Merge pull request #5544 from LibreSign/backport/5533/stable32

[stable32] fix: make the error message more specific

Author: vitormattos

lib/Controller/RequestSignatureController.php

@@ -9,6 +9,7 @@
 namespace OCA\Libresign\Controller;
 
 use OCA\Libresign\AppInfo\Application;
+use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Helper\ValidateHelper;
 use OCA\Libresign\Middleware\Attribute\RequireManager;
 use OCA\Libresign\ResponseDefinitions;
@@ -91,10 +92,23 @@ public function request(array $file, array $users, string $name, ?string $callba
 				],
 				Http::STATUS_OK
 			);
+		} catch (LibresignException $e) {
+			$errorMessage = $e->getMessage();
+			$decoded = json_decode($errorMessage, true);
+			if (json_last_error() === JSON_ERROR_NONE && isset($decoded['errors'])) {
+				$errorMessage = $decoded['errors'][0]['message'] ?? $errorMessage;
+			}
+			return new DataResponse(
+				[
+					'message' => $errorMessage,
+				],
+				Http::STATUS_UNPROCESSABLE_ENTITY
+			);
 		} catch (\Throwable $th) {
+			$errorMessage = $th->getMessage();
 			return new DataResponse(
 				[
-					'message' => $th->getMessage(),
+					'message' => $errorMessage,
 				],
 				Http::STATUS_UNPROCESSABLE_ENTITY
 			);
@@ -133,6 +147,7 @@ public function updateSign(?array $users = [], ?string $uuid = null, ?array $vis
 		try {
 			$this->validateHelper->validateExistingFile($data);
 			$this->validateHelper->validateFileStatus($data);
+			$this->validateHelper->validateIdentifySigners($data);
 			if (!empty($data['visibleElements'])) {
 				$this->validateHelper->validateVisibleElements($data['visibleElements'], $this->validateHelper::TYPE_VISIBLE_ELEMENT_PDF);
 			}

lib/Helper/ValidateHelper.php

@@ -503,6 +503,50 @@ public function validateFileStatus(array $data): void {
 		}
 	}
 
+	public function validateIdentifySigners(array $data): void {
+		$this->validateSignersDataStructure($data);
+
+		foreach ($data['users'] as $signer) {
+			$this->validateSignerData($signer);
+		}
+	}
+
+	private function validateSignersDataStructure(array $data): void {
+		if (empty($data) || !array_key_exists('users', $data) || !is_array($data['users'])) {
+			throw new LibresignException($this->l10n->t('No signers'));
+		}
+	}
+
+	private function validateSignerData(mixed $signer): void {
+		if (!is_array($signer) || empty($signer)) {
+			throw new LibresignException($this->l10n->t('No signers'));
+		}
+
+		$this->validateSignerIdentifyMethods($signer);
+	}
+
+	private function validateSignerIdentifyMethods(array $signer): void {
+		if (empty($signer['identify']) || !is_array($signer['identify'])) {
+			// It's an api error, don't translate
+			throw new LibresignException('No identify methods for signer');
+		}
+
+		foreach ($signer['identify'] as $name => $identifyValue) {
+			$this->validateIdentifyMethodForRequest($name, $identifyValue);
+		}
+	}
+
+	private function validateIdentifyMethodForRequest(string $name, string $identifyValue): void {
+		$identifyMethod = $this->identifyMethodService->getInstanceOfIdentifyMethod($name, $identifyValue);
+		$identifyMethod->validateToRequest();
+
+		$signatureMethods = $identifyMethod->getSignatureMethods();
+		if (empty($signatureMethods)) {
+			// It's an api error, don't translate
+			throw new LibresignException('No signature methods for identify method ' . $name);
+		}
+	}
+
 	public function validateExistingFile(array $data): void {
 		if (isset($data['uuid'])) {
 			$this->validateFileUuid($data);

lib/Service/IdentifyMethod/Account.php

@@ -54,9 +54,27 @@ public function __construct(
 	}
 
 	public function validateToRequest(): void {
-		$signer = $this->userManager->get($this->entity->getIdentifierValue());
-		if (!$signer) {
-			throw new LibresignException($this->identifyService->getL10n()->t('User not found.'));
+		$signer = $this->getSigner();
+		$this->validateSignatureMethodsForRequest($signer);
+	}
+
+	private function validateSignatureMethodsForRequest(IUser $signer): void {
+		foreach ($this->getSignatureMethods() as $signatureMethod) {
+			if (!$signatureMethod->isEnabled()) {
+				continue;
+			}
+			if ($signatureMethod->getName() === ISignatureMethod::SIGNATURE_METHOD_EMAIL_TOKEN) {
+				$this->validateEmailForEmailToken($signer);
+			}
+		}
+	}
+
+	private function validateEmailForEmailToken(IUser $signer): void {
+		$email = $signer->getEMailAddress();
+		if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+			throw new LibresignException(
+				$this->identifyService->getL10n()->t('Signer without valid email address')
+			);
 		}
 	}
 

lib/Service/IdentifyMethod/SignatureMethod/EmailToken.php

@@ -8,8 +8,6 @@
 
 namespace OCA\Libresign\Service\IdentifyMethod\SignatureMethod;
 
