2026-04-03 03:19:26 +02:00
23 changed files with 176 additions and 296 deletions
--- a/.devtools/data_generation_scripts/9999_reset_admin_password.php
+++ b/.devtools/data_generation_scripts/9999_reset_admin_password.php
@ -15,5 +15,5 @@ if ($adminUserRow == null)
 }

 $adminUserRow->update([
-	'password' => password_hash('admin', PASSWORD_ARGON2ID)
+	'password' => password_hash('admin', PASSWORD_DEFAULT)
 ]);
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = tab
+indent_size = 4
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
--- a/.github/ISSUE_TEMPLATE/bug-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-report.md
@ -14,7 +14,6 @@ Please make sure to:
 - Attach screenshots where useful
 - Check if the problem was maybe already reported or fixed by searching open and also already closed requests here
 - Keep it to one topic per request
- Exclude any AI generated content and only include what you truly understand yourself

 Please also try to reproduce the problem on the pre-release demo: => https://demo-prerelease.grocy.info
 - Use a private demo instance to make your example persistent
--- a/.github/ISSUE_TEMPLATE/feature-request.md
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@ -13,5 +13,4 @@ Please make sure to:
 - Describe what you would find useful as detailed as possible
 - Check if your idea was maybe already requested by searching open and also already closed requests here
 - Keep it to one topic per request
- Exclude any AI generated content and only include what you truly understand yourself
 -->
--- a/app.php
+++ b/app.php
@ -117,9 +117,7 @@ else

 $authMiddlewareClass = GROCY_AUTH_CLASS;
 $app->add(new $authMiddlewareClass($container, $app->getResponseFactory()));
-
 // Add default middleware
-$app->addBodyParsingMiddleware();
 $app->addRoutingMiddleware();
 $errorMiddleware = $app->addErrorMiddleware(true, false, false);
 $errorMiddleware->setDefaultErrorHandler(
--- a/changelog/28_1.15.0_2018-07-22.md
+++ b/changelog/28_1.15.0_2018-07-22.md
@ -2,7 +2,7 @@
  - => https://github.com/grocy/grocy-desktop
  - Run Grocy without a webserver just like a normal (Windows) desktop application
  - New "embedded mode" for Grocy to help running in "desktop application mode" [see README](https://github.com/grocy/grocy#embedded-mode)
- New date time picker shorthands and improvements
+- New datepicker shorthands and improvements
  - `YYYYMMe` or `YYYYMM+` gets expanded to the end of the given month in the given year in proper notation
  - Changed: `MMDD` will be expanded to the given day next year if > today
  - [see README](https://github.com/grocy/grocy#input-shorthands-for-date-fields)
--- a/changelog/51_2.4.4_2019-07-07.md
+++ b/changelog/51_2.4.4_2019-07-07.md
@ -1,6 +1,6 @@
 - Fixed that price data (last price & chart) was not taken from inventory correction bookings, only purchases
 - Fixed weekly chores were scheduled on the same day after execution
 - Fixed that undone chores were also included in "Last tracked"
- Fixed the date time picker width was too narrow sometimes
+- Fixed the date-time-picker width was too narrow sometimes
 - Improved that execution dates of "Track date only" chores will never display the time part
 - Improved date display for products that never expire (again, there was a display problem after consuming an item on the stock overview page)
--- a/changelog/52_2.5.0_2019-09-22.md
+++ b/changelog/52_2.5.0_2019-09-22.md
@ -73,7 +73,7 @@

