Updated version and assets for release v0.30.0

- Added comments to explain the use of the file.
- Added comments to advise that space/hash containing values would need
to be quoted.

Related to #2258

.env.example

@@ -1,3 +1,11 @@
+# This file, when named as ".env" in the root of your BookStack install
+# folder, is used for the core configuration of the application.
+# By default this file contains the most common required options but
+# a full list of options can be found in the '.env.example.complete' file.
+
+# NOTE: If any of your values contain a space or a hash you will need to
+# wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
+
 # Application key
 # Used for encryption where needed.
 # Run `php artisan key:generate` to generate a valid key.
@@ -5,7 +13,7 @@ APP_KEY=SomeRandomString
 
 # Application URL
 # Remove the hash below and set a URL if using BookStack behind
-# a proxy, if using a third-party authentication option.
+# a proxy or if using a third-party authentication option.
 # This must be the root URL that you want to host BookStack on.
 # All URL's in BookStack will be generated using this value.
 #APP_URL=https://example.com
@@ -17,15 +25,18 @@ DB_USERNAME=database_username
 DB_PASSWORD=database_user_password
 
 # Mail system to use
-# Can be 'smtp', 'mail' or 'sendmail'
+# Can be 'smtp' or 'sendmail'
 MAIL_DRIVER=smtp
 
+# Mail sender options
+MAIL_FROM_NAME=BookStack
+MAIL_FROM=bookstack@example.com
+
 # SMTP mail options
+# These settings can be checked using the "Send a Test Email"
+# feature found in the "Settings > Maintenance" area of the system.
 MAIL_HOST=localhost
 MAIL_PORT=1025
 MAIL_USERNAME=null
 MAIL_PASSWORD=null
-MAIL_ENCRYPTION=null
-
-
-# A full list of options can be found in the '.env.example.complete' file.
+MAIL_ENCRYPTION=null

.env.example.complete

@@ -238,7 +238,10 @@ DISABLE_EXTERNAL_SERVICES=false
 # Example: AVATAR_URL=https://seccdn.libravatar.org/avatar/${hash}?s=${size}&d=identicon
 AVATAR_URL=
 
-# Enable Draw.io integration
+# Enable draw.io integration
+# Can simply be true/false to enable/disable the integration.
+# Alternatively, It can be URL to the draw.io instance you want to use.
+# For URLs, The following URL parameters should be included: embed=1&proto=json&spin=1
 DRAWIO=true
 
 # Default item listing view
@@ -267,4 +270,12 @@ API_DEFAULT_ITEM_COUNT=100
 API_MAX_ITEM_COUNT=500
 
 # The number of API requests that can be made per minute by a single user.
-API_REQUESTS_PER_MIN=180
+API_REQUESTS_PER_MIN=180
+
+# Enable the logging of failed email+password logins with the given message.
+# The default log channel below uses the php 'error_log' function which commonly
+# results in messages being output to the webserver error logs.
+# The message can contain a %u parameter which will be replaced with the login
+# user identifier (Username or email).
+LOG_FAILED_LOGIN_MESSAGE=false
+LOG_FAILED_LOGIN_CHANNEL=errorlog_plain_webserver

.github/translators.txt

@@ -61,7 +61,7 @@ Rodrigo Saczuk Niz (rodrigoniz) :: Portuguese, Brazilian
 aekramer :: Dutch
 JachuPL :: Polish
 milesteg :: Hungarian
-Beenbag :: German
+Beenbag :: German; German Informal
 Lett3rs :: Danish
 Julian (julian.henneberg) :: German; German Informal
 3GNWn :: Danish
@@ -69,5 +69,54 @@ dbguichu :: Chinese Simplified
 Randy Kim (hyunjun) :: Korean
 Francesco M. Taurino (ftaurino) :: Italian
 DanielFrederiksen :: Danish
-Finn Wessel (19finnwessel6) :: German
+Finn Wessel (19finnwessel6) :: German Informal; German
 Gustav Kånåhols (Kurbitz) :: Swedish
+Vuong Trung Hieu (fpooon) :: Vietnamese
+Emil Petersen (emoyly) :: Danish
+mrjaboozy :: Slovenian
+Statium :: Russian
+Mikkel Struntze (MStruntze) :: Danish
+kostefun :: Russian
+Tuyen.NG (tuyendev) :: Vietnamese
+Ghost_chu (dbguichu) :: Chinese Simplified
+Ziipen :: Danish
+Samuel Schwarz (Guiph7quan) :: Czech
+Aleph (toishoki) :: Turkish
+Julio Alberto García (Yllelder) :: Spanish
+Rafael (raribeir) :: Portuguese, Brazilian
+Hiroyuki Odake (dakesan) :: Japanese
+Alex Lee (qianmengnet) :: Chinese Simplified
+swinn37 :: French
+Hasan Özbey (the-turk) :: Turkish
+rcy :: Swedish
+Ali Yasir Yılmaz (ayyilmaz) :: Turkish
+scureza :: Italian
+Biepa :: German Informal; German
+syecu :: Chinese Simplified
+Lap1t0r :: French
+Thinkverse (thinkverse) :: Swedish
+alef (toishoki) :: Turkish
+Robbert Feunekes (Muukuro) :: Dutch
+seohyeon.joo :: Korean
+Orenda (OREDNA) :: Bulgarian
+Marek Pavelka (marapavelka) :: Czech
+Venkinovec :: Czech
+Tommy Ku (tommyku) :: Chinese Traditional; Japanese
+Michał Bielejewski  (bielej) :: Polish
+jozefrebjak :: Slovak
+Ikhwan Koo (Ikhwan.Koo) :: Korean
+Whay (remkovdhoef) :: Dutch
+jc7115 :: Chinese Traditional
+주서현 (seohyeon.joo) :: Korean
+ReadySystems :: Arabic
+HFinch :: German; German Informal
+brechtgijsens :: Dutch
+Lowkey (v587ygq) :: Chinese Simplified
+sdl-blue :: German Informal
+sqlik :: Polish
+Roy van Schaijk (royvanschaijk) :: Dutch
+Simsimpicpic :: French
+Zenahr Barzani (Zenahr) :: German; Japanese; Dutch; German Informal
+tatsuya.info :: Japanese
+fadiapp :: Arabic
+Jakub “Jéžiš” Bouček (jakubboucek) :: Czech

.github/workflows/phpunit.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [7.2, 7.3]
+        php: [7.2, 7.4]
     steps:
     - uses: actions/checkout@v1
 
@@ -31,6 +31,10 @@ jobs:
         path: ${{ steps.composer-cache.outputs.dir }}
         key: ${{ runner.os }}-composer-${{ matrix.php }}
 
+    - name: Start Database
+      run: |
+        sudo /etc/init.d/mysql start
+
     - name: Setup Database
       run: |
         mysql -uroot -proot -e 'CREATE DATABASE IF NOT EXISTS `bookstack-test`;'

app/Actions/Activity.php

@@ -50,10 +50,8 @@ class Activity extends Model
 
     /**
      * Checks if another Activity matches the general information of another.
-     * @param $activityB
-     * @return bool
      */
-    public function isSimilarTo($activityB)
+    public function isSimilarTo(Activity $activityB): bool
     {
         return [$this->key, $this->entity_type, $this->entity_id] === [$activityB->key, $activityB->entity_type, $activityB->entity_id];
     }

app/Actions/ActivityService.php

@@ -1,8 +1,10 @@
 <?php namespace BookStack\Actions;
 
 use BookStack\Auth\Permissions\PermissionService;
-use BookStack\Entities\Book;
+use BookStack\Auth\User;
 use BookStack\Entities\Entity;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Log;
 
 class ActivityService
 {
@@ -12,8 +14,6 @@ class ActivityService
 
     /**
      * ActivityService constructor.
-     * @param Activity $activity
-     * @param PermissionService $permissionService
      */
     public function __construct(Activity $activity, PermissionService $permissionService)
     {
@@ -24,11 +24,8 @@ class ActivityService
 
     /**
      * Add activity data to database.
-     * @param \BookStack\Entities\Entity $entity
-     * @param string $activityKey
-     * @param int $bookId
      */
-    public function add(Entity $entity, string $activityKey, int $bookId = null)
+    public function add(Entity $entity, string $activityKey, ?int $bookId = null)
     {
         $activity = $this->newActivityForUser($activityKey, $bookId);
         $entity->activity()->save($activity);
@@ -37,11 +34,8 @@ class ActivityService
 
     /**
      * Adds a activity history with a message, without binding to a entity.
-     * @param string $activityKey
-     * @param string $message
-     * @param int $bookId
      */
-    public function addMessage(string $activityKey, string $message, int $bookId = null)
+    public function addMessage(string $activityKey, string $message, ?int $bookId = null)
     {
         $this->newActivityForUser($activityKey, $bookId)->forceFill([
             'extra' => $message
@@ -52,14 +46,11 @@ class ActivityService
 
     /**
      * Get a new activity instance for the current user.
-     * @param string $key
-     * @param int|null $bookId
-     * @return Activity
      */
-    protected function newActivityForUser(string $key, int $bookId = null)
+    protected function newActivityForUser(string $key, ?int $bookId = null): Activity
     {
         return $this->activity->newInstance()->forceFill([
-            'key' => strtolower($key),
+            'key'     => strtolower($key),
             'user_id' => $this->user->id,
             'book_id' => $bookId ?? 0,
         ]);
@@ -69,34 +60,27 @@ class ActivityService
      * Removes the entity attachment from each of its activities
      * and instead uses the 'extra' field with the entities name.
      * Used when an entity is deleted.
-     * @param \BookStack\Entities\Entity $entity
-     * @return mixed
      */
-    public function removeEntity(Entity $entity)
+    public function removeEntity(Entity $entity): Collection
     {
-        // TODO - Rewrite to db query.
-        $activities = $entity->activity;
-        foreach ($activities as $activity) {
-            $activity->extra = $entity->name;
-            $activity->entity_id = 0;
-            $activity->entity_type = null;
-            $activity->save();
-        }
+        $activities = $entity->activity()->get();
+        $entity->activity()->update([
+            'extra'       => $entity->name,
+            'entity_id'   => 0,
+            'entity_type' => '',
+        ]);
         return $activities;
     }
 
     /**
      * Gets the latest activity.
-     * @param int $count
-     * @param int $page
-     * @return array
      */
-    public function latest($count = 20, $page = 0)
+    public function latest(int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissionService
             ->filterRestrictedEntityRelations($this->activity, 'activities', 'entity_id', 'entity_type')
             ->orderBy('created_at', 'desc')
-            ->with('user', 'entity')
+            ->with(['user', 'entity'])
             ->skip($count * $page)
             ->take($count)
             ->get();
@@ -107,20 +91,16 @@ class ActivityService
     /**
      * Gets the latest activity for an entity, Filtering out similar
      * items to prevent a message activity list.
-     * @param \BookStack\Entities\Entity $entity
-     * @param int $count
-     * @param int $page
-     * @return array
      */
-    public function entityActivity($entity, $count = 20, $page = 1)
+    public function entityActivity(Entity $entity, int $count = 20, int $page = 1): array
     {
         if ($entity->isA('book')) {
-            $query = $this->activity->where('book_id', '=', $entity->id);
+            $query = $this->activity->newQuery()->where('book_id', '=', $entity->id);
         } else {
-            $query = $this->activity->where('entity_type', '=', $entity->getMorphClass())
+            $query = $this->activity->newQuery()->where('entity_type', '=', $entity->getMorphClass())
                 ->where('entity_id', '=', $entity->id);
         }
-        
+
         $activity = $this->permissionService
             ->filterRestrictedEntityRelations($query, 'activities', 'entity_id', 'entity_type')
             ->orderBy('created_at', 'desc')
@@ -133,18 +113,18 @@ class ActivityService
     }
 
     /**
-     * Get latest activity for a user, Filtering out similar
-     * items.
-     * @param $user
-     * @param int $count
-     * @param int $page
-     * @return array
+     * Get latest activity for a user, Filtering out similar items.
      */
-    public function userActivity($user, $count = 20, $page = 0)
+    public function userActivity(User $user, int $count = 20, int $page = 0): array
     {
         $activityList = $this->permissionService
             ->filterRestrictedEntityRelations($this->activity, 'activities', 'entity_id', 'entity_type')
-            ->orderBy('created_at', 'desc')->where('user_id', '=', $user->id)->skip($count * $page)->take($count)->get();
+            ->orderBy('created_at', 'desc')
+            ->where('user_id', '=', $user->id)
+            ->skip($count * $page)
+            ->take($count)
+            ->get();
+
         return $this->filterSimilar($activityList);
     }
 
@@ -153,29 +133,26 @@ class ActivityService
      * @param Activity[] $activities
      * @return array
      */
-    protected function filterSimilar($activities)
+    protected function filterSimilar(iterable $activities): array
     {
         $newActivity = [];
-        $previousItem = false;
+        $previousItem = null;
+
         foreach ($activities as $activityItem) {
-            if ($previousItem === false) {
-                $previousItem = $activityItem;
-                $newActivity[] = $activityItem;
-                continue;
-            }
-            if (!$activityItem->isSimilarTo($previousItem)) {
+            if (!$previousItem || !$activityItem->isSimilarTo($previousItem)) {
                 $newActivity[] = $activityItem;
             }
+
             $previousItem = $activityItem;
         }
+
         return $newActivity;
     }
 
     /**
      * Flashes a notification message to the session if an appropriate message is available.
-     * @param $activityKey
      */
-    protected function setNotification($activityKey)
+    protected function setNotification(string $activityKey)
     {
         $notificationTextKey = 'activities.' . $activityKey . '_notification';
         if (trans()->has($notificationTextKey)) {
@@ -183,4 +160,20 @@ class ActivityService
             session()->flash('success', $message);
         }
     }
+
+    /**
+     * Log out a failed login attempt, Providing the given username
+     * as part of the message if the '%u' string is used.
+     */
+    public function logFailedLogin(string $username)
+    {
+        $message = config('logging.failed_login.message');
+        if (!$message) {
+            return;
+        }
+
+        $message = str_replace("%u", $username, $message);
+        $channel = config('logging.failed_login.channel');
+        Log::channel($channel)->warning($message);
+    }
 }

app/Actions/Comment.php

@@ -2,9 +2,15 @@
 
 use BookStack\Ownable;
 
+/**
+ * @property string text
+ * @property string html
+ * @property int|null parent_id
+ * @property int local_id
+ */
 class Comment extends Ownable
 {
-    protected $fillable = ['text', 'html', 'parent_id'];
+    protected $fillable = ['text', 'parent_id'];
     protected $appends = ['created', 'updated'];
 
     /**

app/Actions/CommentRepo.php

@@ -1,23 +1,20 @@
 <?php namespace BookStack\Actions;
 
 use BookStack\Entities\Entity;
+use League\CommonMark\CommonMarkConverter;
 
 /**
  * Class CommentRepo
- * @package BookStack\Repos
  */
 class CommentRepo
 {
 
     /**
-     * @var \BookStack\Actions\Comment $comment
+     * @var Comment $comment
      */
     protected $comment;
 
-    /**
-     * CommentRepo constructor.
-     * @param \BookStack\Actions\Comment $comment
-     */
+
     public function __construct(Comment $comment)
     {
         $this->comment = $comment;
@@ -25,65 +22,71 @@ class CommentRepo
 
     /**
      * Get a comment by ID.
-     * @param $id
-     * @return \BookStack\Actions\Comment|\Illuminate\Database\Eloquent\Model
      */
-    public function getById($id)
+    public function getById(int $id): Comment
     {
         return $this->comment->newQuery()->findOrFail($id);
     }
 
     /**
      * Create a new comment on an entity.
-     * @param \BookStack\Entities\Entity $entity
-     * @param array $data
-     * @return \BookStack\Actions\Comment
      */
-    public function create(Entity $entity, $data = [])
+    public function create(Entity $entity, string $text, ?int $parent_id): Comment
     {
         $userId = user()->id;
-        $comment = $this->comment->newInstance($data);
+        $comment = $this->comment->newInstance();
+
+        $comment->text = $text;
+        $comment->html = $this->commentToHtml($text);
         $comment->created_by = $userId;
         $comment->updated_by = $userId;
         $comment->local_id = $this->getNextLocalId($entity);
+        $comment->parent_id = $parent_id;
+
         $entity->comments()->save($comment);
         return $comment;
     }
 
     /**
      * Update an existing comment.
-     * @param \BookStack\Actions\Comment $comment
-     * @param array $input
-     * @return mixed
      */
-    public function update($comment, $input)
+    public function update(Comment $comment, string $text): Comment
     {
         $comment->updated_by = user()->id;
-        $comment->update($input);
+        $comment->text = $text;
+        $comment->html = $this->commentToHtml($text);
+        $comment->save();
         return $comment;
     }
 
     /**
      * Delete a comment from the system.
-     * @param \BookStack\Actions\Comment $comment
-     * @return mixed
      */
-    public function delete($comment)
+    public function delete(Comment $comment)
     {
-        return $comment->delete();
+        $comment->delete();
+    }
+
+    /**
+     * Convert the given comment markdown text to HTML.
+     */
+    public function commentToHtml(string $commentText): string
+    {
+        $converter = new CommonMarkConverter([
+            'html_input' => 'strip',
+            'max_nesting_level' => 10,
+            'allow_unsafe_links' => false,
+        ]);
+
+        return $converter->convertToHtml($commentText);
     }
 
     /**
      * Get the next local ID relative to the linked entity.
-     * @param \BookStack\Entities\Entity $entity
-     * @return int
      */
-    protected function getNextLocalId(Entity $entity)
+    protected function getNextLocalId(Entity $entity): int
     {
         $comments = $entity->comments(false)->orderBy('local_id', 'desc')->first();
-        if ($comments === null) {
-            return 1;
-        }
-        return $comments->local_id + 1;
+        return ($comments->local_id ?? 0) + 1;
     }
 }

app/Actions/Tag.php

@@ -9,6 +9,7 @@ use BookStack\Model;
 class Tag extends Model
 {
     protected $fillable = ['name', 'value', 'order'];
+    protected $hidden = ['id', 'entity_id', 'entity_type'];
 
