticate();
             }
@@ -111,6 +114,7 @@ class Authenticate
             }
         }
 
+        exit('seven');
         // this is a massive hack, but if the handler has the oauth exception
         // at this point we can report its error instead of a generic one.
         $message = 'Unauthenticated.';
@@ -143,5 +147,6 @@ class Authenticate
             // @phpstan-ignore-line (thinks function is undefined)
             throw new AuthenticationException('Blocked account.', $guards);
         }
+        Log::debug(sprintf('User #%d is not blocked.', $user->id));
     }
 }

app/Http/Middleware/StartFireflyIIISession.php

@@ -32,7 +32,7 @@ use Override;
 /**
  * Class StartFireflySession.
  */
-class StartFireflySession extends StartSession
+class StartFireflyIIISession extends StartSession
 {
     /**
      * Store the current URL for the request if necessary.

app/Listeners/Model/TransactionGroup/SupportsGroupProcessingTrait.php

@@ -104,7 +104,9 @@ trait SupportsGroupProcessingTrait
         $repository->deleteStatisticsForType(Category::class, $objects->categories, $dates);
         $repository->deleteStatisticsForType(Tag::class, $objects->tags, $dates);
 
-        // remove if no stuff present:
+        // remove generic statistics:
+        $repository->deleteStatisticsForPrefix('all_', $dates);
+
         // remove for no tag, no cat, etc.
         if (0 === $objects->budgets->count()) {
             Log::debug('No budgets, delete "no_category" stats.');

app/Providers/AuthServiceProvider.php

@@ -34,10 +34,6 @@ use Laravel\Passport\Passport;
  */
 class AuthServiceProvider extends ServiceProvider
 {
-    protected $policies = [
-        // 'FireflyIII\Model' => 'FireflyIII\Policies\ModelPolicy',
-    ];
-
     /**
      * Register any authentication / authorization services.
      *

app/Providers/FireflySessionProvider.php

@@ -23,7 +23,7 @@ declare(strict_types=1);
 
 namespace FireflyIII\Providers;
 
-use FireflyIII\Http\Middleware\StartFireflySession;
+use FireflyIII\Http\Middleware\StartFireflyIIISession;
 use Illuminate\Session\SessionManager;
 use Illuminate\Support\ServiceProvider;
 use Override;
@@ -43,7 +43,7 @@ class FireflySessionProvider extends ServiceProvider
 
         $this->registerSessionDriver();
 
-        $this->app->singleton(StartFireflySession::class);
+        $this->app->singleton(StartFireflyIIISession::class);
     }
 
     /**

app/Providers/RouteServiceProvider.php

@@ -42,20 +42,18 @@ class RouteServiceProvider extends ServiceProvider
     #[Override]
     public function boot(): void
     {
-        $this->routes(function (): void {
-            Route::prefix('api')
-                ->middleware('api')
-                ->namespace($this->namespace)
-                ->group(base_path('routes/api.php'))
-            ;
-
-            Route::prefix('api/v1/cron')
-                ->middleware('api_basic')
-                ->namespace($this->namespace)
-                ->group(base_path('routes/api-noauth.php'))
-            ;
-
-            Route::middleware('web')->namespace($this->namespace)->group(base_path('routes/web.php'));
-        });
+        //        $this->routes(function (): void {
+        //            Route::prefix('api')
+        //                ->middleware('api')
+        //                ->namespace($this->namespace)
+        //                ->group(base_path('routes/api.php'))
+        //            ;
+        //            Route::prefix('api/v1/cron')
+        //                ->middleware('api_basic')
+        //                ->namespace($this->namespace)
+        //                ->group(base_path('routes/api-noauth.php'))
+        //            ;
+        //            Route::middleware('web')->namespace($this->namespace)->group(base_path('routes/web.php'));
+        //        });
     }
 }

app/Providers/SessionServiceProvider.php

@@ -23,7 +23,7 @@ declare(strict_types=1);
 
 namespace FireflyIII\Providers;
 
-use FireflyIII\Http\Middleware\StartFireflySession;
+use FireflyIII\Http\Middleware\StartFireflyIIISession;
 use Illuminate\Session\SessionServiceProvider as BaseSessionServiceProvider;
 use Override;
 
@@ -42,6 +42,6 @@ class SessionServiceProvider extends BaseSessionServiceProvider
 
         $this->registerSessionDriver();
 
-        $this->app->singleton(StartFireflySession::class);
+        $this->app->singleton(StartFireflyIIISession::class);
     }
 }

app/Support/Authentication/RemoteUserGuard.php

@@ -31,6 +31,7 @@ use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Guard;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Log;
 
 /**
@@ -58,6 +59,11 @@ class RemoteUserGuard implements Guard
     {
         $this->tried   = true;
         Log::debug(sprintf('Now at %s', __METHOD__));
+        if (App::runningInConsole()) {
+            Log::debug('Running in console, will not authenticate.');
+
+            return;
+        }
         if ($this->user instanceof User) {
             Log::debug(sprintf('%s is found: #%d, "%s".', $this->user::class, $this->user->id, $this->user->email));
 
@@ -78,7 +84,8 @@ class RemoteUserGuard implements Guard
         if (null === $userID || '' === $userID) {
             Log::error(sprintf('No user in header "%s".', $header));
 
-            throw new FireflyException('The guard header was unexpectedly empty. See the logs.');
+            // throw new FireflyException('The guard header was unexpectedly empty. See the logs.');
+            return;
         }
 