-use OCA\Libresign\Exception\LibresignException;
-use OCA\Libresign\Helper\JSActions;
 use OCA\Libresign\Service\IdentifyMethod\IdentifyService;
 use OCA\Libresign\Vendor\Wobeto\EmailBlur\Blur;
 
@@ -39,13 +37,6 @@ public function toArray(): array {
 			default => '',
 		};
 
-		if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
-			throw new LibresignException(json_encode([
-				'action' => JSActions::ACTION_DO_NOTHING,
-				'errors' => [['message' => $this->identifyService->getL10n()->t('Invalid email')]],
-			]));
-		}
-
 		$emailLowercase = strtolower($email);
 
 		$code = $entity->getCode();
@@ -61,8 +52,8 @@ public function toArray(): array {
 		$return['identifyMethod'] = $entity->getIdentifierKey();
 		$return['needCode'] = $needCode;
 		$return['hasConfirmCode'] = $hasConfirmCode;
-		$return['blurredEmail'] = $this->blurEmail($emailLowercase);
-		$return['hashOfEmail'] = md5($emailLowercase);
+		$return['blurredEmail'] = $emailLowercase ? $this->blurEmail($emailLowercase) : '';
+		$return['hashOfEmail'] = $emailLowercase ? md5($emailLowercase) : '';
 		return $return;
 	}
 

lib/Service/IdentifyMethodService.php

@@ -75,6 +75,7 @@ public function getInstanceOfIdentifyMethod(string $name, ?string $identifyValue
 		if ($identifyValue && isset($this->identifyMethods[$name])) {
 			foreach ($this->identifyMethods[$name] as $identifyMethod) {
 				if ($identifyMethod->getEntity()->getIdentifierValue() === $identifyValue) {
+					$identifyMethod = $this->mergeWithCurrentIdentifyMethod($identifyMethod);
 					return $identifyMethod;
 				}
 			}
@@ -95,6 +96,18 @@ public function getInstanceOfIdentifyMethod(string $name, ?string $identifyValue
 		return $identifyMethod;
 	}
 
+	private function mergeWithCurrentIdentifyMethod(IIdentifyMethod $identifyMethod): IIdentifyMethod {
+		if ($this->currentIdentifyMethod === null) {
+			return $identifyMethod;
+		}
+		if ($this->currentIdentifyMethod->getIdentifierKey() === $identifyMethod->getEntity()->getIdentifierKey()
+			&& $this->currentIdentifyMethod->getIdentifierValue() === $identifyMethod->getEntity()->getIdentifierValue()
+		) {
+			$identifyMethod->setEntity($this->currentIdentifyMethod);
+		}
+		return $identifyMethod;
+	}
+
 	private function getNewInstanceOfMethod(string $name): IIdentifyMethod {
 		$className = 'OCA\Libresign\Service\IdentifyMethod\\' . ucfirst($name);
 		if (!class_exists($className)) {

tests/integration/features/sign/request.feature

@@ -222,8 +222,8 @@ Feature: request-signature
       | users | [{"identify":{"account":"signer2"}}] |
       | name | document |
     Then the response should be a JSON array with the following mandatory values
-      | key                   | value           |
-      | (jq).ocs.data.message | User not found. |
+      | key                   | value        |
+      | (jq).ocs.data.message | Invalid user |
 
   Scenario: Request to sign with success using account as identifier
     Given as user "admin"
@@ -273,8 +273,8 @@ Feature: request-signature
       | name | document |
     Then the response should have a status code 422
     Then the response should be a JSON array with the following mandatory values
-      | key                   | value           |
-      | (jq).ocs.data.message | User not found. |
+      | key                   | value        |
+      | (jq).ocs.data.message | Invalid user |
 
   Scenario: Request to sign with error using email as account identifier
     Given as user "admin"
@@ -285,8 +285,8 @@ Feature: request-signature
       | name | document |
     Then the response should have a status code 422
     Then the response should be a JSON array with the following mandatory values
-      | key                   | value           |
-      | (jq).ocs.data.message | User not found. |
+      | key                   | value        |
+      | (jq).ocs.data.message | Invalid user |
 