     /**
      * Get the entity that this tag belongs to

app/Actions/TagRepo.php

@@ -2,71 +2,31 @@
 
 use BookStack\Auth\Permissions\PermissionService;
 use BookStack\Entities\Entity;
+use DB;
+use Illuminate\Support\Collection;
 
-/**
- * Class TagRepo
- * @package BookStack\Repos
- */
 class TagRepo
 {
 
     protected $tag;
-    protected $entity;
     protected $permissionService;
 
     /**
      * TagRepo constructor.
-     * @param \BookStack\Actions\Tag $attr
-     * @param \BookStack\Entities\Entity $ent
-     * @param \BookStack\Auth\Permissions\PermissionService $ps
      */
-    public function __construct(Tag $attr, Entity $ent, PermissionService $ps)
+    public function __construct(Tag $tag, PermissionService $ps)
     {
-        $this->tag = $attr;
-        $this->entity = $ent;
+        $this->tag = $tag;
         $this->permissionService = $ps;
     }
 
-    /**
-     * Get an entity instance of its particular type.
-     * @param $entityType
-     * @param $entityId
-     * @param string $action
-     * @return \Illuminate\Database\Eloquent\Model|null|static
-     */
-    public function getEntity($entityType, $entityId, $action = 'view')
-    {
-        $entityInstance = $this->entity->getEntityInstance($entityType);
-        $searchQuery = $entityInstance->where('id', '=', $entityId)->with('tags');
-        $searchQuery = $this->permissionService->enforceEntityRestrictions($entityType, $searchQuery, $action);
-        return $searchQuery->first();
-    }
-
-    /**
-     * Get all tags for a particular entity.
-     * @param string $entityType
-     * @param int $entityId
-     * @return mixed
-     */
-    public function getForEntity($entityType, $entityId)
-    {
-        $entity = $this->getEntity($entityType, $entityId);
-        if ($entity === null) {
-            return collect();
-        }
-
-        return $entity->tags;
-    }
-
     /**
      * Get tag name suggestions from scanning existing tag names.
      * If no search term is given the 50 most popular tag names are provided.
-     * @param $searchTerm
-     * @return array
      */
-    public function getNameSuggestions($searchTerm = false)
+    public function getNameSuggestions(?string $searchTerm): Collection
     {
-        $query = $this->tag->select('*', \DB::raw('count(*) as count'))->groupBy('name');
+        $query = $this->tag->select('*', DB::raw('count(*) as count'))->groupBy('name');
 
         if ($searchTerm) {
             $query = $query->where('name', 'LIKE', $searchTerm . '%')->orderBy('name', 'desc');
@@ -82,13 +42,10 @@ class TagRepo
      * Get tag value suggestions from scanning existing tag values.
      * If no search is given the 50 most popular values are provided.
      * Passing a tagName will only find values for a tags with a particular name.
-     * @param $searchTerm
-     * @param $tagName
-     * @return array
      */
-    public function getValueSuggestions($searchTerm = false, $tagName = false)
+    public function getValueSuggestions(?string $searchTerm, ?string $tagName): Collection
     {
-        $query = $this->tag->select('*', \DB::raw('count(*) as count'))->groupBy('value');
+        $query = $this->tag->select('*', DB::raw('count(*) as count'))->groupBy('value');
 
         if ($searchTerm) {
             $query = $query->where('value', 'LIKE', $searchTerm . '%')->orderBy('value', 'desc');
@@ -96,7 +53,7 @@ class TagRepo
             $query = $query->orderBy('count', 'desc')->take(50);
         }
 
-        if ($tagName !== false) {
+        if ($tagName) {
             $query = $query->where('name', '=', $tagName);
         }
 
@@ -106,35 +63,28 @@ class TagRepo
 
     /**
      * Save an array of tags to an entity
-     * @param \BookStack\Entities\Entity $entity
-     * @param array $tags
-     * @return array|\Illuminate\Database\Eloquent\Collection
      */
-    public function saveTagsToEntity(Entity $entity, $tags = [])
+    public function saveTagsToEntity(Entity $entity, array $tags = []): iterable
     {
         $entity->tags()->delete();
-        $newTags = [];
-        foreach ($tags as $tag) {
-            if (trim($tag['name']) === '') {
-                continue;
-            }
-            $newTags[] = $this->newInstanceFromInput($tag);
-        }
+
+        $newTags = collect($tags)->filter(function ($tag) {
+            return boolval(trim($tag['name']));
+        })->map(function ($tag) {
+            return $this->newInstanceFromInput($tag);
+        })->all();
 
         return $entity->tags()->saveMany($newTags);
     }
 
     /**
      * Create a new Tag instance from user input.
-     * @param $input
-     * @return \BookStack\Actions\Tag
+     * Input must be an array with a 'name' and an optional 'value' key.
      */
-    protected function newInstanceFromInput($input)
+    protected function newInstanceFromInput(array $input): Tag
     {
         $name = trim($input['name']);
         $value = isset($input['value']) ? trim($input['value']) : '';
-        // Any other modification or cleanup required can go here
-        $values = ['name' => $name, 'value' => $value];
-        return $this->tag->newInstance($values);
+        return $this->tag->newInstance(['name' => $name, 'value' => $value]);
     }
 }

app/Api/ApiDocsGenerator.php

@@ -3,6 +3,7 @@
 use BookStack\Http\Controllers\Api\ApiController;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
 use ReflectionClass;
 use ReflectionException;
 use ReflectionMethod;
@@ -117,6 +118,7 @@ class ApiDocsGenerator
                 'method' => $route->methods[0],
                 'controller' => $controller,
                 'controller_method' => $controllerMethod,
+                'controller_method_kebab' => Str::kebab($controllerMethod),
                 'base_model' => $baseModelName,
             ];
         });

app/Api/ListingResponseBuilder.php

@@ -36,8 +36,10 @@ class ListingResponseBuilder
      */
     public function toResponse()
     {
-        $data = $this->fetchData();
-        $total = $this->query->count();
+        $filteredQuery = $this->filterQuery($this->query);
+
+        $total = $filteredQuery->count();
+        $data = $this->fetchData($filteredQuery);
 
         return response()->json([
             'data' => $data,
@@ -48,23 +50,22 @@ class ListingResponseBuilder
     /**
      * Fetch the data to return in the response.
      */
-    protected function fetchData(): Collection
+    protected function fetchData(Builder $query): Collection
     {
-        $this->applyCountAndOffset($this->query);
-        $this->applySorting($this->query);
-        $this->applyFiltering($this->query);
-
-        return $this->query->get($this->fields);
+        $query = $this->countAndOffsetQuery($query);
+        $query = $this->sortQuery($query);
+        return $query->get($this->fields);
     }
 
     /**
      * Apply any filtering operations found in the request.
      */
-    protected function applyFiltering(Builder $query)
+    protected function filterQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $requestFilters = $this->request->get('filter', []);
         if (!is_array($requestFilters)) {
-            return;
+            return $query;
         }
 
         $queryFilters = collect($requestFilters)->map(function ($value, $key) {
@@ -73,7 +74,7 @@ class ListingResponseBuilder
             return !is_null($value);
         })->values()->toArray();
 
-        $query->where($queryFilters);
+        return $query->where($queryFilters);
     }
 
     /**
@@ -101,8 +102,9 @@ class ListingResponseBuilder
      * Apply sorting operations to the query from given parameters
      * otherwise falling back to the first given field, ascending.
      */
-    protected function applySorting(Builder $query)
+    protected function sortQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $defaultSortName = $this->fields[0];
         $direction = 'asc';
 
@@ -116,20 +118,21 @@ class ListingResponseBuilder
             $sortName = $defaultSortName;
         }
 
-        $query->orderBy($sortName, $direction);
+        return $query->orderBy($sortName, $direction);
     }
 
     /**
      * Apply count and offset for paging, based on params from the request while falling
      * back to system defined default, taking the max limit into account.
      */
-    protected function applyCountAndOffset(Builder $query)
+    protected function countAndOffsetQuery(Builder $query): Builder
     {
+        $query = clone $query;
         $offset = max(0, $this->request->get('offset', 0));
         $maxCount = config('api.max_item_count');
         $count = $this->request->get('count', config('api.default_item_count'));
         $count = max(min($maxCount, $count), 1);
 
-        $query->skip($offset)->take($count);
+        return $query->skip($offset)->take($count);
     }
 }

app/Auth/Access/ExternalAuthService.php

@@ -3,6 +3,8 @@
 use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\DB;
 
 class ExternalAuthService
 {
@@ -39,22 +41,14 @@ class ExternalAuthService
     /**
      * Match an array of group names to BookStack system roles.
      * Formats group names to be lower-case and hyphenated.
-     * @param array $groupNames
-     * @return \Illuminate\Support\Collection
      */
-    protected function matchGroupsToSystemsRoles(array $groupNames)
+    protected function matchGroupsToSystemsRoles(array $groupNames): Collection
     {
         foreach ($groupNames as $i => $groupName) {
             $groupNames[$i] = str_replace(' ', '-', trim(strtolower($groupName)));
         }
 
-        $roles = Role::query()->where(function (Builder $query) use ($groupNames) {
-            $query->whereIn('name', $groupNames);
-            foreach ($groupNames as $groupName) {
-                $query->orWhere('external_auth_id', 'LIKE', '%' . $groupName . '%');
-            }
-        })->get();
-
+        $roles = Role::query()->get(['id', 'external_auth_id', 'display_name']);
         $matchedRoles = $roles->filter(function (Role $role) use ($groupNames) {
             return $this->roleMatchesGroupNames($role, $groupNames);
         });

app/Auth/Access/Guards/LdapSessionGuard.php

@@ -60,10 +60,8 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
      * @param array $credentials
      * @param bool $remember
      * @return bool
-     * @throws LoginAttemptEmailNeededException
      * @throws LoginAttemptException
      * @throws LdapException
-     * @throws UserRegistrationException
      */
     public function attempt(array $credentials = [], $remember = false)
     {
@@ -82,7 +80,11 @@ class LdapSessionGuard extends ExternalBaseSessionGuard
         }
 
         if (is_null($user)) {
-            $user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
+            try {
+                $user = $this->createNewFromLdapAndCreds($userDetails, $credentials);
+            } catch (UserRegistrationException $exception) {
+                throw new LoginAttemptException($exception->message);
+            }
         }
 
         // Sync LDAP groups if required

app/Auth/Access/RegistrationService.php

@@ -71,15 +71,15 @@ class RegistrationService
         // Start email confirmation flow if required
         if ($this->emailConfirmationService->confirmationRequired() && !$emailConfirmed) {
             $newUser->save();
-            $message = '';
 
             try {
                 $this->emailConfirmationService->sendConfirmation($newUser);
+                session()->flash('sent-email-confirmation', true);
             } catch (Exception $e) {
                 $message = trans('auth.email_confirm_send_error');
+                throw new UserRegistrationException($message, '/register/confirm');
             }
 
-            throw new UserRegistrationException($message, '/register/confirm');
         }
 
         return $newUser;
@@ -106,13 +106,4 @@ class RegistrationService
         }
     }
 
-    /**
-     * Alias to the UserRepo method of the same name.
-     * Attaches the default system role, if configured, to the given user.
-     */
-    public function attachDefaultRole(User $user): void
-    {
-        $this->userRepo->attachDefaultRole($user);
-    }
-
 }

app/Auth/Access/Saml2Service.php

@@ -311,7 +311,6 @@ class Saml2Service extends ExternalAuthService
 
     /**
      * Get the user from the database for the specified details.
-     * @throws SamlException
      * @throws UserRegistrationException
      */
     protected function getOrRegisterUser(array $userDetails): ?User

app/Auth/Access/SocialAuthService.php

@@ -233,6 +233,9 @@ class SocialAuthService
         if ($driverName === 'google' && config('services.google.select_account')) {
             $driver->with(['prompt' => 'select_account']);
         }
+        if ($driverName === 'azure') {
+            $driver->with(['resource' => 'https://graph.windows.net']);
+        }
 
         return $driver;
     }

app/Auth/Permissions/JointPermission.php

@@ -3,25 +3,26 @@
 use BookStack\Auth\Role;
 use BookStack\Entities\Entity;
 use BookStack\Model;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
+use Illuminate\Database\Eloquent\Relations\MorphOne;
 
 class JointPermission extends Model
 {
+    protected $primaryKey = null;
     public $timestamps = false;
 
     /**
      * Get the role that this points to.
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
      */
-    public function role()
+    public function role(): BelongsTo
     {
         return $this->belongsTo(Role::class);
     }
 
     /**
      * Get the entity this points to.
-     * @return \Illuminate\Database\Eloquent\Relations\MorphOne
      */
-    public function entity()
+    public function entity(): MorphOne
     {
         return $this->morphOne(Entity::class, 'entity');
     }

app/Auth/Permissions/PermissionsRepo.php

@@ -1,8 +1,9 @@
 <?php namespace BookStack\Auth\Permissions;
 
-use BookStack\Auth\Permissions;
 use BookStack\Auth\Role;
 use BookStack\Exceptions\PermissionsException;
+use Exception;
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Str;
 
 class PermissionsRepo
@@ -16,11 +17,8 @@ class PermissionsRepo
 
     /**
      * PermissionsRepo constructor.
-     * @param RolePermission $permission
-     * @param Role $role
-     * @param \BookStack\Auth\Permissions\PermissionService $permissionService
      */
-    public function __construct(RolePermission $permission, Role $role, Permissions\PermissionService $permissionService)
+    public function __construct(RolePermission $permission, Role $role, PermissionService $permissionService)
     {
         $this->permission = $permission;
         $this->role = $role;
@@ -29,46 +27,34 @@ class PermissionsRepo
 
     /**
      * Get all the user roles from the system.
-     * @return \Illuminate\Database\Eloquent\Collection|static[]
      */
-    public function getAllRoles()
+    public function getAllRoles(): Collection
     {
         return $this->role->all();
     }
 
     /**
      * Get all the roles except for the provided one.
-     * @param Role $role
-     * @return mixed
      */
-    public function getAllRolesExcept(Role $role)
+    public function getAllRolesExcept(Role $role): Collection
     {
         return $this->role->where('id', '!=', $role->id)->get();
     }
 
     /**
      * Get a role via its ID.
-     * @param $id
-     * @return mixed
      */
-    public function getRoleById($id)
+    public function getRoleById($id): Role
     {
-        return $this->role->findOrFail($id);
+        return $this->role->newQuery()->findOrFail($id);
     }
 
     /**
      * Save a new role into the system.
-     * @param array $roleData
-     * @return Role
      */
-    public function saveNewRole($roleData)
+    public function saveNewRole(array $roleData): Role
     {
         $role = $this->role->newInstance($roleData);
-        $role->name = str_replace(' ', '-', strtolower($roleData['display_name']));
-        // Prevent duplicate names
-        while ($this->role->where('name', '=', $role->name)->count() > 0) {
-            $role->name .= strtolower(Str::random(2));
-        }
         $role->save();
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
@@ -80,13 +66,11 @@ class PermissionsRepo
     /**
      * Updates an existing role.
      * Ensure Admin role always have core permissions.
-     * @param $roleId
-     * @param $roleData
-     * @throws PermissionsException
      */
-    public function updateRole($roleId, $roleData)
+    public function updateRole($roleId, array $roleData)
     {
-        $role = $this->role->findOrFail($roleId);
+        /** @var Role $role */
+        $role = $this->role->newQuery()->findOrFail($roleId);
 
         $permissions = isset($roleData['permissions']) ? array_keys($roleData['permissions']) : [];
         if ($role->system_name === 'admin') {
@@ -108,16 +92,19 @@ class PermissionsRepo
 
     /**
      * Assign an list of permission names to an role.
-     * @param Role $role
-     * @param array $permissionNameArray
      */
-    public function assignRolePermissions(Role $role, $permissionNameArray = [])
+    public function assignRolePermissions(Role $role, array $permissionNameArray = [])
     {
         $permissions = [];
         $permissionNameArray = array_values($permissionNameArray);
-        if ($permissionNameArray && count($permissionNameArray) > 0) {
-            $permissions = $this->permission->whereIn('name', $permissionNameArray)->pluck('id')->toArray();
+
+        if ($permissionNameArray) {
+            $permissions = $this->permission->newQuery()
+                ->whereIn('name', $permissionNameArray)
+                ->pluck('id')
+                ->toArray();
         }
+
         $role->permissions()->sync($permissions);
     }
 
@@ -126,13 +113,13 @@ class PermissionsRepo
      * Check it's not an admin role or set as default before deleting.
      * If an migration Role ID is specified the users assign to the current role
      * will be added to the role of the specified id.
-     * @param $roleId
-     * @param $migrateRoleId
      * @throws PermissionsException
+     * @throws Exception
      */
     public function deleteRole($roleId, $migrateRoleId)
     {
-        $role = $this->role->findOrFail($roleId);
+        /** @var Role $role */
+        $role = $this->role->newQuery()->findOrFail($roleId);
 
         // Prevent deleting admin role or default registration role.
         if ($role->system_name && in_array($role->system_name, $this->systemRoles)) {
@@ -142,9 +129,9 @@ class PermissionsRepo
         }
 
         if ($migrateRoleId) {
-            $newRole = $this->role->find($migrateRoleId);
+            $newRole = $this->role->newQuery()->find($migrateRoleId);
             if ($newRole) {
-                $users = $role->users->pluck('id')->toArray();
+                $users = $role->users()->pluck('id')->toArray();
                 $newRole->users()->sync($users);
             }
         }

app/Auth/Permissions/RolePermission.php

@@ -3,6 +3,9 @@
 use BookStack\Auth\Role;
 use BookStack\Model;
 
+/**
+ * @property int $id
+ */
 class RolePermission extends Model
 {
     /**

app/Auth/Role.php

@@ -3,13 +3,16 @@
 use BookStack\Auth\Permissions\JointPermission;
 use BookStack\Auth\Permissions\RolePermission;
 use BookStack\Model;
+use Illuminate\Database\Eloquent\Collection;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 
 /**
  * Class Role
+ * @property int $id
  * @property string $display_name
  * @property string $description
  * @property string $external_auth_id
- * @package BookStack\Auth
+ * @property string $system_name
  */
 class Role extends Model
 {
@@ -26,9 +29,8 @@ class Role extends Model
 