         Log::debug(sprintf('User ID found in header is "%s"', $userID));
@@ -150,6 +157,11 @@ class RemoteUserGuard implements Guard
 
     public function user(): ?User
     {
+        if (App::runningInConsole()) {
+            Log::debug('Running in console, will not authenticate.');
+
+            return null;
+        }
         if (false === $this->tried) {
             Log::debug('Have not tried authentication, do it now.');
             $this->authenticate();

app/Support/Export/ExportDataGenerator.php

@@ -124,6 +124,38 @@ class ExportDataGenerator
 
     // @phpstan-ignore-line
 
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
     public function __construct()
     {
         $this->accounts = new Collection();

app/Support/JsonApi/Enrichments/AvailableBudgetEnrichment.php

@@ -58,6 +58,22 @@ class AvailableBudgetEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private readonly bool $convertToPrimary; // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
@@ -76,6 +92,22 @@ class AvailableBudgetEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $currencies            = [];
     private array $currencyIds           = [];
     private array $ids                   = [];

app/Support/JsonApi/Enrichments/BudgetLimitEnrichment.php

@@ -58,6 +58,22 @@ class BudgetLimitEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $currencies  = [];
     private array $currencyIds = [];
     private Carbon $end;

app/Support/JsonApi/Enrichments/PiggyBankEnrichment.php

@@ -60,6 +60,22 @@ class PiggyBankEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $accounts      = []; // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
@@ -78,6 +94,22 @@ class PiggyBankEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $amounts       = [];
     private Collection $collection;
     private array $currencies    = [];

app/Support/JsonApi/Enrichments/PiggyBankEventEnrichment.php

@@ -55,6 +55,22 @@ class PiggyBankEventEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $accountIds        = []; // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
@@ -73,6 +89,22 @@ class PiggyBankEventEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private Collection $collection;
     private array $currencies        = [];
     private array $groupIds          = [];

app/Support/JsonApi/Enrichments/SubscriptionEnrichment.php

@@ -64,6 +64,22 @@ class SubscriptionEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private readonly bool $convertToPrimary;
     private ?Carbon $end             = null;
     private array   $mappedObjects   = [];

app/Support/JsonApi/Enrichments/TransactionGroupEnrichment.php

@@ -89,6 +89,38 @@ class TransactionGroupEnrichment implements EnrichmentInterface
 
     // @phpstan-ignore-line
 
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
+    // @phpstan-ignore-line
+
     public function __construct()
     {
         $this->dateFields      = ['interest_date', 'book_date', 'process_date', 'due_date', 'payment_date', 'invoice_date'];

app/Support/JsonApi/Enrichments/WebhookEnrichment.php

@@ -60,6 +60,22 @@ class WebhookEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $ids               = []; // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
@@ -78,6 +94,22 @@ class WebhookEnrichment implements EnrichmentInterface
     // @phpstan-ignore-line
     // @phpstan-ignore-line
     // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
+    // @phpstan-ignore-line
     private array $responses         = [];
     private array $triggers          = [];
     private array $webhookDeliveries = [];

app/Transformers/ObjectGroupTransformer.php

@@ -51,8 +51,8 @@ class ObjectGroupTransformer extends AbstractTransformer
 
         return [
             'id'         => (string) $objectGroup->id,
-            'created_at' => $objectGroup->created_at?->toAtomString(),
-            'updated_at' => $objectGroup->updated_at?->toAtomString(),
+            'created_at' => $objectGroup->created_at->toAtomString(),
+            'updated_at' => $objectGroup->updated_at->toAtomString(),
             'title'      => $objectGroup->title,
             'order'      => $objectGroup->order,
             'links'      => [['rel' => 'self', 'uri' => '/object_groups/'.$objectGroup->id]],

app/Transformers/PiggyBankEventTransformer.php

@@ -66,8 +66,8 @@ class PiggyBankEventTransformer extends AbstractTransformer
 
         return [
             'id'                              => (string) $event->id,
-            'created_at'                      => $event->created_at?->toAtomString(),
-            'updated_at'                      => $event->updated_at?->toAtomString(),
+            'created_at'                      => $event->created_at->toAtomString(),
+            'updated_at'                      => $event->updated_at->toAtomString(),
             'amount'                          => $amount,
             'pc_amount'                       => $primaryAmount,
 

bootstrap/app.php

@@ -32,11 +32,9 @@ use FireflyIII\Http\Middleware\IsAdmin;
 use FireflyIII\Http\Middleware\Range;
 use FireflyIII\Http\Middleware\RedirectIfAuthenticated;
 use FireflyIII\Http\Middleware\SecureHeaders;
-use FireflyIII\Http\Middleware\StartFireflySession;
-use FireflyIII\Http\Middleware\TrustProxies;
+use FireflyIII\Http\Middleware\StartFireflyIIISession;
 use FireflyIII\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Contracts\Debug\ExceptionHandler;
-use Illuminate\Contracts\Http\Kernel;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Configuration\Exceptions;
@@ -47,7 +45,6 @@ use Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance;
 use Illuminate\Foundation\Http\Middleware\TrimStrings;
 use Illuminate\Http\Middleware\HandleCors;
 use Illuminate\Http\Middleware\ValidatePostSize;
-use Illuminate\Routing\Middleware\SubstituteBindings;
 use Illuminate\View\Middleware\ShareErrorsFromSession;
 use Laravel\Passport\Http\Middleware\CreateFreshApiToken;
 use Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful;
@@ -92,115 +89,99 @@ if (!function_exists('stringIsEqual')) {
 $app = Application::configure(basePath: dirname(__DIR__))
                   ->withRouting(
                       web     : __DIR__ . '/../routes/web.php',
+                      api     : __DIR__ . '/../routes/api.php',
                       commands: __DIR__ . '/../routes/console.php',
                       health  : '/up',
                   )
                   ->withMiddleware(function (Middleware $middleware): void {
+
                       // overrule the standard middleware
                       $middleware->use(
                           [
                               InvokeDeferredCallbacks::class,
+                              \Illuminate\Http\Middleware\TrustProxies::class, // use the DEFAULT middleware for this.
                               HandleCors::class,
                               PreventRequestsDuringMaintenance::class,
                               ValidatePostSize::class,
                               TrimStrings::class,
                               ConvertEmptyStringsToNull::class,
-                              SecureHeaders::class,
-                              TrustProxies::class,
+                              SecureHeaders::class, // is a Firefly III specific middleware class.
                           ]
                       );
 
