Merge branch 'develop' into dependabot/npm_and_yarn/develop/jquery-4.0.0

app/Events/Security/User/UserHasGeneratedNewBackupCodes.php

@@ -0,0 +1,44 @@
+<?php
+/*
+ * UserHasGeneratedNewBackupCodes.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace FireflyIII\Events\Security\User;
+
+use FireflyIII\Events\Event;
+use FireflyIII\User;
+use Illuminate\Contracts\Auth\Authenticatable;
+use Illuminate\Queue\SerializesModels;
+use InvalidArgumentException;
+
+class UserHasGeneratedNewBackupCodes extends Event
+{
+    use SerializesModels;
+
+    public User $user;
+
+    public function __construct(Authenticatable|User|null $user)
+    {
+        if ($user instanceof User) {
+            $this->user = $user;
+            return;
+        }
+        throw new InvalidArgumentException('User must be an instance of User.');
+    }
+}

app/Events/Security/User/UserHasUsedBackupCode.php

@@ -1,8 +1,7 @@
 <?php
-
 /*
- * EnabledMFA.php
- * Copyright (c) 2024 james@firefly-iii.org.
+ * UserHasUsedBackupCode.php
+ * Copyright (c) 2026 james@firefly-iii.org
  *
  * This file is part of Firefly III (https://github.com/firefly-iii).
  *
@@ -17,19 +16,18 @@
  * GNU Affero General Public License for more details.
  *
  * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see https://www.gnu.org/licenses/.
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-declare(strict_types=1);
-
-namespace FireflyIII\Events\Security;
+namespace FireflyIII\Events\Security\User;
 
 use FireflyIII\Events\Event;
 use FireflyIII\User;
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Queue\SerializesModels;
+use InvalidArgumentException;
 
-class MFANewBackupCodes extends Event
+class UserHasUsedBackupCode extends Event
 {
     use SerializesModels;
 
@@ -39,6 +37,8 @@ class MFANewBackupCodes extends Event
     {
         if ($user instanceof User) {
             $this->user = $user;
+            return;
         }
+        throw new InvalidArgumentException('User must be an instance of User.');
     }
 }

app/Http/Controllers/Auth/TwoFactorController.php

@@ -28,6 +28,7 @@ use FireflyIII\Events\Security\MFAManyFailedAttempts;
 use FireflyIII\Events\Security\MFAUsedBackupCode;
 use FireflyIII\Events\Security\User\UserHasFewMFABackupCodesLeft;
 use FireflyIII\Events\Security\User\UserHasNoMFABackupCodesLeft;
+use FireflyIII\Events\Security\User\UserHasUsedBackupCode;
 use FireflyIII\Events\Security\User\UserKeepsFailingMFA;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\Support\Facades\Preferences;
@@ -117,7 +118,7 @@ class TwoFactorController extends Controller
             // send user notification.
             $user = auth()->user();
             Log::channel('audit')->info(sprintf('User "%s" has used a backup code.', $user->email));
-            event(new MFAUsedBackupCode($user));
+            event(new UserHasUsedBackupCode($user));
 
             return redirect(route('home'));
         }

app/Http/Controllers/Profile/MfaController.php

@@ -28,6 +28,7 @@ use Carbon\Carbon;
 use FireflyIII\Events\Security\MFANewBackupCodes;
 use FireflyIII\Events\Security\User\UserHasDisabledMFA;
 use FireflyIII\Events\Security\User\UserHasEnabledMFA;
+use FireflyIII\Events\Security\User\UserHasGeneratedNewBackupCodes;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\Http\Middleware\IsDemoUser;
 use FireflyIII\Http\Requests\ExistingTokenFormRequest;
@@ -130,7 +131,7 @@ class MfaController extends Controller
         // send user notification.
         $user = auth()->user();
         Log::channel('audit')->info(sprintf('User "%s" has generated new backup codes.', $user->email));
-        event(new MFANewBackupCodes($user));
+        event(new UserHasGeneratedNewBackupCodes($user));
 
         return view('profile.mfa.backup-codes-post')->with(['codes' => $codes]);
 

app/Listeners/Security/User/NotifiesUserAboutNewBackupCodes.php

@@ -1,8 +1,7 @@
 <?php
-
 /*
- * MFAHandler.php
- * Copyright (c) 2024 james@firefly-iii.org.
+ * NotifiesUserAboutNewBackupCodes.php
+ * Copyright (c) 2026 james@firefly-iii.org
  *
  * This file is part of Firefly III (https://github.com/firefly-iii).
  *
@@ -17,26 +16,20 @@
  * GNU Affero General Public License for more details.
  *
  * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see https://www.gnu.org/licenses/.
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
-declare(strict_types=1);
-
-namespace FireflyIII\Handlers\Events\Security;
+namespace FireflyIII\Listeners\Security\User;
 
 use Exception;
-use FireflyIII\Events\Security\MFANewBackupCodes;
-use FireflyIII\Events\Security\MFAUsedBackupCode;
-use FireflyIII\Notifications\Security\MFAUsedBackupCodeNotification;
+use FireflyIII\Events\Security\User\UserHasGeneratedNewBackupCodes;
 use FireflyIII\Notifications\Security\NewBackupCodesNotification;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Notification;
 
