WIP

.github/workflows/behat-mysql.yml

@@ -169,14 +169,15 @@ jobs:
           ./occ config:system:set allow_local_remote_servers --value true --type boolean
           ./occ config:system:set auth.bruteforce.protection.enabled --value false --type boolean
           ./occ config:app:set dav enableDefaultContact --value false --type boolean
+          ./occ config:system:set ratelimit.protection.enabled --value false --type boolean
 
       - name: Run behat
         working-directory: apps/${{ env.APP_NAME }}/tests/integration
         env:
           BEHAT_ROOT_DIR: ../../../../
         run: |
           export BEHAT_RUN_AS=runner
-          export BEHAT_VERBOSE="$RUNNER_DEBUG"
+          export BEHAT_VERBOSE=1
           vendor/bin/behat -f junit -f pretty --colors
 
       - name: Print logs

.github/workflows_disable/behat-mysql.yml

@@ -0,0 +1,199 @@
+# SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+name: Behat MySQL
+
+on: pull_request
+
+permissions:
+  contents: read
+
+concurrency:
+  group: behat-mysql-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      php-version: ${{ steps.versions.outputs.php-available-list }}
+      server-max: ${{ steps.versions.outputs.branches-max-list }}
+    steps:
+      - name: Checkout app
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+
+      - name: Get version matrix
+        id: versions
+        uses: icewind1991/nextcloud-version-matrix@58becf3b4bb6dc6cef677b15e2fd8e7d48c0908f # v1.3.1
+        with:
+          matrix: '{"mysql-versions": ["8.1"]}'
+
+  changes:
+    runs-on: ubuntu-latest
+
+    outputs:
+      src: ${{ steps.changes.outputs.src}}
+
+    steps:
+      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        id: changes
+        continue-on-error: true
+        with:
+          filters: |
+            src:
+              - '.github/workflows/behat*'
+              - 'appinfo/**'
+              - 'lib/**'
+              - 'templates/**'
+              - 'tests/**'
+              - '3rdparty/**'
+              - 'vendor-bin/**'
+              - '.php-cs-fixer.dist.php'
+              - 'composer.json'
+              - 'composer.lock'
+
+  behat-mysql:
+    runs-on: ubuntu-latest
+
+    needs: [changes, matrix]
+    if: needs.changes.outputs.src != 'false'
+
+    strategy:
+      matrix:
+        php-versions: ${{ fromJson(needs.matrix.outputs.php-version) }}
+        server-versions: ${{ fromJson(needs.matrix.outputs.server-max) }}
+        mysql-versions: ['8.1']
+
+    name: MySQL ${{ matrix.mysql-versions }} PHP ${{ matrix.php-versions }} Nextcloud ${{ matrix.server-versions }}
+
+    services:
+      mysql:
+        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
+        ports:
+          - 4444:3306/tcp
+        env:
+          MYSQL_ROOT_PASSWORD: rootpassword
+        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
+      mailhog:
+        image: mailhog/mailhog
+        ports:
+          - 8025:8025/tcp
+          - 1025:1025/tcp
+
+    steps:
+      - name: Set app env
+        run: |
+          # Split and keep last
+          echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
+
+      - name: Install system dependencies
+        run: sudo apt update && sudo apt install poppler-utils
+
+      - name: Checkout server
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+          submodules: true
+          repository: nextcloud/server
+          ref: ${{ matrix.server-versions }}
+
+      - name: Checkout app
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          persist-credentials: false
+          submodules: true
+          path: apps/${{ env.APP_NAME }}
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@44454db4f0199b8b9685a5d763dc37cbf79108e1 # v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          tools: phpunit
+          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
+          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, session, simplexml, xmlreader, xmlwriter, zip, zlib, sqlite, pdo_sqlite
+          coverage: none
+          ini-file: development
+          # Temporary workaround for missing pcntl_* in PHP 8.3
+          ini-values: disable_functions=
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable ONLY_FULL_GROUP_BY MySQL option
+        run: |
+          echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
+          echo "SELECT @@sql_mode;" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
+
+      - name: Check composer file existence
+        id: check_composer
+        uses: andstor/file-existence-action@076e0072799f4942c8bc574a82233e1e4d13e9d6 # v3.0.0
+        with:
+          files: apps/${{ env.APP_NAME }}/composer.json
+
+      - name: Set up dependencies
+        # Only run if phpunit config file exists
+        if: steps.check_composer.outputs.files_exists == 'true'
+        working-directory: apps/${{ env.APP_NAME }}
+        run: |
+          composer remove nextcloud/ocp --dev --no-scripts
+          composer install --no-dev
+          composer --working-dir=tests/integration install
+
+      - name: Set up Nextcloud
+        env:
+          DB_PORT: 4444
+        run: |
+          sudo echo "127.0.0.1 mailhog" | sudo tee -a /etc/hosts
+          mkdir data
+          ./occ maintenance:install \
+            --verbose \
+            --database=mysql \
+            --database-name=nextcloud \
+            --database-host=127.0.0.1 \
+            --database-port=$DB_PORT \
+            --database-user=root \
+            --database-pass=rootpassword \
+            --admin-user admin \
+            --admin-pass admin
+          ./occ --version
+          ./occ app:enable --force ${{ env.APP_NAME }}
+          git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/notifications apps/notifications
+          ./occ app:enable --force notifications
+          git clone --depth 1 -b ${{ matrix.server-versions }} https://github.com/nextcloud/activity apps/activity
+          ./occ app:enable --force activity
+          git clone --depth 1 -b main https://github.com/nextcloud/guests apps/guests
+          ./occ app:enable --force guests
+          ./occ config:system:set mail_smtpport --value 1025 --type integer
+          ./occ config:system:set mail_smtphost --value mailhog
+          ./occ config:system:set allow_local_remote_servers --value true --type boolean
+          ./occ config:system:set auth.bruteforce.protection.enabled --value false --type boolean
+          ./occ config:app:set dav enableDefaultContact --value false --type boolean
+
+      - name: Run behat
+        working-directory: apps/${{ env.APP_NAME }}/tests/integration
+        env:
+          BEHAT_ROOT_DIR: ../../../../
+        run: |
+          export BEHAT_RUN_AS=runner
+          export BEHAT_VERBOSE="$RUNNER_DEBUG"
+          vendor/bin/behat -f junit -f pretty --colors
+
+      - name: Print logs
+        if: always()
+        run: |
+          cat data/nextcloud.log
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: [changes, behat-mysql]
+
+    if: always()
+
+    name: behat-mysql-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.changes.outputs.src != 'false' && needs.behat-mysql.result != 'success' }}; then exit 1; fi