-                      // overrule the web group
+                      // append and extend the default "web" middleware
+                      // to include our own custom "StartFireflyIIISession" class.
+                      // this class in turns contains a better "previous URL" feature.
+                      // See https://laravel.com/docs/12.x/middleware for the default list.
                       $middleware->group('web',
                                          [
                                              EncryptCookies::class,
                                              AddQueuedCookiesToResponse::class,
-                                             StartFireflySession::class,
+                                             StartFireflyIIISession::class, // this is different.
                                              ShareErrorsFromSession::class,
                                              VerifyCsrfToken::class,
-                                             SubstituteBindings::class,
+                                             Binder::class, // this is also different.
                                              CreateFreshApiToken::class,
                                          ]
                       );
-                      // new group?
-                      $middleware->appendToGroup('binders-only',
-                                                 [
-                                                     Installer::class,
-                                                     EncryptCookies::class,
-                                                     AddQueuedCookiesToResponse::class,
-                                                     Binder::class,
-                                                 ]);
 
-                      //
-                      $middleware->appendToGroup('user-not-logged-in', [
-                          Installer::class,
-                          EncryptCookies::class,
-                          AddQueuedCookiesToResponse::class,
-                          StartFireflySession::class,
-                          ShareErrorsFromSession::class,
-                          VerifyCsrfToken::class,
-                          Binder::class,
-                          RedirectIfAuthenticated::class,
-                      ]);
+                      // the default API group only contains "substitute bindings" middleware
+                      // so here we replace the entire API group and add more sensible stuff.
+                      $middleware->group('api',
+                                         [
+                                             AcceptHeaders::class,
+                                             // EnsureFrontendRequestsAreStateful::class,
+                                             'auth:api',
+                                             Binder::class,
+                          ]
+                      );
+                      $middleware->appendToGroup('api_basic', [AcceptHeaders::class, Binder::class]);
 
-                      // more
-                      $middleware->appendToGroup('user-logged-in-no-2fa', [
-                          Installer::class,
-                          EncryptCookies::class,
-                          AddQueuedCookiesToResponse::class,
-                          StartFireflySession::class,
-                          ShareErrorsFromSession::class,
-                          VerifyCsrfToken::class,
-                          Binder::class,
-                          Authenticate::class,
-                      ]);
 
-                      // simple auth
+                      // "simple auth" means the user must be logged in and present,
+                      // but does not have to be 2FA authenticated. This is so all users
+                      // can always log out, for example.
                       $middleware->appendToGroup('user-simple-auth', [
-                          EncryptCookies::class,
-                          AddQueuedCookiesToResponse::class,
-                          StartFireflySession::class,
-                          ShareErrorsFromSession::class,
-                          VerifyCsrfToken::class,
-                          Binder::class,
                           Authenticate::class,
                       ]);
 
-                      // user full auth
+                      // This middleware is added for all routes where the user MUST have full authentication.
+                      // this includes 2FA etc.
+                      // incidentally, this group also includes the range middleware and the message thing.
                       $middleware->appendToGroup('user-full-auth', [
-                          EncryptCookies::class,
-                          AddQueuedCookiesToResponse::class,
-                          StartFireflySession::class,
-                          ShareErrorsFromSession::class,
-                          VerifyCsrfToken::class,
                           Authenticate::class,
                           MFAMiddleware::class,
                           Range::class,
-                          Binder::class,
                           InterestingMessage::class,
-                          CreateFreshApiToken::class,
                       ]);
-
-                      // admin
+                      // This middleware is added to ensure that the user is not only logged in and
+                      // authenticated (with MFA and everything), but also admin.
                       $middleware->appendToGroup('admin', [
-                          EncryptCookies::class,
-                          AddQueuedCookiesToResponse::class,
-                          StartFireflySession::class,
-                          ShareErrorsFromSession::class,
-                          VerifyCsrfToken::class,
                           Authenticate::class,
-                          // AuthenticateTwoFactor::class,
+                          MFAMiddleware::class,
                           IsAdmin::class,
                           Range::class,
-                          Binder::class,
-                          CreateFreshApiToken::class,
+                          InterestingMessage::class,
                       ]);
 
-                      // api
-                      $middleware->appendToGroup('api', [AcceptHeaders::class, EnsureFrontendRequestsAreStateful::class, 'auth:api,sanctum', Binder::class]);
-                      // api basic,
-                      $middleware->appendToGroup('api_basic', [AcceptHeaders::class, Binder::class]);
+                      // if the user is not logged in, this group applies.
+                      // on top of everything else of course.
+                      $middleware->appendToGroup('user-not-logged-in', [
+                          Installer::class,
+                          RedirectIfAuthenticated::class,
+                      ]);
 
+                      // the "binders only" group does not need or ask for authentication
+                      // it just makes sure strings from routes are bound to objects if possible.
+                      $middleware->group('binders-only',
+                                         [
+                                             Installer::class,
+                                             EncryptCookies::class,
+                                             AddQueuedCookiesToResponse::class,
+                                             Binder::class,
+                                         ]);
+
+                      // $middleware->priority([StartFireflyIIISession::class, ShareErrorsFromSession::class, Authenticate::class, Binder::class, Authorize::class]);
                   })
                   ->withEvents(discover: [
                                              __DIR__ . '/../app/Listeners',
@@ -225,16 +206,6 @@ $app = Application::configure(basePath: dirname(__DIR__))
 |
 */
 
