19878831952

Committed 03 Dec 2025 01:08AM UTC coverage: 41.576%. First build

Build # 19878831952

Build Type

Pull #4464

github

Committed by

web-flow

Commit Message

Merge a843e05d5 into da0973853

Pull Request Pull Request #4464: refactor: attach document

Run Details

117 of 302 new or added lines in 16 files covered. (38.74%)

5123 of 12322 relevant lines covered (41.58%)

4.17 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

19.11

/lib/Service/AccountService.php

<?php

declare(strict_types=1);
/**
 * SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */

namespace OCA\Libresign\Service;

use InvalidArgumentException;
use OC\Files\Filesystem;
use OCA\Libresign\AppInfo\Application;
use OCA\Libresign\Db\File as FileEntity;
use OCA\Libresign\Db\FileMapper;
use OCA\Libresign\Db\FileTypeMapper;
use OCA\Libresign\Db\IdentifyMethodMapper;
use OCA\Libresign\Db\SignRequest;
use OCA\Libresign\Db\SignRequestMapper;
use OCA\Libresign\Db\UserElement;
use OCA\Libresign\Db\UserElementMapper;
use OCA\Libresign\Exception\InvalidPasswordException;
use OCA\Libresign\Exception\LibresignException;
use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
use OCA\Libresign\Helper\ValidateHelper;
use OCA\Settings\Mailer\NewUserMailHelper;
use OCP\Accounts\IAccountManager;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\Config\IMountProviderCollection;
use OCP\Files\File;
use OCP\Files\IMimeTypeDetector;
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\Http\Client\IClientService;
use OCP\IAppConfig;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IL10N;
use OCP\IURLGenerator;
use OCP\IUser;
use OCP\IUserManager;
use Sabre\DAV\UUIDUtil;
use Throwable;

class AccountService {
        private ?SignRequest $signRequest = null;
        private ?\OCA\Libresign\Db\File $fileData = null;
        private \OCP\Files\File $fileToSign;

        public function __construct(
                private IL10N $l10n,
                private SignRequestMapper $signRequestMapper,
                private IUserManager $userManager,
                private IAccountManager $accountManager,
                private IRootFolder $root,
                private IMimeTypeDetector $mimeTypeDetector,
                private FileMapper $fileMapper,
                private FileTypeMapper $fileTypeMapper,
                private SignFileService $signFileService,
                private RequestSignatureService $requestSignatureService,
                private CertificateEngineFactory $certificateEngineFactory,
                private IConfig $config,
                private IAppConfig $appConfig,
                private IMountProviderCollection $mountProviderCollection,
                private NewUserMailHelper $newUserMail,
                private IdentifyMethodService $identifyMethodService,
                private IdentifyMethodMapper $identifyMethodMapper,
                private ValidateHelper $validateHelper,
                private IURLGenerator $urlGenerator,
                private Pkcs12Handler $pkcs12Handler,
                private IGroupManager $groupManager,
                private IdDocsService $idDocsService,
                private SignerElementsService $signerElementsService,
                private UserElementMapper $userElementMapper,
                private FolderService $folderService,
                private IClientService $clientService,
                private ITimeFactory $timeFactory,
        ) {
        }

        public function validateCreateToSign(array $data): void {
                if (!UUIDUtil::validateUUID($data['uuid'])) {
                        throw new LibresignException($this->l10n->t('Invalid UUID'), 1);
                }
                try {
                        $signRequest = $this->getSignRequestByUuid($data['uuid']);
                } catch (\Throwable) {
                        throw new LibresignException($this->l10n->t('UUID not found'), 1);
                }
                $identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequest->getId());
                if (!array_key_exists('identify', $data['user'])) {
                        throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
                }
                foreach ($data['user']['identify'] as $method => $value) {
                        if (!array_key_exists($method, $identifyMethods)) {
                                throw new LibresignException($this->l10n->t('Invalid identification method'), 1);
                        }
                        foreach ($identifyMethods[$method] as $identifyMethod) {
                                $identifyMethod->validateToCreateAccount($value);
                        }
                }
                if (empty($data['password'])) {
                        throw new LibresignException($this->l10n->t('Password is mandatory'), 1);
                }
                $file = $this->getFileByUuid($data['uuid']);
                if (empty($file['fileToSign'])) {
                        throw new LibresignException($this->l10n->t('File not found'));
                }
        }

        public function getFileByUuid(string $uuid): array {
                $signRequest = $this->getSignRequestByUuid($uuid);
                if (!$this->fileData instanceof \OCA\Libresign\Db\File) {
                        $this->fileData = $this->fileMapper->getById($signRequest->getFileId());

                        $nodeId = $this->fileData->getNodeId();

                        $fileToSign = $this->root->getUserFolder($this->fileData->getUserId())->getFirstNodeById($nodeId);
                        if ($fileToSign) {
                                $this->fileToSign = $fileToSign;
                        }
                }
                return [
                        'fileData' => $this->fileData,
                        'fileToSign' => $this->fileToSign
                ];
        }

        public function validateCertificateData(array $data): void {
                if (array_key_exists('email', $data['user']) && empty($data['user']['email'])) {
                        throw new LibresignException($this->l10n->t('You must have an email. You can define the email in your profile.'), 1);
                }
                if (!empty($data['user']['email']) && !filter_var($data['user']['email'], FILTER_VALIDATE_EMAIL)) {
                        throw new LibresignException($this->l10n->t('Invalid email'), 1);
                }
                if (empty($data['signPassword'])) {
                        throw new LibresignException($this->l10n->t('Password to sign is mandatory'), 1);
                }
        }