 ### General & other improvements/fixes
 - Added a new `config.php` setting `CALENDAR_SHOW_WEEK_OF_YEAR` to configure if calendars should show week numbers (defaults to `true`)
- Fixed that date time pickers not considered the `config.php` setting `CALENDAR_FIRST_DAY_OF_WEEK`
+- Fixed that date/time pickers not considered the `config.php` setting `CALENDAR_FIRST_DAY_OF_WEEK`
 - Improved the handling which entry page to use with disabled feature flags (thanks @nielstholenaar)
 - Boolean settings provided via environment variables (so the strings `true` and `false`) are now parsed correctly (thanks @mduret)
 - All uploaded pictures (currently for products and recipes) are now automatically downscaled to the appropriate size when serving them to improve page load times (this requires the `php-gd` extension, if not installed, images will not be downscaled)
--- a/changelog/56_2.6.1_2020-03-06.md
+++ b/changelog/56_2.6.1_2020-03-06.md
@ -43,7 +43,7 @@ If you run Grocy in a subdirectory, you need to set a new `config.php` setting (
 - Added a button to enable the device flash light on the camera barcode scanner popup (thanks @radim-ek)
 - Optimized the top navbar height and overall spacing to waste less space
 - Replaced the scan-mode-switch-button by a native button because it's less disturbing
- Fixed that the "contextual time ago" of date time pickers was not displayed
+- Fixed that the "contextual time ago" of date/time pickers was not displayed
 - New translations: (thanks all the translators)
  - Czech (demo available at https://cs.demo.grocy.info)
  - Portuguese (Portugal) (demo available at https://pt-pt.demo.grocy.info)
--- a/changelog/82_UNRELEASED_xxxx-xx-xx.md
+++ b/changelog/82_UNRELEASED_xxxx-xx-xx.md
@ -1,59 +0,0 @@
-> ⚠️ xxxBREAKING CHANGESxxx
-
-> ❗ xxxImportant upgrade informationXXX
-
-> 💡 xxxMinor upgrade informationXXX
-
-### New Feature: xxxx
-
- xxx
-
-### Stock
-
- Fixed that changing the location on the purchase page re-initialized the due date based on product defaults (if any)
- Fixed that when undoing a product consume or transfer transaction, the store of the corresponding stock entry wasn't restored
-  - This will only apply to new consume / transfer transactions, not when undoing transactions made before using this release
-
-### Shopping list
-
- xxx
-
-### Recipes
-
- xxx
-
-### Meal plan
-
- xxx
-
-### Chores
-
- xxx
-
-### Calendar
-
- xxx
-
-### Tasks
-
- xxx
-
-### Batteries
-
- xxx
-
-### Equipment
-
- xxx
-
-### Userfields
-
- Fixed that Userfields of type "Select list (a single item can be selected)" changed by keyboard only were not saved
-
-### General
-
- Fixed that it wasn't possible to log in using passwords containing special escape sequences (e.g. `<<`)
-
-### API
-
- xxx
--- a/controllers/LoginController.php
+++ b/controllers/LoginController.php
@ -22,15 +22,7 @@ class LoginController extends BaseController
 	public function ProcessLogin(Request $request, Response $response, array $args)
 	{
 		$authMiddlewareClass = GROCY_AUTH_CLASS;
-
-		$postParams = $request->getParsedBody();
-		if (isset($postParams['password_base64']))
-		{
-			$postParams['password'] = base64_decode($postParams['password_base64']);
-		}
-		unset($postParams['password_base64']);
-
-		if ($authMiddlewareClass::ProcessLogin($postParams))
+		if ($authMiddlewareClass::ProcessLogin($request->getParsedBody()))
 		{
 			return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
 		}
--- a/controllers/UsersApiController.php
+++ b/controllers/UsersApiController.php
@ -43,12 +43,6 @@ class UsersApiController extends BaseApiController
 				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
 			}

-			if (isset($requestBody['password_base64']))
-			{
-				$requestBody['password'] = base64_decode($requestBody['password_base64']);
-			}
-			unset($requestBody['password_base64']);
-
 			$this->getUsersService()->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
 			return $this->EmptyApiResponse($response);
 		}
@ -87,12 +81,6 @@ class UsersApiController extends BaseApiController

 		try
 		{
-			if (isset($requestBody['password_base64']))
-			{
-				$requestBody['password'] = base64_decode($requestBody['password_base64']);
-			}
-			unset($requestBody['password_base64']);
-
 			$this->getUsersService()->EditUser($args['userId'], $requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password'], $requestBody['picture_file_name']);
 			return $this->EmptyApiResponse($response);
 		}
--- a/middleware/DefaultAuthMiddleware.php
+++ b/middleware/DefaultAuthMiddleware.php
@ -40,10 +40,10 @@ class DefaultAuthMiddleware extends AuthMiddleware
 				$sessionKey = SessionService::getInstance()->CreateSession($user->id, $stayLoggedInPermanently);
 				self::SetSessionCookie($sessionKey);

-				if (password_needs_rehash($user->password, PASSWORD_ARGON2ID))
+				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
 				{
 					$user->update([
-						'password' => password_hash($inputPassword, PASSWORD_ARGON2ID)
+						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
 					]);
 				}