-$app->singleton(
-    Kernel::class,
-    FireflyIII\Http\Kernel::class
-);
-
-$app->singleton(
-    Illuminate\Contracts\Console\Kernel::class,
-    FireflyIII\Console\Kernel::class
-);
-
 $app->singleton(
     ExceptionHandler::class,
     Handler::class

bootstrap/providers.php

@@ -0,0 +1,71 @@
+<?php
+/*
+ * providers.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+use FireflyIII\Providers\AccountServiceProvider;
+use FireflyIII\Providers\AdminServiceProvider;
+use FireflyIII\Providers\AppServiceProvider;
+use FireflyIII\Providers\AttachmentServiceProvider;
+use FireflyIII\Providers\BillServiceProvider;
+use FireflyIII\Providers\BudgetServiceProvider;
+use FireflyIII\Providers\CategoryServiceProvider;
+use FireflyIII\Providers\CurrencyServiceProvider;
+use FireflyIII\Providers\FireflyServiceProvider;
+use FireflyIII\Providers\JournalServiceProvider;
+use FireflyIII\Providers\PiggyBankServiceProvider;
+use FireflyIII\Providers\RecurringServiceProvider;
+use FireflyIII\Providers\RouteServiceProvider;
+use FireflyIII\Providers\RuleGroupServiceProvider;
+use FireflyIII\Providers\RuleServiceProvider;
+use FireflyIII\Providers\SearchServiceProvider;
+use FireflyIII\Providers\TagServiceProvider;
+use TwigBridge\ServiceProvider;
+
+return [
+    // Package Service Providers...
+
+    // Application Service Providers...
+    AppServiceProvider::class,
+    FireflyIII\Providers\AuthServiceProvider::class,
+    // FireflyIII\Providers\BroadcastServiceProvider::class,
+    // EventServiceProvider::class,
+    RouteServiceProvider::class,
+
+    // own stuff:
+    PragmaRX\Google2FALaravel\ServiceProvider::class,
+    ServiceProvider::class,
+
+    // More service providers.
+    AccountServiceProvider::class,
+    AttachmentServiceProvider::class,
+    BillServiceProvider::class,
+    BudgetServiceProvider::class,
+    CategoryServiceProvider::class,
+    CurrencyServiceProvider::class,
+    FireflyServiceProvider::class,
+    JournalServiceProvider::class,
+    PiggyBankServiceProvider::class,
+    RuleServiceProvider::class,
+    RuleGroupServiceProvider::class,
+    SearchServiceProvider::class,
+    TagServiceProvider::class,
+    AdminServiceProvider::class,
+    RecurringServiceProvider::class,
+];

changelog.md

@@ -3,6 +3,54 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## v6.4.22
+
+This release and several previous ones fix authentication problems mainly. Cleaning up the libraries that make up Firefly III's excellent security (with me standing on the shoulders of giants) means that many edge cases that worked in the past no longer worked. Notable issues are listed below. 
+
+As far as I know it all works as it should, but feel free to open new issues when necessary. My apologies for the mess.
+
+### Fixed
+
+- Removed Laravel Sanctum as it was unused.
+- Migrated away from Laravel 10's kernel and bootstrap structure.
+- Fixed remote user guard for console and unauthenticated routes (like `/up` and `health`)
+- [Issue 11710](https://github.com/firefly-iii/firefly-iii/issues/11710) (Firefly throws error on startup and when trying to use importer) reported by @avee87
+- [Issue 11712](https://github.com/firefly-iii/firefly-iii/issues/11712) (`RemoteUserGuard` regression in v6.4.19 blocks `/health` endpoint and internal Artisan commands) reported by @Dual-0
+- [Issue 11720](https://github.com/firefly-iii/firefly-iii/issues/11720) (`RemoteUserGuard` regression from v6.4.19 (including v6.4.21) blocks `/health` endpoint) reported by @rjhenry
+
+## v6.4.21
+
+### Added
+- The ability to undo the recording of a database migration, which may help with database issues. [See the docs](https://docs.firefly-iii.org/references/faq/firefly-iii/using/#i-get-errors-about-missing-tables-how-do-i-fix-this)
+- Added debug logs to file permission checks.
+
+### Fixed
+- View range issue for subscription overview
+- Amount log entries were recorded for the transaction group, not the journal
+- Subscriptions were not being renamed in rules when their names were changed
+- [Issue 11688](https://github.com/firefly-iii/firefly-iii/issues/11688) (Token endpoints returning 401 unauthorized) reported by @molnarti
+- [Issue 11694](https://github.com/firefly-iii/firefly-iii/issues/11694) (Foreign currency amount is always positive in transfers) reported by @SledgehammerPL
+- [Issue 11684](https://github.com/firefly-iii/firefly-iii/issues/11684) (Transaction summary duplicated after more than 10 rows) reported by @jkmf
+- [Issue 11700](https://github.com/firefly-iii/firefly-iii/issues/11700) (Duplicate entry for key 'tag_transaction_journal_tag_id_transaction_journal_id_unique') reported by @beatbesmer
+- [Issue 11702](https://github.com/firefly-iii/firefly-iii/issues/11702) (Can't enable displaying primary currency when using Postgres) reported by @absdjfh
+- [Issue 11710](https://github.com/firefly-iii/firefly-iii/issues/11710) (Firefly throws error on startup and when trying to use importer) reported by @avee87
+
+## v6.4.20
+
+### Added
+- The ability to undo the recording of a database migration, which may help with database issues. [See the docs](https://docs.firefly-iii.org/references/faq/firefly-iii/using/#i-get-errors-about-missing-tables-how-do-i-fix-this)
+- Added debug logs to file permission checks.
+
+### Fixed
+- View range issue for subscription overview
+- Amount log entries were recorded for the transaction group, not the journal
+- Subscriptions were not being renamed in rules when their names were changed
+- [Issue 11688](https://github.com/firefly-iii/firefly-iii/issues/11688) (Token endpoints returning 401 unauthorized) reported by @molnarti
+- [Issue 11694](https://github.com/firefly-iii/firefly-iii/issues/11694) (Foreign currency amount is always positive in transfers) reported by @SledgehammerPL
+- [Issue 11684](https://github.com/firefly-iii/firefly-iii/issues/11684) (Transaction summary duplicated after more than 10 rows) reported by @jkmf
+- [Issue 11700](https://github.com/firefly-iii/firefly-iii/issues/11700) (Duplicate entry for key 'tag_transaction_journal_tag_id_transaction_journal_id_unique') reported by @beatbesmer
+- [Issue 11702](https://github.com/firefly-iii/firefly-iii/issues/11702) (Can't enable displaying primary currency when using Postgres) reported by @absdjfh
+
 ## v6.4.19
 