        /**
         * Get signRequest by Uuid
         */
        public function getSignRequestByUuid(string $uuid): SignRequest {
                if (!$this->signRequest instanceof SignRequest) {
                        $this->signRequest = $this->signRequestMapper->getByUuid($uuid);
                }
                return $this->signRequest;
        }

        public function createToSign(string $uuid, string $email, string $password, ?string $signPassword): void {
                $signRequest = $this->getSignRequestByUuid($uuid);

                $newUser = $this->userManager->createUser($email, $password);
                $newUser->setDisplayName($signRequest->getDisplayName());
                $newUser->setSystemEMailAddress($email);

                $this->updateIdentifyMethodToAccount($signRequest->getId(), $email, $newUser->getUID());

                if ($this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes') {
                        try {
                                $emailTemplate = $this->newUserMail->generateTemplate($newUser, false);
                                $this->newUserMail->sendMail($newUser, $emailTemplate);
                        } catch (\Exception) {
                                throw new LibresignException('Unable to send the invitation', 1);
                        }
                }

                if ($signPassword) {
                        $certificate = $this->pkcs12Handler->generateCertificate(
                                [
                                        'host' => $newUser->getPrimaryEMailAddress(),
                                        'uid' => 'account:' . $newUser->getUID(),
                                        'name' => $newUser->getDisplayName()
                                ],
                                $signPassword,
                                $newUser->getDisplayName()
                        );
                        $this->pkcs12Handler->savePfx($newUser->getPrimaryEMailAddress(), $certificate);
                }
        }

        public function getCertificateEngineName(): string {
                return $this->certificateEngineFactory->getEngine()->getName();
        }

        /**
         * @return array<string, mixed>
         */
        public function getConfig(?IUser $user = null): array {
                $info['identificationDocumentsFlow'] = $this->appConfig->getValueBool(Application::APP_ID, 'identification_documents', false);
                $info['hasSignatureFile'] = $this->hasSignatureFile($user);
                $info['phoneNumber'] = $this->getPhoneNumber($user);
                $info['isApprover'] = $this->validateHelper->userCanApproveValidationDocuments($user, false);
                $info['grid_view'] = $this->getUserConfigGridView($user);
                $info['id_docs_filters'] = $this->getUserConfigIdDocsFilters($user);
                $info['crl_filters'] = $this->getUserConfigCrlFilters($user);
                $info['crl_sort'] = $this->getUserConfigCrlSort($user);

                return array_filter($info);
        }



        private function updateIdentifyMethodToAccount(int $signRequestId, string $email, string $uid): void {
                $identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequestId);
                foreach ($identifyMethods as $name => $methods) {
                        if ($name === IdentifyMethodService::IDENTIFY_EMAIL) {
                                foreach ($methods as $identifyMethod) {
                                        $entity = $identifyMethod->getEntity();
                                        if ($entity->getIdentifierValue() === $email) {
                                                $entity->setIdentifierKey(IdentifyMethodService::IDENTIFY_ACCOUNT);
                                                $entity->setIdentifierValue($uid);
                                                $this->identifyMethodMapper->update($entity);
                                        }
                                }
                        }
                }
        }

        private function getPhoneNumber(?IUser $user): string {
                if (!$user) {
                        return '';
                }
                $userAccount = $this->accountManager->getAccount($user);
                return $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();
        }

        public function hasSignatureFile(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }
                try {
                        $this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID());
                        return true;
                } catch (LibresignException) {
                        return false;
                }
        }

        private function getUserConfigGridView(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }

                return $this->config->getUserValue($user->getUID(), Application::APP_ID, 'grid_view', false) === '1';
        }

        private function getUserConfigIdDocsFilters(?IUser $user = null): array {
                if (!$user) {
                        return [];
                }

                $value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'id_docs_filters', '');
                if (empty($value)) {
                        return [];
                }

                $decoded = json_decode($value, true);
                return is_array($decoded) ? $decoded : [];
        }

        private function getUserConfigCrlFilters(?IUser $user = null): array {
                if (!$user || !$this->groupManager->isAdmin($user->getUID())) {
                        return [];
                }

                $value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_filters', '');
                if (empty($value)) {
                        return [];
                }

                $decoded = json_decode($value, true);
                return is_array($decoded) ? $decoded : [];
        }

        private function getUserConfigCrlSort(?IUser $user = null): array {
                if (!$user || !$this->groupManager->isAdmin($user->getUID())) {
                        return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
                }

                $value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_sort', '');
                if (empty($value)) {
                        return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
                }

                $decoded = json_decode($value, true);
                return is_array($decoded) ? $decoded : ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];
        }