     /**
      * Get all related JointPermissions.
-     * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
-    public function jointPermissions()
+    public function jointPermissions(): HasMany
     {
         return $this->hasMany(JointPermission::class);
     }
@@ -43,10 +45,8 @@ class Role extends Model
 
     /**
      * Check if this role has a permission.
-     * @param $permissionName
-     * @return bool
      */
-    public function hasPermission($permissionName)
+    public function hasPermission(string $permissionName): bool
     {
         $permissions = $this->getRelationValue('permissions');
         foreach ($permissions as $permission) {
@@ -59,7 +59,6 @@ class Role extends Model
 
     /**
      * Add a permission to this role.
-     * @param RolePermission $permission
      */
     public function attachPermission(RolePermission $permission)
     {
@@ -68,7 +67,6 @@ class Role extends Model
 
     /**
      * Detach a single permission from this role.
-     * @param RolePermission $permission
      */
     public function detachPermission(RolePermission $permission)
     {
@@ -76,39 +74,33 @@ class Role extends Model
     }
 
     /**
-     * Get the role object for the specified role.
-     * @param $roleName
-     * @return Role
+     * Get the role of the specified display name.
      */
-    public static function getRole($roleName)
+    public static function getRole(string $displayName): ?Role
     {
-        return static::query()->where('name', '=', $roleName)->first();
+        return static::query()->where('display_name', '=', $displayName)->first();
     }
 
     /**
      * Get the role object for the specified system role.
-     * @param $roleName
-     * @return Role
      */
-    public static function getSystemRole($roleName)
+    public static function getSystemRole(string $systemName): ?Role
     {
-        return static::query()->where('system_name', '=', $roleName)->first();
+        return static::query()->where('system_name', '=', $systemName)->first();
     }
 
     /**
      * Get all visible roles
-     * @return mixed
      */
-    public static function visible()
+    public static function visible(): Collection
     {
         return static::query()->where('hidden', '=', false)->orderBy('name')->get();
     }
 
     /**
      * Get the roles that can be restricted.
-     * @return \Illuminate\Database\Eloquent\Builder[]|\Illuminate\Database\Eloquent\Collection
      */
-    public static function restrictable()
+    public static function restrictable(): Collection
     {
         return static::query()->where('system_name', '!=', 'admin')->get();
     }

app/Auth/User.php

@@ -47,7 +47,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
      * The attributes excluded from the model's JSON form.
      * @var array
      */
-    protected $hidden = ['password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email'];
+    protected $hidden = [
+        'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
+        'created_at', 'updated_at', 'image_id',
+    ];
 
     /**
      * This holds the user's permissions when loaded.
@@ -98,12 +101,10 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Check if the user has a role.
-     * @param $role
-     * @return mixed
      */
-    public function hasRole($role)
+    public function hasRole($roleId): bool
     {
-        return $this->roles->pluck('name')->contains($role);
+        return $this->roles->pluck('id')->contains($roleId);
     }
 
     /**
@@ -160,7 +161,6 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Attach a role to this user.
-     * @param Role $role
      */
     public function attachRole(Role $role)
     {

app/Auth/UserRepo.php

@@ -238,7 +238,7 @@ class UserRepo
      */
     public function getAllRoles()
     {
-        return $this->role->newQuery()->orderBy('name', 'asc')->get();
+        return $this->role->newQuery()->orderBy('display_name', 'asc')->get();
     }
 
     /**

app/Config/app.php

@@ -52,7 +52,7 @@ return [
     'locale' => env('APP_LANG', 'en'),
 
     // Locales available
-    'locales' => ['en', 'ar', 'da', 'de', 'de_informal', 'es', 'es_AR', 'fr', 'hu', 'nl', 'pt_BR', 'sk', 'cs', 'sv', 'ko', 'ja', 'pl', 'it', 'ru', 'uk', 'zh_CN', 'zh_TW', 'tr'],
+    'locales' => ['en', 'ar', 'bg', 'cs', 'da', 'de', 'de_informal', 'es', 'es_AR', 'fa', 'fr', 'he', 'hu', 'it', 'ja', 'ko', 'nl', 'pt', 'pt_BR', 'sk', 'sl', 'sv', 'pl',  'ru', 'th', 'tr', 'uk', 'vi', 'zh_CN', 'zh_TW',],
 
     //  Application Fallback Locale
     'fallback_locale' => 'en',

app/Config/logging.php

@@ -1,5 +1,7 @@
 <?php
 
+use Monolog\Formatter\LineFormatter;
+use Monolog\Handler\ErrorLogHandler;
 use Monolog\Handler\NullHandler;
 use Monolog\Handler\StreamHandler;
 
@@ -73,10 +75,38 @@ return [
             'level' => 'debug',
         ],
 
+        // Custom errorlog implementation that logs out a plain,
+        // non-formatted message intended for the webserver log.
+        'errorlog_plain_webserver' => [
+            'driver' => 'monolog',
+            'level' => 'debug',
+            'handler' => ErrorLogHandler::class,
+            'handler_with' => [4],
+            'formatter' => LineFormatter::class,
+            'formatter_with' => [
+                'format' => "%message%",
+            ],
+        ],
+
         'null' => [
             'driver' => 'monolog',
             'handler' => NullHandler::class,
         ],
+
+        // Testing channel
+        // Uses a shared testing instance during tests
+        // so that logs can be checked against.
+        'testing' => [
+            'driver' => 'testing',
+        ],
+    ],
+
+
+    // Failed Login Message
+    // Allows a configurable message to be logged when a login request fails.
+    'failed_login' => [
+        'message' => env('LOG_FAILED_LOGIN_MESSAGE', null),
+        'channel' => env('LOG_FAILED_LOGIN_CHANNEL', 'errorlog_plain_webserver'),
     ],
 
 ];

app/Config/saml2.php

@@ -101,7 +101,7 @@ return [
                 'url' => env('SAML2_IDP_SLO', null),
                 // URL location of the IdP where the SP will send the SLO Response (ResponseLocation)
                 // if not set, url for the SLO Request will be used
-                'responseUrl' => '',
+                'responseUrl' => null,
                 // SAML protocol binding to be used when returning the <Response>
                 // message.  Onelogin Toolkit supports for this endpoint the
                 // HTTP-Redirect binding only

app/Config/snappy.php

@@ -13,7 +13,9 @@ return [
         'enabled' => true,
         'binary'  => file_exists(base_path('wkhtmltopdf')) ? base_path('wkhtmltopdf') : env('WKHTMLTOPDF', false),
         'timeout' => false,
-        'options' => [],
+        'options' => [
+            'outline' => true
+        ],
         'env'     => [],
     ],
     'image' => [

app/Console/Commands/ClearViews.php

@@ -18,7 +18,7 @@ class ClearViews extends Command
      *
      * @var string
      */
-    protected $description = 'Clear all view-counts for all entities.';
+    protected $description = 'Clear all view-counts for all entities';
 
     /**
      * Create a new command instance.

app/Console/Commands/CopyShelfPermissions.php

@@ -23,7 +23,7 @@ class CopyShelfPermissions extends Command
      *
      * @var string
      */
-    protected $description = 'Copy shelf permissions to all child books.';
+    protected $description = 'Copy shelf permissions to all child books';
 
     /**
      * @var BookshelfRepo

app/Console/Commands/DeleteUsers.php

@@ -25,7 +25,7 @@ class DeleteUsers extends Command
      *
      * @var string
      */
-    protected $description = 'Delete users that are not "admin" or system users.';
+    protected $description = 'Delete users that are not "admin" or system users';
 
     public function __construct(User $user, UserRepo $userRepo)
     {

app/Console/Commands/RegenerateCommentContent.php

@@ -0,0 +1,61 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use BookStack\Actions\Comment;
+use BookStack\Actions\CommentRepo;
+use Illuminate\Console\Command;
+
+class RegenerateCommentContent extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'bookstack:regenerate-comment-content {--database= : The database connection to use.}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Regenerate the stored HTML of all comments';
+
+    /**
+     * @var CommentRepo
+     */
+    protected $commentRepo;
+
+    /**
+     * Create a new command instance.
+     */
+    public function __construct(CommentRepo $commentRepo)
+    {
+        $this->commentRepo = $commentRepo;
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $connection = \DB::getDefaultConnection();
+        if ($this->option('database') !== null) {
+            \DB::setDefaultConnection($this->option('database'));
+        }
+
+        Comment::query()->chunk(100, function ($comments) {
+            foreach ($comments as $comment) {
+                $comment->html = $this->commentRepo->commentToHtml($comment->text);
+                $comment->save();
+            }
+        });
+
+        \DB::setDefaultConnection($connection);
+        $this->comment('Comment HTML content has been regenerated');
+    }
+}

app/Console/Commands/RegeneratePermissions.php

@@ -30,8 +30,6 @@ class RegeneratePermissions extends Command
 
     /**
      * Create a new command instance.
-     *
-     * @param \BookStack\Auth\\BookStack\Auth\Permissions\PermissionService $permissionService
      */
     public function __construct(PermissionService $permissionService)
     {

app/Console/Commands/RegenerateSearch.php

@@ -3,6 +3,7 @@
 namespace BookStack\Console\Commands;
 
 use BookStack\Entities\SearchService;
+use DB;
 use Illuminate\Console\Command;
 
 class RegenerateSearch extends Command
@@ -26,7 +27,7 @@ class RegenerateSearch extends Command
     /**
      * Create a new command instance.
      *
-     * @param \BookStack\Entities\SearchService $searchService
+     * @param SearchService $searchService
      */
     public function __construct(SearchService $searchService)
     {
@@ -41,14 +42,14 @@ class RegenerateSearch extends Command
      */
     public function handle()
     {
-        $connection = \DB::getDefaultConnection();
+        $connection = DB::getDefaultConnection();
         if ($this->option('database') !== null) {
-            \DB::setDefaultConnection($this->option('database'));
-            $this->searchService->setConnection(\DB::connection($this->option('database')));
+            DB::setDefaultConnection($this->option('database'));
+            $this->searchService->setConnection(DB::connection($this->option('database')));
         }
 
         $this->searchService->indexAllEntities();
-        \DB::setDefaultConnection($connection);
+        DB::setDefaultConnection($connection);
         $this->comment('Search index regenerated');
     }
 }

app/Console/Commands/UpdateUrl.php

@@ -0,0 +1,91 @@
+<?php
+
+namespace BookStack\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Database\Connection;
+
+class UpdateUrl extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'bookstack:update-url
+                            {oldUrl : URL to replace}
+                            {newUrl : URL to use as the replacement}';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Find and replace the given URLs in your BookStack database';
+
+    protected $db;
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct(Connection $db)
+    {
+        $this->db = $db;
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return mixed
+     */
+    public function handle()
+    {
+        $oldUrl = str_replace("'", '', $this->argument('oldUrl'));
+        $newUrl = str_replace("'", '', $this->argument('newUrl'));
+
+        $urlPattern = '/https?:\/\/(.+)/';
+        if (!preg_match($urlPattern, $oldUrl) || !preg_match($urlPattern, $newUrl)) {
+            $this->error("The given urls are expected to be full urls starting with http:// or https://");
+            return 1;
+        }
+
+        if (!$this->checkUserOkayToProceed($oldUrl, $newUrl)) {
+            return 1;
+        }
+
+        $columnsToUpdateByTable = [
+            "attachments" => ["path"],
+            "pages" => ["html", "text", "markdown"],
+            "images" => ["url"],
+            "comments" => ["html", "text"],
+        ];
+
+        foreach ($columnsToUpdateByTable as $table => $columns) {
+            foreach ($columns as $column) {
+                $changeCount = $this->db->table($table)->update([
+                    $column => $this->db->raw("REPLACE({$column}, '{$oldUrl}', '{$newUrl}')")
+                ]);
+                $this->info("Updated {$changeCount} rows in {$table}->{$column}");
+            }
+        }
+
+        $this->info("URL update procedure complete.");
+        return 0;
+    }
+
+    /**
+     * Warn the user of the dangers of this operation.
+     * Returns a boolean indicating if they've accepted the warnings.
+     */
+    protected function checkUserOkayToProceed(string $oldUrl, string $newUrl): bool
+    {
+        $dangerWarning = "This will search for \"{$oldUrl}\" in your database and replace it with  \"{$newUrl}\".\n";
+        $dangerWarning .= "Are you sure you want to proceed?";
+        $backupConfirmation = "This operation could cause issues if used incorrectly. Have you made a backup of your existing database?";
+
+        return $this->confirm($dangerWarning) && $this->confirm($backupConfirmation);
+    }
+}

app/Entities/Book.php

@@ -19,7 +19,7 @@ class Book extends Entity implements HasCoverImage
     public $searchFactor = 2;
 
     protected $fillable = ['name', 'description'];
-    protected $hidden = ['restricted'];
+    protected $hidden = ['restricted', 'pivot', 'image_id'];
 
     /**
      * Get the url for this book.

app/Entities/Bookshelf.php

@@ -12,6 +12,8 @@ class Bookshelf extends Entity implements HasCoverImage
 
     protected $fillable = ['name', 'description', 'image_id'];
 
+    protected $hidden = ['restricted', 'image_id'];
+
     /**
      * Get the books in this shelf.
      * Should not be used directly since does not take into account permissions.

app/Entities/Chapter.php

@@ -12,6 +12,7 @@ class Chapter extends BookChild
     public $searchFactor = 1.3;
 
     protected $fillable = ['name', 'description', 'priority', 'book_id'];
+    protected $hidden = ['restricted', 'pivot'];
 
     /**
      * Get the pages that this chapter contains.

app/Entities/Entity.php

@@ -238,10 +238,8 @@ class Entity extends Ownable
 
     /**
      * Gets a limited-length version of the entities name.
-     * @param int $length
-     * @return string
      */
-    public function getShortName($length = 25)
+    public function getShortName(int $length = 25): string
     {
         if (mb_strlen($this->name) <= $length) {
             return $this->name;
@@ -288,7 +286,7 @@ class Entity extends Ownable
     public function rebuildPermissions()
     {
         /** @noinspection PhpUnhandledExceptionInspection */
-        Permissions::buildJointPermissionsForEntity($this);
+        Permissions::buildJointPermissionsForEntity(clone $this);
     }
 
     /**
@@ -297,7 +295,7 @@ class Entity extends Ownable
     public function indexForSearch()
     {
         $searchService = app()->make(SearchService::class);
-        $searchService->indexEntity($this);
+        $searchService->indexEntity(clone $this);
     }
 
     /**

app/Entities/Managers/PageContent.php

@@ -108,7 +108,7 @@ class PageContent
     protected function toPlainText(): string
     {
         $html = $this->render(true);
-        return strip_tags($html);
+        return html_entity_decode(strip_tags($html));
     }
 
     /**

app/Entities/Page.php

@@ -21,12 +21,14 @@ use Permissions;
  */
 class Page extends BookChild
 {
-    protected $fillable = ['name', 'html', 'priority', 'markdown'];
+    protected $fillable = ['name', 'priority', 'markdown'];
 
     protected $simpleAttributes = ['name', 'id', 'slug'];
 
     public $textField = 'text';
 
+    protected $hidden = ['html', 'markdown', 'text', 'restricted', 'pivot'];
+
     /**
      * Get the entities that are visible to the current user.
      */

app/Entities/Repos/BookshelfRepo.php

@@ -28,8 +28,10 @@ class BookshelfRepo
      */
     public function getAllPaginated(int $count = 20, string $sort = 'name', string $order = 'asc'): LengthAwarePaginator
     {
-        return Bookshelf::visible()->with('visibleBooks')
-            ->orderBy($sort, $order)->paginate($count);
+        return Bookshelf::visible()
+            ->with('visibleBooks')
+            ->orderBy($sort, $order)
+            ->paginate($count);
     }
 
     /**
@@ -91,10 +93,14 @@ class BookshelfRepo
     /**
      * Create a new shelf in the system.
      */
-    public function update(Bookshelf $shelf, array $input, array $bookIds): Bookshelf
+    public function update(Bookshelf $shelf, array $input, ?array $bookIds): Bookshelf
     {
         $this->baseRepo->update($shelf, $input);
-        $this->updateBooks($shelf, $bookIds);
+
+        if (!is_null($bookIds)) {
+            $this->updateBooks($shelf, $bookIds);
+        }
+
         return $shelf;
     }
 

app/Entities/Repos/PageRepo.php

@@ -180,12 +180,11 @@ class PageRepo
             $page->template = ($input['template'] === 'true');
         }
 
+        $pageContent = new PageContent($page);
+        $pageContent->setNewHTML($input['html']);
         $this->baseRepo->update($page, $input);
 
