19875332299

Committed 02 Dec 2025 10:16PM UTC coverage: 41.686%. First build

Build # 19875332299

Build Type

Pull #4464

github

Committed by

web-flow

Commit Message

Merge b1d57ae77 into da0973853

Pull Request Pull Request #4464: refactor: attach document

Run Details

113 of 256 new or added lines in 15 files covered. (44.14%)

5122 of 12287 relevant lines covered (41.69%)

4.18 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

19.5

/lib/Service/AccountService.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace OCA\Libresign\Service;

use InvalidArgumentException;
use OC\Files\Filesystem;
use OCA\Libresign\AppInfo\Application;
use OCA\Libresign\Db\File as FileEntity;
use OCA\Libresign\Db\FileMapper;
use OCA\Libresign\Db\FileTypeMapper;
use OCA\Libresign\Db\IdentifyMethodMapper;
use OCA\Libresign\Db\SignRequest;
use OCA\Libresign\Db\SignRequestMapper;
use OCA\Libresign\Db\UserElement;
use OCA\Libresign\Db\UserElementMapper;
use OCA\Libresign\Exception\InvalidPasswordException;
use OCA\Libresign\Exception\LibresignException;
use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
use OCA\Libresign\Helper\ValidateHelper;
use OCA\Settings\Mailer\NewUserMailHelper;
use OCP\Accounts\IAccountManager;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\Config\IMountProviderCollection;
use OCP\Files\File;
use OCP\Files\IMimeTypeDetector;
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\Http\Client\IClientService;
use OCP\IAppConfig;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N;
use OCP\IURLGenerator;
use OCP\IUser;
use OCP\IUserManager;
use Sabre\DAV\UUIDUtil;
use Throwable;

class AccountService {
        private ?SignRequest $signRequest = null;
        private ?\OCA\Libresign\Db\File $fileData = null;
        private \OCP\Files\File $fileToSign;

        public function __construct(
                private IL10N $l10n,
                private SignRequestMapper $signRequestMapper,
                private IUserManager $userManager,
                private IAccountManager $accountManager,
                private IRootFolder $root,
                private IMimeTypeDetector $mimeTypeDetector,
                private FileMapper $fileMapper,
                private FileTypeMapper $fileTypeMapper,
                private SignFileService $signFileService,
                private RequestSignatureService $requestSignatureService,
                private CertificateEngineFactory $certificateEngineFactory,
                private IConfig $config,
                private IAppConfig $appConfig,
                private IMountProviderCollection $mountProviderCollection,
                private NewUserMailHelper $newUserMail,
                private IdentifyMethodService $identifyMethodService,
                private IdentifyMethodMapper $identifyMethodMapper,
                private ValidateHelper $validateHelper,
                private IURLGenerator $urlGenerator,
                private Pkcs12Handler $pkcs12Handler,
                private IGroupManager $groupManager,
                private IdDocsService $idDocsService,
                private SignerElementsService $signerElementsService,
                private UserElementMapper $userElementMapper,
                private FolderService $folderService,
                private IClientService $clientService,
                private ITimeFactory $timeFactory,
        ) {
        }

        public function validateCreateToSign(array $data): void {
                if (!UUIDUtil::validateUUID($data['uuid'])) {
                        throw new LibresignException($this->l10n->t('Invalid UUID'), 1);
                }
                try {
                        $signRequest = $this->getSignRequestByUuid($data['uuid']);
                } catch (\Throwable) {
                        throw new LibresignException($this->l10n->t('UUID not found'), 1);
                }
                $identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequest->getId());
                if (!array_key_exists('identify', $data['user'])) {
                        throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
                }
                foreach ($data['user']['identify'] as $method => $value) {
                        if (!array_key_exists($method, $identifyMethods)) {
                                throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
                        }
                        foreach ($identifyMethods[$method] as $identifyMethod) {
                                $identifyMethod->validateToCreateAccount($value);
                        }
                }
                if (empty($data['password'])) {
                        throw new LibresignException($this->l10n->t('Password is mandatory'), 1);
                }
                $file = $this->getFileByUuid($data['uuid']);
                if (empty($file['fileToSign'])) {
                        throw new LibresignException($this->l10n->t('File not found'));
                }
        }

        public function getFileByUuid(string $uuid): array {
                $signRequest = $this->getSignRequestByUuid($uuid);
                if (!$this->fileData instanceof \OCA\Libresign\Db\File) {
                        $this->fileData = $this->fileMapper->getById($signRequest->getFileId());

                        $nodeId = $this->fileData->getNodeId();

