chore: add migration to remove legacy appConfig keys

Signed-off-by: Vitor Mattos <[email protected]>

Author: vitormattos

lib/Migration/Version18001Date20260320000000.php

@@ -26,6 +26,8 @@
 use OCA\Libresign\Service\Policy\Provider\RequestSignGroups\RequestSignGroupsPolicyValue;
 use OCA\Libresign\Service\Policy\Provider\Signature\SignatureFlowPolicy;
 use OCA\Libresign\Service\Policy\Provider\SignatureText\SignatureTextPolicy;
+use OCA\Libresign\Service\Policy\Provider\Tsa\TsaPolicy;
+use OCA\Libresign\Service\Policy\Provider\Tsa\TsaPolicyValue;
 use OCP\DB\ISchemaWrapper;
 use OCP\Exceptions\AppConfigTypeConflictException;
 use OCP\IAppConfig;
@@ -53,6 +55,41 @@ public function preSchemaChange(IOutput $output, Closure $schemaClosure, array $
 		$this->migrateReminderSettings();
 		$this->migrateExpirationRulesType();
 		$this->migrateIdentifyMethodsType();
+		$this->migrateTsaSettings();
+	}
+
+	private function migrateTsaSettings(): void {
+		$existingConsolidated = $this->readLegacyString(TsaPolicy::SYSTEM_APP_CONFIG_KEY);
+		if ($existingConsolidated !== null && trim($existingConsolidated) !== '') {
+			$this->deleteLegacyTsaNonSensitiveKeys();
+			return;
+		}
+
+		$tsaUrl = $this->readLegacyString('tsa_url');
+		$tsaPolicyOid = $this->readLegacyString('tsa_policy_oid');
+		$tsaAuthType = $this->readLegacyString('tsa_auth_type');
+		$tsaUsername = $this->readLegacyString('tsa_username');
+
+		if ($tsaUrl === null && $tsaPolicyOid === null && $tsaAuthType === null && $tsaUsername === null) {
+			return;
+		}
+
+		$encoded = TsaPolicyValue::encode([
+			'url' => $tsaUrl ?? '',
+			'policy_oid' => $tsaPolicyOid ?? '',
+			'auth_type' => $tsaAuthType ?? 'none',
+			'username' => $tsaUsername ?? '',
+		]);
+
+		$this->deleteLegacyTsaNonSensitiveKeys();
+		$this->appConfig->setValueString(Application::APP_ID, TsaPolicy::SYSTEM_APP_CONFIG_KEY, $encoded);
+	}
+
+	private function deleteLegacyTsaNonSensitiveKeys(): void {
+		$this->appConfig->deleteKey(Application::APP_ID, 'tsa_url');
+		$this->appConfig->deleteKey(Application::APP_ID, 'tsa_policy_oid');
+		$this->appConfig->deleteKey(Application::APP_ID, 'tsa_auth_type');
+		$this->appConfig->deleteKey(Application::APP_ID, 'tsa_username');
 	}
 
 	private function migrateExpirationRulesType(): void {

tests/php/Unit/Migration/Version18001Date20260320000000Test.php

@@ -13,6 +13,8 @@
 use OCA\Libresign\Service\Policy\Provider\ExpirationRules\ExpirationRulesPolicy;
 use OCA\Libresign\Service\Policy\Provider\Footer\FooterPolicyValue;
 use OCA\Libresign\Service\Policy\Provider\SignatureText\SignatureTextPolicy;
+use OCA\Libresign\Service\Policy\Provider\Tsa\TsaPolicy;
+use OCA\Libresign\Service\Policy\Provider\Tsa\TsaPolicyValue;
 use OCP\Exceptions\AppConfigTypeConflictException;
 use OCP\IAppConfig;
 use OCP\Migration\IOutput;
@@ -91,6 +93,74 @@ public function testMigratesLegacyFooterSettingsIntoStructuredPayload(): void {
 		self::assertContains([Application::APP_ID, 'add_footer'], $deletedKeys);
 	}
 
+	public function testMigratesLegacyTsaSettingsIntoCanonicalPolicyAndDeletesLegacyKeys(): void {
+		$this->appConfig
+			->method('getValueString')
+			->willReturnCallback(static function (string $app, string $key, string $default): string {
+				if ($app !== Application::APP_ID) {
+					return $default;
+				}
+
+				$map = [
+					'add_footer' => '',
+					'write_qrcode_on_footer' => '',
+					'validation_site' => '',
+					'footer_template_is_default' => '',
+					'collect_metadata' => '',
+					'identification_documents' => '',
+					'docmdp_level' => '',
+					'groups_request_sign' => '',
+					'policy.signature_flow.system' => '',
+					'signature_flow' => '',
+					'template_font_size' => '',
+					'signature_width' => '',
+					'signature_height' => '',
+					'signature_font_size' => '',
+					'signature_render_mode' => '',
+					'identify_methods' => '',
+					TsaPolicy::SYSTEM_APP_CONFIG_KEY => '',
+					'tsa_url' => 'https://freetsa.org/tsr',
+					'tsa_policy_oid' => '1.2.840.113549.1.9.16.1.4',
+					'tsa_auth_type' => 'basic',
+					'tsa_username' => 'tsa-user',
+				];
+
+				return $map[$key] ?? $default;
+			});
+
+		$deletedKeys = [];
+		$savedStrings = [];
+
+		$this->appConfig
+			->method('deleteKey')
+			->willReturnCallback(static function (string $app, string $key) use (&$deletedKeys): void {
+				$deletedKeys[] = [$app, $key];
+			});
+
+		$this->appConfig
+			->method('setValueString')
+			->willReturnCallback(static function (string $app, string $key, string $value) use (&$savedStrings): bool {
+				$savedStrings[] = [$app, $key, $value];
+				return true;
+			});
+
+		$migration = new Version18001Date20260320000000($this->appConfig);
+		$migration->preSchemaChange($this->createMock(IOutput::class), static fn () => null, []);
+
+		$expectedTsaPayload = TsaPolicyValue::encode([
+			'url' => 'https://freetsa.org/tsr',
+			'policy_oid' => '1.2.840.113549.1.9.16.1.4',
+			'auth_type' => 'basic',
+			'username' => 'tsa-user',
+		]);
+
+		self::assertContains([Application::APP_ID, TsaPolicy::SYSTEM_APP_CONFIG_KEY, $expectedTsaPayload], $savedStrings);
+		self::assertContains([Application::APP_ID, 'tsa_url'], $deletedKeys);
+		self::assertContains([Application::APP_ID, 'tsa_policy_oid'], $deletedKeys);
+		self::assertContains([Application::APP_ID, 'tsa_auth_type'], $deletedKeys);
+		self::assertContains([Application::APP_ID, 'tsa_username'], $deletedKeys);
+	}
+
 	public function testReadsLegacyBooleanWhenAddFooterHasTypedBoolValue(): void {
 		$this->appConfig
 			->method('getValueString')