lib/Listener/MailNotifyListener.php

@@ -63,6 +63,7 @@ protected function sendSignMailNotification(
 		IIdentifyMethod $identifyMethod,
 	): void {
 		try {
+			\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['isDeletedAccount' => $identifyMethod->getEntity()->isDeletedAccount()]);
 			if ($identifyMethod->getEntity()->isDeletedAccount()) {
 				return;
 			}
@@ -75,6 +76,7 @@ protected function sendSignMailNotification(
 			} elseif ($identifyMethod->getName() === 'email') {
 				$email = $identifyMethod->getEntity()->getIdentifierValue();
 			}
+			\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['email' => $email]);
 			if (empty($email)) {
 				return;
 			}
@@ -172,6 +174,7 @@ protected function sendCanceledMailNotification(
 	}
 
 	private function isNotificationDisabledAtActivity(string $userId, string $type): bool {
+		\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['class usersettings exists' => class_exists(\OCA\Activity\UserSettings::class)]);
 		if (!class_exists(\OCA\Activity\UserSettings::class)) {
 			return false;
 		}
@@ -181,10 +184,12 @@ private function isNotificationDisabledAtActivity(string $userId, string $type):
 			try {
 				$manager->getSettingById($type);
 			} catch (\Exception $e) {
+				\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['exception' => $e]);
 				return false;
 			}
 
 			$adminSetting = $activityUserSettings->getAdminSetting('email', $type);
+			\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['admin setting' => $adminSetting]);
 			if (!$adminSetting) {
 				return true;
 			}
@@ -193,6 +198,7 @@ private function isNotificationDisabledAtActivity(string $userId, string $type):
 				'email',
 				$type
 			);
+			\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['user setting' => $notificationSetting]);
 			if (!$notificationSetting) {
 				return true;
 			}

lib/Service/IdentifyMethod/AbstractIdentifyMethod.php

@@ -133,6 +133,7 @@ public function getSettings(): array {
 
 	#[\Override]
 	public function notify(): bool {
+		\OCP\Server::get(\Psr\Log\LoggerInterface::class)->error('[DEBUG]', ['willNotify' => $this->willNotify]);
 		if (!$this->willNotify) {
 			return false;
 		}

tests/integration/features/account/me.feature

@@ -9,7 +9,7 @@ Feature: account/me
 
   Scenario: who a me with success
     Given as user "signer1"
-    And set the email of user "signer1" to ""
+    And set the libresign email of user "signer1" to ""
     And sending "get" to ocs "/apps/libresign/api/v1/account/me"
     Then the response should have a status code 200
     And the response should be a JSON array with the following mandatory values