                        $fileToSign = $this->root->getUserFolder($this->fileData->getUserId())->getFirstNodeById($nodeId);
                        if ($fileToSign) {
                                $this->fileToSign = $fileToSign;
                        }
                }
                return [
                        'fileData' => $this->fileData,
                        'fileToSign' => $this->fileToSign
                ];
        }

        public function validateCertificateData(array $data): void {
                if (array_key_exists('email', $data['user']) && empty($data['user']['email'])) {
                        throw new LibresignException($this->l10n->t('You must have an email. You can define the email in your profile.'), 1);
                }
                if (!empty($data['user']['email']) && !filter_var($data['user']['email'], FILTER_VALIDATE_EMAIL)) {
                        throw new LibresignException($this->l10n->t('Invalid email'), 1);
                }
                if (empty($data['signPassword'])) {
                        throw new LibresignException($this->l10n->t('Password to sign is mandatory'), 1);
                }
        }

        /**
         * Get signRequest by Uuid
         */
        public function getSignRequestByUuid(string $uuid): SignRequest {
                if (!$this->signRequest instanceof SignRequest) {
                        $this->signRequest = $this->signRequestMapper->getByUuid($uuid);
                }
                return $this->signRequest;
        }

        public function createToSign(string $uuid, string $email, string $password, ?string $signPassword): void {
                $signRequest = $this->getSignRequestByUuid($uuid);

                $newUser = $this->userManager->createUser($email, $password);
                $newUser->setDisplayName($signRequest->getDisplayName());
                $newUser->setSystemEMailAddress($email);

                $this->updateIdentifyMethodToAccount($signRequest->getId(), $email, $newUser->getUID());

                if ($this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes') {
                        try {
                                $emailTemplate = $this->newUserMail->generateTemplate($newUser, false);
                                $this->newUserMail->sendMail($newUser, $emailTemplate);
                        } catch (\Exception) {
                                throw new LibresignException('Unable to send the invitation', 1);
                        }
                }

                if ($signPassword) {
                        $certificate = $this->pkcs12Handler->generateCertificate(
                                [
                                        'host' => $newUser->getPrimaryEMailAddress(),
                                        'uid' => 'account:' . $newUser->getUID(),
                                        'name' => $newUser->getDisplayName()
                                ],
                                $signPassword,
                                $newUser->getDisplayName()
                        );
                        $this->pkcs12Handler->savePfx($newUser->getPrimaryEMailAddress(), $certificate);
                }
        }

        public function getCertificateEngineName(): string {
                return $this->certificateEngineFactory->getEngine()->getName();
        }

        /**
         * @return array[]
         */
        public function getConfig(?IUser $user = null): array {
                $info['identificationDocumentsFlow'] = $this->appConfig->getValueBool(Application::APP_ID, 'identification_documents', false);
                $info['hasSignatureFile'] = $this->hasSignatureFile($user);
                $info['phoneNumber'] = $this->getPhoneNumber($user);
                $info['isApprover'] = $this->validateHelper->userCanApproveValidationDocuments($user, false);
                $info['grid_view'] = $this->getUserConfigGridView($user);

                if ($user && $this->groupManager->isAdmin($user->getUID())) {
                        $info = array_filter(array_merge($info, [
                                'crl_filters' => $this->getUserConfigCrlFilters($user),
                                'crl_sort' => $this->getUserConfigCrlSort($user),
                        ]));
                }

                return $info;
        }



        private function updateIdentifyMethodToAccount(int $signRequestId, string $email, string $uid): void {
                $identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequestId);
                foreach ($identifyMethods as $name => $methods) {
                        if ($name === IdentifyMethodService::IDENTIFY_EMAIL) {
                                foreach ($methods as $identifyMethod) {
                                        $entity = $identifyMethod->getEntity();
                                        if ($entity->getIdentifierValue() === $email) {
                                                $entity->setIdentifierKey(IdentifyMethodService::IDENTIFY_ACCOUNT);
                                                $entity->setIdentifierValue($uid);
                                                $this->identifyMethodMapper->update($entity);
                                        }
                                }
                        }
                }
        }

        private function getPhoneNumber(?IUser $user): string {
                if (!$user) {
                        return '';
                }
                $userAccount = $this->accountManager->getAccount($user);
                return $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
        }

        public function hasSignatureFile(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }
                try {
                        $this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID());
                        return true;
                } catch (LibresignException) {
                        return false;
                }
        }

        private function getUserConfigGridView(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }

                return $this->config->getUserValue($user->getUID(), Application::APP_ID, 'grid_view', false) === '1';
        }

        private function getUserConfigCrlFilters(?IUser $user = null): array {
                if (!$user) {
                        return [];
                }

                $value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_filters', '');
                if (empty($value)) {
                        return [];
                }

                $decoded = json_decode($value, true);
                return is_array($decoded) ? $decoded : [];
        }

        private function getUserConfigCrlSort(?IUser $user = null): array {
                if (!$user) {
                        return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
                }

                $value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_sort', '');
                if (empty($value)) {
                        return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
                }

                $decoded = json_decode($value, true);
                return is_array($decoded) ? $decoded : ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
        }