--- a/migrations/0027.php
+++ b/migrations/0027.php
@ -9,7 +9,7 @@ if (defined('GROCY_HTTP_USER'))
 	// Migrate old user defined in config file to database
 	$newUserRow = $db->users()->createRow([
 		'username' => GROCY_HTTP_USER,
-		'password' => password_hash(GROCY_HTTP_PASSWORD, PASSWORD_ARGON2ID)
+		'password' => password_hash(GROCY_HTTP_PASSWORD, PASSWORD_DEFAULT)
 	]);
 	$newUserRow->save();
 }
@ -18,7 +18,7 @@ else
 	// Create default user "admin" with password "admin"
 	$newUserRow = $db->users()->createRow([
 		'username' => 'admin',
-		'password' => password_hash('admin', PASSWORD_ARGON2ID)
+		'password' => password_hash('admin', PASSWORD_DEFAULT)
 	]);
 	$newUserRow->save();
 }
--- a/public/js/grocy.js
+++ b/public/js/grocy.js
@ -495,7 +495,11 @@ Grocy.FrontendHelpers.RunWebhook = function (webhook, data, repetitions = 1)
 	}
 }

-$(document).on("keyup paste change click", "input, select, textarea", function ()
+$(document).on("keyup paste change", "input, textarea", function()
+{
+	$(this).addClass("is-dirty").closest("form").addClass("is-dirty");
+});
+$(document).on("click", "select", function()
 {
 	$(this).addClass("is-dirty").closest("form").addClass("is-dirty");
 });
--- a/public/viewjs/login.js
+++ b/public/viewjs/login.js
@ -8,11 +8,3 @@ if (GetUriParam('invalid') === 'true')
 	$('#login-error').text(__t('Invalid credentials, please try again'));
 	$('#login-error').removeClass('d-none');
 }
-
-$("#login-button").on("click", function (e)
-{
-	e.preventDefault();
-
-	$("#password_base64").val(btoa($("#password_input").val()));
-	$("#login-form").trigger("submit");
-});
--- a/public/viewjs/purchase.js
+++ b/public/viewjs/purchase.js
@ -441,65 +441,36 @@ if (Grocy.Components.ProductPicker !== undefined)

 function PrefillBestBeforeDate(product, location)
 {
-	if (!Grocy.FeatureFlags.GROCY_FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING)
-	{
-		return;
-	}
-
 	if (location == null)
 	{
 		location = {}
 	}

-	var shortcutValue = $("#datetimepicker-shortcut").attr("data-datetimepicker-shortcut-value");
-	var dueDateCurrent = Grocy.Components.DateTimePicker.GetValue();
-	var dueDateDefault = null;
-	var dueDateFreezer = null;
-
-	if (product.default_best_before_days != 0)
+	if (Grocy.FeatureFlags.GROCY_FEATURE_FLAG_STOCK_BEST_BEFORE_DATE_TRACKING)
 	{
-		dueDateDefault = moment().add(product.default_best_before_days, 'days').format('YYYY-MM-DD');
-
-		if (product.default_best_before_days == -1)
+		var dueDays;
+		if (Grocy.FeatureFlags.GROCY_FEATURE_FLAG_STOCK_PRODUCT_FREEZING && BoolVal(location.is_freezer))
 		{
-			dueDateDefault = shortcutValue;
-		}
-	}
-
-	if (Grocy.FeatureFlags.GROCY_FEATURE_FLAG_STOCK_PRODUCT_FREEZING && BoolVal(location.is_freezer) && product.default_best_before_days_after_freezing != 0)
-	{
-		dueDateFreezer = moment().add(product.default_best_before_days_after_freezing, 'days').format('YYYY-MM-DD');
-
-		if (product.default_best_before_days_after_freezing == -1)
-		{
-			dueDateFreezer = shortcutValue;
-		}
-	}
-
-	// Set the default due date when currently no one is set
-	if (dueDateDefault && !dueDateCurrent)
-	{
-		if (!$("#datetimepicker-shortcut").is(":checked") && dueDateDefault == shortcutValue)
-		{
-			$("#datetimepicker-shortcut").click();
+			dueDays = product.default_best_before_days_after_freezing;
 		}
 		else
 		{
-			Grocy.Components.DateTimePicker.SetValue(dueDateDefault);
-		}
+			dueDays = product.default_best_before_days;
 		}