   Scenario: Request to sign with success using email as identifier and URL as file
     Given as user "admin"

tests/php/Unit/Helper/ValidateHelperTest.php

@@ -19,6 +19,8 @@
 use OCA\Libresign\Db\UserElementMapper;
 use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Helper\ValidateHelper;
+use OCA\Libresign\Service\IdentifyMethod\IIdentifyMethod;
+use OCA\Libresign\Service\IdentifyMethod\SignatureMethod\ISignatureMethod;
 use OCA\Libresign\Service\IdentifyMethodService;
 use OCA\Libresign\Service\SignerElementsService;
 use OCP\Files\IMimeTypeDetector;
@@ -30,6 +32,7 @@
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\Security\IHasher;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\MockObject\MockObject;
 
 final class ValidateHelperTest extends \OCA\Libresign\Tests\Unit\TestCase {
@@ -621,4 +624,119 @@ public static function datavalidateIfIdentifyMethodExists(): array {
 			['telegram', false],
 		];
 	}
+
+	#[DataProvider('providerValidateSignersDataStructure')]
+	public function testValidateSignersDataStructure(array $data, ?string $expectedException, ?string $expectedMessage): void {
+		$validateHelper = $this->getValidateHelper();
+
+		if ($expectedException) {
+			$this->expectException($expectedException);
+			if ($expectedMessage) {
+				$this->expectExceptionMessage($expectedMessage);
+			}
+		}
+
+		// Use reflection to test private method
+		$method = new \ReflectionMethod($validateHelper, 'validateSignersDataStructure');
+		$method->invoke($validateHelper, $data);
+
+		if (!$expectedException) {
+			$this->assertTrue(true);
+		}
+	}
+
+	public static function providerValidateSignersDataStructure(): array {
+		return [
+			'Empty data' => [[], LibresignException::class, 'No signers'],
+			'No users key' => [['invalid' => 'data'], LibresignException::class, 'No signers'],
+			'Users is not array' => [['users' => 'invalid'], LibresignException::class, 'No signers'],
+			'Valid structure' => [['users' => []], null, null],
+		];
+	}
+
+	#[DataProvider('providerValidateSignerData')]
+	public function testValidateSignerData($signer, ?string $expectedException, ?string $expectedMessage): void {
+		$validateHelper = $this->getValidateHelper();
+
+		if ($expectedException) {
+			$this->expectException($expectedException);
+			if ($expectedMessage) {
+				$this->expectExceptionMessage($expectedMessage);
+			}
+		}
+
+		$method = new \ReflectionMethod($validateHelper, 'validateSignerData');
+		$method->invoke($validateHelper, $signer);
+
+		if (!$expectedException) {
+			$this->assertTrue(true);
+		}
+	}
+
+	public static function providerValidateSignerData(): array {
+		return [
+			'Signer is not array' => ['invalid', LibresignException::class, 'No signers'],
+			'Empty signer' => [[], LibresignException::class, 'No signers'],
+			'No identify methods' => [['name' => 'User'], LibresignException::class, 'No identify methods for signer'],
+			'Identify is not array' => [['identify' => 'invalid'], LibresignException::class, 'No identify methods for signer'],
+		];
+	}
+
+	public function testValidateIdentifyMethodForRequestWithNoSignatureMethods(): void {
+		$identifyMethod = $this->createMock(IIdentifyMethod::class);
+		$identifyMethod->method('getSignatureMethods')->willReturn([]);
+		$identifyMethod->method('validateToRequest');
+
+		$this->identifyMethodService
+			->method('getInstanceOfIdentifyMethod')
+			->willReturn($identifyMethod);
+
+		$validateHelper = $this->getValidateHelper();
+
+		$this->expectException(LibresignException::class);
+		$this->expectExceptionMessage('No signature methods for identify method account');
+
+		$method = new \ReflectionMethod($validateHelper, 'validateIdentifyMethodForRequest');
+		$method->invoke($validateHelper, 'account', '[email protected]');
+	}
+
+	public function testValidateIdentifyMethodForRequestWithValidSignatureMethods(): void {
+		$signatureMethod = $this->createMock(ISignatureMethod::class);
+		$identifyMethod = $this->createMock(IIdentifyMethod::class);
+		$identifyMethod->method('getSignatureMethods')->willReturn([$signatureMethod]);
+		$identifyMethod->method('validateToRequest');
+
+		$this->identifyMethodService
+			->method('getInstanceOfIdentifyMethod')
+			->willReturn($identifyMethod);
+
+		$validateHelper = $this->getValidateHelper();
+
+		$method = new \ReflectionMethod($validateHelper, 'validateIdentifyMethodForRequest');
+		$result = $method->invoke($validateHelper, 'account', '[email protected]');
+
+		$this->assertNull($result);
+	}
+
+	public function testValidateIdentifySignersIntegration(): void {
+		$signatureMethod = $this->createMock(ISignatureMethod::class);
+		$identifyMethod = $this->createMock(IIdentifyMethod::class);
+		$identifyMethod->method('getSignatureMethods')->willReturn([$signatureMethod]);
+		$identifyMethod->method('validateToRequest');
+
+		$this->identifyMethodService
+			->method('getInstanceOfIdentifyMethod')
+			->willReturn($identifyMethod);
+
+		$data = [
+			'users' => [
+				['identify' => ['account' => '[email protected]']]
+			]
+		];
+
+		$validateHelper = $this->getValidateHelper();
+		$result = $validateHelper->validateIdentifySigners($data);
+
+		$this->assertNull($result);
+	}
 }