         // Update with new details
-        $page->fill($input);
-        $pageContent = new PageContent($page);
-        $pageContent->setNewHTML($input['html']);
         $page->revision_count++;
 
         if (setting('app-editor') !== 'markdown') {
@@ -211,7 +210,7 @@ class PageRepo
      */
     protected function savePageRevision(Page $page, string $summary = null)
     {
-        $revision = new PageRevision($page->toArray());
+        $revision = new PageRevision($page->getAttributes());
 
         if (setting('app-editor') !== 'markdown') {
             $revision->markdown = '';
@@ -279,7 +278,7 @@ class PageRepo
         $revision = $page->revisions()->where('id', '=', $revisionId)->first();
         $page->fill($revision->toArray());
         $content = new PageContent($page);
-        $content->setNewHTML($page->html);
+        $content->setNewHTML($revision->html);
         $page->updated_by = user()->id;
         $page->refreshSlug();
         $page->save();

app/Entities/SearchOptions.php

@@ -0,0 +1,141 @@
+<?php namespace BookStack\Entities;
+
+use Illuminate\Http\Request;
+
+class SearchOptions
+{
+
+    /**
+     * @var array
+     */
+    public $searches = [];
+
+    /**
+     * @var array
+     */
+    public $exacts = [];
+
+    /**
+     * @var array
+     */
+    public $tags = [];
+
+    /**
+     * @var array
+     */
+    public $filters = [];
+
+    /**
+     * Create a new instance from a search string.
+     */
+    public static function fromString(string $search): SearchOptions
+    {
+        $decoded = static::decode($search);
+        $instance = new static();
+        foreach ($decoded as $type => $value) {
+            $instance->$type = $value;
+        }
+        return $instance;
+    }
+
+    /**
+     * Create a new instance from a request.
+     * Will look for a classic string term and use that
+     * Otherwise we'll use the details from an advanced search form.
+     */
+    public static function fromRequest(Request $request): SearchOptions
+    {
+        if (!$request->has('search') && !$request->has('term')) {
+            return static::fromString('');
+        }
+
+        if ($request->has('term')) {
+            return static::fromString($request->get('term'));
+        }
+
+        $instance = new static();
+        $inputs = $request->only(['search', 'types', 'filters', 'exact', 'tags']);
+        $instance->searches = explode(' ', $inputs['search'] ?? []);
+        $instance->exacts = array_filter($inputs['exact'] ?? []);
+        $instance->tags = array_filter($inputs['tags'] ?? []);
+        foreach (($inputs['filters'] ?? []) as $filterKey => $filterVal) {
+            if (empty($filterVal)) {
+                continue;
+            }
+            $instance->filters[$filterKey] = $filterVal === 'true' ? '' : $filterVal;
+        }
+        if (isset($inputs['types']) && count($inputs['types']) < 4) {
+            $instance->filters['type'] = implode('|', $inputs['types']);
+        }
+        return $instance;
+    }
+
+    /**
+     * Decode a search string into an array of terms.
+     */
+    protected static function decode(string $searchString): array
+    {
+        $terms = [
+            'searches' => [],
+            'exacts' => [],
+            'tags' => [],
+            'filters' => []
+        ];
+
+        $patterns = [
+            'exacts' => '/"(.*?)"/',
+            'tags' => '/\[(.*?)\]/',
+            'filters' => '/\{(.*?)\}/'
+        ];
+
+        // Parse special terms
+        foreach ($patterns as $termType => $pattern) {
+            $matches = [];
+            preg_match_all($pattern, $searchString, $matches);
+            if (count($matches) > 0) {
+                $terms[$termType] = $matches[1];
+                $searchString = preg_replace($pattern, '', $searchString);
+            }
+        }
+
+        // Parse standard terms
+        foreach (explode(' ', trim($searchString)) as $searchTerm) {
+            if ($searchTerm !== '') {
+                $terms['searches'][] = $searchTerm;
+            }
+        }
+
+        // Split filter values out
+        $splitFilters = [];
+        foreach ($terms['filters'] as $filter) {
+            $explodedFilter = explode(':', $filter, 2);
+            $splitFilters[$explodedFilter[0]] = (count($explodedFilter) > 1) ? $explodedFilter[1] : '';
+        }
+        $terms['filters'] = $splitFilters;
+
+        return $terms;
+    }
+
+    /**
+     * Encode this instance to a search string.
+     */
+    public function toString(): string
+    {
+        $string = implode(' ', $this->searches ?? []);
+
+        foreach ($this->exacts as $term) {
+            $string .= ' "' . $term . '"';
+        }
+
+        foreach ($this->tags as $term) {
+            $string .= " [{$term}]";
+        }
+
+        foreach ($this->filters as $filterName => $filterVal) {
+            $string .= ' {' . $filterName . ($filterVal ? ':' . $filterVal : '') . '}';
+        }
+
+        return $string;
+    }
+
+}

app/Entities/SearchService.php

@@ -39,10 +39,6 @@ class SearchService
 
     /**
      * SearchService constructor.
-     * @param SearchTerm $searchTerm
-     * @param EntityProvider $entityProvider
-     * @param Connection $db
-     * @param PermissionService $permissionService
      */
     public function __construct(SearchTerm $searchTerm, EntityProvider $entityProvider, Connection $db, PermissionService $permissionService)
     {
@@ -54,7 +50,6 @@ class SearchService
 
     /**
      * Set the database connection
-     * @param Connection $connection
      */
     public function setConnection(Connection $connection)
     {
@@ -63,23 +58,18 @@ class SearchService
 
     /**
      * Search all entities in the system.
-     * @param string $searchString
-     * @param string $entityType
-     * @param int $page
-     * @param int $count - Count of each entity to search, Total returned could can be larger and not guaranteed.
-     * @param string $action
-     * @return array[int, Collection];
+     * The provided count is for each entity to search,
+     * Total returned could can be larger and not guaranteed.
      */
-    public function searchEntities($searchString, $entityType = 'all', $page = 1, $count = 20, $action = 'view')
+    public function searchEntities(SearchOptions $searchOpts, string $entityType = 'all', int $page = 1, int $count = 20, string $action = 'view'): array
     {
-        $terms = $this->parseSearchString($searchString);
         $entityTypes = array_keys($this->entityProvider->all());
         $entityTypesToSearch = $entityTypes;
 
         if ($entityType !== 'all') {
             $entityTypesToSearch = $entityType;
-        } else if (isset($terms['filters']['type'])) {
-            $entityTypesToSearch = explode('|', $terms['filters']['type']);
+        } else if (isset($searchOpts->filters['type'])) {
+            $entityTypesToSearch = explode('|', $searchOpts->filters['type']);
         }
 
         $results = collect();
@@ -90,8 +80,8 @@ class SearchService
             if (!in_array($entityType, $entityTypes)) {
                 continue;
             }
-            $search = $this->searchEntityTable($terms, $entityType, $page, $count, $action);
-            $entityTotal = $this->searchEntityTable($terms, $entityType, $page, $count, $action, true);
+            $search = $this->searchEntityTable($searchOpts, $entityType, $page, $count, $action);
+            $entityTotal = $this->searchEntityTable($searchOpts, $entityType, $page, $count, $action, true);
             if ($entityTotal > $page * $count) {
                 $hasMore = true;
             }
@@ -103,29 +93,26 @@ class SearchService
             'total' => $total,
             'count' => count($results),
             'has_more' => $hasMore,
-            'results' => $results->sortByDesc('score')->values()
+            'results' => $results->sortByDesc('score')->values(),
         ];
     }
 
 
     /**
      * Search a book for entities
-     * @param integer $bookId
-     * @param string $searchString
-     * @return Collection
      */
-    public function searchBook($bookId, $searchString)
+    public function searchBook(int $bookId, string $searchString): Collection
     {
-        $terms = $this->parseSearchString($searchString);
+        $opts = SearchOptions::fromString($searchString);
         $entityTypes = ['page', 'chapter'];
-        $entityTypesToSearch = isset($terms['filters']['type']) ? explode('|', $terms['filters']['type']) : $entityTypes;
+        $entityTypesToSearch = isset($opts->filters['type']) ? explode('|', $opts->filters['type']) : $entityTypes;
 
         $results = collect();
         foreach ($entityTypesToSearch as $entityType) {
             if (!in_array($entityType, $entityTypes)) {
                 continue;
             }
-            $search = $this->buildEntitySearchQuery($terms, $entityType)->where('book_id', '=', $bookId)->take(20)->get();
+            $search = $this->buildEntitySearchQuery($opts, $entityType)->where('book_id', '=', $bookId)->take(20)->get();
             $results = $results->merge($search);
         }
         return $results->sortByDesc('score')->take(20);
@@ -133,30 +120,23 @@ class SearchService
 
     /**
      * Search a book for entities
-     * @param integer $chapterId
-     * @param string $searchString
-     * @return Collection
      */
-    public function searchChapter($chapterId, $searchString)
+    public function searchChapter(int $chapterId, string $searchString): Collection
     {
-        $terms = $this->parseSearchString($searchString);
-        $pages = $this->buildEntitySearchQuery($terms, 'page')->where('chapter_id', '=', $chapterId)->take(20)->get();
+        $opts = SearchOptions::fromString($searchString);
+        $pages = $this->buildEntitySearchQuery($opts, 'page')->where('chapter_id', '=', $chapterId)->take(20)->get();
         return $pages->sortByDesc('score');
     }
 
     /**
      * Search across a particular entity type.
-     * @param array $terms
-     * @param string $entityType
-     * @param int $page
-     * @param int $count
-     * @param string $action
-     * @param bool $getCount Return the total count of the search
+     * Setting getCount = true will return the total
+     * matching instead of the items themselves.
      * @return \Illuminate\Database\Eloquent\Collection|int|static[]
      */
-    public function searchEntityTable($terms, $entityType = 'page', $page = 1, $count = 20, $action = 'view', $getCount = false)
+    public function searchEntityTable(SearchOptions $searchOpts, string $entityType = 'page', int $page = 1, int $count = 20, string $action = 'view', bool $getCount = false)
     {
-        $query = $this->buildEntitySearchQuery($terms, $entityType, $action);
+        $query = $this->buildEntitySearchQuery($searchOpts, $entityType, $action);
         if ($getCount) {
             return $query->count();
         }
@@ -167,22 +147,18 @@ class SearchService
 
     /**
      * Create a search query for an entity
-     * @param array $terms
-     * @param string $entityType
-     * @param string $action
-     * @return EloquentBuilder
      */
-    protected function buildEntitySearchQuery($terms, $entityType = 'page', $action = 'view')
+    protected function buildEntitySearchQuery(SearchOptions $searchOpts, string $entityType = 'page', string $action = 'view'): EloquentBuilder
     {
         $entity = $this->entityProvider->get($entityType);
         $entitySelect = $entity->newQuery();
 
         // Handle normal search terms
-        if (count($terms['search']) > 0) {
+        if (count($searchOpts->searches) > 0) {
             $subQuery = $this->db->table('search_terms')->select('entity_id', 'entity_type', \DB::raw('SUM(score) as score'));
             $subQuery->where('entity_type', '=', $entity->getMorphClass());
-            $subQuery->where(function (Builder $query) use ($terms) {
-                foreach ($terms['search'] as $inputTerm) {
+            $subQuery->where(function (Builder $query) use ($searchOpts) {
+                foreach ($searchOpts->searches as $inputTerm) {
                     $query->orWhere('term', 'like', $inputTerm .'%');
                 }
             })->groupBy('entity_type', 'entity_id');
@@ -193,9 +169,9 @@ class SearchService
         }
 
         // Handle exact term matching
-        if (count($terms['exact']) > 0) {
-            $entitySelect->where(function (EloquentBuilder $query) use ($terms, $entity) {
-                foreach ($terms['exact'] as $inputTerm) {
+        if (count($searchOpts->exacts) > 0) {
+            $entitySelect->where(function (EloquentBuilder $query) use ($searchOpts, $entity) {
+                foreach ($searchOpts->exacts as $inputTerm) {
                     $query->where(function (EloquentBuilder $query) use ($inputTerm, $entity) {
                         $query->where('name', 'like', '%'.$inputTerm .'%')
                             ->orWhere($entity->textField, 'like', '%'.$inputTerm .'%');
@@ -205,12 +181,12 @@ class SearchService
         }
 
         // Handle tag searches
-        foreach ($terms['tags'] as $inputTerm) {
+        foreach ($searchOpts->tags as $inputTerm) {
             $this->applyTagSearch($entitySelect, $inputTerm);
         }
 
         // Handle filters
-        foreach ($terms['filters'] as $filterTerm => $filterValue) {
+        foreach ($searchOpts->filters as $filterTerm => $filterValue) {
             $functionName = Str::camel('filter_' . $filterTerm);
             if (method_exists($this, $functionName)) {
                 $this->$functionName($entitySelect, $entity, $filterValue);
@@ -220,60 +196,10 @@ class SearchService
         return $this->permissionService->enforceEntityRestrictions($entityType, $entitySelect, $action);
     }
 
-
-    /**
-     * Parse a search string into components.
-     * @param $searchString
-     * @return array
-     */
-    protected function parseSearchString($searchString)
-    {
-        $terms = [
-            'search' => [],
-            'exact' => [],
-            'tags' => [],
-            'filters' => []
-        ];
-
-        $patterns = [
-            'exact' => '/"(.*?)"/',
-            'tags' => '/\[(.*?)\]/',
-            'filters' => '/\{(.*?)\}/'
-        ];
-
-        // Parse special terms
-        foreach ($patterns as $termType => $pattern) {
-            $matches = [];
-            preg_match_all($pattern, $searchString, $matches);
-            if (count($matches) > 0) {
-                $terms[$termType] = $matches[1];
-                $searchString = preg_replace($pattern, '', $searchString);
-            }
-        }
-
-        // Parse standard terms
-        foreach (explode(' ', trim($searchString)) as $searchTerm) {
-            if ($searchTerm !== '') {
-                $terms['search'][] = $searchTerm;
-            }
-        }
-
-        // Split filter values out
-        $splitFilters = [];
-        foreach ($terms['filters'] as $filter) {
-            $explodedFilter = explode(':', $filter, 2);
-            $splitFilters[$explodedFilter[0]] = (count($explodedFilter) > 1) ? $explodedFilter[1] : '';
-        }
-        $terms['filters'] = $splitFilters;
-
-        return $terms;
-    }
-
     /**
      * Get the available query operators as a regex escaped list.
-     * @return mixed
      */
-    protected function getRegexEscapedOperators()
+    protected function getRegexEscapedOperators(): string
     {
         $escapedOperators = [];
         foreach ($this->queryOperators as $operator) {
@@ -284,11 +210,8 @@ class SearchService
 
     /**
      * Apply a tag search term onto a entity query.
-     * @param EloquentBuilder $query
-     * @param string $tagTerm
-     * @return mixed
      */
-    protected function applyTagSearch(EloquentBuilder $query, $tagTerm)
+    protected function applyTagSearch(EloquentBuilder $query, string $tagTerm): EloquentBuilder
     {
         preg_match("/^(.*?)((".$this->getRegexEscapedOperators().")(.*?))?$/", $tagTerm, $tagSplit);
         $query->whereHas('tags', function (EloquentBuilder $query) use ($tagSplit) {
@@ -318,7 +241,6 @@ class SearchService
 
     /**
      * Index the given entity.
-     * @param Entity $entity
      */
     public function indexEntity(Entity $entity)
     {

app/Entities/SlugGenerator.php

@@ -1,5 +1,7 @@
 <?php namespace BookStack\Entities;
 
+use Illuminate\Support\Str;
+
 class SlugGenerator
 {
 
@@ -32,9 +34,7 @@ class SlugGenerator
      */
     protected function formatNameAsSlug(string $name): string
     {
-        $slug = preg_replace('/[\+\/\\\?\@\}\{\.\,\=\[\]\#\&\!\*\'\;\:\$\%]/', '', mb_strtolower($name));
-        $slug = preg_replace('/\s{2,}/', ' ', $slug);
-        $slug = str_replace(' ', '-', $slug);
+        $slug = Str::slug($name);
         if ($slug === "") {
             $slug = substr(md5(rand(1, 500)), 0, 5);
         }

app/Exceptions/Handler.php

@@ -9,7 +9,6 @@ use Illuminate\Database\Eloquent\ModelNotFoundException;
 use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Validation\ValidationException;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -26,6 +25,7 @@ class Handler extends ExceptionHandler
         HttpException::class,
         ModelNotFoundException::class,
         ValidationException::class,
+        NotFoundException::class,
     ];
 
     /**

app/Exceptions/NotifyException.php

@@ -8,8 +8,6 @@ class NotifyException extends \Exception
 
     /**
      * NotifyException constructor.
-     * @param string $message
-     * @param string    $redirectLocation
      */
     public function __construct(string $message, string $redirectLocation = "/")
     {

app/Http/Controllers/Api/BookApiController.php

@@ -8,7 +8,7 @@ use Illuminate\Contracts\Container\BindingResolutionException;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
 
-class BooksApiController extends ApiController
+class BookApiController extends ApiController
 {
 
     protected $bookRepo;
@@ -17,10 +17,12 @@ class BooksApiController extends ApiController
         'create' => [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
+            'tags' => 'array',
         ],
         'update' => [
             'name' => 'string|min:1|max:255',
             'description' => 'string|max:1000',
+            'tags' => 'array',
         ],
     ];
 

app/Http/Controllers/Api/BookExportApiController.php

@@ -0,0 +1,54 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Book;
+use BookStack\Entities\ExportService;
+use BookStack\Entities\Repos\BookRepo;
+use Throwable;
+
+class BookExportApiController extends ApiController
+{
+    protected $bookRepo;
+    protected $exportService;
+
+    /**
+     * BookExportController constructor.
+     */
+    public function __construct(BookRepo $bookRepo, ExportService $exportService)
+    {
+        $this->bookRepo = $bookRepo;
+        $this->exportService = $exportService;
+        parent::__construct();
+    }
+
+    /**
+     * Export a book as a PDF file.
+     * @throws Throwable
+     */
+    public function exportPdf(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $pdfContent = $this->exportService->bookToPdf($book);
+        return $this->downloadResponse($pdfContent, $book->slug . '.pdf');
+    }
+
+    /**
+     * Export a book as a contained HTML file.
+     * @throws Throwable
+     */
+    public function exportHtml(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $htmlContent = $this->exportService->bookToContainedHtml($book);
+        return $this->downloadResponse($htmlContent, $book->slug . '.html');
+    }
+
+    /**
+     * Export a book as a plain text file.
+     */
+    public function exportPlainText(int $id)
+    {
+        $book = Book::visible()->findOrFail($id);
+        $textContent = $this->exportService->bookToPlainText($book);
+        return $this->downloadResponse($textContent, $book->slug . '.txt');
+    }
+}