        /**
         * Get PDF node by UUID
         *
         * @psalm-suppress MixedReturnStatement
         * @throws Throwable
         * @return \OCP\Files\File
         */
        public function getPdfByUuid(string $uuid): File {
                $fileData = $this->fileMapper->getByUuid($uuid);

                if (in_array($fileData->getStatus(), [FileEntity::STATUS_PARTIAL_SIGNED, FileEntity::STATUS_SIGNED])) {
                        $nodeId = $fileData->getSignedNodeId();
                } else {
                        $nodeId = $fileData->getNodeId();
                }
                $file = $this->root->getUserFolder($fileData->getUserId())->getFirstNodeById($nodeId);
                if (!$file instanceof File) {
                        throw new DoesNotExistException('Not found');
                }
                return $file;
        }

        public function getFileByNodeId(int $nodeId): File {
                try {
                        return $this->folderService->getFileById($nodeId);
                } catch (NotFoundException) {
                        throw new DoesNotExistException('Not found');
                }
        }

        public function canRequestSign(?IUser $user = null): bool {
                if (!$user) {
                        return false;
                }
                $authorized = $this->appConfig->getValueArray(Application::APP_ID, 'groups_request_sign', ['admin']);
                if (empty($authorized)) {
                        return false;
                }
                $userGroups = $this->groupManager->getUserGroupIds($user);
                if (!array_intersect($userGroups, $authorized)) {
                        return false;
                }
                return true;
        }

        public function getSettings(?IUser $user = null): array {
                $return['canRequestSign'] = $this->canRequestSign($user);
                $return['hasSignatureFile'] = $this->hasSignatureFile($user);
                return $return;
        }

        public function addFilesToAccount(array $files, IUser $user): void {
                $this->idDocsService->addIdDocs($files, $user);
        }

        public function deleteFileFromAccount(int $nodeId, IUser $user): void {
                $this->idDocsService->deleteIdDoc($nodeId, $user);
        }

        public function saveVisibleElements(array $elements, string $sessionId, ?IUser $user): void {
                foreach ($elements as $element) {
                        $this->saveVisibleElement($element, $sessionId, $user);
                }
        }

        public function saveVisibleElement(array $data, string $sessionId, ?IUser $user): void {
                if (isset($data['elementId'])) {
                        $this->updateFileOfVisibleElement($data);
                        $this->updateDataOfVisibleElement($data);
                } elseif ($user instanceof IUser) {
                        $file = $this->saveFileOfVisibleElementUsingUser($data, $user);
                        $this->insertVisibleElement($data, $user, $file);
                } else {
                        $file = $this->saveFileOfVisibleElementUsingSession($data, $sessionId);
                }
        }

        private function updateFileOfVisibleElement(array $data): void {
                if (!isset($data['file'])) {
                        return;
                }
                $userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
                $file = $this->folderService->getFileById($userElement->getFileId());
                $file->putContent($this->getFileRaw($data));
        }

        private function updateDataOfVisibleElement(array $data): void {
                if (!isset($data['starred'])) {
                        return;
                }
                $userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);
                $userElement->setStarred($data['starred'] ? 1 : 0);
                $this->userElementMapper->update($userElement);
        }

        private function saveFileOfVisibleElementUsingUser(array $data, IUser $user): File {
                $rootSignatureFolder = $this->folderService->getFolder();
                $folderName = $this->folderService->getFolderName($data, $user);
                $folderToFile = $rootSignatureFolder->newFolder($folderName);
                return $folderToFile->newFile(UUIDUtil::getUUID() . '.png', $this->getFileRaw($data));
        }

        private function saveFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                if (!empty($data['nodeId'])) {
                        return $this->updateFileOfVisibleElementUsingSession($data, $sessionId);
                }
                return $this->createFileOfVisibleElementUsingSession($data, $sessionId);
        }

        private function updateFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                $fileList = $this->signerElementsService->getElementsFromSession();
                $element = array_filter($fileList, fn (File $element) => $element->getId() === $data['nodeId']);
                $element = current($element);
                if (!$element instanceof File) {
                        throw new \Exception($this->l10n->t('File not found'));
                }
                $element->putContent($this->getFileRaw($data));
                return $element;
        }

        private function createFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
                $rootSignatureFolder = $this->folderService->getFolder();
                $folderName = $sessionId;
                $folderToFile = $rootSignatureFolder->newFolder($folderName);
                $filename = implode(
                        '_',
                        [
                                $data['type'],
                                $this->timeFactory->getDateTime()->getTimestamp(),
                        ]
                ) . '.png';
                return $folderToFile->newFile($filename, $this->getFileRaw($data));
        }

        private function insertVisibleElement(array $data, IUser $user, File $file): void {
                $userElement = new UserElement();
                $userElement->setType($data['type']);
                $userElement->setFileId($file->getId());
                $userElement->setUserId($user->getUID());
                $userElement->setStarred(isset($data['starred']) && $data['starred'] ? 1 : 0);
                $userElement->setCreatedAt($this->timeFactory->getDateTime());
                $this->userElementMapper->insert($userElement);
        }

        private function getFileRaw(array $data): string {
                if (!empty($data['file']['url'])) {
                        if (!filter_var($data['file']['url'], FILTER_VALIDATE_URL)) {
                                throw new \Exception($this->l10n->t('Invalid URL file'));
                        }
                        $response = $this->clientService->newClient()->get($data['file']['url']);
                        $contentType = $response->getHeader('Content-Type');
                        if ($contentType !== 'image/png') {
                                throw new \Exception($this->l10n->t('Visible element file must be png.'));
                        }
                        $content = (string)$response->getBody();
                        if (empty($content)) {
                                throw new \Exception($this->l10n->t('Empty file'));
                        }
                        $this->validateHelper->validateBase64($content, ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
                        return $content;
                }
                $this->validateHelper->validateBase64($data['file']['base64'], ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);
                $withMime = explode(',', (string)$data['file']['base64']);
                if (count($withMime) === 2) {
                        $content = base64_decode($withMime[1]);
                } else {
                        $content = base64_decode((string)$data['file']['base64']);
                }
                if (!$content) {
                        return '';
                }
                return $content;
        }

