Merge branch '4.2-dev' into feature/workflow-emails

.github/CODEOWNERS

@@ -38,12 +38,6 @@ phpunit-pgsql.xml.dist  @rdeutz @hackwar
 # HttpHeaders Plugin
 plugins/system/httpheaders/*  @zero-24
 
-# Web Authentication (WebAuthn)
-plugins/system/webauthn/*   @nikosdion
-media/plg_system_webauthn/*   @nikosdion
-administrator/language/en-GB/plg_system_webauthn.ini   @nikosdion
-administrator/language/en-GB/plg_system_webauthn.sys.ini   @nikosdion
-
 # Workflow
 administrator/components/com_workflow/*	@bembelimen @hleithner
 administrator/language/en-GB/com_workflow.ini	@bembelimen @hleithner
@@ -72,3 +66,6 @@ installation/tmpl/* @chmst
 
 # Translation GitHub Actions
 .github/workflows/create-translation-pull-request-v4.yml @hleithner
+
+# Libraries
+libraries/src/* @laoneo

.github/ISSUE_TEMPLATE/a11y_issue.md

@@ -0,0 +1,38 @@
+---
+name: Accessibility issue
+about: Did you find an accessibility issue in the Joomla CMS? Please report it here.
+labels: a11y
+
+---
+
+### Steps to reproduce the issue
+1. 
+
+
+### Expected result
+
+
+
+### Actual result
+
+
+
+### Device and system info
+
+* What version of Joomla were you using?
+
+
+* What device were you using? (eg, phone, laptop)
+
+
+* What web browser were you using? (eg, Chrome, Safari)
+
+
+* If you were using assistive technology, please let us know the device or software you were using (eg VoiceOver, JAWS, sip-and-puff device, etc)
+
+
+
+### Additional comments
+
+If you know which [WCAG](https://www.w3.org/TR/WCAG/) or [ATAG](https://www.w3.org/TR/ATAG20/) criteria this violates, please indicate it here:
+

administrator/components/com_admin/script.php

@@ -7809,6 +7809,8 @@ public function deleteUnexistingFiles($dryRun = false, $suppressOutput = false)
 			'/libraries/vendor/maximebf/debugbar/build',
 			// From 4.1 to 4.2.0
 			'/libraries/vendor/nyholm/psr7/doc',
+			'/plugins/twofactorauth/totp',
+			'/plugins/twofactorauth/yubikey',
 		);
 
 		$status['files_checked'] = $files;