-class MFAHandler
+class NotifiesUserAboutNewBackupCodes
 {
-
-    public function sendNewMFABackupCodesMail(MFANewBackupCodes $event): void
-    {
+    public function handle(UserHasGeneratedNewBackupCodes $event): void {
         Log::debug(sprintf('Now in %s', __METHOD__));
 
         $user = $event->user;
@@ -60,28 +53,4 @@ class MFAHandler
         }
     }
 
-    public function sendUsedBackupCodeMail(MFAUsedBackupCode $event): void
-    {
-        Log::debug(sprintf('Now in %s', __METHOD__));
-
-        $user = $event->user;
-
-        try {
-            Notification::send($user, new MFAUsedBackupCodeNotification($user));
-        } catch (Exception $e) {
-            $message = $e->getMessage();
-            if (str_contains($message, 'Bcc')) {
-                Log::warning('[Bcc] Could not send notification. Please validate your email settings, use the .env.example file as a guide.');
-
-                return;
-            }
-            if (str_contains($message, 'RFC 2822')) {
-                Log::warning('[RFC] Could not send notification. Please validate your email settings, use the .env.example file as a guide.');
-
-                return;
-            }
-            Log::error($e->getMessage());
-            Log::error($e->getTraceAsString());
-        }
-    }
 }

app/Listeners/Security/User/NotifiesUserAboutUsedBackupCode.php

@@ -0,0 +1,55 @@
+<?php
+/*
+ * NotifiesUserAboutUsedBackupCode.php
+ * Copyright (c) 2026 james@firefly-iii.org
+ *
+ * This file is part of Firefly III (https://github.com/firefly-iii).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+namespace FireflyIII\Listeners\Security\User;
+
+use Exception;
+use FireflyIII\Events\Security\User\UserHasUsedBackupCode;
+use FireflyIII\Notifications\Security\MFAUsedBackupCodeNotification;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Notification;
+
+class NotifiesUserAboutUsedBackupCode
+{
+public function handle(UserHasUsedBackupCode $event): void {
+    Log::debug(sprintf('Now in %s', __METHOD__));
+
+    $user = $event->user;
+
+    try {
+        Notification::send($user, new MFAUsedBackupCodeNotification($user));
+    } catch (Exception $e) {
+        $message = $e->getMessage();
+        if (str_contains($message, 'Bcc')) {
+            Log::warning('[Bcc] Could not send notification. Please validate your email settings, use the .env.example file as a guide.');
+
+            return;
+        }
+        if (str_contains($message, 'RFC 2822')) {
+            Log::warning('[RFC] Could not send notification. Please validate your email settings, use the .env.example file as a guide.');
+
+            return;
+        }
+        Log::error($e->getMessage());
+        Log::error($e->getTraceAsString());
+    }
+}
+}

app/Providers/EventServiceProvider.php

@@ -37,7 +37,6 @@ use FireflyIII\Events\RequestedSendWebhookMessages;
 use FireflyIII\Events\RequestedVersionCheckStatus;
 use FireflyIII\Events\Security\MFAManyFailedAttempts;
 use FireflyIII\Events\Security\MFANewBackupCodes;
-use FireflyIII\Events\Security\MFAUsedBackupCode;
 use FireflyIII\Events\Security\UnknownUserAttemptedLogin;
 use FireflyIII\Events\Security\UserAttemptedLogin;
 use FireflyIII\Events\StoredAccount;
@@ -185,21 +184,21 @@ class EventServiceProvider extends ServiceProvider
             //            DisabledMFA::class                     => [
             //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendMFADisabledMail',
             //            ],
-            MFANewBackupCodes::class               => [
-                'FireflyIII\Handlers\Events\Security\MFAHandler@sendNewMFABackupCodesMail',
-            ],
-            MFAUsedBackupCode::class               => [
-                'FireflyIII\Handlers\Events\Security\MFAHandler@sendUsedBackupCodeMail',
-            ],
+            //            MFANewBackupCodes::class               => [
+            //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendNewMFABackupCodesMail',
+            //            ],
+            //            MFAUsedBackupCode::class               => [
+            //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendUsedBackupCodeMail',
+            //            ],
             //            MFABackupFewLeft::class                => [
             //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendBackupFewLeftMail',
             //            ],
             //            MFABackupNoLeft::class                 => [
             //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendBackupNoLeftMail',
             //            ],
-//            MFAManyFailedAttempts::class           => [
-//                'FireflyIII\Handlers\Events\Security\MFAHandler@sendMFAFailedAttemptsMail',
-//            ],
+            //            MFAManyFailedAttempts::class           => [
+            //                'FireflyIII\Handlers\Events\Security\MFAHandler@sendMFAFailedAttemptsMail',
+            //            ],
             // preferences
             UserGroupChangedPrimaryCurrency::class => [
                 'FireflyIII\Handlers\Events\PreferencesEventHandler@resetPrimaryCurrencyAmounts',