feat: validate all files in envelope before signing

Check file existence for all child files when validating envelope signature.

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Service/IdentifyMethod/AbstractIdentifyMethod.php

@@ -171,14 +171,36 @@ protected function throwIfFileNotFound(): void {
 		$signRequest = $this->identifyService->getSignRequestMapper()->getById($this->getEntity()->getSignRequestId());
 		$fileEntity = $this->identifyService->getFileMapper()->getById($signRequest->getFileId());
 
-		$nodeId = $fileEntity->getNodeId();
+		$filesToCheck = [];
+
+		if ($fileEntity->getNodeType() === 'envelope') {
+			$children = $this->identifyService->getFileMapper()->getChildrenFiles($fileEntity->getId());
+			foreach ($children as $child) {
+				$filesToCheck[] = [
+					'nodeId' => $child->getNodeId(),
+					'userId' => $child->getUserId(),
+					'name' => $child->getName(),
+				];
+			}
+		} else {
+			$filesToCheck[] = [
+				'nodeId' => $fileEntity->getNodeId(),
+				'userId' => $fileEntity->getUserId(),
+				'name' => $fileEntity->getName(),
+			];
+		}
 
-		$fileToSign = $this->identifyService->getRootFolder()->getUserFolder($fileEntity->getUserId())->getFirstNodeById($nodeId);
-		if (!$fileToSign instanceof \OCP\Files\File) {
-			throw new LibresignException(json_encode([
-				'action' => JSActions::ACTION_DO_NOTHING,
-				'errors' => [['message' => $this->identifyService->getL10n()->t('File not found')]],
-			]));
+		foreach ($filesToCheck as $fileInfo) {
+			$fileToSign = $this->identifyService->getRootFolder()
+				->getUserFolder($fileInfo['userId'])
+				->getFirstNodeById($fileInfo['nodeId']);
+
+			if (!$fileToSign instanceof \OCP\Files\File) {
+				throw new LibresignException(json_encode([
+					'action' => JSActions::ACTION_DO_NOTHING,
+					'errors' => [['message' => $this->identifyService->getL10n()->t('File not found')]],
+				]));
+			}
 		}
 	}