administrator/components/com_admin/sql/updates/mysql/4.2.0-2022-05-15.sql

@@ -0,0 +1,57 @@
+--
+-- Create the new table for MFA
+--
+CREATE TABLE IF NOT EXISTS `#__user_mfa` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `user_id` int unsigned NOT NULL,
+  `title` varchar(255) NOT NULL DEFAULT '',
+  `method` varchar(100) NOT NULL,
+  `default` tinyint NOT NULL DEFAULT 0,
+  `options` mediumtext NOT NULL,
+  `created_on` datetime NOT NULL,
+  `last_used` datetime,
+  PRIMARY KEY (`id`),
+  KEY `idx_user_id` (`user_id`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 DEFAULT COLLATE=utf8mb4_unicode_ci COMMENT='Multi-factor Authentication settings';
+
+--
+-- Remove obsolete postinstallation message
+--
+DELETE FROM `#__postinstall_messages` WHERE `condition_file` = 'site://plugins/twofactorauth/totp/postinstall/actions.php';
+
+--
+-- Add new MFA plugins
+--
+INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`, `client_id`, `enabled`, `access`, `protected`, `locked`, `manifest_cache`, `params`, `custom_data`, `ordering`, `state`) VALUES
+(0, 'plg_multifactorauth_totp', 'plugin', 'totp', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 1, 0),
+(0, 'plg_multifactorauth_yubikey', 'plugin', 'yubikey', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 2, 0),
+(0, 'plg_multifactorauth_webauthn', 'plugin', 'webauthn', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 3, 0),
+(0, 'plg_multifactorauth_email', 'plugin', 'email', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 4, 0),
+(0, 'plg_multifactorauth_fixed', 'plugin', 'fixed', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 5, 0);
+
+--
+-- Update MFA plugins' publish status
+--
+UPDATE `#__extensions` AS `a`
+	INNER JOIN `#__extensions` AS `b` on `a`.`element` = `b`.`element`
+SET `a`.enabled = `b`.enabled
+WHERE `a`.folder = 'multifactorauth'
+	AND `b`.folder = 'twofactorauth';
+
+--
+-- Remove legacy TFA plugins
+--
+DELETE FROM `#__extensions`
+WHERE `type` = 'plugin' AND `folder` = 'twofactorauth' AND `element` IN ('totp', 'yubikey');
+
+--
+-- Add post-installation message
+--
+INSERT IGNORE INTO `#__postinstall_messages` (`extension_id`, `title_key`, `description_key`, `action_key`, `language_extension`, `language_client_id`, `type`, `action_file`, `action`, `condition_file`, `condition_method`, `version_introduced`, `enabled`)
+SELECT `extension_id`, 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_TITLE', 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY', 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_ACTION', 'com_users', 1, 'action', 'admin://components/com_users/postinstall/multifactorauth.php', 'com_users_postinstall_mfa_action', 'admin://components/com_users/postinstall/multifactorauth.php', 'com_users_postinstall_mfa_condition', '4.2.0', 1 FROM `#__extensions` WHERE `name` = 'files_joomla';
+
+--
+-- Create a mail template for plg_multifactorauth_email
+--
+INSERT IGNORE INTO `#__mail_templates` (`template_id`, `extension`, `language`, `subject`, `body`, `htmlbody`, `attachments`, `params`) VALUES
+('plg_multifactorauth_email.mail', 'plg_multifactorauth_email', '', 'PLG_MULTIFACTORAUTH_EMAIL_EMAIL_SUBJECT', 'PLG_MULTIFACTORAUTH_EMAIL_EMAIL_BODY', '', '', '{"tags":["code","sitename","siteurl","username","email","fullname"]}');

administrator/components/com_admin/sql/updates/postgresql/4.2.0-2022-05-15.sql

@@ -0,0 +1,63 @@
+--
+-- Create the new table for MFA
+--
+CREATE TABLE IF NOT EXISTS "#__user_mfa" (
+  "id" serial NOT NULL,
+  "user_id" bigint NOT NULL,
+  "title" varchar(255) DEFAULT '' NOT NULL,
+  "method" varchar(100) NOT NULL,
+  "default" smallint DEFAULT 0 NOT NULL,
+  "options" text NOT NULL,
+  "created_on" timestamp without time zone NOT NULL,
+  "last_used" timestamp without time zone,
+  PRIMARY KEY ("id")
+);
+
+CREATE INDEX "#__user_mfa_idx_user_id" ON "#__user_mfa" ("user_id") /** CAN FAIL **/;
+
+COMMENT ON TABLE "#__user_mfa" IS 'Multi-factor Authentication settings';
+
+--
+-- Remove obsolete postinstallation message
+--
+DELETE FROM "#__postinstall_messages" WHERE "condition_file" = 'site://plugins/twofactorauth/totp/postinstall/actions.php';
+
+--
+-- Add new MFA plugins
+--
+INSERT INTO "#__extensions" ("package_id", "name", "type", "element", "folder", "client_id", "enabled", "access", "protected", "locked", "manifest_cache", "params", "custom_data", "ordering", "state") VALUES
+(0, 'plg_multifactorauth_totp', 'plugin', 'totp', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 1, 0),
+(0, 'plg_multifactorauth_yubikey', 'plugin', 'yubikey', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 2, 0),
+(0, 'plg_multifactorauth_webauthn', 'plugin', 'webauthn', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 3, 0),
+(0, 'plg_multifactorauth_email', 'plugin', 'email', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 4, 0),
+(0, 'plg_multifactorauth_fixed', 'plugin', 'fixed', 'multifactorauth', 0, 0, 1, 0, 1, '', '', '', 5, 0);
+
+--
+-- Update MFA plugins' publish status
+--
+UPDATE "#__extensions" AS "a"
+SET "enabled" = "b"."enabled"
+FROM "#__extensions" AS "b"
+WHERE "a"."element" = "b"."element"
+	AND "a"."folder" = 'multifactorauth'
+	AND "b"."folder" = 'twofactorauth';
+
+--
+-- Remove legacy TFA plugins
+--
+DELETE FROM "#__extensions"
+WHERE "type" = 'plugin' AND "folder" = 'twofactorauth' AND "element" IN ('totp', 'yubikey');
+
+--
+-- Add post-installation message
+--
+INSERT INTO "#__postinstall_messages" ("extension_id", "title_key", "description_key", "action_key", "language_extension", "language_client_id", "type", "action_file", "action", "condition_file", "condition_method", "version_introduced", "enabled")
+SELECT "extension_id", 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_TITLE', 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_BODY', 'COM_USERS_POSTINSTALL_MULTIFACTORAUTH_ACTION', 'com_users', 1, 'action', 'admin://components/com_users/postinstall/multifactorauth.php', 'com_users_postinstall_mfa_action', 'admin://components/com_users/postinstall/multifactorauth.php', 'com_users_postinstall_mfa_condition', '4.2.0', 1 FROM "#__extensions" WHERE "name" = 'files_joomla'
+ON CONFLICT DO NOTHING;
+
+--
+-- Create a mail template for plg_multifactorauth_email
+--
+INSERT INTO "#__mail_templates" ("template_id", "extension", "language", "subject", "body", "htmlbody", "attachments", "params") VALUES
+('plg_multifactorauth_email.mail', 'plg_multifactorauth_email', '', 'PLG_MULTIFACTORAUTH_EMAIL_EMAIL_SUBJECT', 'PLG_MULTIFACTORAUTH_EMAIL_EMAIL_BODY', '', '', '{"tags":["code","sitename","siteurl","username","email","fullname"]}')
+ON CONFLICT DO NOTHING;