app/Http/Controllers/Api/BookshelfApiController.php

@@ -0,0 +1,122 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Facades\Activity;
+use BookStack\Entities\Repos\BookshelfRepo;
+use BookStack\Entities\Bookshelf;
+use Exception;
+use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
+
+class BookshelfApiController extends ApiController
+{
+
+    /**
+     * @var BookshelfRepo
+     */
+    protected $bookshelfRepo;
+
+    protected $rules = [
+        'create' => [
+            'name' => 'required|string|max:255',
+            'description' => 'string|max:1000',
+            'books' => 'array',
+        ],
+        'update' => [
+            'name' => 'string|min:1|max:255',
+            'description' => 'string|max:1000',
+            'books' => 'array',
+        ],
+    ];
+
+    /**
+     * BookshelfApiController constructor.
+     * @param BookshelfRepo $bookshelfRepo
+     */
+    public function __construct(BookshelfRepo $bookshelfRepo)
+    {
+        $this->bookshelfRepo = $bookshelfRepo;
+    }
+
+    /**
+     * Get a listing of shelves visible to the user.
+     */
+    public function list()
+    {
+        $shelves = Bookshelf::visible();
+        return $this->apiListingResponse($shelves, [
+            'id', 'name', 'slug', 'description', 'created_at', 'updated_at', 'created_by', 'updated_by', 'image_id',
+        ]);
+    }
+
+    /**
+     * Create a new shelf in the system.
+     * An array of books IDs can be provided in the request. These
+     * will be added to the shelf in the same order as provided.
+     * @throws ValidationException
+     */
+    public function create(Request $request)
+    {
+        $this->checkPermission('bookshelf-create-all');
+        $requestData = $this->validate($request, $this->rules['create']);
+
+        $bookIds = $request->get('books', []);
+        $shelf = $this->bookshelfRepo->create($requestData, $bookIds);
+
+        Activity::add($shelf, 'bookshelf_create', $shelf->id);
+        return response()->json($shelf);
+    }
+
+    /**
+     * View the details of a single shelf.
+     */
+    public function read(string $id)
+    {
+        $shelf = Bookshelf::visible()->with([
+            'tags', 'cover', 'createdBy', 'updatedBy',
+            'books' => function (BelongsToMany $query) {
+                $query->visible()->get(['id', 'name', 'slug']);
+            }
+        ])->findOrFail($id);
+        return response()->json($shelf);
+    }
+
+    /**
+     * Update the details of a single shelf.
+     * An array of books IDs can be provided in the request. These
+     * will be added to the shelf in the same order as provided and overwrite
+     * any existing book assignments.
+     * @throws ValidationException
+     */
+    public function update(Request $request, string $id)
+    {
+        $shelf = Bookshelf::visible()->findOrFail($id);
+        $this->checkOwnablePermission('bookshelf-update', $shelf);
+
+        $requestData = $this->validate($request, $this->rules['update']);
+
+        $bookIds = $request->get('books', null);
+
+        $shelf = $this->bookshelfRepo->update($shelf, $requestData, $bookIds);
+        Activity::add($shelf, 'bookshelf_update', $shelf->id);
+
+        return response()->json($shelf);
+    }
+
+
+
+    /**
+     * Delete a single shelf from the system.
+     * @throws Exception
+     */
+    public function delete(string $id)
+    {
+        $shelf = Bookshelf::visible()->findOrFail($id);
+        $this->checkOwnablePermission('bookshelf-delete', $shelf);
+
+        $this->bookshelfRepo->destroy($shelf);
+        Activity::addMessage('bookshelf_delete', $shelf->name);
+
+        return response('', 204);
+    }
+}

app/Http/Controllers/Api/ChapterApiController.php

@@ -0,0 +1,104 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Book;
+use BookStack\Entities\Chapter;
+use BookStack\Entities\Repos\ChapterRepo;
+use BookStack\Facades\Activity;
+use Illuminate\Database\Eloquent\Relations\HasMany;
+use Illuminate\Http\Request;
+
+class ChapterApiController extends ApiController
+{
+    protected $chapterRepo;
+
+    protected $rules = [
+        'create' => [
+            'book_id' => 'required|integer',
+            'name' => 'required|string|max:255',
+            'description' => 'string|max:1000',
+            'tags' => 'array',
+        ],
+        'update' => [
+            'book_id' => 'integer',
+            'name' => 'string|min:1|max:255',
+            'description' => 'string|max:1000',
+            'tags' => 'array',
+        ],
+    ];
+
+    /**
+     * ChapterController constructor.
+     */
+    public function __construct(ChapterRepo $chapterRepo)
+    {
+        $this->chapterRepo = $chapterRepo;
+    }
+
+    /**
+     * Get a listing of chapters visible to the user.
+     */
+    public function list()
+    {
+        $chapters = Chapter::visible();
+        return $this->apiListingResponse($chapters, [
+            'id', 'book_id', 'name', 'slug', 'description', 'priority',
+            'created_at', 'updated_at', 'created_by', 'updated_by',
+        ]);
+    }
+
+    /**
+     * Create a new chapter in the system.
+     */
+    public function create(Request $request)
+    {
+        $this->validate($request, $this->rules['create']);
+
+        $bookId = $request->get('book_id');
+        $book = Book::visible()->findOrFail($bookId);
+        $this->checkOwnablePermission('chapter-create', $book);
+
+        $chapter = $this->chapterRepo->create($request->all(), $book);
+        Activity::add($chapter, 'chapter_create', $book->id);
+
+        return response()->json($chapter->load(['tags']));
+    }
+
+    /**
+     * View the details of a single chapter.
+     */
+    public function read(string $id)
+    {
+        $chapter = Chapter::visible()->with(['tags', 'createdBy', 'updatedBy', 'pages' => function (HasMany $query) {
+            $query->visible()->get(['id', 'name', 'slug']);
+        }])->findOrFail($id);
+        return response()->json($chapter);
+    }
+
+    /**
+     * Update the details of a single chapter.
+     */
+    public function update(Request $request, string $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $this->checkOwnablePermission('chapter-update', $chapter);
+
+        $updatedChapter = $this->chapterRepo->update($chapter, $request->all());
+        Activity::add($chapter, 'chapter_update', $chapter->book->id);
+
+        return response()->json($updatedChapter->load(['tags']));
+    }
+
+    /**
+     * Delete a chapter from the system.
+     */
+    public function delete(string $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $this->checkOwnablePermission('chapter-delete', $chapter);
+
+        $this->chapterRepo->destroy($chapter);
+        Activity::addMessage('chapter_delete', $chapter->name, $chapter->book->id);
+
+        return response('', 204);
+    }
+}

app/Http/Controllers/Api/ChapterExportApiController.php

@@ -0,0 +1,54 @@
+<?php namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Chapter;
+use BookStack\Entities\ExportService;
+use BookStack\Entities\Repos\BookRepo;
+use Throwable;
+
+class ChapterExportApiController extends ApiController
+{
+    protected $chapterRepo;
+    protected $exportService;
+
+    /**
+     * ChapterExportController constructor.
+     */
+    public function __construct(BookRepo $chapterRepo, ExportService $exportService)
+    {
+        $this->chapterRepo = $chapterRepo;
+        $this->exportService = $exportService;
+        parent::__construct();
+    }
+
+    /**
+     * Export a chapter as a PDF file.
+     * @throws Throwable
+     */
+    public function exportPdf(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $pdfContent = $this->exportService->chapterToPdf($chapter);
+        return $this->downloadResponse($pdfContent, $chapter->slug . '.pdf');
+    }
+
+    /**
+     * Export a chapter as a contained HTML file.
+     * @throws Throwable
+     */
+    public function exportHtml(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $htmlContent = $this->exportService->chapterToContainedHtml($chapter);
+        return $this->downloadResponse($htmlContent, $chapter->slug . '.html');
+    }
+
+    /**
+     * Export a chapter as a plain text file.
+     */
+    public function exportPlainText(int $id)
+    {
+        $chapter = Chapter::visible()->findOrFail($id);
+        $textContent = $this->exportService->chapterToPlainText($chapter);
+        return $this->downloadResponse($textContent, $chapter->slug . '.txt');
+    }
+}

app/Http/Controllers/AttachmentController.php

@@ -8,6 +8,7 @@ use BookStack\Uploads\AttachmentService;
 use Exception;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
 use Illuminate\Http\Request;
+use Illuminate\Support\MessageBag;
 use Illuminate\Validation\ValidationException;
 
 class AttachmentController extends Controller
@@ -60,25 +61,17 @@ class AttachmentController extends Controller
     /**
      * Update an uploaded attachment.
      * @throws ValidationException
-     * @throws NotFoundException
      */
     public function uploadUpdate(Request $request, $attachmentId)
     {
         $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
             'file' => 'required|file'
         ]);
 
-        $pageId = $request->get('uploaded_to');
-        $page = $this->pageRepo->getById($pageId);
-        $attachment = $this->attachment->findOrFail($attachmentId);
-
-        $this->checkOwnablePermission('page-update', $page);
+        $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+        $this->checkOwnablePermission('view', $attachment->page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
         $this->checkOwnablePermission('attachment-create', $attachment);
-        
-        if (intval($pageId) !== intval($attachment->uploaded_to)) {
-            return $this->jsonError(trans('errors.attachment_page_mismatch'));
-        }
 
         $uploadedFile = $request->file('file');
 
@@ -92,57 +85,87 @@ class AttachmentController extends Controller
     }
 
     /**
-     * Update the details of an existing file.
-     * @throws ValidationException
-     * @throws NotFoundException
+     * Get the update form for an attachment.
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
-    public function update(Request $request, $attachmentId)
+    public function getUpdateForm(string $attachmentId)
     {
-        $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
-            'name' => 'required|string|min:1|max:255',
-            'link' =>  'string|min:1|max:255'
-        ]);
-
-        $pageId = $request->get('uploaded_to');
-        $page = $this->pageRepo->getById($pageId);
         $attachment = $this->attachment->findOrFail($attachmentId);
 
-        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
         $this->checkOwnablePermission('attachment-create', $attachment);
 
-        if (intval($pageId) !== intval($attachment->uploaded_to)) {
-            return $this->jsonError(trans('errors.attachment_page_mismatch'));
+        return view('attachments.manager-edit-form', [
+            'attachment' => $attachment,
+        ]);
+    }
+
+    /**
+     * Update the details of an existing file.
+     */
+    public function update(Request $request, string $attachmentId)
+    {
+        $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+
+        try {
+            $this->validate($request, [
+                'attachment_edit_name' => 'required|string|min:1|max:255',
+                'attachment_edit_url' =>  'string|min:1|max:255'
+            ]);
+        } catch (ValidationException $exception) {
+            return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
+                'attachment' => $attachment,
+                'errors' => new MessageBag($exception->errors()),
+            ]), 422);
         }
 
-        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
-        return response()->json($attachment);
+        $this->checkOwnablePermission('view', $attachment->page);
+        $this->checkOwnablePermission('page-update', $attachment->page);
+        $this->checkOwnablePermission('attachment-create', $attachment);
+
+        $attachment = $this->attachmentService->updateFile($attachment, [
+            'name' => $request->get('attachment_edit_name'),
+            'link' => $request->get('attachment_edit_url'),
+        ]);
+
+        return view('attachments.manager-edit-form', [
+            'attachment' => $attachment,
+        ]);
     }
 
     /**
      * Attach a link to a page.
-     * @throws ValidationException
      * @throws NotFoundException
      */
     public function attachLink(Request $request)
     {
-        $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
-            'name' => 'required|string|min:1|max:255',
-            'link' =>  'required|string|min:1|max:255'
-        ]);
+        $pageId = $request->get('attachment_link_uploaded_to');
+
+        try {
+            $this->validate($request, [
+                'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
+                'attachment_link_name' => 'required|string|min:1|max:255',
+                'attachment_link_url' =>  'required|string|min:1|max:255'
+            ]);
+        } catch (ValidationException $exception) {
+            return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
+                'pageId' => $pageId,
+                'errors' => new MessageBag($exception->errors()),
+            ]), 422);
+        }
 
-        $pageId = $request->get('uploaded_to');
         $page = $this->pageRepo->getById($pageId);
 
         $this->checkPermission('attachment-create-all');
         $this->checkOwnablePermission('page-update', $page);
 
-        $attachmentName = $request->get('name');
-        $link = $request->get('link');
+        $attachmentName = $request->get('attachment_link_name');
+        $link = $request->get('attachment_link_url');
         $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
 
-        return response()->json($attachment);
+        return view('attachments.manager-link-form', [
+            'pageId' => $pageId,
+        ]);
     }
 
     /**
@@ -152,7 +175,9 @@ class AttachmentController extends Controller
     {
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-view', $page);
-        return response()->json($page->attachments);
+        return view('attachments.manager-list', [
+            'attachments' => $page->attachments->all(),
+        ]);
     }
 
     /**
@@ -163,14 +188,13 @@ class AttachmentController extends Controller
     public function sortForPage(Request $request, int $pageId)
     {
         $this->validate($request, [
-            'files' => 'required|array',
-            'files.*.id' => 'required|integer',
+            'order' => 'required|array',
         ]);
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-update', $page);
 
-        $attachments = $request->get('files');
-        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
+        $attachmentOrder = $request->get('order');
+        $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
         return response()->json(['message' => trans('entities.attachments_order_updated')]);
     }
 
@@ -179,7 +203,7 @@ class AttachmentController extends Controller
      * @throws FileNotFoundException
      * @throws NotFoundException
      */
-    public function get(int $attachmentId)
+    public function get(string $attachmentId)
     {
         $attachment = $this->attachment->findOrFail($attachmentId);
         try {
@@ -200,11 +224,9 @@ class AttachmentController extends Controller
 
     /**
      * Delete a specific attachment in the system.
-     * @param $attachmentId
-     * @return mixed
      * @throws Exception
      */
-    public function delete(int $attachmentId)
+    public function delete(string $attachmentId)
     {
         $attachment = $this->attachment->findOrFail($attachmentId);
         $this->checkOwnablePermission('attachment-delete', $attachment);

app/Http/Controllers/AuditLogController.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace BookStack\Http\Controllers;
+
+use BookStack\Actions\Activity;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+
+class AuditLogController extends Controller
+{
+
+    public function index(Request $request)
+    {
+        $this->checkPermission('settings-manage');
+        $this->checkPermission('users-manage');
+
+        $listDetails = [
+            'order' => $request->get('order', 'desc'),
+            'event' => $request->get('event', ''),
+            'sort' => $request->get('sort', 'created_at'),
+            'date_from' => $request->get('date_from', ''),
+            'date_to' => $request->get('date_to', ''),
+        ];
+
+        $query = Activity::query()
+            ->with(['entity', 'user'])
+            ->orderBy($listDetails['sort'], $listDetails['order']);
+
+        if ($listDetails['event']) {
+            $query->where('key', '=', $listDetails['event']);
+        }
+
+        if ($listDetails['date_from']) {
+            $query->where('created_at', '>=', $listDetails['date_from']);
+        }
+        if ($listDetails['date_to']) {
+            $query->where('created_at', '<=', $listDetails['date_to']);
+        }
+
+        $activities = $query->paginate(100);
+        $activities->appends($listDetails);
+
+        $keys = DB::table('activities')->select('key')->distinct()->pluck('key');
+        $this->setPageTitle(trans('settings.audit'));
+        return view('settings.audit', [
+            'activities' => $activities,
+            'listDetails' => $listDetails,
+            'activityKeys' => $keys,
+        ]);
+    }
+}

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -5,7 +5,7 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
 use Illuminate\Http\Request;
-use Password;
+use Illuminate\Support\Facades\Password;
 
 class ForgotPasswordController extends Controller
 {
@@ -52,8 +52,8 @@ class ForgotPasswordController extends Controller
             $request->only('email')
         );
 
-        if ($response === Password::RESET_LINK_SENT) {
-            $message = trans('auth.reset_password_sent_success', ['email' => $request->get('email')]);
+        if ($response === Password::RESET_LINK_SENT || $response === Password::INVALID_USER) {
+            $message = trans('auth.reset_password_sent', ['email' => $request->get('email')]);
             $this->showSuccessNotification($message);
             return back()->with('status', trans($response));
         }

app/Http/Controllers/Auth/LoginController.php

@@ -2,6 +2,7 @@
 
 namespace BookStack\Http\Controllers\Auth;
 
+use Activity;
 use BookStack\Auth\Access\SocialAuthService;
 use BookStack\Exceptions\LoginAttemptEmailNeededException;
 use BookStack\Exceptions\LoginAttemptException;
@@ -76,6 +77,15 @@ class LoginController extends Controller
             ]);
         }
 
+        // Store the previous location for redirect after login
+        $previous = url()->previous('');
+        if ($previous && $previous !== url('/login') && setting('app-public')) {
+            $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
+            if ($isPreviousFromInstance) {
+                redirect()->setIntendedUrl($previous);
+            }
+        }
+
         return view('auth.login', [
           'socialDrivers' => $socialDrivers,
           'authMethod' => $authMethod,
@@ -93,6 +103,7 @@ class LoginController extends Controller
     public function login(Request $request)
     {
         $this->validateLogin($request);
+        $username = $request->get($this->username());
 
         // If the class is using the ThrottlesLogins trait, we can automatically throttle
         // the login attempts for this application. We'll key this by the username and
@@ -101,6 +112,7 @@ class LoginController extends Controller
             $this->hasTooManyLoginAttempts($request)) {
             $this->fireLockoutEvent($request);
 
+            Activity::logFailedLogin($username);
             return $this->sendLockoutResponse($request);
         }
 
@@ -109,6 +121,7 @@ class LoginController extends Controller
                 return $this->sendLoginResponse($request);
             }
         } catch (LoginAttemptException $exception) {
+            Activity::logFailedLogin($username);
             return $this->sendLoginAttemptExceptionResponse($exception, $request);
         }
 
@@ -117,9 +130,30 @@ class LoginController extends Controller
         // user surpasses their maximum number of attempts they will get locked out.
         $this->incrementLoginAttempts($request);
 
+        Activity::logFailedLogin($username);
         return $this->sendFailedLoginResponse($request);
     }
 
+    /**
+     * The user has been authenticated.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  mixed  $user
+     * @return mixed
+     */
+    protected function authenticated(Request $request, $user)
+    {
+        // Authenticate on all session guards if a likely admin
+        if ($user->can('users-manage') && $user->can('user-roles-manage')) {
+            $guards = ['standard', 'ldap', 'saml2'];
+            foreach ($guards as $guard) {
+                auth($guard)->login($user);
+            }
+        }
+
+        return redirect()->intended($this->redirectPath());
+    }
+
     /**
      * Validate the user login request.
      *

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -5,6 +5,7 @@ namespace BookStack\Http\Controllers\Auth;
 use BookStack\Http\Controllers\Controller;
 use Illuminate\Foundation\Auth\ResetsPasswords;
 use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Password;
 
 class ResetPasswordController extends Controller
 {
@@ -49,4 +50,24 @@ class ResetPasswordController extends Controller
         return redirect($this->redirectPath())
             ->with('status', trans($response));
     }
+
+    /**
+     * Get the response for a failed password reset.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @param  string  $response
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
+     */
+    protected function sendResetFailedResponse(Request $request, $response)
+    {
+        // We show invalid users as invalid tokens as to not leak what
+        // users may exist in the system.
+        if ($response === Password::INVALID_USER) {
+            $response = Password::INVALID_TOKEN;
+        }
+
+        return redirect()->back()
+            ->withInput($request->only('email'))
+            ->withErrors(['email' => trans($response)]);
+    }
 }

app/Http/Controllers/Auth/SocialController.php

@@ -123,6 +123,11 @@ class SocialController extends Controller
             'password' => Str::random(32)
         ];
 