        public function deleteSignatureElement(?IUser $user, string $sessionId, int $nodeId): void {
                if ($user instanceof IUser) {
                        $element = $this->userElementMapper->findOne([
                                'file_id' => $nodeId,
                                'user_id' => $user->getUID(),
                        ]);
                        $this->userElementMapper->delete($element);
                        try {
                                $file = $this->folderService->getFileById($element->getFileId());
                                $file->delete();
                        } catch (NotFoundException) {
                        }
                } else {
                        $rootSignatureFolder = $this->folderService->getFolder();
                        $folderName = $sessionId;
                        $rootSignatureFolder->delete($folderName);
                }
        }

        /**
         * @throws LibresignException at savePfx
         * @throws InvalidArgumentException
         */
        public function uploadPfx(array $file, IUser $user): void {
                if (
                        $file['error'] !== 0
                        || !is_uploaded_file($file['tmp_name'])
                        || Filesystem::isFileBlacklisted($file['tmp_name'])
                ) {
                        // TRANSLATORS Error when the uploaded certificate file is not valid
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                if ($file['size'] > 10 * 1024) {
                        // TRANSLATORS Error when the certificate file is bigger than normal
                        throw new InvalidArgumentException($this->l10n->t('File is too big'));
                }
                $content = file_get_contents($file['tmp_name']);
                $mimetype = $this->mimeTypeDetector->detectString($content);
                if ($mimetype !== 'application/octet-stream') {
                        // TRANSLATORS Error when the mimetype of uploaded file is not valid
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                $extension = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));
                if ($extension !== 'pfx') {
                        // TRANSLATORS Error when the certificate file is not a pfx file
                        throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));
                }
                unlink($file['tmp_name']);
                $this->pkcs12Handler->savePfx($user->getUID(), $content);
        }

        public function deletePfx(IUser $user): void {
                $this->pkcs12Handler->deletePfx($user->getUID());
        }

        /**
         * @throws LibresignException when have not a certificate file
         */
        public function updatePfxPassword(IUser $user, string $current, string $new): void {
                try {
                        $pfx = $this->pkcs12Handler->updatePassword($user->getUID(), $current, $new);
                } catch (InvalidPasswordException) {
                        throw new LibresignException($this->l10n->t('Invalid user or password'));
                }
        }

        /**
         * @throws LibresignException when have not a certificate file
         */
        public function readPfxData(IUser $user, string $password): array {
                try {
                        return $this->pkcs12Handler
                                ->setCertificate($this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID()))
                                ->setPassword($password)
                                ->readCertificate();
                } catch (InvalidPasswordException) {
                        throw new LibresignException($this->l10n->t('Invalid user or password'));
                }
        }
}

1	<?php
2
3	declare(strict_types=1);
4	/**
5	* SPDX-FileCopyrightText: 2020-2024 LibreCode coop and contributors
6	* SPDX-License-Identifier: AGPL-3.0-or-later
7	*/
8
9	namespace OCA\Libresign\Service;
10
11	use InvalidArgumentException;
12	use OC\Files\Filesystem;
13	use OCA\Libresign\AppInfo\Application;
14	use OCA\Libresign\Db\File as FileEntity;
15	use OCA\Libresign\Db\FileMapper;
16	use OCA\Libresign\Db\FileTypeMapper;
17	use OCA\Libresign\Db\IdentifyMethodMapper;
18	use OCA\Libresign\Db\SignRequest;
19	use OCA\Libresign\Db\SignRequestMapper;
20	use OCA\Libresign\Db\UserElement;
21	use OCA\Libresign\Db\UserElementMapper;
22	use OCA\Libresign\Exception\InvalidPasswordException;
23	use OCA\Libresign\Exception\LibresignException;
24	use OCA\Libresign\Handler\CertificateEngine\CertificateEngineFactory;
25	use OCA\Libresign\Handler\SignEngine\Pkcs12Handler;
26	use OCA\Libresign\Helper\ValidateHelper;
27	use OCA\Settings\Mailer\NewUserMailHelper;
28	use OCP\Accounts\IAccountManager;
29	use OCP\AppFramework\Db\DoesNotExistException;
30	use OCP\AppFramework\Utility\ITimeFactory;
31	use OCP\Files\Config\IMountProviderCollection;
32	use OCP\Files\File;
33	use OCP\Files\IMimeTypeDetector;
34	use OCP\Files\IRootFolder;
35	use OCP\Files\NotFoundException;
36	use OCP\Http\Client\IClientService;
37	use OCP\IAppConfig;
38	use OCP\IConfig;
39	use OCP\IGroupManager;
40	use OCP\IL10N;
41	use OCP\IURLGenerator;
42	use OCP\IUser;
43	use OCP\IUserManager;
44	use Sabre\DAV\UUIDUtil;
45	use Throwable;
46
47	class AccountService {
48	private ?SignRequest $signRequest = null;
49	private ?\OCA\Libresign\Db\File $fileData = null;
50	private \OCP\Files\File $fileToSign;
51
52	public function __construct(
53	private IL10N $l10n,
54	private SignRequestMapper $signRequestMapper,
55	private IUserManager $userManager,
56	private IAccountManager $accountManager,
57	private IRootFolder $root,
58	private IMimeTypeDetector $mimeTypeDetector,
59	private FileMapper $fileMapper,
60	private FileTypeMapper $fileTypeMapper,
61	private SignFileService $signFileService,
62	private RequestSignatureService $requestSignatureService,
63	private CertificateEngineFactory $certificateEngineFactory,
64	private IConfig $config,
65	private IAppConfig $appConfig,
66	private IMountProviderCollection $mountProviderCollection,
67	private NewUserMailHelper $newUserMail,
68	private IdentifyMethodService $identifyMethodService,
69	private IdentifyMethodMapper $identifyMethodMapper,
70	private ValidateHelper $validateHelper,
71	private IURLGenerator $urlGenerator,
72	private Pkcs12Handler $pkcs12Handler,
73	private IGroupManager $groupManager,
74	private IdDocsService $idDocsService,
75	private SignerElementsService $signerElementsService,
76	private UserElementMapper $userElementMapper,
77	private FolderService $folderService,
78	private IClientService $clientService,
79	private ITimeFactory $timeFactory,
80	) {
81	}	48✔
82
83	public function validateCreateToSign(array $data): void {
84	if (!UUIDUtil::validateUUID($data['uuid'])) {	1✔
85	throw new LibresignException($this->l10n->t('Invalid UUID'), 1);	1✔
86	}
87	try {
88	$signRequest = $this->getSignRequestByUuid($data['uuid']);	×
89	} catch (\Throwable) {	×
90	throw new LibresignException($this->l10n->t('UUID not found'), 1);	×
91	}
92	$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequest->getId());	×
93	if (!array_key_exists('identify', $data['user'])) {	×
94	throw new LibresignException($this->l10n->t('Invalid identification method'), 1);	×
95	}
96	foreach ($data['user']['identify'] as $method => $value) {	×
97	if (!array_key_exists($method, $identifyMethods)) {	×
98	throw new LibresignException($this->l10n->t('Invalid identification method'), 1);	×
99	}
100	foreach ($identifyMethods[$method] as $identifyMethod) {	×
101	$identifyMethod->validateToCreateAccount($value);	×
102	}
103	}
104	if (empty($data['password'])) {	×
105	throw new LibresignException($this->l10n->t('Password is mandatory'), 1);	×
106	}
107	$file = $this->getFileByUuid($data['uuid']);	×
108	if (empty($file['fileToSign'])) {	×
109	throw new LibresignException($this->l10n->t('File not found'));	×
110	}
111	}
112
113	public function getFileByUuid(string $uuid): array {
114	$signRequest = $this->getSignRequestByUuid($uuid);	×
115	if (!$this->fileData instanceof \OCA\Libresign\Db\File) {	×
116	$this->fileData = $this->fileMapper->getById($signRequest->getFileId());	×
117
118	$nodeId = $this->fileData->getNodeId();	×
119
120	$fileToSign = $this->root->getUserFolder($this->fileData->getUserId())->getFirstNodeById($nodeId);	×
121	if ($fileToSign) {	×
122	$this->fileToSign = $fileToSign;	×
123	}
124	}
125	return [	×
126	'fileData' => $this->fileData,	×
127	'fileToSign' => $this->fileToSign	×
128	];	×
129	}
130
131	public function validateCertificateData(array $data): void {
132	if (array_key_exists('email', $data['user']) && empty($data['user']['email'])) {	7✔
133	throw new LibresignException($this->l10n->t('You must have an email. You can define the email in your profile.'), 1);	2✔
134	}
135	if (!empty($data['user']['email']) && !filter_var($data['user']['email'], FILTER_VALIDATE_EMAIL)) {	5✔
136	throw new LibresignException($this->l10n->t('Invalid email'), 1);	2✔
137	}
138	if (empty($data['signPassword'])) {	3✔
139	throw new LibresignException($this->l10n->t('Password to sign is mandatory'), 1);	1✔
140	}
141	}
142
143	/**
144	* Get signRequest by Uuid
145	*/
146	public function getSignRequestByUuid(string $uuid): SignRequest {
147	if (!$this->signRequest instanceof SignRequest) {	2✔
148	$this->signRequest = $this->signRequestMapper->getByUuid($uuid);	2✔
149	}
150	return $this->signRequest;	2✔
151	}
152
153	public function createToSign(string $uuid, string $email, string $password, ?string $signPassword): void {
154	$signRequest = $this->getSignRequestByUuid($uuid);	2✔
155
156	$newUser = $this->userManager->createUser($email, $password);	2✔
157	$newUser->setDisplayName($signRequest->getDisplayName());	2✔
158	$newUser->setSystemEMailAddress($email);	2✔
159
160	$this->updateIdentifyMethodToAccount($signRequest->getId(), $email, $newUser->getUID());	2✔
161
162	if ($this->config->getAppValue('core', 'newUser.sendEmail', 'yes') === 'yes') {	2✔
163	try {
164	$emailTemplate = $this->newUserMail->generateTemplate($newUser, false);	2✔
165	$this->newUserMail->sendMail($newUser, $emailTemplate);	2✔
166	} catch (\Exception) {	2✔
167	throw new LibresignException('Unable to send the invitation', 1);	2✔
168	}
169	}
170
171	if ($signPassword) {	×
172	$certificate = $this->pkcs12Handler->generateCertificate(	×
173	[	×
174	'host' => $newUser->getPrimaryEMailAddress(),	×
175	'uid' => 'account:' . $newUser->getUID(),	×
176	'name' => $newUser->getDisplayName()	×
177	],	×
178	$signPassword,	×
179	$newUser->getDisplayName()	×
180	);	×
181	$this->pkcs12Handler->savePfx($newUser->getPrimaryEMailAddress(), $certificate);	×
182	}
183	}
184
185	public function getCertificateEngineName(): string {
186	return $this->certificateEngineFactory->getEngine()->getName();	×
187	}
188
189	/**
190	* @return array<string, mixed>
191	*/
192	public function getConfig(?IUser $user = null): array {
193	$info['identificationDocumentsFlow'] = $this->appConfig->getValueBool(Application::APP_ID, 'identification_documents', false);	×
194	$info['hasSignatureFile'] = $this->hasSignatureFile($user);	×
195	$info['phoneNumber'] = $this->getPhoneNumber($user);	×
196	$info['isApprover'] = $this->validateHelper->userCanApproveValidationDocuments($user, false);	×
197	$info['grid_view'] = $this->getUserConfigGridView($user);	×
NEW 198	$info['id_docs_filters'] = $this->getUserConfigIdDocsFilters($user);	×
NEW 199	$info['crl_filters'] = $this->getUserConfigCrlFilters($user);	×
NEW 200	$info['crl_sort'] = $this->getUserConfigCrlSort($user);	×
201
NEW 202	return array_filter($info);	×
203	}
204
205
206
207	private function updateIdentifyMethodToAccount(int $signRequestId, string $email, string $uid): void {
208	$identifyMethods = $this->identifyMethodService->getIdentifyMethodsFromSignRequestId($signRequestId);	2✔
209	foreach ($identifyMethods as $name => $methods) {	2✔
210	if ($name === IdentifyMethodService::IDENTIFY_EMAIL) {	×
211	foreach ($methods as $identifyMethod) {	×
212	$entity = $identifyMethod->getEntity();	×
213	if ($entity->getIdentifierValue() === $email) {	×
214	$entity->setIdentifierKey(IdentifyMethodService::IDENTIFY_ACCOUNT);	×
215	$entity->setIdentifierValue($uid);	×
216	$this->identifyMethodMapper->update($entity);	×
217	}
218	}
219	}
220	}
221	}
222
223	private function getPhoneNumber(?IUser $user): string {
224	if (!$user) {	×
225	return '';	×
226	}
227	$userAccount = $this->accountManager->getAccount($user);	×
228	return $userAccount->getProperty(IAccountManager::PROPERTY_PHONE)->getValue();	×
229	}
230
231	public function hasSignatureFile(?IUser $user = null): bool {
232	if (!$user) {	4✔
233	return false;	×
234	}
235	try {
236	$this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID());	4✔
237	return true;	×
238	} catch (LibresignException) {	4✔
239	return false;	4✔
240	}
241	}
242
243	private function getUserConfigGridView(?IUser $user = null): bool {
244	if (!$user) {	×
245	return false;	×
246	}
247
248	return $this->config->getUserValue($user->getUID(), Application::APP_ID, 'grid_view', false) === '1';	×
249	}
250
251	private function getUserConfigIdDocsFilters(?IUser $user = null): array {
252	if (!$user) {	×
253	return [];	×
254	}
255
NEW 256	$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'id_docs_filters', '');	×
NEW 257	if (empty($value)) {	×
NEW 258	return [];	×
259	}
260
NEW 261	$decoded = json_decode($value, true);	×
NEW 262	return is_array($decoded) ? $decoded : [];	×
263	}
264
265	private function getUserConfigCrlFilters(?IUser $user = null): array {
NEW 266	if (!$user \|\| !$this->groupManager->isAdmin($user->getUID())) {	×
NEW 267	return [];	×
268	}
269
270	$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_filters', '');	×
271	if (empty($value)) {	×
272	return [];	×
273	}
274
275	$decoded = json_decode($value, true);	×
276	return is_array($decoded) ? $decoded : [];	×
277	}
278
279	private function getUserConfigCrlSort(?IUser $user = null): array {
NEW 280	if (!$user \|\| !$this->groupManager->isAdmin($user->getUID())) {	×
281	return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
282	}
283
284	$value = $this->config->getUserValue($user->getUID(), Application::APP_ID, 'crl_sort', '');	×
285	if (empty($value)) {	×
286	return ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
287	}
288
289	$decoded = json_decode($value, true);	×
290	return is_array($decoded) ? $decoded : ['sortBy' => 'revoked_at', 'sortOrder' => 'DESC'];	×
291	}
292
293	/**
294	* Get PDF node by UUID
295	*
296	* @psalm-suppress MixedReturnStatement
297	* @throws Throwable
298	* @return \OCP\Files\File
299	*/
300	public function getPdfByUuid(string $uuid): File {
301	$fileData = $this->fileMapper->getByUuid($uuid);	4✔
302
303	if (in_array($fileData->getStatus(), [FileEntity::STATUS_PARTIAL_SIGNED, FileEntity::STATUS_SIGNED])) {	4✔
304	$nodeId = $fileData->getSignedNodeId();	3✔
305	} else {
306	$nodeId = $fileData->getNodeId();	1✔
307	}
308	$file = $this->root->getUserFolder($fileData->getUserId())->getFirstNodeById($nodeId);	4✔
309	if (!$file instanceof File) {	4✔
310	throw new DoesNotExistException('Not found');	×
311	}
312	return $file;	4✔
313	}
314
315	public function getFileByNodeId(int $nodeId): File {
316	try {
317	return $this->folderService->getFileById($nodeId);	×
318	} catch (NotFoundException) {	×
319	throw new DoesNotExistException('Not found');	×
320	}
321	}
322
323	public function canRequestSign(?IUser $user = null): bool {
324	if (!$user) {	12✔
325	return false;	2✔
326	}
327	$authorized = $this->appConfig->getValueArray(Application::APP_ID, 'groups_request_sign', ['admin']);	10✔
328	if (empty($authorized)) {	10✔
329	return false;	2✔
330	}
331	$userGroups = $this->groupManager->getUserGroupIds($user);	8✔
332	if (!array_intersect($userGroups, $authorized)) {	8✔
333	return false;	4✔
334	}
335	return true;	4✔
336	}
337
338	public function getSettings(?IUser $user = null): array {
339	$return['canRequestSign'] = $this->canRequestSign($user);	4✔
340	$return['hasSignatureFile'] = $this->hasSignatureFile($user);	4✔
341	return $return;	4✔
342	}
343
344	public function addFilesToAccount(array $files, IUser $user): void {
NEW 345	$this->idDocsService->addIdDocs($files, $user);	×
346	}
347
348	public function deleteFileFromAccount(int $nodeId, IUser $user): void {
NEW 349	$this->idDocsService->deleteIdDoc($nodeId, $user);	×
350	}
351
352	public function saveVisibleElements(array $elements, string $sessionId, ?IUser $user): void {
353	foreach ($elements as $element) {	×
354	$this->saveVisibleElement($element, $sessionId, $user);	×
355	}
356	}
357
358	public function saveVisibleElement(array $data, string $sessionId, ?IUser $user): void {
359	if (isset($data['elementId'])) {	×
360	$this->updateFileOfVisibleElement($data);	×
361	$this->updateDataOfVisibleElement($data);	×
362	} elseif ($user instanceof IUser) {	×
363	$file = $this->saveFileOfVisibleElementUsingUser($data, $user);	×
364	$this->insertVisibleElement($data, $user, $file);	×
365	} else {
366	$file = $this->saveFileOfVisibleElementUsingSession($data, $sessionId);	×
367	}
368	}
369
370	private function updateFileOfVisibleElement(array $data): void {
371	if (!isset($data['file'])) {	×
372	return;	×
373	}
374	$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);	×
375	$file = $this->folderService->getFileById($userElement->getFileId());	×
376	$file->putContent($this->getFileRaw($data));	×
377	}
378
379	private function updateDataOfVisibleElement(array $data): void {
380	if (!isset($data['starred'])) {	×
381	return;	×
382	}
383	$userElement = $this->userElementMapper->findOne(['id' => $data['elementId']]);	×
384	$userElement->setStarred($data['starred'] ? 1 : 0);	×
385	$this->userElementMapper->update($userElement);	×
386	}
387
388	private function saveFileOfVisibleElementUsingUser(array $data, IUser $user): File {
389	$rootSignatureFolder = $this->folderService->getFolder();	×
390	$folderName = $this->folderService->getFolderName($data, $user);	×
391	$folderToFile = $rootSignatureFolder->newFolder($folderName);	×
392	return $folderToFile->newFile(UUIDUtil::getUUID() . '.png', $this->getFileRaw($data));	×
393	}
394
395	private function saveFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
396	if (!empty($data['nodeId'])) {	×
397	return $this->updateFileOfVisibleElementUsingSession($data, $sessionId);	×
398	}
399	return $this->createFileOfVisibleElementUsingSession($data, $sessionId);	×
400	}
401
402	private function updateFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
403	$fileList = $this->signerElementsService->getElementsFromSession();	×
404	$element = array_filter($fileList, fn (File $element) => $element->getId() === $data['nodeId']);	×
405	$element = current($element);	×
406	if (!$element instanceof File) {	×
407	throw new \Exception($this->l10n->t('File not found'));	×
408	}
409	$element->putContent($this->getFileRaw($data));	×
410	return $element;	×
411	}
412
413	private function createFileOfVisibleElementUsingSession(array $data, string $sessionId): File {
414	$rootSignatureFolder = $this->folderService->getFolder();	×