        /**
         * Get PDF node by UUID
         *
         * @psalm-suppress MixedReturnStatement
         * @throws Throwable
         * @return \OCP\Files\File
         */
        public function getPdfByUuid(string $uuid): File {
                $fileData = $this->fileMapper->getByUuid($uuid);

                if (in_array($fileData->getStatus(), [FileEntity::STATUS_PARTIAL_SIGNED, FileEntity::STATUS_SIGNED])) {
                        $nodeId = $fileData->getSignedNodeId();
                } else {
                        $nodeId = $fileData->getNodeId();
                }
                $file = $this->root->getUserFolder($fileData->getUserId())->getFirstNodeById($nodeId);
                if (!$file instanceof File) {
                        throw new DoesNotExistException('Not found');
                }
                return $file;
        }

        public function getFileByNodeId(int $nodeId): File {
                try {
                        return $this->folderService->getFileById($nodeId);
                } catch (NotFoundException) {
                        throw new DoesNotExistException('Not found');
                }
        }

        public function canRequestSign(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }
                $authorized = $this->appConfig->getValueArray(Application::APP_ID, 'groups_request_sign', ['admin']);
                if (empty($authorized)) {
                        return false;
                }
                $userGroups = $this->groupManager->getUserGroupIds($user);
                if (!array_intersect($userGroups, $authorized)) {
                        return false;
                }
                return true;
        }

        public function getSettings(?IUser $user = null): array {
                $return['canRequestSign'] = $this->canRequestSign($user);
                $return['hasSignatureFile'] = $this->hasSignatureFile($user);
                return $return;
        }

        public function addFilesToAccount(array $files, IUser $user): void {
                $this->idDocsService->addIdDocs($files, $user);
        }

        public function deleteFileFromAccount(int $nodeId, IUser $user): void {
                $this->idDocsService->deleteIdDoc($nodeId, $user);
        }

        public function saveVisibleElements(array $elements, string $sessionId, ?IUser $user): void {
                foreach ($elements as $element) {
                        $this->saveVisibleElement($element, $sessionId, $user);
                }
        }

        public function saveVisibleElement(array $data, string $sessionId, ?IUser $user): void {
                if (isset($data['elementId'])) {
                        $this->updateFileOfVisibleElement($data);
                        $this->updateDataOfVisibleElement($data);
                } elseif ($user instanceof IUser) {
                        $file = $this->saveFileOfVisibleElementUsingUser($data, $user);
                        $this->insertVisibleElement($data, $user, $file);
                } else {
                        $file = $this->saveFileOfVisibleElementUsingSession($data, $sessionId);
                }
        }

        private function updateFileOfVisibleElement(array $data): void {
                if (!isset($data['file'])) {
                        return;
                }
                $userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
                $file = $this->folderService->getFileById($userElement->getFileId());
                $file->putContent($this->getFileRaw($data));
        }

        private function updateDataOfVisibleElement(array $data): void {
                if (!isset($data['starred'])) {
                        return;
                }
                $userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
                $userElement->setStarred($data['starred'] ? 1 : 0);
                $this->userElementMapper->update($userElement);
        }

        private function saveFileOfVisibleElementUsingUser(array $data, IUser $user): File {
                $rootSignatureFolder = $this->folderService->getFolder();
                $folderName = $this->folderService->getFolderName($data, $user);
                $folderToFile = $rootSignatureFolder->newFolder($folderName);
                return $folderToFile->newFile(UUIDUtil::getUUID() . '.png', $this->getFileRaw($data));
        }

        private function saveFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                if (!empty($data['nodeId'])) {
                        return $this->updateFileOfVisibleElementUsingSession($data, $sessionId);
                }
                return $this->createFileOfVisibleElementUsingSession($data, $sessionId);
        }

        private function updateFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                $fileList = $this->signerElementsService->getElementsFromSession();
                $element = array_filter($fileList, fn (File $element) => $element->getId() === $data['nodeId']);
                $element = current($element);
                if (!$element instanceof File) {
                        throw new \Exception($this->l10n->t('File not found'));
                }
                $element->putContent($this->getFileRaw($data));
                return $element;
        }

        private function createFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                $rootSignatureFolder = $this->folderService->getFolder();
                $folderName = $sessionId;
                $folderToFile = $rootSignatureFolder->newFolder($folderName);
                $filename = implode(
                        '_',
                        [
                                $data['type'],
                                $this->timeFactory->getDateTime()->getTimestamp(),
                        ]
                ) . '.png';
                return $folderToFile->newFile($filename, $this->getFileRaw($data));
        }

        private function insertVisibleElement(array $data, IUser $user, File $file): void {
                $userElement = new UserElement();
                $userElement->setType($data['type']);
                $userElement->setFileId($file->getId());
                $userElement->setUserId($user->getUID());
                $userElement->setStarred(isset($data['starred']) && $data['starred'] ? 1 : 0);
                $userElement->setCreatedAt($this->timeFactory->getDateTime());
                $this->userElementMapper->insert($userElement);
        }