+        // Take name from email address if empty
+        if (!$userData['name']) {
+            $userData['name'] = explode('@', $userData['email'])[0];
+        }
+
         $user = $this->registrationService->registerUser($userData, $socialAccount, $emailVerified);
         auth()->login($user);
 

app/Http/Controllers/BookController.php

@@ -86,7 +86,7 @@ class BookController extends Controller
         $this->validate($request, [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
-            'image' => $this->getImageValidationRules(),
+            'image' => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
         $bookshelf = null;
@@ -114,6 +114,7 @@ class BookController extends Controller
     {
         $book = $this->bookRepo->getBySlug($slug);
         $bookChildren = (new BookContents($book))->getTree(true);
+        $bookParentShelves = $book->shelves()->visible()->get();
 
         Views::add($book);
         if ($request->has('shelf')) {
@@ -125,6 +126,7 @@ class BookController extends Controller
             'book' => $book,
             'current' => $book,
             'bookChildren' => $bookChildren,
+            'bookParentShelves' => $bookParentShelves,
             'activity' => Activity::entityActivity($book, 20, 1)
         ]);
     }
@@ -153,7 +155,7 @@ class BookController extends Controller
         $this->validate($request, [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
-            'image' => $this->getImageValidationRules(),
+            'image' => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
         $book = $this->bookRepo->update($book, $request->all());

app/Http/Controllers/BookshelfController.php

@@ -85,7 +85,7 @@ class BookshelfController extends Controller
         $this->validate($request, [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
-            'image' => $this->getImageValidationRules(),
+            'image' => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
         $bookIds = explode(',', $request->get('books', ''));
@@ -107,10 +107,12 @@ class BookshelfController extends Controller
 
         Views::add($shelf);
         $this->entityContextManager->setShelfContext($shelf->id);
+        $view = setting()->getForCurrentUser('bookshelf_view_type', config('app.views.books'));
 
         $this->setPageTitle($shelf->getShortName());
         return view('shelves.show', [
             'shelf' => $shelf,
+            'view' => $view,
             'activity' => Activity::entityActivity($shelf, 20, 1)
         ]);
     }
@@ -146,7 +148,7 @@ class BookshelfController extends Controller
         $this->validate($request, [
             'name' => 'required|string|max:255',
             'description' => 'string|max:1000',
-            'image' => $this->imageRepo->getImageValidationRules(),
+            'image' => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
 

app/Http/Controllers/CommentController.php

@@ -10,9 +10,6 @@ class CommentController extends Controller
 {
     protected $commentRepo;
 
-    /**
-     * CommentController constructor.
-     */
     public function __construct(CommentRepo $commentRepo)
     {
         $this->commentRepo = $commentRepo;
@@ -23,11 +20,11 @@ class CommentController extends Controller
      * Save a new comment for a Page
      * @throws ValidationException
      */
-    public function savePageComment(Request $request, int $pageId, int $commentId = null)
+    public function savePageComment(Request $request, int $pageId)
     {
         $this->validate($request, [
             'text' => 'required|string',
-            'html' => 'required|string',
+            'parent_id' => 'nullable|integer',
         ]);
 
         $page = Page::visible()->find($pageId);
@@ -35,8 +32,6 @@ class CommentController extends Controller
             return response('Not found', 404);
         }
 
-        $this->checkOwnablePermission('page-view', $page);
-
         // Prevent adding comments to draft pages
         if ($page->draft) {
             return $this->jsonError(trans('errors.cannot_add_comment_to_draft'), 400);
@@ -44,7 +39,7 @@ class CommentController extends Controller
 
         // Create a new comment.
         $this->checkPermission('comment-create-all');
-        $comment = $this->commentRepo->create($page, $request->only(['html', 'text', 'parent_id']));
+        $comment = $this->commentRepo->create($page, $request->get('text'), $request->get('parent_id'));
         Activity::add($page, 'commented_on', $page->book->id);
         return view('comments.comment', ['comment' => $comment]);
     }
@@ -57,14 +52,13 @@ class CommentController extends Controller
     {
         $this->validate($request, [
             'text' => 'required|string',
-            'html' => 'required|string',
         ]);
 
         $comment = $this->commentRepo->getById($commentId);
         $this->checkOwnablePermission('page-view', $comment->entity);
         $this->checkOwnablePermission('comment-update', $comment);
 
-        $comment = $this->commentRepo->update($comment, $request->only(['html', 'text']));
+        $comment = $this->commentRepo->update($comment, $request->get('text'));
         return view('comments.comment', ['comment' => $comment]);
     }
 

app/Http/Controllers/Controller.php

@@ -8,6 +8,7 @@ use Illuminate\Foundation\Validation\ValidatesRequests;
 use Illuminate\Http\Exceptions\HttpResponseException;
 use Illuminate\Http\Request;
 use Illuminate\Routing\Controller as BaseController;
+use Illuminate\Validation\ValidationException;
 
 abstract class Controller extends BaseController
 {
@@ -132,23 +133,6 @@ abstract class Controller extends BaseController
         return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode);
     }
 
-    /**
-     * Create the response for when a request fails validation.
-     * @param  \Illuminate\Http\Request  $request
-     * @param  array  $errors
-     * @return \Symfony\Component\HttpFoundation\Response
-     */
-    protected function buildFailedValidationResponse(Request $request, array $errors)
-    {
-        if ($request->expectsJson()) {
-            return response()->json(['validation' => $errors], 422);
-        }
-
-        return redirect()->to($this->getRedirectUrl())
-            ->withInput($request->input())
-            ->withErrors($errors, $this->errorBag());
-    }
-
     /**
      * Create a response that forces a download in the browser.
      * @param string $content
@@ -195,6 +179,6 @@ abstract class Controller extends BaseController
      */
     protected function getImageValidationRules(): string
     {
-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
+        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp';
     }
 }

app/Http/Controllers/HomeController.php

@@ -69,11 +69,7 @@ class HomeController extends Controller
         }
 
         if ($homepageOption === 'bookshelves') {
-            $shelfRepo = app(BookshelfRepo::class);
             $shelves = app(BookshelfRepo::class)->getAllPaginated(18, $commonData['sort'], $commonData['order']);
-            foreach ($shelves as $shelf) {
-                $shelf->books = $shelf->visibleBooks;
-            }
             $data = array_merge($commonData, ['shelves' => $shelves]);
             return view('common.home-shelves', $data);
         }

app/Http/Controllers/Images/DrawioImageController.php

@@ -4,6 +4,7 @@ namespace BookStack\Http\Controllers\Images;
 
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Uploads\ImageRepo;
+use Exception;
 use Illuminate\Http\Request;
 use BookStack\Http\Controllers\Controller;
 
@@ -11,10 +12,6 @@ class DrawioImageController extends Controller
 {
     protected $imageRepo;
 
-    /**
-     * DrawioImageController constructor.
-     * @param ImageRepo $imageRepo
-     */
     public function __construct(ImageRepo $imageRepo)
     {
         $this->imageRepo = $imageRepo;
@@ -24,8 +21,6 @@ class DrawioImageController extends Controller
     /**
      * Get a list of gallery images, in a list.
      * Can be paged and filtered by entity.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function list(Request $request)
     {
@@ -35,14 +30,15 @@ class DrawioImageController extends Controller
         $parentTypeFilter = $request->get('filter_type', null);
 
         $imgData = $this->imageRepo->getEntityFiltered('drawio', $parentTypeFilter, $page, 24, $uploadedToFilter, $searchTerm);
-        return response()->json($imgData);
+        return view('components.image-manager-list', [
+            'images' => $imgData['images'],
+            'hasMore' => $imgData['has_more'],
+        ]);
     }
 
     /**
      * Store a new gallery image in the system.
-     * @param Request $request
-     * @return Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws Exception
      */
     public function create(Request $request)
     {
@@ -66,8 +62,6 @@ class DrawioImageController extends Controller
 
     /**
      * Get the content of an image based64 encoded.
-     * @param $id
-     * @return \Illuminate\Http\JsonResponse|mixed
      */
     public function getAsBase64($id)
     {
@@ -81,6 +75,7 @@ class DrawioImageController extends Controller
         if ($imageData === null) {
             return $this->jsonError("Image data could not be found");
         }
+
         return response()->json([
             'content' => base64_encode($imageData)
         ]);

app/Http/Controllers/Images/GalleryImageController.php

@@ -6,6 +6,7 @@ use BookStack\Exceptions\ImageUploadException;
 use BookStack\Uploads\ImageRepo;
 use Illuminate\Http\Request;
 use BookStack\Http\Controllers\Controller;
+use Illuminate\Validation\ValidationException;
 
 class GalleryImageController extends Controller
 {
@@ -13,7 +14,6 @@ class GalleryImageController extends Controller
 
     /**
      * GalleryImageController constructor.
-     * @param ImageRepo $imageRepo
      */
     public function __construct(ImageRepo $imageRepo)
     {
@@ -24,8 +24,6 @@ class GalleryImageController extends Controller
     /**
      * Get a list of gallery images, in a list.
      * Can be paged and filtered by entity.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function list(Request $request)
     {
@@ -35,20 +33,21 @@ class GalleryImageController extends Controller
         $parentTypeFilter = $request->get('filter_type', null);
 
         $imgData = $this->imageRepo->getEntityFiltered('gallery', $parentTypeFilter, $page, 24, $uploadedToFilter, $searchTerm);
-        return response()->json($imgData);
+        return view('components.image-manager-list', [
+            'images' => $imgData['images'],
+            'hasMore' => $imgData['has_more'],
+        ]);
     }
 
     /**
      * Store a new gallery image in the system.
-     * @param Request $request
-     * @return Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws ValidationException
      */
     public function create(Request $request)
     {
         $this->checkPermission('image-create-all');
         $this->validate($request, [
-            'file' => $this->imageRepo->getImageValidationRules()
+            'file' => $this->getImageValidationRules()
         ]);
 
         try {

app/Http/Controllers/Images/ImageController.php

@@ -6,8 +6,11 @@ use BookStack\Http\Controllers\Controller;
 use BookStack\Repos\PageRepo;
 use BookStack\Uploads\Image;
 use BookStack\Uploads\ImageRepo;
+use Exception;
 use Illuminate\Filesystem\Filesystem as File;
+use Illuminate\Http\JsonResponse;
 use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
 
 class ImageController extends Controller
 {
@@ -17,9 +20,6 @@ class ImageController extends Controller
 
     /**
      * ImageController constructor.
-     * @param Image $image
-     * @param File $file
-     * @param ImageRepo $imageRepo
      */
     public function __construct(Image $image, File $file, ImageRepo $imageRepo)
     {
@@ -31,8 +31,6 @@ class ImageController extends Controller
 
     /**
      * Provide an image file from storage.
-     * @param string $path
-     * @return mixed
      */
     public function showImage(string $path)
     {
@@ -47,13 +45,10 @@ class ImageController extends Controller
 
     /**
      * Update image details
-     * @param Request $request
-     * @param integer $id
-     * @return \Illuminate\Http\JsonResponse
      * @throws ImageUploadException
-     * @throws \Exception
+     * @throws ValidationException
      */
-    public function update(Request $request, $id)
+    public function update(Request $request, string $id)
     {
         $this->validate($request, [
             'name' => 'required|min:2|string'
@@ -64,47 +59,50 @@ class ImageController extends Controller
         $this->checkOwnablePermission('image-update', $image);
 
         $image = $this->imageRepo->updateImageDetails($image, $request->all());
-        return response()->json($image);
+
+        $this->imageRepo->loadThumbs($image);
+        return view('components.image-manager-form', [
+            'image' => $image,
+            'dependantPages' => null,
+        ]);
     }
 
     /**
-     * Show the usage of an image on pages.
+     * Get the form for editing the given image.
+     * @throws Exception
      */
-    public function usage(int $id)
+    public function edit(Request $request, string $id)
     {
         $image = $this->imageRepo->getById($id);
         $this->checkImagePermission($image);
 
-        $pages = Page::visible()->where('html', 'like', '%' . $image->url . '%')->get(['id', 'name', 'slug', 'book_id']);
-        foreach ($pages as $page) {
-            $page->url = $page->getUrl();
-            $page->html = '';
-            $page->text = '';
+        if ($request->has('delete')) {
+            $dependantPages = $this->imageRepo->getPagesUsingImage($image);
         }
-        $result = count($pages) > 0 ? $pages : false;
 
-        return response()->json($result);
+        $this->imageRepo->loadThumbs($image);
+        return view('components.image-manager-form', [
+            'image' => $image,
+            'dependantPages' => $dependantPages ?? null,
+        ]);
     }
 
     /**
      * Deletes an image and all thumbnail/image files
-     * @param int $id
-     * @return \Illuminate\Http\JsonResponse
-     * @throws \Exception
+     * @throws Exception
      */
-    public function destroy($id)
+    public function destroy(string $id)
     {
         $image = $this->imageRepo->getById($id);
         $this->checkOwnablePermission('image-delete', $image);
         $this->checkImagePermission($image);
 
         $this->imageRepo->destroyImage($image);
-        return response()->json(trans('components.images_deleted'));
+        return response('');
     }
 
     /**
      * Check related page permission and ensure type is drawio or gallery.
-     * @param Image $image
      */
     protected function checkImagePermission(Image $image)
     {

app/Http/Controllers/MaintenanceController.php

@@ -0,0 +1,68 @@
+<?php
+
+namespace BookStack\Http\Controllers;
+
+use BookStack\Notifications\TestEmail;
+use BookStack\Uploads\ImageService;
+use Illuminate\Http\Request;
+
+class MaintenanceController extends Controller
+{
+    /**
+     * Show the page for application maintenance.
+     */
+    public function index()
+    {
+        $this->checkPermission('settings-manage');
+        $this->setPageTitle(trans('settings.maint'));
+
+        // Get application version
+        $version = trim(file_get_contents(base_path('version')));
+
+        return view('settings.maintenance', ['version' => $version]);
+    }
+
+    /**
+     * Action to clean-up images in the system.
+     */
+    public function cleanupImages(Request $request, ImageService $imageService)
+    {
+        $this->checkPermission('settings-manage');
+
+        $checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
+        $dryRun = !($request->has('confirm'));
+
+        $imagesToDelete = $imageService->deleteUnusedImages($checkRevisions, $dryRun);
+        $deleteCount = count($imagesToDelete);
+        if ($deleteCount === 0) {
+            $this->showWarningNotification(trans('settings.maint_image_cleanup_nothing_found'));
+            return redirect('/settings/maintenance')->withInput();
+        }
+
+        if ($dryRun) {
+            session()->flash('cleanup-images-warning', trans('settings.maint_image_cleanup_warning', ['count' => $deleteCount]));
+        } else {
+            $this->showSuccessNotification(trans('settings.maint_image_cleanup_success', ['count' => $deleteCount]));
+        }
+
+        return redirect('/settings/maintenance#image-cleanup')->withInput();
+    }
+
+    /**
+     * Action to send a test e-mail to the current user.
+     */
+    public function sendTestEmail()
+    {
+        $this->checkPermission('settings-manage');
+
+        try {
+            user()->notify(new TestEmail());
+            $this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
+        } catch (\Exception $exception) {
+            $errorMessage = trans('errors.maintenance_test_email_failure') . "\n" . $exception->getMessage();
+            $this->showErrorNotification($errorMessage);
+        }
+
+        return redirect('/settings/maintenance#image-cleanup')->withInput();
+    }
+}

app/Http/Controllers/PageController.php

@@ -163,6 +163,8 @@ class PageController extends Controller
     public function getPageAjax(int $pageId)
     {
         $page = $this->pageRepo->getById($pageId);
+        $page->setHidden(array_diff($page->getHidden(), ['html', 'markdown']));
+        $page->addHidden(['book']);
         return response()->json($page);
     }
 

app/Http/Controllers/PageRevisionController.php

@@ -1,5 +1,6 @@
 <?php namespace BookStack\Http\Controllers;
 
+use BookStack\Entities\Managers\PageContent;
 use BookStack\Entities\Repos\PageRepo;
 use BookStack\Exceptions\NotFoundException;
 use BookStack\Facades\Activity;
@@ -46,6 +47,9 @@ class PageRevisionController extends Controller
         }
 
         $page->fill($revision->toArray());
+        // TODO - Refactor PageContent so we don't need to juggle this
+        $page->html = $revision->html;
+        $page->html = (new PageContent($page))->render();
 
         $this->setPageTitle(trans('entities.pages_revision_named', ['pageName' => $page->getShortName()]));
         return view('pages.revision', [
@@ -73,6 +77,9 @@ class PageRevisionController extends Controller
         $diff = (new Htmldiff)->diff($prevContent, $revision->html);
 
         $page->fill($revision->toArray());
+        // TODO - Refactor PageContent so we don't need to juggle this
+        $page->html = $revision->html;
+        $page->html = (new PageContent($page))->render();
         $this->setPageTitle(trans('entities.pages_revision_named', ['pageName'=>$page->getShortName()]));
 
         return view('pages.revision', [

app/Http/Controllers/PermissionController.php

@@ -2,7 +2,9 @@
 
 use BookStack\Auth\Permissions\PermissionsRepo;
 use BookStack\Exceptions\PermissionsException;
+use Exception;
 use Illuminate\Http\Request;
+use Illuminate\Validation\ValidationException;
 
 class PermissionController extends Controller
 {
@@ -11,7 +13,6 @@ class PermissionController extends Controller
 
     /**
      * PermissionController constructor.
-     * @param \BookStack\Auth\Permissions\PermissionsRepo $permissionsRepo
      */
     public function __construct(PermissionsRepo $permissionsRepo)
     {
@@ -31,7 +32,6 @@ class PermissionController extends Controller
 