tests/integration/features/account/signature.feature

@@ -46,7 +46,7 @@ Feature: account/signature
   Scenario: Create pfx with success using CFSSL
     Given user "signer1" exists
     And as user "signer1"
-    And set the email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer1" to "[email protected]"
     And run the command "config:app:set libresign certificate_engine --value=cfssl" with result code 0
     And run the command "libresign:install --use-local-cert --cfssl" with result code 0
     And run the command "libresign:configure:cfssl --cn=Common\ Name --c=BR --o=Organization --st=State\ of\ Company --l=City\ Name --ou=Organization\ Unit" with result code 0
@@ -108,7 +108,7 @@ Feature: account/signature
   Scenario: Create pfx with success using OpenSSL
     Given user "signer1" exists
     And as user "signer1"
-    And set the email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer1" to "[email protected]"
     And run the command "libresign:configure:openssl --cn=Common\ Name --c=BR --o=Organization --st=State\ of\ Company --l=City\ Name --ou=Organization\ Unit" with result code 0
     When sending "delete" to ocs "/apps/libresign/api/v1/account/pfx"
     Then the response should have a status code 202

tests/integration/features/bootstrap/FeatureContext.php

@@ -39,6 +39,35 @@ public function setOpenedEmailStorage(OpenedEmailStorage $storage): void {
 		$this->openedEmailStorage = $storage;
 	}
 
+	#[Given('set the libresign email of user :user to :email')]
+	public function setUserEmail(string $user, string $email): void {
+		$currentUser = $this->currentUser;
+		$this->setCurrentUser('admin');
+		// Avoid unnecessary PUTs that can trigger user edit rate limits.
+		try {
+			$this->sendOCSRequest('GET', '/cloud/users/' . $user);
+			$body = $this->response->getBody()->getContents();
+			$this->response->getBody()->seek(0);
+			$decoded = json_decode($body, true);
+			if (is_array($decoded) && isset($decoded['ocs']['data']['email']) && $decoded['ocs']['data']['email'] === $email) {
+				$this->setCurrentUser($currentUser);
+				return;
+			}
+		} catch (\Throwable $e) {
+			// If checking failed, continue to attempt to set the email below.
+		}
+
+		$this->sendOCSRequest('PUT', '/cloud/users/' . $user, [
+			'key' => 'email',
+			'value' => $email
+		]);
+		// Fail fast with a clear message if we hit the rate limit (429)
+		if ($this->response->getStatusCode() === 429) {
+			throw new \RuntimeException('Rate limit when setting user email for ' . $user . ': ' . $this->response->getBody()->getContents());
+		}
+		$this->setCurrentUser($currentUser);
+	}
+
 	protected function beforeRequest(string $fullUrl, array $options): array {
 		[$fullUrl, $options] = parent::beforeRequest($fullUrl, $options);
 		$options = $this->parseFormParams($options);

tests/integration/features/file/list.feature

@@ -3,8 +3,8 @@ Feature: file-list
     Given as user "admin"
     Given user "signer1" exists
     Given user "signer2" exists
-    And set the email of user "signer1" to "[email protected]"
-    And set the email of user "signer2" to ""
+    And set the libresign email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer2" to ""
     And sending "post" to ocs "/apps/libresign/api/v1/request-signature"
       | file | {"url":"<BASE_URL>/apps/libresign/develop/pdf"} |
       | users | [{"identify":{"email":"[email protected]"}},{"identify":{"account":"signer2"}}] |

tests/integration/features/notification/custom_message_notification.feature

@@ -6,7 +6,7 @@ Feature: Custom message for signers
   Background:
     Given as user "admin"
     And user "signer1" exists
-    And set the email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer1" to "[email protected]"
     And my inbox is empty
     And reset notifications of user "signer1"
     And run the command "libresign:configure:openssl --cn test" with result code 0

tests/integration/features/page/sign_identify_account.feature

@@ -5,7 +5,7 @@ Feature: page/sign_identify_account
   Scenario: Open sign file with invalid account data
     Given user "signer1" exists
     And as user "admin"
-    And set the email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer1" to "[email protected]"
     And my inbox is empty
     And reset notifications of user "signer1"
     And sending "post" to ocs "/apps/libresign/api/v1/request-signature"
@@ -59,7 +59,7 @@ Feature: page/sign_identify_account
   Scenario: Open sign file with all data valid
     Given user "signer1" exists
     And as user "admin"
-    And set the email of user "signer1" to "[email protected]"
+    And set the libresign email of user "signer1" to "[email protected]"
     And my inbox is empty
     And reset notifications of user "signer1"
     And sending "post" to ocs "/apps/libresign/api/v1/request-signature"