-	// Set the default due date after freezing when currently no one is set or when it was previously set to the default due date
-	// (so essentially don't overwrite a by the user different entered due date)
-	if (dueDateFreezer && (!dueDateCurrent || dueDateCurrent == dueDateDefault))
+		if (dueDays != 0)
 		{
-		if (!$("#datetimepicker-shortcut").is(":checked") && dueDateFreezer == shortcutValue)
+			if (dueDays == -1)
+			{
+				if (!$("#datetimepicker-shortcut").is(":checked"))
 				{
 					$("#datetimepicker-shortcut").click();
 				}
+			}
 			else
 			{
-			Grocy.Components.DateTimePicker.SetValue(dueDateFreezer);
+				Grocy.Components.DateTimePicker.SetValue(moment().add(dueDays, 'days').format('YYYY-MM-DD'));
+			}
 		}
 	}
 }
--- a/public/viewjs/userform.js
+++ b/public/viewjs/userform.js
@ -46,11 +46,6 @@ $('#save-user-button').on('click', function (e)
 		jsonData.picture_file_name = RandomString() + CleanFileName($("#user-picture")[0].files[0].name);
 	}

-	jsonData.password_base64 = btoa(jsonData.password);
-	delete jsonData.password;
-	delete jsonData.password_confirm;
-	delete jsonData.change_password;
-
 	if (Grocy.EditMode === 'create')
 	{
 		Grocy.Api.Post('users', jsonData,
--- a/services/StockService.php
+++ b/services/StockService.php
@ -463,8 +463,7 @@ class StockService extends BaseService
 						'transaction_id' => $transactionId,
 						'user_id' => GROCY_USER_ID,
 						'location_id' => $stockEntry->location_id,
-						'note' => $stockEntry->note,
-						'shopping_location_id' => $stockEntry->shopping_location_id
+						'note' => $stockEntry->note
 					]);
 					$logRow->save();

@ -499,8 +498,7 @@ class StockService extends BaseService
 						'transaction_id' => $transactionId,
 						'user_id' => GROCY_USER_ID,
 						'location_id' => $stockEntry->location_id,
-						'note' => $stockEntry->note,
-						'shopping_location_id' => $stockEntry->shopping_location_id
+						'note' => $stockEntry->note
 					]);
 					$logRow->save();

@ -1534,8 +1532,7 @@ class StockService extends BaseService
 				'opened_date' => $logRow->opened_date,
 				'open' => $logRow->opened_date !== null,
 				'location_id' => $logRow->location_id,
-				'note' => $logRow->note,
-				'shopping_location_id' => $logRow->shopping_location_id
+				'note' => $logRow->note
 			]);
 			$stockRow->save();

@ -1586,8 +1583,7 @@ class StockService extends BaseService
 					'stock_id' => $logRow->stock_id,
 					'price' => $logRow->price,
 					'opened_date' => $logRow->opened_date,
-					'note' => $logRow->note,
-					'shopping_location_id' => $logRow->shopping_location_id
+					'note' => $logRow->note
 				]);
 				$stockRow->save();
 			}
--- a/services/UsersService.php
+++ b/services/UsersService.php
@ -12,7 +12,7 @@ class UsersService extends BaseService
 			'username' => $username,
 			'first_name' => $firstName,
 			'last_name' => $lastName,
-			'password' => password_hash($password, PASSWORD_ARGON2ID),
+			'password' => password_hash($password, PASSWORD_DEFAULT),
 			'picture_file_name' => $pictureFileName
 		]);
 		$newUserRow = $newUserRow->save();
@ -61,7 +61,7 @@ class UsersService extends BaseService
 				'username' => $username,
 				'first_name' => $firstName,
 				'last_name' => $lastName,
-				'password' => password_hash($password, PASSWORD_ARGON2ID),
+				'password' => password_hash($password, PASSWORD_DEFAULT),
 				'picture_file_name' => $pictureFileName
 			]);
 		}
--- a/views/login.blade.php
+++ b/views/login.blade.php
@ -23,16 +23,13 @@
 					name="username">
 			</div>

-
-			<input type="hidden"
-				id="password_base64"
-				name="password_base64">
 			<div class="form-group">
-				<label for="password_input">{{ $__t('Password') }}</label>
+				<label for="password">{{ $__t('Password') }}</label>
 				<input type="password"
 					class="form-control"
 					required
-					id="password_input">
+					id="password"
+					name="password">
 				<div id="login-error"
 					class="form-text text-danger d-none"></div>
 			</div>