     /**
      * Show the form to create a new role
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function createRole()
     {
@@ -41,15 +41,13 @@ class PermissionController extends Controller
 
     /**
      * Store a new role in the system.
-     * @param Request $request
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
      */
     public function storeRole(Request $request)
     {
         $this->checkPermission('user-roles-manage');
         $this->validate($request, [
-            'display_name' => 'required|min:3|max:200',
-            'description' => 'max:250'
+            'display_name' => 'required|min:3|max:180',
+            'description' => 'max:180'
         ]);
 
         $this->permissionsRepo->saveNewRole($request->all());
@@ -59,11 +57,9 @@ class PermissionController extends Controller
 
     /**
      * Show the form for editing a user role.
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      * @throws PermissionsException
      */
-    public function editRole($id)
+    public function editRole(string $id)
     {
         $this->checkPermission('user-roles-manage');
         $role = $this->permissionsRepo->getRoleById($id);
@@ -75,18 +71,14 @@ class PermissionController extends Controller
 
     /**
      * Updates a user role.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
-     * @throws PermissionsException
-     * @throws \Illuminate\Validation\ValidationException
+     * @throws ValidationException
      */
-    public function updateRole(Request $request, $id)
+    public function updateRole(Request $request, string $id)
     {
         $this->checkPermission('user-roles-manage');
         $this->validate($request, [
-            'display_name' => 'required|min:3|max:200',
-            'description' => 'max:250'
+            'display_name' => 'required|min:3|max:180',
+            'description' => 'max:180'
         ]);
 
         $this->permissionsRepo->updateRole($id, $request->all());
@@ -97,10 +89,8 @@ class PermissionController extends Controller
     /**
      * Show the view to delete a role.
      * Offers the chance to migrate users.
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
-    public function showDeleteRole($id)
+    public function showDeleteRole(string $id)
     {
         $this->checkPermission('user-roles-manage');
         $role = $this->permissionsRepo->getRoleById($id);
@@ -113,11 +103,9 @@ class PermissionController extends Controller
     /**
      * Delete a role from the system,
      * Migrate from a previous role if set.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     * @throws Exception
      */
-    public function deleteRole(Request $request, $id)
+    public function deleteRole(Request $request, string $id)
     {
         $this->checkPermission('user-roles-manage');
 

app/Http/Controllers/SearchController.php

@@ -6,6 +6,7 @@ use BookStack\Entities\Bookshelf;
 use BookStack\Entities\Entity;
 use BookStack\Entities\Managers\EntityContext;
 use BookStack\Entities\SearchService;
+use BookStack\Entities\SearchOptions;
 use Illuminate\Http\Request;
 
 class SearchController extends Controller
@@ -33,20 +34,22 @@ class SearchController extends Controller
      */
     public function search(Request $request)
     {
-        $searchTerm = $request->get('term');
-        $this->setPageTitle(trans('entities.search_for_term', ['term' => $searchTerm]));
+        $searchOpts = SearchOptions::fromRequest($request);
+        $fullSearchString = $searchOpts->toString();
+        $this->setPageTitle(trans('entities.search_for_term', ['term' => $fullSearchString]));
 
         $page = intval($request->get('page', '0')) ?: 1;
-        $nextPageLink = url('/search?term=' . urlencode($searchTerm) . '&page=' . ($page+1));
+        $nextPageLink = url('/search?term=' . urlencode($fullSearchString) . '&page=' . ($page+1));
 
-        $results = $this->searchService->searchEntities($searchTerm, 'all', $page, 20);
+        $results = $this->searchService->searchEntities($searchOpts, 'all', $page, 20);
 
         return view('search.all', [
             'entities'   => $results['results'],
             'totalResults' => $results['total'],
-            'searchTerm' => $searchTerm,
+            'searchTerm' => $fullSearchString,
             'hasNextPage' => $results['has_more'],
-            'nextPageLink' => $nextPageLink
+            'nextPageLink' => $nextPageLink,
+            'options' => $searchOpts,
         ]);
     }
 
@@ -84,7 +87,7 @@ class SearchController extends Controller
         // Search for entities otherwise show most popular
         if ($searchTerm !== false) {
             $searchTerm .= ' {type:'. implode('|', $entityTypes) .'}';
-            $entities = $this->searchService->searchEntities($searchTerm, 'all', 1, 20, $permission)['results'];
+            $entities = $this->searchService->searchEntities(SearchOptions::fromString($searchTerm), 'all', 1, 20, $permission)['results'];
         } else {
             $entities = $this->viewService->getPopular(20, 0, $entityTypes, $permission);
         }

app/Http/Controllers/SettingController.php

@@ -1,9 +1,7 @@
 <?php namespace BookStack\Http\Controllers;
 
 use BookStack\Auth\User;
-use BookStack\Notifications\TestEmail;
 use BookStack\Uploads\ImageRepo;
-use BookStack\Uploads\ImageService;
 use Illuminate\Http\Request;
 
 class SettingController extends Controller
@@ -44,7 +42,7 @@ class SettingController extends Controller
         $this->preventAccessInDemoMode();
         $this->checkPermission('settings-manage');
         $this->validate($request, [
-            'app_logo' => $this->imageRepo->getImageValidationRules(),
+            'app_logo' => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
         // Cycles through posted settings and update them
@@ -57,7 +55,7 @@ class SettingController extends Controller
         }
 
         // Update logo image if set
-        if ($request->has('app_logo')) {
+        if ($request->hasFile('app_logo')) {
             $logoFile = $request->file('app_logo');
             $this->imageRepo->destroyByType('system');
             $image = $this->imageRepo->saveNew($logoFile, 'system', 0, null, 86);
@@ -74,63 +72,4 @@ class SettingController extends Controller
         $redirectLocation = '/settings#' . $request->get('section', '');
         return redirect(rtrim($redirectLocation, '#'));
     }
-
-    /**
-     * Show the page for application maintenance.
-     */
-    public function showMaintenance()
-    {
-        $this->checkPermission('settings-manage');
-        $this->setPageTitle(trans('settings.maint'));
-
-        // Get application version
-        $version = trim(file_get_contents(base_path('version')));
-
-        return view('settings.maintenance', ['version' => $version]);
-    }
-
-    /**
-     * Action to clean-up images in the system.
-     */
-    public function cleanupImages(Request $request, ImageService $imageService)
-    {
-        $this->checkPermission('settings-manage');
-
-        $checkRevisions = !($request->get('ignore_revisions', 'false') === 'true');
-        $dryRun = !($request->has('confirm'));
-
-        $imagesToDelete = $imageService->deleteUnusedImages($checkRevisions, $dryRun);
-        $deleteCount = count($imagesToDelete);
-        if ($deleteCount === 0) {
-            $this->showWarningNotification(trans('settings.maint_image_cleanup_nothing_found'));
-            return redirect('/settings/maintenance')->withInput();
-        }
-
-        if ($dryRun) {
-            session()->flash('cleanup-images-warning', trans('settings.maint_image_cleanup_warning', ['count' => $deleteCount]));
-        } else {
-            $this->showSuccessNotification(trans('settings.maint_image_cleanup_success', ['count' => $deleteCount]));
-        }
-
-        return redirect('/settings/maintenance#image-cleanup')->withInput();
-    }
-
-    /**
-     * Action to send a test e-mail to the current user.
-     */
-    public function sendTestEmail()
-    {
-        $this->checkPermission('settings-manage');
-
-        try {
-            user()->notify(new TestEmail());
-            $this->showSuccessNotification(trans('settings.maint_send_test_email_success', ['address' => user()->email]));
-        } catch (\Exception $exception) {
-            $errorMessage = trans('errors.maintenance_test_email_failure') . "\n" . $exception->getMessage();
-            $this->showErrorNotification($errorMessage);
-        }
-
-
-        return redirect('/settings/maintenance#image-cleanup')->withInput();
-    }
 }

app/Http/Controllers/TagController.php

@@ -10,7 +10,6 @@ class TagController extends Controller
 
     /**
      * TagController constructor.
-     * @param $tagRepo
      */
     public function __construct(TagRepo $tagRepo)
     {
@@ -18,39 +17,23 @@ class TagController extends Controller
         parent::__construct();
     }
 
-    /**
-     * Get all the Tags for a particular entity
-     * @param $entityType
-     * @param $entityId
-     * @return \Illuminate\Http\JsonResponse
-     */
-    public function getForEntity($entityType, $entityId)
-    {
-        $tags = $this->tagRepo->getForEntity($entityType, $entityId);
-        return response()->json($tags);
-    }
-
     /**
      * Get tag name suggestions from a given search term.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function getNameSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', false);
+        $searchTerm = $request->get('search', null);
         $suggestions = $this->tagRepo->getNameSuggestions($searchTerm);
         return response()->json($suggestions);
     }
 
     /**
      * Get tag value suggestions from a given search term.
-     * @param Request $request
-     * @return \Illuminate\Http\JsonResponse
      */
     public function getValueSuggestions(Request $request)
     {
-        $searchTerm = $request->get('search', false);
-        $tagName = $request->get('name', false);
+        $searchTerm = $request->get('search', null);
+        $tagName = $request->get('name', null);
         $suggestions = $this->tagRepo->getValueSuggestions($searchTerm, $tagName);
         return response()->json($suggestions);
     }

app/Http/Controllers/UserController.php

@@ -7,7 +7,6 @@ use BookStack\Auth\UserRepo;
 use BookStack\Exceptions\UserUpdateException;
 use BookStack\Uploads\ImageRepo;
 use Illuminate\Http\Request;
-use Illuminate\Http\Response;
 use Illuminate\Support\Str;
 
 class UserController extends Controller
@@ -20,10 +19,6 @@ class UserController extends Controller
 
     /**
      * UserController constructor.
-     * @param User $user
-     * @param UserRepo $userRepo
-     * @param UserInviteService $inviteService
-     * @param ImageRepo $imageRepo
      */
     public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
     {
@@ -36,8 +31,6 @@ class UserController extends Controller
 
     /**
      * Display a listing of the users.
-     * @param Request $request
-     * @return Response
      */
     public function index(Request $request)
     {
@@ -55,7 +48,6 @@ class UserController extends Controller
 
     /**
      * Show the form for creating a new user.
-     * @return Response
      */
     public function create()
     {
@@ -67,16 +59,15 @@ class UserController extends Controller
 
     /**
      * Store a newly created user in storage.
-     * @param  Request $request
-     * @return Response
      * @throws UserUpdateException
+     * @throws \Illuminate\Validation\ValidationException
      */
     public function store(Request $request)
     {
         $this->checkPermission('users-manage');
         $validationRules = [
-            'name'             => 'required',
-            'email'            => 'required|email|unique:users,email'
+            'name'  => 'required',
+            'email' => 'required|email|unique:users,email'
         ];
 
         $authMethod = config('auth.method');
@@ -85,7 +76,7 @@ class UserController extends Controller
         if ($authMethod === 'standard' && !$sendInvite) {
             $validationRules['password'] = 'required|min:6';
             $validationRules['password-confirm'] = 'required|same:password';
-        } elseif ($authMethod === 'ldap') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
             $validationRules['external_auth_id'] = 'required';
         }
         $this->validate($request, $validationRules);
@@ -94,7 +85,7 @@ class UserController extends Controller
 
         if ($authMethod === 'standard') {
             $user->password = bcrypt($request->get('password', Str::random(32)));
-        } elseif ($authMethod === 'ldap') {
+        } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
@@ -138,13 +129,11 @@ class UserController extends Controller
 
     /**
      * Update the specified user in storage.
-     * @param Request $request
-     * @param int $id
-     * @return Response
      * @throws UserUpdateException
      * @throws \BookStack\Exceptions\ImageUploadException
+     * @throws \Illuminate\Validation\ValidationException
      */
-    public function update(Request $request, $id)
+    public function update(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
@@ -155,7 +144,7 @@ class UserController extends Controller
             'password'         => 'min:6|required_with:password_confirm',
             'password-confirm' => 'same:password|required_with:password',
             'setting'          => 'array',
-            'profile_image'    => $this->imageRepo->getImageValidationRules(),
+            'profile_image'    => 'nullable|' . $this->getImageValidationRules(),
         ]);
 
         $user = $this->userRepo->getById($id);
@@ -191,7 +180,7 @@ class UserController extends Controller
         }
 
         // Save profile image if in request
-        if ($request->has('profile_image')) {
+        if ($request->hasFile('profile_image')) {
             $imageUpload = $request->file('profile_image');
             $this->imageRepo->destroyImage($user->avatar);
             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
@@ -212,10 +201,8 @@ class UserController extends Controller
 
     /**
      * Show the user delete page.
-     * @param int $id
-     * @return \Illuminate\View\View
      */
-    public function delete($id)
+    public function delete(int $id)
     {
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
@@ -226,11 +213,9 @@ class UserController extends Controller
 
     /**
      * Remove the specified user from storage.
-     * @param  int $id
-     * @return Response
      * @throws \Exception
      */
-    public function destroy($id)
+    public function destroy(int $id)
     {
         $this->preventAccessInDemoMode();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
@@ -255,8 +240,6 @@ class UserController extends Controller
 
     /**
      * Show the user profile page
-     * @param $id
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function showProfilePage($id)
     {
@@ -276,34 +259,32 @@ class UserController extends Controller
 
     /**
      * Update the user's preferred book-list display setting.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse
      */
-    public function switchBookView(Request $request, $id)
+    public function switchBooksView(Request $request, int $id)
     {
         return $this->switchViewType($id, $request, 'books');
     }
 
     /**
      * Update the user's preferred shelf-list display setting.
-     * @param Request $request
-     * @param $id
-     * @return \Illuminate\Http\RedirectResponse
      */
-    public function switchShelfView(Request $request, $id)
+    public function switchShelvesView(Request $request, int $id)
     {
         return $this->switchViewType($id, $request, 'bookshelves');
     }
 
     /**
-     * For a type of list, switch with stored view type for a user.
-     * @param integer $userId
-     * @param Request $request
-     * @param string $listName
-     * @return \Illuminate\Http\RedirectResponse
+     * Update the user's preferred shelf-view book list display setting.
      */
-    protected function switchViewType($userId, Request $request, string $listName)
+    public function switchShelfView(Request $request, int $id)
+    {
+        return $this->switchViewType($id, $request, 'bookshelf');
+    }
+
+    /**
+     * For a type of list, switch with stored view type for a user.
+     */
+    protected function switchViewType(int $userId, Request $request, string $listName)
     {
         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 
@@ -321,10 +302,6 @@ class UserController extends Controller
 
     /**
      * Change the stored sort type for a particular view.
-     * @param Request $request
-     * @param string $id
-     * @param string $type
-     * @return \Illuminate\Http\RedirectResponse
      */
     public function changeSort(Request $request, string $id, string $type)
     {
@@ -335,12 +312,18 @@ class UserController extends Controller
         return $this->changeListSort($id, $request, $type);
     }
 
+    /**
+     * Toggle dark mode for the current user.
+     */
+    public function toggleDarkMode()
+    {
+        $enabled = setting()->getForCurrentUser('dark-mode-enabled', false);
+        setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');
+        return redirect()->back();
+    }
+
     /**
      * Update the stored section expansion preference for the given user.
-     * @param Request $request
-     * @param string $id
-     * @param string $key
-     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
      */
     public function updateExpansionPreference(Request $request, string $id, string $key)
     {
@@ -359,10 +342,6 @@ class UserController extends Controller
 
     /**
      * Changed the stored preference for a list sort order.
-     * @param int $userId
-     * @param Request $request
-     * @param string $listName
-     * @return \Illuminate\Http\RedirectResponse
      */
     protected function changeListSort(int $userId, Request $request, string $listName)
     {

app/Http/Kernel.php

@@ -26,7 +26,6 @@ class Kernel extends HttpKernel
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
             \Illuminate\View\Middleware\ShareErrorsFromSession::class,
-            \Illuminate\Routing\Middleware\ThrottleRequests::class,
             \BookStack\Http\Middleware\VerifyCsrfToken::class,
             \BookStack\Http\Middleware\Localization::class,
             \BookStack\Http\Middleware\GlobalViewData::class,

app/Http/Middleware/ApiAuthenticate.php

@@ -35,9 +35,9 @@ class ApiAuthenticate
     {
         // Return if the user is already found to be signed in via session-based auth.
         // This is to make it easy to browser the API via browser after just logging into the system.
-        if (signedInUser()) {
+        if (signedInUser() || session()->isStarted()) {
             $this->ensureEmailConfirmedIfRequested();
-            if (!auth()->user()->can('access-api')) {
+            if (!user()->can('access-api')) {
                 throw new ApiAuthException(trans('errors.api_user_no_api_permission'), 403);
             }
             return;

app/Http/Middleware/Authenticate.php

@@ -44,6 +44,10 @@ class Authenticate
             ], 401);
         }
 
+        if (session()->get('sent-email-confirmation') === true) {
+            return redirect('/register/confirm');
+        }
+
         return redirect('/register/confirm/awaiting');
     }
 }

app/Http/Middleware/Localization.php

@@ -11,7 +11,7 @@ class Localization
      * Array of right-to-left locales
      * @var array
      */
-    protected $rtlLocales = ['ar'];
+    protected $rtlLocales = ['ar', 'he'];
 
     /**
      * Map of BookStack locale names to best-estimate system locale names.
@@ -19,6 +19,7 @@ class Localization
      */
     protected $localeMap = [
         'ar' => 'ar',
+        'bg' => 'bg_BG',
         'da' => 'da_DK',
         'de' => 'de_DE',
         'de_informal' => 'de_DE',
@@ -26,16 +27,20 @@ class Localization
         'es' => 'es_ES',
         'es_AR' => 'es_AR',
         'fr' => 'fr_FR',
+        'he' => 'he_IL',
         'it' => 'it_IT',
         'ja' => 'ja',
         'ko' => 'ko_KR',
         'nl' => 'nl_NL',
         'pl' => 'pl_PL',
+        'pt' => 'pl_PT',
         'pt_BR' => 'pt_BR',
         'ru' => 'ru',
         'sk' => 'sk_SK',
+        'sl' => 'sl_SI',
         'sv' => 'sv_SE',
         'uk' => 'uk_UA',
+        'vi' => 'vi_VN',
         'zh_CN' => 'zh_CN',
         'zh_TW' => 'zh_TW',
         'tr' => 'tr_TR',

app/Ownable.php

@@ -2,6 +2,10 @@
 
 use BookStack\Auth\User;
 
