test: update sequential signing test to validate DRAFT filter

vitormattos · backportbot-libresign[bot] · commit 7c87a146bdfc · 2025-12-11T21:32:32.000Z
Split the sequential signing test into two separate scenarios to better
validate the DRAFT status filtering behavior:

1. First scenario: Tests that signer1 can see and sign the document
   (simpler flow without multiple user switches)

2. Second scenario: Tests that signer2 does NOT see the document when
   their sign_request is in DRAFT status

This avoids multiple user context switches in the same scenario which
was causing authentication issues in the Behat tests, and better isolates
the behavior we want to validate.

Signed-off-by: Vitor Mattos &lt;1079143+vitormattos@users.noreply.github.com&gt;
diff --git a/tests/integration/features/sign/sequential_signing.feature b/tests/integration/features/sign/sequential_signing.feature
@@ -43,21 +43,26 @@ Feature: sequential-signing
       | users | [{"identify":{"account":"signer1"},"signingOrder":1},{"identify":{"account":"signer2"},"signingOrder":2}] |
       | name | Sequential Document |
     Then the response should have a status code 200
-    And as user "signer2"
-    And sending "get" to ocs "/apps/libresign/api/v1/file/list"
-    And the response should have a status code 200
-    And fetch field "(SIGN_UUID_2)ocs.data.data.0.signers.1.sign_uuid" from previous JSON response
-    When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_2>"
-      | method | clickToSign |
-    Then the response should have a status code 422
-    And as user "signer1"
-    And sending "get" to ocs "/apps/libresign/api/v1/file/list"
-    And the response should have a status code 200
+    # Signer2 should NOT see the file yet (their sign_request is in DRAFT status)
+    Given as user "signer2"
+    When sending "get" to ocs "/apps/libresign/api/v1/file/list"
+    Then the response should have a status code 200
+    And the response should be a JSON array with the following mandatory values
+      | key                        | value |
+      | (jq).ocs.data.data\|length | 0     |
+    # Signer1 can see and sign the document
+    Given as user "signer1"
+    When sending "get" to ocs "/apps/libresign/api/v1/file/list"
+    Then the response should have a status code 200
     And fetch field "(SIGN_UUID_1)ocs.data.data.0.signers.0.sign_uuid" from previous JSON response
     When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_1>"
       | method | clickToSign |
     Then the response should have a status code 200
-    And as user "signer2"
+    # After signer1 signs, signer2 should now see the file and be able to sign
+    Given as user "signer2"
+    When sending "get" to ocs "/apps/libresign/api/v1/file/list"
+    Then the response should have a status code 200
+    And fetch field "(SIGN_UUID_2)ocs.data.data.0.signers.1.sign_uuid" from previous JSON response
     When sending "post" to ocs "/apps/libresign/api/v1/sign/uuid/<SIGN_UUID_2>"
       | method | clickToSign |
     Then the response should have a status code 200