        private function getFileRaw(array $data): string {
                if (!empty($data['file']['url'])) {
                        if (!filter_var($data['file']['url'], FILTER_VALIDATE_URL)) {
                                throw new \Exception($this->l10n->t('Invalid URL file'));
                        }
                        $response = $this->clientService->newClient()->get($data['file']['url']);
                        $contentType = $response->getHeader('Content-Type');
                        if ($contentType !== 'image/png') {
                                throw new \Exception($this->l10n->t('Visible element file must be png.'));
                        }
                        $content = (string)$response->getBody();
                        if (empty($content)) {
                                throw new \Exception($this->l10n->t('Empty file'));
                        }
                        $this->validateHelper->validateBase64($content, ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
                        return $content;
                }
                $this->validateHelper->validateBase64($data['file']['base64'], ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
                $withMime = explode(',', (string)$data['file']['base64']);
                if (count($withMime) === 2) {
                        $content = base64_decode($withMime[1]);
                } else {
                        $content = base64_decode((string)$data['file']['base64']);
                }
                if (!$content) {
                        return '';
                }
                return $content;
        }

        public function deleteSignatureElement(?IUser $user, string $sessionId, int $nodeId): void {
                if ($user instanceof IUser) {
                        $element = $this->userElementMapper->findOne([
                                'file_id' => $nodeId,
                                'user_id' => $user->getUID(),
                        ]);
                        $this->userElementMapper->delete($element);
                        try {
                                $file = $this->folderService->getFileById($element->getFileId());
                                $file->delete();
                        } catch (NotFoundException) {
                        }
                } else {
                        $rootSignatureFolder = $this->folderService->getFolder();
                        $folderName = $sessionId;
                        $rootSignatureFolder->delete($folderName);
                }
        }

        /**
         * @throws LibresignException at savePfx
         * @throws InvalidArgumentException
         */
        public function uploadPfx(array $file, IUser $user): void {
                if (
                        $file['error'] !== 0
                        || !is_uploaded_file($file['tmp_name'])
                        || Filesystem::isFileBlacklisted($file['tmp_name'])
                ) {
                        // TRANSLATORS Error when the uploaded certificate file is not valid
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                if ($file['size'] > 10 * 1024) {
                        // TRANSLATORS Error when the certificate file is bigger than normal
                        throw new InvalidArgumentException($this->l10n->t('File is too big'));
                }
                $content = file_get_contents($file['tmp_name']);
                $mimetype = $this->mimeTypeDetector->detectString($content);
                if ($mimetype !== 'application/octet-stream') {
                        // TRANSLATORS Error when the mimetype of uploaded file is not valid
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                $extension = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));
                if ($extension !== 'pfx') {
                        // TRANSLATORS Error when the certificate file is not a pfx file
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                unlink($file['tmp_name']);
                $this->pkcs12Handler->savePfx($user->getUID(), $content);
        }

        public function deletePfx(IUser $user): void {
                $this->pkcs12Handler->deletePfx($user->getUID());
        }

        /**
         * @throws LibresignException when have not a certificate file
         */
        public function updatePfxPassword(IUser $user, string $current, string $new): void {
                try {
                        $pfx = $this->pkcs12Handler->updatePassword($user->getUID(), $current, $new);
                } catch (InvalidPasswordException) {
                        throw new LibresignException($this->l10n->t('Invalid user or password'));
                }
        }

        /**
         * @throws LibresignException when have not a certificate file
         */
        public function readPfxData(IUser $user, string $password): array {
                try {
                        return $this->pkcs12Handler
                                ->setCertificate($this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID()))
                                ->setPassword($password)
                                ->readCertificate();
                } catch (InvalidPasswordException) {
                        throw new LibresignException($this->l10n->t('Invalid user or password'));
                }
        }
}