 ### Added

composer.json

@@ -34,9 +34,6 @@
         "transfers",
         "management"
     ],
-    "platform": {
-        "php": "8.4"
-    },
     "license": "AGPL-3.0-or-later",
     "homepage": "https://github.com/firefly-iii/firefly-iii",
     "type": "project",
@@ -93,7 +90,6 @@
         "laravel-notification-channels/pushover": "^4.0",
         "laravel/framework": "^12",
         "laravel/passport": "^12.0",
-        "laravel/sanctum": "^4.1",
         "laravel/slack-notification-channel": "^3.3",
         "laravel/ui": "^4.2",
         "league/commonmark": "^2",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "c4e7dd2df7bae96ea6e4df82530411b9",
+    "content-hash": "6c4181d945517372c00358f3828806bc",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -2233,69 +2233,6 @@
             },
             "time": "2026-02-06T12:17:10+00:00"
         },
-        {
-            "name": "laravel/sanctum",
-            "version": "v4.3.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/laravel/sanctum.git",
-                "reference": "e3b85d6e36ad00e5db2d1dcc27c81ffdf15cbf76"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/laravel/sanctum/zipball/e3b85d6e36ad00e5db2d1dcc27c81ffdf15cbf76",
-                "reference": "e3b85d6e36ad00e5db2d1dcc27c81ffdf15cbf76",
-                "shasum": ""
-            },
-            "require": {
-                "ext-json": "*",
-                "illuminate/console": "^11.0|^12.0|^13.0",
-                "illuminate/contracts": "^11.0|^12.0|^13.0",
-                "illuminate/database": "^11.0|^12.0|^13.0",
-                "illuminate/support": "^11.0|^12.0|^13.0",
-                "php": "^8.2",
-                "symfony/console": "^7.0|^8.0"
-            },
-            "require-dev": {
-                "mockery/mockery": "^1.6",
-                "orchestra/testbench": "^9.15|^10.8|^11.0",
-                "phpstan/phpstan": "^1.10"
-            },
-            "type": "library",
-            "extra": {
-                "laravel": {
-                    "providers": [
-                        "Laravel\\Sanctum\\SanctumServiceProvider"
-                    ]
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Laravel\\Sanctum\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Taylor Otwell",
-                    "email": "taylor@laravel.com"
-                }
-            ],
-            "description": "Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.",
-            "keywords": [
-                "auth",
-                "laravel",
-                "sanctum"
-            ],
-            "support": {
-                "issues": "https://github.com/laravel/sanctum/issues",
-                "source": "https://github.com/laravel/sanctum"
-            },
-            "time": "2026-02-07T17:19:31+00:00"
-        },
         {
             "name": "laravel/serializable-closure",
             "version": "v2.0.9",
@@ -9648,16 +9585,16 @@
         },
         {
             "name": "thecodingmachine/safe",
-            "version": "v3.3.0",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/thecodingmachine/safe.git",
-                "reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236"
+                "reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/thecodingmachine/safe/zipball/2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
-                "reference": "2cdd579eeaa2e78e51c7509b50cc9fb89a956236",
+                "url": "https://api.github.com/repos/thecodingmachine/safe/zipball/705683a25bacf0d4860c7dea4d7947bfd09eea19",
+                "reference": "705683a25bacf0d4860c7dea4d7947bfd09eea19",
                 "shasum": ""
             },
             "require": {
@@ -9767,7 +9704,7 @@
             "description": "PHP core functions that throw exceptions instead of returning FALSE on error",
             "support": {
                 "issues": "https://github.com/thecodingmachine/safe/issues",
-                "source": "https://github.com/thecodingmachine/safe/tree/v3.3.0"
+                "source": "https://github.com/thecodingmachine/safe/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -9778,12 +9715,16 @@
                     "url": "https://github.com/shish",
                     "type": "github"
                 },
+                {
+                    "url": "https://github.com/silasjoisten",
+                    "type": "github"
+                },
                 {
                     "url": "https://github.com/staabm",
                     "type": "github"
                 }
             ],
-            "time": "2025-05-14T06:15:44+00:00"
+            "time": "2026-02-04T18:08:13+00:00"
         },
         {
             "name": "tijsverkoyen/css-to-inline-styles",
@@ -10532,16 +10473,16 @@
         },
         {
             "name": "fruitcake/laravel-debugbar",
-            "version": "v4.0.7",
+            "version": "v4.0.8",
             "source": {
                 "type": "git",
                 "url": "https://github.com/fruitcake/laravel-debugbar.git",
-                "reference": "a9cc62c81cd0bda4ca7410229487638d7df786be"
+                "reference": "ad7a5b11c11bf7773c9acd04d0fe0d79a229b1c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/fruitcake/laravel-debugbar/zipball/a9cc62c81cd0bda4ca7410229487638d7df786be",
-                "reference": "a9cc62c81cd0bda4ca7410229487638d7df786be",
+                "url": "https://api.github.com/repos/fruitcake/laravel-debugbar/zipball/ad7a5b11c11bf7773c9acd04d0fe0d79a229b1c7",
+                "reference": "ad7a5b11c11bf7773c9acd04d0fe0d79a229b1c7",
                 "shasum": ""
             },
             "require": {
@@ -10618,7 +10559,7 @@
             ],
             "support": {
                 "issues": "https://github.com/fruitcake/laravel-debugbar/issues",
-                "source": "https://github.com/fruitcake/laravel-debugbar/tree/v4.0.7"
+                "source": "https://github.com/fruitcake/laravel-debugbar/tree/v4.0.8"
             },
             "funding": [
                 {
@@ -10630,7 +10571,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2026-02-06T20:53:50+00:00"
+            "time": "2026-02-14T13:26:03+00:00"
         },
         {
             "name": "hamcrest/hamcrest-php",
@@ -11200,16 +11141,16 @@
         },
         {
             "name": "php-debugbar/php-debugbar",
-            "version": "v3.3.1",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-debugbar/php-debugbar.git",
-                "reference": "afdaa2e56aca9d56b5bb2bad041bd2f6002017cf"
+                "reference": "e50d470344b62a033a76d3d10a803b04c8e3be69"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-debugbar/php-debugbar/zipball/afdaa2e56aca9d56b5bb2bad041bd2f6002017cf",
-                "reference": "afdaa2e56aca9d56b5bb2bad041bd2f6002017cf",
+                "url": "https://api.github.com/repos/php-debugbar/php-debugbar/zipball/e50d470344b62a033a76d3d10a803b04c8e3be69",
+                "reference": "e50d470344b62a033a76d3d10a803b04c8e3be69",
                 "shasum": ""
             },
             "require": {
@@ -11286,7 +11227,7 @@
             ],
             "support": {
                 "issues": "https://github.com/php-debugbar/php-debugbar/issues",
-                "source": "https://github.com/php-debugbar/php-debugbar/tree/v3.3.1"
+                "source": "https://github.com/php-debugbar/php-debugbar/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -11298,7 +11239,7 @@
                     "type": "github"
                 }
             ],
-            "time": "2026-02-06T21:09:38+00:00"
+            "time": "2026-02-14T14:10:26+00:00"
         },
         {
             "name": "php-debugbar/symfony-bridge",