administrator/components/com_content/src/View/Articles/HtmlView.php

@@ -158,7 +158,7 @@ public function display($tpl = null)
 	protected function addToolbar()
 	{
 		$canDo = ContentHelper::getActions('com_content', 'category', $this->state->get('filter.category_id'));
-		$user  = Factory::getApplication()->getIdentity();
+		$user  = $this->getCurrentUser();
 
 		// Get the toolbar object instance
 		$toolbar = Toolbar::getInstance('toolbar');

administrator/components/com_fields/src/Model/GroupModel.php

@@ -320,7 +320,7 @@ protected function loadFormData()
 			if (!$data->id)
 			{
 				// Check for which context the Field Group Manager is used and get selected fields
-				$context = substr($app->getUserState('com_fields.groups.filter.context'), 4);
+				$context = substr($app->getUserState('com_fields.groups.filter.context', ''), 4);
 				$filters = (array) $app->getUserState('com_fields.groups.' . $context . '.filter');
 
 				$data->set(

administrator/components/com_finder/config.xml

@@ -4,8 +4,18 @@
 	<fieldset
 		name="search"
 		label="COM_FINDER_FIELDSET_SEARCH_OPTIONS_LABEL"
-		description="COM_FINDER_FIELDSET_SEARCH_OPTIONS_DESCRIPTION"
 		>
+		<field
+			name="word_match"
+			type="list"
+			label="COM_FINDER_CONFIG_WORD_MATCH_LABEL"
+			description="COM_FINDER_CONFIG_WORD_MATCH_DESC"
+			default="exact"
+			>
+			<option value="exact">COM_FINDER_CONFIG_WORD_MATCH_OPTION_EXACT</option>
+			<option value="begin">COM_FINDER_CONFIG_WORD_MATCH_OPTION_BEGIN</option>
+			<option value="fuzzy">COM_FINDER_CONFIG_WORD_MATCH_OPTION_FUZZY</option>
+		</field>
 
 		<field
 			name="show_taxonomy"

administrator/components/com_finder/src/Field/ContentmapField.php

@@ -46,30 +46,15 @@ protected function getGroups()
 		// Get the database object and a new query object.
 		$db = $this->getDatabase();
 