+/**
+ * @property int created_by
+ * @property int updated_by
+ */
 abstract class Ownable extends Model
 {
     /**

app/Providers/AppServiceProvider.php

@@ -34,7 +34,7 @@ class AppServiceProvider extends ServiceProvider
 
         // Custom validation methods
         Validator::extend('image_extension', function ($attribute, $value, $parameters, $validator) {
-            $validImageExtensions = ['png', 'jpg', 'jpeg', 'bmp', 'gif', 'tiff', 'webp'];
+            $validImageExtensions = ['png', 'jpg', 'jpeg', 'gif', 'webp'];
             return in_array(strtolower($value->getClientOriginalExtension()), $validImageExtensions);
         });
 

app/Uploads/Attachment.php

@@ -3,6 +3,13 @@
 use BookStack\Entities\Page;
 use BookStack\Ownable;
 
+/**
+ * @property int id
+ * @property string name
+ * @property string path
+ * @property string extension
+ * @property bool external
+ */
 class Attachment extends Ownable
 {
     protected $fillable = ['name', 'order'];
@@ -30,13 +37,28 @@ class Attachment extends Ownable
 
     /**
      * Get the url of this file.
-     * @return string
      */
-    public function getUrl()
+    public function getUrl(): string
     {
         if ($this->external && strpos($this->path, 'http') !== 0) {
             return $this->path;
         }
         return url('/attachments/' . $this->id);
     }
+
+    /**
+     * Generate a HTML link to this attachment.
+     */
+    public function htmlLink(): string
+    {
+        return '<a target="_blank" href="'.e($this->getUrl()).'">'.e($this->name).'</a>';
+    }
+
+    /**
+     * Generate a markdown link to this attachment.
+     */
+    public function markdownLink(): string
+    {
+        return '['. $this->name .']('. $this->getUrl() .')';
+    }
 }

app/Uploads/AttachmentService.php

@@ -109,14 +109,14 @@ class AttachmentService extends UploadService
     }
 
     /**
-     * Updates the file ordering for a listing of attached files.
-     * @param array $attachmentList
-     * @param $pageId
+     * Updates the ordering for a listing of attached files.
      */
-    public function updateFileOrderWithinPage($attachmentList, $pageId)
+    public function updateFileOrderWithinPage(array $attachmentOrder, string $pageId)
     {
-        foreach ($attachmentList as $index => $attachment) {
-            Attachment::where('uploaded_to', '=', $pageId)->where('id', '=', $attachment['id'])->update(['order' => $index]);
+        foreach ($attachmentOrder as $index => $attachmentId) {
+            Attachment::query()->where('uploaded_to', '=', $pageId)
+                ->where('id', '=', $attachmentId)
+                ->update(['order' => $index]);
         }
     }
 

app/Uploads/ImageRepo.php

@@ -138,7 +138,7 @@ class ImageRepo
      */
     public function saveDrawing(string $base64Uri, int $uploadedTo): Image
     {
-        $name = 'Drawing-' . user()->getShortName(40) . '-' . strval(time()) . '.png';
+        $name = 'Drawing-' . strval(user()->id) . '-' . strval(time()) . '.png';
         return $this->imageService->saveNewFromBase64Uri($base64Uri, $name, 'drawio', $uploadedTo);
     }
 
@@ -185,7 +185,7 @@ class ImageRepo
      * Load thumbnails onto an image object.
      * @throws Exception
      */
-    protected function loadThumbs(Image $image)
+    public function loadThumbs(Image $image)
     {
         $image->thumbs = [
             'gallery' => $this->getThumbnail($image, 150, 150, false),
@@ -221,10 +221,18 @@ class ImageRepo
     }
 
     /**
-     * Get the validation rules for image files.
+     * Get the user visible pages using the given image.
      */
-    public function getImageValidationRules(): string
+    public function getPagesUsingImage(Image $image): array
     {
-        return 'image_extension|no_double_extension|mimes:jpeg,png,gif,bmp,webp,tiff';
+        $pages = Page::visible()
+            ->where('html', 'like', '%' . $image->url . '%')
+            ->get(['id', 'name', 'slug', 'book_id']);
+
+        foreach ($pages as $page) {
+            $page->url = $page->getUrl();
+        }
+
+        return $pages->all();
     }
 }

app/Uploads/ImageService.php

@@ -124,29 +124,24 @@ class ImageService extends UploadService
     }
 
     /**
-     * Saves a new image
-     * @param string $imageName
-     * @param string $imageData
-     * @param string $type
-     * @param int $uploadedTo
-     * @return Image
+     * Save a new image into storage.
      * @throws ImageUploadException
      */
-    private function saveNew($imageName, $imageData, $type, $uploadedTo = 0)
+    private function saveNew(string $imageName, string $imageData, string $type, int $uploadedTo = 0): Image
     {
         $storage = $this->getStorage($type);
         $secureUploads = setting('app-secure-images');
-        $imageName = str_replace(' ', '-', $imageName);
+        $fileName = $this->cleanImageFileName($imageName);
 
         $imagePath = '/uploads/images/' . $type . '/' . Date('Y-m') . '/';
 
-        while ($storage->exists($imagePath . $imageName)) {
-            $imageName = Str::random(3) . $imageName;
+        while ($storage->exists($imagePath . $fileName)) {
+            $fileName = Str::random(3) . $fileName;
         }
 
-        $fullPath = $imagePath . $imageName;
+        $fullPath = $imagePath . $fileName;
         if ($secureUploads) {
-            $fullPath = $imagePath . Str::random(16) . '-' . $imageName;
+            $fullPath = $imagePath . Str::random(16) . '-' . $fileName;
         }
 
         try {
@@ -175,6 +170,23 @@ class ImageService extends UploadService
         return $image;
     }
 
+    /**
+     * Clean up an image file name to be both URL and storage safe.
+     */
+    protected function cleanImageFileName(string $name): string
+    {
+        $name = str_replace(' ', '-', $name);
+        $nameParts = explode('.', $name);
+        $extension = array_pop($nameParts);
+        $name = implode('.', $nameParts);
+        $name = Str::slug($name);
+
+        if (strlen($name) === 0) {
+            $name = Str::random(10);
+        }
+
+        return  $name . '.' . $extension;
+    }
 
     /**
      * Checks if the image is a gif. Returns true if it is, else false.
@@ -223,6 +235,7 @@ class ImageService extends UploadService
         $storage->setVisibility($thumbFilePath, 'public');
         $this->cache->put('images-' . $image->id . '-' . $thumbFilePath, $thumbFilePath, 60 * 60 * 72);
 
+
         return $this->getPublicUrl($thumbFilePath);
     }
 
@@ -292,11 +305,9 @@ class ImageService extends UploadService
 
     /**
      * Destroys an image at the given path.
-     * Searches for image thumbnails in addition to main provided path..
-     * @param string $path
-     * @return bool
+     * Searches for image thumbnails in addition to main provided path.
      */
-    protected function destroyImagesFromPath(string $path)
+    protected function destroyImagesFromPath(string $path): bool
     {
         $storage = $this->getStorage();
 
@@ -306,8 +317,7 @@ class ImageService extends UploadService
 
         // Delete image files
         $imagesToDelete = $allImages->filter(function ($imagePath) use ($imageFileName) {
-            $expectedIndex = strlen($imagePath) - strlen($imageFileName);
-            return strpos($imagePath, $imageFileName) === $expectedIndex;
+            return basename($imagePath) === $imageFileName;
         });
         $storage->delete($imagesToDelete->all());
 

app/helpers.php

@@ -153,10 +153,6 @@ function icon(string $name, array $attrs = []): string
  * Generate a url with multiple parameters for sorting purposes.
  * Works out the logic to set the correct sorting direction
  * Discards empty parameters and allows overriding.
- * @param string $path
- * @param array $data
- * @param array $overrideData
- * @return string
  */
 function sortUrl(string $path, array $data, array $overrideData = []): string
 {
@@ -166,7 +162,7 @@ function sortUrl(string $path, array $data, array $overrideData = []): string
     // Change sorting direction is already sorted on current attribute
     if (isset($overrideData['sort']) && $overrideData['sort'] === $data['sort']) {
         $queryData['order'] = ($data['order'] === 'asc') ? 'desc' : 'asc';
-    } else {
+    } elseif (isset($overrideData['sort'])) {
         $queryData['order'] = 'asc';
     }
 

composer.json

@@ -13,15 +13,18 @@
         "ext-mbstring": "*",
         "ext-tidy": "*",
         "ext-xml": "*",
-        "barryvdh/laravel-dompdf": "^0.8.5",
-        "barryvdh/laravel-snappy": "^0.4.5",
+        "barryvdh/laravel-dompdf": "^0.8.6",
+        "barryvdh/laravel-snappy": "^0.4.7",
         "doctrine/dbal": "^2.9",
+        "facade/ignition": "^1.4",
         "fideloper/proxy": "^4.0",
         "gathercontent/htmldiff": "^0.2.1",
         "intervention/image": "^2.5",
-        "laravel/framework": "^6.12",
-        "laravel/socialite": "^4.2",
+        "laravel/framework": "^6.18",
+        "laravel/socialite": "^4.3.2",
+        "league/commonmark": "^1.4",
         "league/flysystem-aws-s3-v3": "^1.0",
+        "nunomaduro/collision": "^3.0",
         "onelogin/php-saml": "^3.3",
         "predis/predis": "^1.1",
         "socialiteproviders/discord": "^2.0",
@@ -29,9 +32,7 @@
         "socialiteproviders/microsoft-azure": "^3.0",
         "socialiteproviders/okta": "^1.0",
         "socialiteproviders/slack": "^3.0",
-        "socialiteproviders/twitch": "^5.0",
-        "facade/ignition": "^1.4",
-        "nunomaduro/collision": "^3.0"
+        "socialiteproviders/twitch": "^5.0"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.2.8",

database/migrations/2020_08_04_111754_drop_joint_permissions_id.php

@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class DropJointPermissionsId extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->dropColumn('id');
+            $table->primary(['role_id', 'entity_type', 'entity_id', 'action'], 'joint_primary');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->dropPrimary(['role_id', 'entity_type', 'entity_id', 'action']);
+        });
+
+        Schema::table('joint_permissions', function (Blueprint $table) {
+            $table->increments('id')->unsigned();
+        });
+    }
+}

database/migrations/2020_08_04_131052_remove_role_name_field.php

@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+
+class RemoveRoleNameField extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->dropColumn('name');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('roles', function (Blueprint $table) {
+            $table->string('name')->index();
+        });
+
+        DB::table('roles')->update([
+            "name" => DB::raw("lower(replace(`display_name`, ' ', '-'))"),
+        ]);
+    }
+}

database/migrations/2020_09_19_094251_add_activity_indexes.php

@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddActivityIndexes extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('activities', function(Blueprint $table) {
+            $table->index('key');
+            $table->index('created_at');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('activities', function(Blueprint $table) {
+            $table->dropIndex('key');
+            $table->dropIndex('created_at');
+        });
+    }
+}

dev/api/requests/chapters-create.json

@@ -0,0 +1,9 @@
+{
+  "book_id": 1,
+  "name": "My fantastic new chapter",
+  "description": "This is a great new chapter that I've created via the API",
+  "tags": [
+    {"name": "Category", "value": "Top Content"},
+    {"name": "Rating", "value": "Highest"}
+  ]
+}

dev/api/requests/chapters-update.json

@@ -0,0 +1,9 @@
+{
+  "book_id": 1,
+  "name": "My fantastic updated chapter",
+  "description": "This is an updated chapter that I've altered via the API",
+  "tags": [
+    {"name": "Category", "value": "Kinda Good Content"},
+    {"name": "Rating", "value": "Medium"}
+  ]
+}

dev/api/requests/shelves-create.json

@@ -0,0 +1,5 @@
+{
+  "name": "My shelf",
+  "description": "This is my shelf with some books",
+  "books": [5,1,3]
+}

dev/api/requests/shelves-update.json

@@ -0,0 +1,5 @@
+{
+  "name": "My updated shelf",
+  "description": "This is my update shelf with some books",
+  "books": [5,1,3]
+}

dev/api/responses/books-read.json

@@ -7,19 +7,12 @@
   "updated_at": "2020-01-12 14:11:51",
   "created_by": {
     "id": 1,
-    "name": "Admin",
-    "created_at": "2019-05-05 21:15:13",
-    "updated_at": "2019-12-16 12:18:37",
-    "image_id": 48
+    "name": "Admin"
   },
   "updated_by": {
     "id": 1,
-    "name": "Admin",
-    "created_at": "2019-05-05 21:15:13",
-    "updated_at": "2019-12-16 12:18:37",
-    "image_id": 48
+    "name": "Admin"
   },
-  "image_id": 452,
   "tags": [
     {
       "id": 13,

dev/api/responses/chapters-create.json

@@ -0,0 +1,38 @@
+{
+  "book_id": 1,
+  "priority": 6,
+  "name": "My fantastic new chapter",
+  "description": "This is a great new chapter that I've created via the API",
+  "created_by": 1,
+  "updated_by": 1,
+  "slug": "my-fantastic-new-chapter",
+  "updated_at": "2020-05-22 22:59:55",
+  "created_at": "2020-05-22 22:59:55",
+  "id": 74,
+  "book": {
+    "id": 1,
+    "name": "BookStack User Guide",
+    "slug": "bookstack-user-guide",
+    "description": "This is a general guide on using BookStack on a day-to-day basis.",
+    "created_at": "2019-05-05 21:48:46",
+    "updated_at": "2019-12-11 20:57:31",
+    "created_by": 1,
+    "updated_by": 1
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Top Content",
+      "order": 0,
+      "created_at": "2020-05-22 22:59:55",
+      "updated_at": "2020-05-22 22:59:55"
+    },
+    {
+      "name": "Rating",
+      "value": "Highest",
+      "order": 0,
+      "created_at": "2020-05-22 22:59:55",
+      "updated_at": "2020-05-22 22:59:55"
+    }
+  ]
+}

dev/api/responses/chapters-list.json

@@ -0,0 +1,29 @@
+{
+  "data": [
+    {
+      "id": 1,
+      "book_id": 1,
+      "name": "Content Creation",
+      "slug": "content-creation",
+      "description": "How to create documentation on whatever subject you need to write about.",
+      "priority": 3,
+      "created_at": "2019-05-05 21:49:56",
+      "updated_at": "2019-09-28 11:24:23",
+      "created_by": 1,
+      "updated_by": 1
+    },
+    {
+      "id": 2,
+      "book_id": 1,
+      "name": "Managing Content",
+      "slug": "managing-content",
+      "description": "How to keep things organised and orderly in the system for easier navigation and better user experience.",
+      "priority": 5,
+      "created_at": "2019-05-05 21:58:07",
+      "updated_at": "2019-10-17 15:05:34",
+      "created_by": 3,
+      "updated_by": 3
+    }
+  ],
+  "total": 40
+}

dev/api/responses/chapters-read.json

@@ -0,0 +1,59 @@
+{
+  "id": 1,
+  "book_id": 1,
+  "slug": "content-creation",
+  "name": "Content Creation",
+  "description": "How to create documentation on whatever subject you need to write about.",
+  "priority": 3,
+  "created_at": "2019-05-05 21:49:56",
+  "updated_at": "2019-09-28 11:24:23",
+  "created_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin"
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Guide",
+      "order": 0,
+      "created_at": "2020-05-22 22:51:51",
+      "updated_at": "2020-05-22 22:51:51"
+    }
+  ],
+  "pages": [
+    {
+      "id": 1,
+      "book_id": 1,
+      "chapter_id": 1,
+      "name": "How to create page content",
+      "slug": "how-to-create-page-content",
+      "priority": 0,
+      "created_at": "2019-05-05 21:49:58",
+      "updated_at": "2019-08-26 14:32:59",
+      "created_by": 1,
+      "updated_by": 1,
+      "draft": 0,
+      "revision_count": 2,
+      "template": 0
+    },
+    {
+      "id": 7,
+      "book_id": 1,
+      "chapter_id": 1,
+      "name": "Good book structure",
+      "slug": "good-book-structure",
+      "priority": 1,
+      "created_at": "2019-05-05 22:01:55",
+      "updated_at": "2019-06-06 12:03:04",
+      "created_by": 3,
+      "updated_by": 3,
+      "draft": 0,
+      "revision_count": 1,
+      "template": 0
+    }
+  ]
+}

dev/api/responses/chapters-update.json

@@ -0,0 +1,38 @@
+{
+  "id": 75,
+  "book_id": 1,
+  "slug": "my-fantastic-updated-chapter",
+  "name": "My fantastic updated chapter",
+  "description": "This is an updated chapter that I've altered via the API",
+  "priority": 7,
+  "created_at": "2020-05-22 23:03:35",
+  "updated_at": "2020-05-22 23:07:20",
+  "created_by": 1,
+  "updated_by": 1,
+  "book": {
+    "id": 1,
+    "name": "BookStack User Guide",
+    "slug": "bookstack-user-guide",
+    "description": "This is a general guide on using BookStack on a day-to-day basis.",
+    "created_at": "2019-05-05 21:48:46",
+    "updated_at": "2019-12-11 20:57:31",
+    "created_by": 1,
+    "updated_by": 1
+  },
+  "tags": [
+    {
+      "name": "Category",
+      "value": "Kinda Good Content",
+      "order": 0,
+      "created_at": "2020-05-22 23:07:20",
+      "updated_at": "2020-05-22 23:07:20"
+    },
+    {
+      "name": "Rating",
+      "value": "Medium",
+      "order": 0,
+      "created_at": "2020-05-22 23:07:20",
+      "updated_at": "2020-05-22 23:07:20"
+    }
+  ]
+}

dev/api/responses/shelves-create.json

@@ -0,0 +1,10 @@
+{
+  "name": "My shelf",
+  "description": "This is my shelf with some books",
+  "created_by": 1,
+  "updated_by": 1,
+  "slug": "my-shelf",
+  "updated_at": "2020-04-10 13:24:09",
+  "created_at": "2020-04-10 13:24:09",
+  "id": 14
+}