config/app.php

@@ -22,59 +22,18 @@
 
 declare(strict_types=1);
 
-use FireflyIII\Providers\AccountServiceProvider;
-use FireflyIII\Providers\AdminServiceProvider;
-use FireflyIII\Providers\AppServiceProvider;
-use FireflyIII\Providers\AttachmentServiceProvider;
-use FireflyIII\Providers\BillServiceProvider;
-use FireflyIII\Providers\BudgetServiceProvider;
-use FireflyIII\Providers\CategoryServiceProvider;
-use FireflyIII\Providers\CurrencyServiceProvider;
-use FireflyIII\Providers\EventServiceProvider;
-use FireflyIII\Providers\FireflyServiceProvider;
-use FireflyIII\Providers\JournalServiceProvider;
-use FireflyIII\Providers\PiggyBankServiceProvider;
-use FireflyIII\Providers\RecurringServiceProvider;
-use FireflyIII\Providers\RouteServiceProvider;
-use FireflyIII\Providers\RuleGroupServiceProvider;
-use FireflyIII\Providers\RuleServiceProvider;
-use FireflyIII\Providers\SearchServiceProvider;
-use FireflyIII\Providers\SessionServiceProvider;
-use FireflyIII\Providers\TagServiceProvider;
 use FireflyIII\Support\Facades\AccountForm;
 use FireflyIII\Support\Facades\CurrencyForm;
 use FireflyIII\Support\Facades\ExpandedForm;
 use FireflyIII\Support\Facades\PiggyBankForm;
 use FireflyIII\Support\Facades\RuleForm;
-use Illuminate\Auth\AuthServiceProvider;
-use Illuminate\Auth\Passwords\PasswordResetServiceProvider;
-use Illuminate\Broadcasting\BroadcastServiceProvider;
-use Illuminate\Bus\BusServiceProvider;
-use Illuminate\Cache\CacheServiceProvider;
-use Illuminate\Cookie\CookieServiceProvider;
-use Illuminate\Database\DatabaseServiceProvider;
-use Illuminate\Encryption\EncryptionServiceProvider;
-use Illuminate\Filesystem\FilesystemServiceProvider;
-use Illuminate\Foundation\Providers\ConsoleSupportServiceProvider;
-use Illuminate\Foundation\Providers\FoundationServiceProvider;
-use Illuminate\Hashing\HashServiceProvider;
-use Illuminate\Mail\MailServiceProvider;
-use Illuminate\Notifications\NotificationServiceProvider;
-use Illuminate\Pagination\PaginationServiceProvider;
-use Illuminate\Pipeline\PipelineServiceProvider;
-use Illuminate\Queue\QueueServiceProvider;
-use Illuminate\Redis\RedisServiceProvider;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Lang;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Facades\URL;
-use Illuminate\Translation\TranslationServiceProvider;
-use Illuminate\Validation\ValidationServiceProvider;
-use Illuminate\View\ViewServiceProvider;
 use Spatie\Html\Facades\Html;
-use TwigBridge\ServiceProvider;
 
 return [
     'name'            => envNonEmpty('APP_NAME', 'Firefly III'),
@@ -86,61 +45,6 @@ return [
     'fallback_locale' => 'en_US',
     'key'             => env('APP_KEY'),
     'cipher'          => 'AES-256-CBC',
-    'providers'       => [
-        // Laravel Framework Service Providers...
-        AuthServiceProvider::class,
-        BroadcastServiceProvider::class,
-        BusServiceProvider::class,
-        CacheServiceProvider::class,
-        ConsoleSupportServiceProvider::class,
-        CookieServiceProvider::class,
-        DatabaseServiceProvider::class,
-        EncryptionServiceProvider::class,
-        FilesystemServiceProvider::class,
-        FoundationServiceProvider::class,
-        HashServiceProvider::class,
-        MailServiceProvider::class,
-        NotificationServiceProvider::class,
-        PaginationServiceProvider::class,
-        PipelineServiceProvider::class,
-        QueueServiceProvider::class,
-        RedisServiceProvider::class,
-        PasswordResetServiceProvider::class,
-        SessionServiceProvider::class,
-        TranslationServiceProvider::class,
-        ValidationServiceProvider::class,
-        ViewServiceProvider::class,
-
-        // Package Service Providers...
-
-        // Application Service Providers...
-        AppServiceProvider::class,
-        FireflyIII\Providers\AuthServiceProvider::class,
-        // FireflyIII\Providers\BroadcastServiceProvider::class,
-        // EventServiceProvider::class,
-        RouteServiceProvider::class,
-
-        // own stuff:
-        PragmaRX\Google2FALaravel\ServiceProvider::class,
-        ServiceProvider::class,
-
-        // More service providers.
-        AccountServiceProvider::class,
-        AttachmentServiceProvider::class,
-        BillServiceProvider::class,
-        BudgetServiceProvider::class,
-        CategoryServiceProvider::class,
-        CurrencyServiceProvider::class,
-        FireflyServiceProvider::class,
-        JournalServiceProvider::class,
-        PiggyBankServiceProvider::class,
-        RuleServiceProvider::class,
-        RuleGroupServiceProvider::class,
-        SearchServiceProvider::class,
-        TagServiceProvider::class,
-        AdminServiceProvider::class,
-        RecurringServiceProvider::class,
-    ],
     'aliases'         => [
         'Auth'          => Auth::class,
         'Route'         => Route::class,

config/firefly.php

@@ -78,8 +78,8 @@ return [
         'running_balance_column' => (bool)envNonEmpty('USE_RUNNING_BALANCE', true), // this is only the default value, is not used.
         // see cer.php for exchange rates feature flag.
     ],
-    'version'                              => 'develop/2026-02-14',
-    'build_time'                           => 1771070692,
+    'version'                              => 'develop/2026-02-16',
+    'build_time'                           => 1771230309,
     'api_version'                          => '2.1.0', // field is no longer used.
     'db_version'                           => 28, // field is no longer used.
 

package-lock.json

@@ -3814,9 +3814,9 @@
             }
         },
         "node_modules/ajv-formats/node_modules/ajv": {
-            "version": "8.17.1",
-            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-            "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+            "version": "8.18.0",
+            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+            "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -4240,6 +4240,22 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/body-parser/node_modules/qs": {
+            "version": "6.14.2",
+            "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+            "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+            "dev": true,
+            "license": "BSD-3-Clause",
+            "dependencies": {
+                "side-channel": "^1.1.0"
+            },
+            "engines": {
+                "node": ">=0.6"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/ljharb"
+            }
+        },
         "node_modules/bonjour-service": {
             "version": "1.3.0",
             "resolved": "https://registry.npmjs.org/bonjour-service/-/bonjour-service-1.3.0.tgz",
@@ -4578,9 +4594,9 @@
             }
         },
         "node_modules/caniuse-lite": {
-            "version": "1.0.30001769",
-            "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001769.tgz",
-            "integrity": "sha512-BCfFL1sHijQlBGWBMuJyhZUhzo7wer5sVj9hqekB/7xn0Ypy+pER/edCYQm4exbXj4WiySGp40P8UuTh6w1srg==",
+            "version": "1.0.30001770",
+            "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001770.tgz",
+            "integrity": "sha512-x/2CLQ1jHENRbHg5PSId2sXq1CIO1CISvwWAj027ltMVG2UNgW+w9oH2+HzgEIRFembL8bUlXtfbBHR1fCg2xw==",
             "dev": true,
             "funding": [
                 {
@@ -6191,6 +6207,22 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/express/node_modules/qs": {
+            "version": "6.14.2",
+            "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
+            "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+            "dev": true,
+            "license": "BSD-3-Clause",
+            "dependencies": {
+                "side-channel": "^1.1.0"
+            },
+            "engines": {
+                "node": ">=0.6"
+            },
+            "funding": {
+                "url": "https://github.com/sponsors/ljharb"
+            }
+        },
         "node_modules/fast-deep-equal": {
             "version": "3.1.3",
             "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -7118,9 +7150,9 @@
             }
         },
         "node_modules/i18next": {
-            "version": "25.8.7",
-            "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.7.tgz",
-            "integrity": "sha512-ttxxc5+67S/0hhoeVdEgc1lRklZhdfcUSEPp1//uUG2NB88X3667gRsDar+ZWQFdysnOsnb32bcoMsa4mtzhkQ==",
+            "version": "25.8.9",
+            "resolved": "https://registry.npmjs.org/i18next/-/i18next-25.8.9.tgz",
+            "integrity": "sha512-PJ/dVpSXVUs1ZLOLG61V97JTHBqz0FCle41BpgF1z1VCl37kPJfX/ZzMDNDYEgSZxha5SY7ZfWITcNJCrgm7ug==",
             "funding": [
                 {
                     "type": "individual",
@@ -9717,9 +9749,9 @@
             "license": "MIT"
         },
         "node_modules/qs": {
-            "version": "6.14.2",
-            "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.2.tgz",
-            "integrity": "sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==",
+            "version": "6.15.0",
+            "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.0.tgz",
+            "integrity": "sha512-mAZTtNCeetKMH+pSjrb76NAM8V9a05I9aBZOHztWy/UqcJdQYNsf59vrRKWnojAT9Y+GbIvoTBC++CPHqpDBhQ==",
             "dev": true,
             "license": "BSD-3-Clause",
             "dependencies": {
@@ -11033,9 +11065,9 @@
             }
         },
         "node_modules/terser-webpack-plugin/node_modules/ajv": {
-            "version": "8.17.1",
-            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-            "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+            "version": "8.18.0",
+            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+            "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -11922,9 +11954,9 @@
             }
         },
         "node_modules/webpack-dev-middleware/node_modules/ajv": {
-            "version": "8.17.1",
-            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-            "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+            "version": "8.18.0",
+            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+            "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -12039,9 +12071,9 @@
             }
         },
         "node_modules/webpack-dev-server/node_modules/ajv": {
-            "version": "8.17.1",
-            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-            "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+            "version": "8.18.0",
+            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+            "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -12159,9 +12191,9 @@
             }
         },
         "node_modules/webpack/node_modules/ajv": {
-            "version": "8.17.1",
-            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-            "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+            "version": "8.18.0",
+            "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+            "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -12216,9 +12248,9 @@
             }
         },
         "node_modules/webpack/node_modules/webpack-sources": {
-            "version": "3.3.3",
-            "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.3.tgz",
-            "integrity": "sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg==",
+            "version": "3.3.4",
+            "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.4.tgz",
+            "integrity": "sha512-7tP1PdV4vF+lYPnkMR0jMY5/la2ub5Fc/8VQrrU+lXkiM6C4TjVfGw7iKfyhnTQOsD+6Q/iKw0eFciziRgD58Q==",
             "dev": true,
             "license": "MIT",
             "engines": {

routes/api-noauth.php

@@ -1,39 +0,0 @@
-<?php
-
-/*
- * api-noauth.php
- * Copyright (c) 2021 james@firefly-iii.org
- *
- * This file is part of Firefly III (https://github.com/firefly-iii).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-declare(strict_types=1);
-
-use Illuminate\Support\Facades\Route;
-// Cron job API routes:
-use FireflyIII\Http\Middleware\AcceptHeaders;
-
-Route::group(
-    [
-        'namespace'  => 'FireflyIII\Api\V1\Controllers\System',
-        'prefix'     => '',
-        'as'         => 'api.v1.cron.',
-        'middleware' => [AcceptHeaders::class],
-    ],
-    static function (): void {
-        Route::get('{cliToken}', ['uses' => 'CronController@cron', 'as' => 'index']);
-    }
-);

routes/api.php

@@ -21,6 +21,9 @@
  */
 
 declare(strict_types=1);
+
+use FireflyIII\Http\Middleware\AcceptHeaders;
+use FireflyIII\Http\Middleware\Binder;
 use Illuminate\Support\Facades\Route;
 
 use function Safe\define;
@@ -38,6 +41,19 @@ if (!defined('DATEFORMAT')) {
     define('DATEFORMAT', '(19|20)[0-9]{2}-?[0-9]{2}-?[0-9]{2}');
 }
 
+// API route for cron
+Route::group(
+    [
+        'namespace'  => 'FireflyIII\Api\V1\Controllers\System',
+        'prefix'     => 'v1',
+        'as'         => 'api.v1.cron.',
+        'middleware' => [Binder::class, AcceptHeaders::class],
+    ],
+    static function (): void {
+        Route::get('cron/{cliToken}', ['uses' => 'CronController@cron', 'as' => 'index'])->withoutMiddleware(['api']);
+    }
+);
+
 // Autocomplete controllers
 Route::group(
     [
@@ -716,7 +732,6 @@ Route::group(
 // Users API routes:
 Route::group(
     [
-        'middleware' => ['auth:api,sanctum', 'bindings'],
         'namespace'  => 'FireflyIII\Api\V1\Controllers\System',
         'prefix'     => 'v1/users',
         'as'         => 'api.v1.users.',
@@ -733,7 +748,6 @@ Route::group(
 // Batch API routes:
 Route::group(
     [
-        'middleware' => ['auth:api,sanctum', 'bindings'],
         'namespace'  => 'FireflyIII\Api\V1\Controllers\System',
         'prefix'     => 'v1/batch',
         'as'         => 'api.v1.batch.',

routes/web.php

@@ -73,24 +73,23 @@ Route::group(
     }
 );
 
-Route::group(
-    ['middleware' => 'binders-only', 'namespace' => 'FireflyIII\Http\Controllers\System', 'as' => 'cron.', 'prefix' => 'cron'],
-    static function (): void {
-        Route::get('run/{cliToken}', ['uses' => 'CronController@cron', 'as' => 'cron']);
-    }
-);
+// Route::group(
+//    ['middleware' => 'binders-only', 'namespace' => 'FireflyIII\Http\Controllers\System', 'as' => 'cron.', 'prefix' => 'cron'],
+//    static function (): void {
+//        Route::get('run/{cliToken}', ['uses' => 'CronController@cron', 'as' => 'cron']);
+//    }
+// );
 
 Route::group(
-    ['middleware' => 'binders-only', 'namespace' => 'FireflyIII\Http\Controllers\System'],
+    ['namespace' => 'FireflyIII\Http\Controllers\System'],
     static function (): void {
-        // Route::get('offline', static fn () => view('errors.offline'));
-        Route::get('health', ['uses' => 'HealthcheckController@check', 'as' => 'healthcheck']);
+        Route::get('health', ['uses' => 'HealthcheckController@check', 'as' => 'healthcheck'])->withoutMiddleware(['web']);
     }
 );
 
 // These routes only work when the user is NOT logged in.
 Route::group(
-    ['middleware' => 'user-not-logged-in', 'namespace' => 'FireflyIII\Http\Controllers'],
+    ['middleware' => ['user-not-logged-in'], 'namespace' => 'FireflyIII\Http\Controllers'],
     static function (): void {
         // Authentication Routes...
         Route::get('login', ['uses' => 'Auth\LoginController@showLoginForm', 'as' => 'login']);
@@ -128,7 +127,7 @@ Route::group(
 
 // For the two factor routes, the user must be logged in, but NOT 2FA. Account confirmation does not matter here.
 Route::group(
-    ['middleware' => 'user-logged-in-no-2fa', 'prefix' => 'two-factor', 'as' => 'two-factor.', 'namespace' => 'FireflyIII\Http\Controllers\Auth'],
+    ['middleware' => 'user-simple-auth', 'prefix' => 'two-factor', 'as' => 'two-factor.', 'namespace' => 'FireflyIII\Http\Controllers\Auth'],
     static function (): void {
         Route::post('submit', ['uses' => 'TwoFactorController@submitMFA', 'as' => 'submit']);
         Route::get('lost', ['uses' => 'TwoFactorController@lostTwoFactor', 'as' => 'lost']); // can be removed when v2 is live.