-		// Levels subquery.
-		$levelQuery = $db->getQuery(true);
-		$levelQuery->select('title AS branch_title, 1 as level')
-			->select($db->quoteName('id'))
-			->from($db->quoteName('#__finder_taxonomy'))
-			->where($db->quoteName('parent_id') . ' = 1');
-		$levelQuery2 = $db->getQuery(true);
-		$levelQuery2->select('b.title AS branch_title, 2 as level')
-			->select($db->quoteName('a.id'))
-			->from($db->quoteName('#__finder_taxonomy', 'a'))
-			->join('LEFT', $db->quoteName('#__finder_taxonomy', 'b') . ' ON ' . $db->quoteName('a.parent_id') . ' = ' . $db->quoteName('b.id'))
-			->where($db->quoteName('a.parent_id') . ' NOT IN (0, 1)');
-
-		$levelQuery->union($levelQuery2);
-
 		// Main query.
 		$query = $db->getQuery(true)
 			->select($db->quoteName('a.title', 'text'))
 			->select($db->quoteName('a.id', 'value'))
-			->select($db->quoteName('d.level'))
+			->select($db->quoteName('a.parent_id'))
+			->select($db->quoteName('a.level'))
 			->from($db->quoteName('#__finder_taxonomy', 'a'))
-			->join('LEFT', '(' . $levelQuery . ') AS d ON ' . $db->quoteName('d.id') . ' = ' . $db->quoteName('a.id'))
 			->where($db->quoteName('a.parent_id') . ' <> 0')
-			->order('d.branch_title ASC, d.level ASC, a.title ASC');
+			->order('a.title ASC');
 
 		$db->setQuery($query);
 
@@ -85,37 +70,21 @@ protected function getGroups()
 		// Build the grouped list array.
 		if ($contentMap)
 		{
-			$lang = Factory::getLanguage();
-			$name = '';
+			$parents = [];
 
-			foreach ($contentMap as $branch)
+			foreach ($contentMap as $item)
 			{
-				if ((int) $branch->level === 1)
-				{
-					$name = $branch->text;
-				}
-				else
+				if (!isset($parents[$item->parent_id]))
 				{
-					$levelPrefix = str_repeat('- ', max(0, $branch->level - 1));
-
-					if (trim($name, '*') === 'Language')
-					{
-						$text = LanguageHelper::branchLanguageTitle($branch->text);
-					}
-					else
-					{
-						$key = LanguageHelper::branchSingular($branch->text);
-						$text = $lang->hasKey($key) ? Text::_($key) : $branch->text;
-					}
-
-					// Initialize the group if necessary.
-					if (!isset($groups[$name]))
-					{
-						$groups[$name] = array();
-					}
-
-					$groups[$name][] = HTMLHelper::_('select.option', $branch->value, $levelPrefix . $text);
+					$parents[$item->parent_id] = [];
 				}
+
+				$parents[$item->parent_id][] = $item;
+			}
+
+			foreach ($parents[1] as $branch)
+			{
+				$groups[$branch->text] = $this->prepareLevel($branch->value, $parents);
 			}
 		}
 
@@ -124,4 +93,44 @@ protected function getGroups()
 
 		return $groups;
 	}
+
+	/**
+	 * Indenting and translating options for the list
+	 *
+	 * @param   int    $parent   Parent ID to process
+	 * @param   array  $parents  Array of arrays of items with parent IDs as keys
+	 *
+	 * @return  array  The indented list of entries for this branch
+	 *
+	 * @since   __DEPLOY_VERSION__
+	 */
+	private function prepareLevel($parent, $parents)
+	{
+		$lang = Factory::getLanguage();
+		$entries = [];
+
+		foreach ($parents[$parent] as $item)
+		{
+			$levelPrefix = str_repeat('- ', $item->level - 1);
+
+			if (trim($item->text, '*') === 'Language')
+			{
+				$text = LanguageHelper::branchLanguageTitle($item->text);
+			}
+			else
+			{
+				$key = LanguageHelper::branchSingular($item->text);
+				$text = $lang->hasKey($key) ? Text::_($key) : $item->text;
+			}
+
+			$entries[] = HTMLHelper::_('select.option', $item->value, $levelPrefix . $text);
+
+			if (isset($parents[$item->value]))
+			{
+				$entries = array_merge($entries, $this->prepareLevel($item->value, $parents));
+			}
+		}
+
+		return $entries;
+	}
 }