1	<?php
2
3	declare(strict_types=1);
4	/**
5	* SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
6	* SPDX-License-Identifier: AGPL-3.0-or-later
7	*/
8
9	namespace OCA\Libresign\Service;
10
11	use InvalidArgumentException;
12	use OC\Files\Filesystem;
13	use OCA\Libresign\AppInfo\Application;
14	use OCA\Libresign\Db\File as FileEntity;
15	use OCA\Libresign\Db\FileMapper;
16	use OCA\Libresign\Db\FileTypeMapper;
17	use OCA\Libresign\Db\IdentifyMethodMapper;
18	use OCA\Libresign\Db\SignRequest;
19	use OCA\Libresign\Db\SignRequestMapper;
20	use OCA\Libresign\Db\UserElement;
21	use OCA\Libresign\Db\UserElementMapper;
22	use OCA\Libresign\Exception\InvalidPasswordException;
23	use OCA\Libresign\Exception\LibresignException;
24	use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
25	use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
26	use OCA\Libresign\Helper\ValidateHelper;
27	use OCA\Settings\Mailer\NewUserMailHelper;
28	use OCP\Accounts\IAccountManager;
29	use OCP\AppFramework\Db\DoesNotExistException;
30	use OCP\AppFramework\Utility\ITimeFactory;
31	use OCP\Files\Config\IMountProviderCollection;
32	use OCP\Files\File;
33	use OCP\Files\IMimeTypeDetector;
34	use OCP\Files\IRootFolder;
35	use OCP\Files\NotFoundException;
36	use OCP\Http\Client\IClientService;
37	use OCP\IAppConfig;
38	use OCP\IConfig;
39	use OCP\IGroupManager;
40	use OCP\IL10N;
41	use OCP\IURLGenerator;
42	use OCP\IUser;
43	use OCP\IUserManager;
44	use Sabre\DAV\UUIDUtil;
45	use Throwable;
46
47	class AccountService {
48	private ?SignRequest $signRequest = null;
49	private ?\OCA\Libresign\Db\File $fileData = null;
50	private \OCP\Files\File $fileToSign;
51
52	public function __construct(
53	private IL10N $l10n,
54	private SignRequestMapper $signRequestMapper,
55	private IUserManager $userManager,
56	private IAccountManager $accountManager,
57	private IRootFolder $root,
58	private IMimeTypeDetector $mimeTypeDetector,
59	private FileMapper $fileMapper,
60	private FileTypeMapper $fileTypeMapper,
61	private SignFileService $signFileService,
62	private RequestSignatureService $requestSignatureService,
63	private CertificateEngineFactory $certificateEngineFactory,
64	private IConfig $config,
65	private IAppConfig $appConfig,
66	private IMountProviderCollection $mountProviderCollection,
67	private NewUserMailHelper $newUserMail,
68	private IdentifyMethodService $identifyMethodService,
69	private IdentifyMethodMapper $identifyMethodMapper,
70	private ValidateHelper $validateHelper,
71	private IURLGenerator $urlGenerator,
72	private Pkcs12Handler $pkcs12Handler,
73	private IGroupManager $groupManager,
74	private IdDocsService $idDocsService,
75	private SignerElementsService $signerElementsService,
76	private UserElementMapper $userElementMapper,
77	private FolderService $folderService,
78	private IClientService $clientService,
79	private ITimeFactory $timeFactory,
80	) {
81	}	48✔
82
83	public function validateCreateToSign(array $data): void {
84	if (!UUIDUtil::validateUUID($data['uuid'])) {	1✔
85	throw new LibresignException($this->l10n->t('Invalid UUID'), 1);	1✔
86	}
87	try {
88	$signRequest = $this->getSignRequestByUuid($data['uuid']);	×
89	} catch (\Throwable) {	×
90	throw new LibresignException($this->l10n->t('UUID not found'), 1);	×
91	}
92	$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequest->getId());	×
93	if (!array_key_exists('identify', $data['user'])) {	×
94	throw new LibresignException($this->l10n->t('Invalid identification method'), 1);	×
95	}
96	foreach ($data['user']['identify'] as $method => $value) {	×
97	if (!array_key_exists($method, $identifyMethods)) {	×
98	throw new LibresignException($this->l10n->t('Invalid identification method'), 1);	×
99	}
100	foreach ($identifyMethods[$method] as $identifyMethod) {	×
101	$identifyMethod->validateToCreateAccount($value);	×
102	}
103	}
104	if (empty($data['password'])) {	×
105	throw new LibresignException($this->l10n->t('Password is mandatory'), 1);	×
106	}
107	$file = $this->getFileByUuid($data['uuid']);	×
108	if (empty($file['fileToSign'])) {	×
109	throw new LibresignException($this->l10n->t('File not found'));	×
110	}
111	}
112
113	public function getFileByUuid(string $uuid): array {
114	$signRequest = $this->getSignRequestByUuid($uuid);	×
115	if (!$this->fileData instanceof \OCA\Libresign\Db\File) {	×
116	$this->fileData = $this->fileMapper->getById($signRequest->getFileId());	×
117
118	$nodeId = $this->fileData->getNodeId();	×
119
120	$fileToSign = $this->root->getUserFolder($this->fileData->getUserId())->getFirstNodeById($nodeId);	×
121	if ($fileToSign) {	×
122	$this->fileToSign = $fileToSign;	×
123	}
124	}
125	return [	×
126	'fileData' => $this->fileData,	×
127	'fileToSign' => $this->fileToSign	×
128	];	×
129	}
130
131	public function validateCertificateData(array $data): void {
132	if (array_key_exists('email', $data['user']) && empty($data['user']['email'])) {	7✔
133	throw new LibresignException($this->l10n->t('You must have an email. You can define the email in your profile.'), 1);	2✔
134	}
135	if (!empty($data['user']['email']) && !filter_var($data['user']['email'], FILTER_VALIDATE_EMAIL)) {	5✔
136	throw new LibresignException($this->l10n->t('Invalid email'), 1);	2✔
137	}
138	if (empty($data['signPassword'])) {	3✔
139	throw new LibresignException($this->l10n->t('Password to sign is mandatory'), 1);	1✔
140	}
141	}
142
143	/**
144	* Get signRequest by Uuid
145	*/
146	public function getSignRequestByUuid(string $uuid): SignRequest {
147	if (!$this->signRequest instanceof SignRequest) {	2✔
148	$this->signRequest = $this->signRequestMapper->getByUuid($uuid);	2✔
149	}
150	return $this->signRequest;	2✔
151	}
152
153	public function createToSign(string $uuid, string $email, string $password, ?string $signPassword): void {
154	$signRequest = $this->getSignRequestByUuid($uuid);	2✔
155
156	$newUser = $this->userManager->createUser($email, $password);	2✔
157	$newUser->setDisplayName($signRequest->getDisplayName());	2✔
158	$newUser->setSystemEMailAddress($email);	2✔
159
160	$this->updateIdentifyMethodToAccount($signRequest->getId(), $email, $newUser->getUID());	2✔
161
162	if ($this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes') {	2✔
163	try {
164	$emailTemplate = $this->newUserMail->generateTemplate($newUser, false);	2✔
165	$this->newUserMail->sendMail($newUser, $emailTemplate);	2✔
166	} catch (\Exception) {	2✔
167	throw new LibresignException('Unable to send the invitation', 1);	2✔
168	}
169	}
170
171	if ($signPassword) {	×
172	$certificate = $this->pkcs12Handler->generateCertificate(	×
173	[	×
174	'host' => $newUser->getPrimaryEMailAddress(),	×
175	'uid' => 'account:' . $newUser->getUID(),	×
176	'name' => $newUser->getDisplayName()	×
177	],	×
178	$signPassword,	×
179	$newUser->getDisplayName()	×
180	);	×
181	$this->pkcs12Handler->savePfx($newUser->getPrimaryEMailAddress(), $certificate);	×
182	}
183	}
184
185	public function getCertificateEngineName(): string {
186	return $this->certificateEngineFactory->getEngine()->getName();	×
187	}
188
189	/**
190	* @return array[]
191	*/
192	public function getConfig(?IUser $user = null): array {
193	$info['identificationDocumentsFlow'] = $this->appConfig->getValueBool(Application::APP_ID, 'identification_documents', false);	×
194	$info['hasSignatureFile'] = $this->hasSignatureFile($user);	×
195	$info['phoneNumber'] = $this->getPhoneNumber($user);	×
196	$info['isApprover'] = $this->validateHelper->userCanApproveValidationDocuments($user, false);	×
197	$info['grid_view'] = $this->getUserConfigGridView($user);	×
198
199	if ($user && $this->groupManager->isAdmin($user->getUID())) {	×
200	$info = array_filter(array_merge($info, [	×
201	'crl_filters' => $this->getUserConfigCrlFilters($user),	×
202	'crl_sort' => $this->getUserConfigCrlSort($user),	×
203	]));	×
204	}
205
206	return $info;	×
207	}
208
209
210
211	private function updateIdentifyMethodToAccount(int $signRequestId, string $email, string $uid): void {
212	$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequestId);	2✔
213	foreach ($identifyMethods as $name => $methods) {	2✔
214	if ($name === IdentifyMethodService::IDENTIFY_EMAIL) {	×
215	foreach ($methods as $identifyMethod) {	×
216	$entity = $identifyMethod->getEntity();	×
217	if ($entity->getIdentifierValue() === $email) {	×
218	$entity->setIdentifierKey(IdentifyMethodService::IDENTIFY_ACCOUNT);	×
219	$entity->setIdentifierValue($uid);	×
220	$this->identifyMethodMapper->update($entity);	×
221	}
222	}
223	}
224	}
225	}
226
227	private function getPhoneNumber(?IUser $user): string {
228	if (!$user) {	×
229	return '';	×
230	}
231	$userAccount = $this->accountManager->getAccount($user);	×
232	return $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();	×
233	}
234
235	public function hasSignatureFile(?IUser $user = null): bool {
236	if (!$user) {	4✔
237	return false;	×
238	}
239	try {
240	$this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID());	4✔
241	return true;	×
242	} catch (LibresignException) {	4✔
243	return false;	4✔
244	}
245	}
246
247	private function getUserConfigGridView(?IUser $user = null): bool {
248	if (!$user) {	×
249	return false;	×
250	}
251
252	return $this->config->getUserValue($user->getUID(), Application::APP_ID, 'grid_view', false) === '1';	×
253	}
254
255	private function getUserConfigCrlFilters(?IUser $user = null): array {
256	if (!$user) {	×
257	return [];	×
258	}
259
260	$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_filters', '');	×
261	if (empty($value)) {	×
262	return [];	×
263	}
264
265	$decoded = json_decode($value, true);	×
266	return is_array($decoded) ? $decoded : [];	×
267	}
268
269	private function getUserConfigCrlSort(?IUser $user = null): array {
270	if (!$user) {	×
271	return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
272	}
273
274	$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_sort', '');	×
275	if (empty($value)) {	×
276	return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
277	}
278
279	$decoded = json_decode($value, true);	×
280	return is_array($decoded) ? $decoded : ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
281	}
282
283	/**
284	* Get PDF node by UUID
285	*
286	* @psalm-suppress MixedReturnStatement
287	* @throws Throwable
288	* @return \OCP\Files\File
289	*/
290	public function getPdfByUuid(string $uuid): File {
291	$fileData = $this->fileMapper->getByUuid($uuid);	4✔
292
293	if (in_array($fileData->getStatus(), [FileEntity::STATUS_PARTIAL_SIGNED, FileEntity::STATUS_SIGNED])) {	4✔
294	$nodeId = $fileData->getSignedNodeId();	3✔
295	} else {
296	$nodeId = $fileData->getNodeId();	1✔
297	}
298	$file = $this->root->getUserFolder($fileData->getUserId())->getFirstNodeById($nodeId);	4✔
299	if (!$file instanceof File) {	4✔
300	throw new DoesNotExistException('Not found');	×
301	}
302	return $file;	4✔
303	}
304
305	public function getFileByNodeId(int $nodeId): File {
306	try {
307	return $this->folderService->getFileById($nodeId);	×
308	} catch (NotFoundException) {	×
309	throw new DoesNotExistException('Not found');	×
310	}
311	}
312
313	public function canRequestSign(?IUser $user = null): bool {
314	if (!$user) {	12✔
315	return false;	2✔
316	}
317	$authorized = $this->appConfig->getValueArray(Application::APP_ID, 'groups_request_sign', ['admin']);	10✔
318	if (empty($authorized)) {	10✔
319	return false;	2✔
320	}
321	$userGroups = $this->groupManager->getUserGroupIds($user);	8✔
322	if (!array_intersect($userGroups, $authorized)) {	8✔
323	return false;	4✔
324	}
325	return true;	4✔
326	}
327
328	public function getSettings(?IUser $user = null): array {
329	$return['canRequestSign'] = $this->canRequestSign($user);	4✔
330	$return['hasSignatureFile'] = $this->hasSignatureFile($user);	4✔
331	return $return;	4✔
332	}
333
334	public function addFilesToAccount(array $files, IUser $user): void {
NEW 335	$this->idDocsService->addIdDocs($files, $user);	×
336	}
337
338	public function deleteFileFromAccount(int $nodeId, IUser $user): void {
NEW 339	$this->idDocsService->deleteIdDoc($nodeId, $user);	×
340	}
341
342	public function saveVisibleElements(array $elements, string $sessionId, ?IUser $user): void {
343	foreach ($elements as $element) {	×
344	$this->saveVisibleElement($element, $sessionId, $user);	×
345	}
346	}
347
348	public function saveVisibleElement(array $data, string $sessionId, ?IUser $user): void {
349	if (isset($data['elementId'])) {	×
350	$this->updateFileOfVisibleElement($data);	×
351	$this->updateDataOfVisibleElement($data);	×
352	} elseif ($user instanceof IUser) {	×
353	$file = $this->saveFileOfVisibleElementUsingUser($data, $user);	×
354	$this->insertVisibleElement($data, $user, $file);	×
355	} else {
356	$file = $this->saveFileOfVisibleElementUsingSession($data, $sessionId);	×
357	}
358	}
359
360	private function updateFileOfVisibleElement(array $data): void {
361	if (!isset($data['file'])) {	×
362	return;	×
363	}
364	$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);	×
365	$file = $this->folderService->getFileById($userElement->getFileId());	×
366	$file->putContent($this->getFileRaw($data));	×
367	}
368
369	private function updateDataOfVisibleElement(array $data): void {
370	if (!isset($data['starred'])) {	×
371	return;	×
372	}
373	$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);	×
374	$userElement->setStarred($data['starred'] ? 1 : 0);	×
375	$this->userElementMapper->update($userElement);	×
376	}
377
378	private function saveFileOfVisibleElementUsingUser(array $data, IUser $user): File {
379	$rootSignatureFolder = $this->folderService->getFolder();	×
380	$folderName = $this->folderService->getFolderName($data, $user);	×
381	$folderToFile = $rootSignatureFolder->newFolder($folderName);	×
382	return $folderToFile->newFile(UUIDUtil::getUUID() . '.png', $this->getFileRaw($data));	×
383	}
384
385	private function saveFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
386	if (!empty($data['nodeId'])) {	×
387	return $this->updateFileOfVisibleElementUsingSession($data, $sessionId);	×
388	}
389	return $this->createFileOfVisibleElementUsingSession($data, $sessionId);	×
390	}
391
392	private function updateFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
393	$fileList = $this->signerElementsService->getElementsFromSession();	×
394	$element = array_filter($fileList, fn (File $element) => $element->getId() === $data['nodeId']);	×
395	$element = current($element);	×
396	if (!$element instanceof File) {	×
397	throw new \Exception($this->l10n->t('File not found'));	×
398	}
399	$element->putContent($this->getFileRaw($data));	×
400	return $element;	×
401	}
402
403	private function createFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
404	$rootSignatureFolder = $this->folderService->getFolder();	×
405	$folderName = $sessionId;	×
406	$folderToFile = $rootSignatureFolder->newFolder($folderName);	×
407	$filename = implode(	×
408	'_',	×
409	[	×
410	$data['type'],	×
411	$this->timeFactory->getDateTime()->getTimestamp(),	×
412	]	×
413	) . '.png';	×
414	return $folderToFile->newFile($filename, $this->getFileRaw($data));	×
415	}
416
417	private function insertVisibleElement(array $data, IUser $user, File $file): void {
418	$userElement = new UserElement();	×
419	$userElement->setType($data['type']);	×
420	$userElement->setFileId($file->getId());	×
421	$userElement->setUserId($user->getUID());	×
422	$userElement->setStarred(isset($data['starred']) && $data['starred'] ? 1 : 0);	×
423	$userElement->setCreatedAt($this->timeFactory->getDateTime());	×
424	$this->userElementMapper->insert($userElement);	×
425	}
426
427	private function getFileRaw(array $data): string {
428	if (!empty($data['file']['url'])) {	×
429	if (!filter_var($data['file']['url'], FILTER_VALIDATE_URL)) {	×
430	throw new \Exception($this->l10n->t('Invalid URL file'));	×
431	}
432	$response = $this->clientService->newClient()->get($data['file']['url']);	×
433	$contentType = $response->getHeader('Content-Type');	×
434	if ($contentType !== 'image/png') {	×
435	throw new \Exception($this->l10n->t('Visible element file must be png.'));	×
436	}
437	$content = (string)$response->getBody();	×
438	if (empty($content)) {	×
439	throw new \Exception($this->l10n->t('Empty file'));	×
440	}
441	$this->validateHelper->validateBase64($content, ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);	×
442	return $content;	×
443	}
444	$this->validateHelper->validateBase64($data['file']['base64'], ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);	×
445	$withMime = explode(',', (string)$data['file']['base64']);	×
446	if (count($withMime) === 2) {	×
447	$content = base64_decode($withMime[1]);	×
448	} else {
449	$content = base64_decode((string)$data['file']['base64']);	×
450	}
451	if (!$content) {	×
452	return '';	×
453	}
454	return $content;	×
455	}
456
457	public function deleteSignatureElement(?IUser $user, string $sessionId, int $nodeId): void {
458	if ($user instanceof IUser) {	×
459	$element = $this->userElementMapper->findOne([	×
460	'file_id' => $nodeId,	×
461	'user_id' => $user->getUID(),	×
462	]);	×
463	$this->userElementMapper->delete($element);	×
464	try {
465	$file = $this->folderService->getFileById($element->getFileId());	×
466	$file->delete();	×
467	} catch (NotFoundException) {	×
468	}
469	} else {
470	$rootSignatureFolder = $this->folderService->getFolder();	×
471	$folderName = $sessionId;	×
472	$rootSignatureFolder->delete($folderName);	×
473	}
474	}
475
476	/**
477	* @throws LibresignException at savePfx
478	* @throws InvalidArgumentException
479	*/
480	public function uploadPfx(array $file, IUser $user): void {
481	if (
482	$file['error'] !== 0	×
483	\|\| !is_uploaded_file($file['tmp_name'])	×
484	\|\| Filesystem::isFileBlacklisted($file['tmp_name'])	×
485	) {
486	// TRANSLATORS Error when the uploaded certificate file is not valid
487	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
488	}
489	if ($file['size'] > 10 * 1024) {	×
490	// TRANSLATORS Error when the certificate file is bigger than normal
491	throw new InvalidArgumentException($this->l10n->t('File is too big'));	×
492	}
493	$content = file_get_contents($file['tmp_name']);	×
494	$mimetype = $this->mimeTypeDetector->detectString($content);	×
495	if ($mimetype !== 'application/octet-stream') {	×
496	// TRANSLATORS Error when the mimetype of uploaded file is not valid
497	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
498	}
499	$extension = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));	×
500	if ($extension !== 'pfx') {	×
501	// TRANSLATORS Error when the certificate file is not a pfx file
502	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
503	}
504	unlink($file['tmp_name']);	×
505	$this->pkcs12Handler->savePfx($user->getUID(), $content);	×
506	}
507
508	public function deletePfx(IUser $user): void {
509	$this->pkcs12Handler->deletePfx($user->getUID());	×
510	}
511
512	/**
513	* @throws LibresignException when have not a certificate file
514	*/
515	public function updatePfxPassword(IUser $user, string $current, string $new): void {
516	try {
517	$pfx = $this->pkcs12Handler->updatePassword($user->getUID(), $current, $new);	×
518	} catch (InvalidPasswordException) {	×
519	throw new LibresignException($this->l10n->t('Invalid user or password'));	×
520	}
521	}
522
523	/**
524	* @throws LibresignException when have not a certificate file
525	*/
526	public function readPfxData(IUser $user, string $password): array {
527	try {
528	return $this->pkcs12Handler	×
529	->setCertificate($this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID()))	×
530	->setPassword($password)	×
531	->readCertificate();	×
532	} catch (InvalidPasswordException) {	×
533	throw new LibresignException($this->l10n->t('Invalid user or password'));	×
534	}
535	}
536	}

LibreSign / libresign / 19875332299

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous