Skip to content

Commit

Permalink
feat: electronic signing, add settings for eIDEasy (fixes #4311)
Browse files Browse the repository at this point in the history
Electronic signing needs to store settings as richdocuments settings.
This involves the API URL, a client ID visible to the browser and a
secret, which is only used during server-side requests.

The WOPI CheckFileInfo reply sends this information to the COOL server,
similar to how it's done for digital signing (via PEM files).

Add the settings as admin settings, otherwise normal users would be able
to use eIDEasy services outside richdocuments.

<CollaboraOnline/online#10630 (comment)>
has instructions on what test data to use to try out the service in a
test environment. Additionally, if the test CA is configured to be
trusted as a user setting, then the green stamp icon will show up in the
status bar.

Signed-off-by: Miklos Vajna <[email protected]>
  • Loading branch information
vmiklos committed Dec 12, 2024
1 parent bbb63d9 commit 45875ff
Show file tree
Hide file tree
Showing 4 changed files with 69 additions and 0 deletions.
18 changes: 18 additions & 0 deletions lib/Controller/SettingsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,9 @@ private function getSettingsData(): array {
'product_name' => $this->capabilitiesService->getServerProductName(),
'product_version' => $this->capabilitiesService->getProductVersion(),
'product_hash' => $this->capabilitiesService->getProductHash(),
'esignature_base_url' => $this->appConfig->getAppValue('esignature_base_url'),
'esignature_client_id' => $this->appConfig->getAppValue('esignature_client_id'),
'esignature_secret' => $this->appConfig->getAppValue('esignature_secret'),
];
}

Expand All @@ -122,6 +125,9 @@ public function setSettings(
?string $doc_format,
?string $external_apps,
?string $canonical_webroot,
?string $esignature_base_url,
?string $esignature_client_id,
?string $esignature_secret,
): JSONResponse {
if ($wopi_url !== null) {
$this->appConfig->setAppValue('wopi_url', $wopi_url);
Expand Down Expand Up @@ -158,6 +164,18 @@ public function setSettings(
$this->appConfig->setAppValue('canonical_webroot', $canonical_webroot);
}

if ($esignature_base_url !== null) {
$this->appConfig->setAppValue('esignature_base_url', $esignature_base_url);
}

if ($esignature_client_id !== null) {
$this->appConfig->setAppValue('esignature_client_id', $esignature_client_id);
}

if ($esignature_secret !== null) {
$this->appConfig->setAppValue('esignature_secret', $esignature_secret);
}

try {
$output = new NullOutput();
$this->connectivityService->testDiscovery($output);
Expand Down
14 changes: 14 additions & 0 deletions lib/Controller/WopiController.php
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,7 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
'IsUserLocked' => $this->permissionManager->userIsFeatureLocked($wopi->getEditorUid()),
'EnableRemoteLinkPicker' => (bool)$wopi->getCanwrite() && !$isPublic && !$wopi->getDirect(),
'HasContentRange' => true,
'ServerPrivateInfo' => [],
];

$enableZotero = $this->config->getAppValue(Application::APPNAME, 'zoteroEnabled', 'yes') === 'yes';
Expand All @@ -174,6 +175,19 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
$response['UserPrivateInfo']['SignatureKey'] = $documentSigningKey;
$documentSigningCa = $this->config->getUserValue($wopi->getEditorUid(), 'richdocuments', 'documentSigningCa', '');
$response['UserPrivateInfo']['SignatureCa'] = $documentSigningCa;

$eSignatureBaseUrl = $this->config->getAppValue(Application::APPNAME, 'esignature_base_url');
if ($eSignatureBaseUrl !== '') {
$response['ServerPrivateInfo']['ESignatureBaseUrl'] = $eSignatureBaseUrl;
}
$eSignatureClientId = $this->config->getAppValue(Application::APPNAME, 'esignature_client_id');
if ($eSignatureClientId !== '') {
$response['ServerPrivateInfo']['ESignatureClientId'] = $eSignatureClientId;
}
$eSignatureSecret = $this->config->getAppValue(Application::APPNAME, 'esignature_secret');
if ($eSignatureSecret !== '') {
$response['ServerPrivateInfo']['ESignatureSecret'] = $eSignatureSecret;
}
}
if ($wopi->hasTemplateId()) {
$response['TemplateSource'] = $this->getWopiUrlForTemplate($wopi);
Expand Down
3 changes: 3 additions & 0 deletions lib/Settings/Admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,9 @@ public function getForm(): TemplateResponse {
'os_family' => PHP_VERSION_ID >= 70200 ? PHP_OS_FAMILY : PHP_OS,
'platform' => php_uname('m'),
'fonts' => $this->fontService->getFontFileNames(),
'esignature_base_url' => $this->config->getAppValue('richdocuments', 'esignature_base_url'),
'esignature_client_id' => $this->config->getAppValue('richdocuments', 'esignature_client_id'),
'esignature_secret' => $this->config->getAppValue('richdocuments', 'esignature_secret'),
],
],
'blank'
Expand Down
34 changes: 34 additions & 0 deletions src/components/AdminSettings.vue
Original file line number Diff line number Diff line change
Expand Up @@ -391,6 +391,25 @@
</div>
</div>

<div v-if="isSetup" id="esignature-settings" class="section">
<h2>{{ t('richdocuments', 'Electronic signature settings') }}</h2>
<SettingsInputText v-model="settings.esignature_base_url"
:label="t('richdocuments', 'URL for the electronic signature API')"
:hint="t('richdocuments', 'The production API URL is https://id.eideasy.com, the test API URL is https://test.eideasy.com.')"
:disabled="updating"
@update="updateESignatureBaseUrl" />
<SettingsInputText v-model="settings.esignature_client_id"
:label="t('richdocuments', 'Client ID for the electronic signature API')"
:hint="t('richdocuments', 'Fill in the registration form at https://eideasy.com/signup to obtain a client ID and secret.')"
:disabled="updating"
@update="updateESignatureClientId" />
<SettingsInputText v-model="settings.esignature_secret"
:label="t('richdocuments', 'Secret for the electronic signature API')"
:hint="t('richdocuments', 'The secret may be downloadable via WOPI requests if WOPI allow list is not correctly configured.')"
:disabled="updating"
@update="updateESignatureSecret" />
</div>

<GlobalTemplates v-if="isSetup" />
</div>
</template>
Expand Down Expand Up @@ -688,6 +707,21 @@ export default {
wopi_allowlist: allowlist,
})
},
async updateESignatureBaseUrl(url) {
await this.updateSettings({
esignature_base_url: url,
})
},
async updateESignatureClientId(id) {
await this.updateSettings({
esignature_client_id: id,
})
},
async updateESignatureSecret(secret) {
await this.updateSettings({
esignature_secret: secret,
})
},
async updateOoxml(enabled) {
this.settings.doc_format = enabled ? 'ooxml' : ''
await this.updateSettings({
Expand Down

0 comments on commit 45875ff

Please sign in to comment.