415	$folderName = $sessionId;	×
416	$folderToFile = $rootSignatureFolder->newFolder($folderName);	×
417	$filename = implode(	×
418	'_',	×
419	[	×
420	$data['type'],	×
421	$this->timeFactory->getDateTime()->getTimestamp(),	×
422	]	×
423	) . '.png';	×
424	return $folderToFile->newFile($filename, $this->getFileRaw($data));	×
425	}
426
427	private function insertVisibleElement(array $data, IUser $user, File $file): void {
428	$userElement = new UserElement();	×
429	$userElement->setType($data['type']);	×
430	$userElement->setFileId($file->getId());	×
431	$userElement->setUserId($user->getUID());	×
432	$userElement->setStarred(isset($data['starred']) && $data['starred'] ? 1 : 0);	×
433	$userElement->setCreatedAt($this->timeFactory->getDateTime());	×
434	$this->userElementMapper->insert($userElement);	×
435	}
436
437	private function getFileRaw(array $data): string {
438	if (!empty($data['file']['url'])) {	×
439	if (!filter_var($data['file']['url'], FILTER_VALIDATE_URL)) {	×
440	throw new \Exception($this->l10n->t('Invalid URL file'));	×
441	}
442	$response = $this->clientService->newClient()->get($data['file']['url']);	×
443	$contentType = $response->getHeader('Content-Type');	×
444	if ($contentType !== 'image/png') {	×
445	throw new \Exception($this->l10n->t('Visible element file must be png.'));	×
446	}
447	$content = (string)$response->getBody();	×
448	if (empty($content)) {	×
449	throw new \Exception($this->l10n->t('Empty file'));	×
450	}
451	$this->validateHelper->validateBase64($content, ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);	×
452	return $content;	×
453	}
454	$this->validateHelper->validateBase64($data['file']['base64'], ValidateHelper::TYPE_VISIBLE_ELEMENT_USER);	×
455	$withMime = explode(',', (string)$data['file']['base64']);	×
456	if (count($withMime) === 2) {	×
457	$content = base64_decode($withMime[1]);	×
458	} else {
459	$content = base64_decode((string)$data['file']['base64']);	×
460	}
461	if (!$content) {	×
462	return '';	×
463	}
464	return $content;	×
465	}
466
467	public function deleteSignatureElement(?IUser $user, string $sessionId, int $nodeId): void {
468	if ($user instanceof IUser) {	×
469	$element = $this->userElementMapper->findOne([	×
470	'file_id' => $nodeId,	×
471	'user_id' => $user->getUID(),	×
472	]);	×
473	$this->userElementMapper->delete($element);	×
474	try {
475	$file = $this->folderService->getFileById($element->getFileId());	×
476	$file->delete();	×
477	} catch (NotFoundException) {	×
478	}
479	} else {
480	$rootSignatureFolder = $this->folderService->getFolder();	×
481	$folderName = $sessionId;	×
482	$rootSignatureFolder->delete($folderName);	×
483	}
484	}
485
486	/**
487	* @throws LibresignException at savePfx
488	* @throws InvalidArgumentException
489	*/
490	public function uploadPfx(array $file, IUser $user): void {
491	if (
492	$file['error'] !== 0	×
493	\|\| !is_uploaded_file($file['tmp_name'])	×
494	\|\| Filesystem::isFileBlacklisted($file['tmp_name'])	×
495	) {
496	// TRANSLATORS Error when the uploaded certificate file is not valid
497	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
498	}
499	if ($file['size'] > 10 * 1024) {	×
500	// TRANSLATORS Error when the certificate file is bigger than normal
501	throw new InvalidArgumentException($this->l10n->t('File is too big'));	×
502	}
503	$content = file_get_contents($file['tmp_name']);	×
504	$mimetype = $this->mimeTypeDetector->detectString($content);	×
505	if ($mimetype !== 'application/octet-stream') {	×
506	// TRANSLATORS Error when the mimetype of uploaded file is not valid
507	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
508	}
509	$extension = strtolower(pathinfo((string)$file['name'], PATHINFO_EXTENSION));	×
510	if ($extension !== 'pfx') {	×
511	// TRANSLATORS Error when the certificate file is not a pfx file
512	throw new InvalidArgumentException($this->l10n->t('Invalid file provided. Need to be a .pfx file.'));	×
513	}
514	unlink($file['tmp_name']);	×
515	$this->pkcs12Handler->savePfx($user->getUID(), $content);	×
516	}
517
518	public function deletePfx(IUser $user): void {
519	$this->pkcs12Handler->deletePfx($user->getUID());	×
520	}
521
522	/**
523	* @throws LibresignException when have not a certificate file
524	*/
525	public function updatePfxPassword(IUser $user, string $current, string $new): void {
526	try {
527	$pfx = $this->pkcs12Handler->updatePassword($user->getUID(), $current, $new);	×
528	} catch (InvalidPasswordException) {	×
529	throw new LibresignException($this->l10n->t('Invalid user or password'));	×
530	}
531	}
532
533	/**
534	* @throws LibresignException when have not a certificate file
535	*/
536	public function readPfxData(IUser $user, string $password): array {
537	try {
538	return $this->pkcs12Handler	×
539	->setCertificate($this->pkcs12Handler->getPfxOfCurrentSigner($user->getUID()))	×
540	->setPassword($password)	×
541	->readCertificate();	×
542	} catch (InvalidPasswordException) {	×
543	throw new LibresignException($this->l10n->t('Invalid user or password'));	×
544	}
545	}
546	}

LibreSign / libresign / 19878831952

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous