diff --git a/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts b/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts new file mode 100644 index 0000000000..a9774eb97e --- /dev/null +++ b/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts @@ -0,0 +1,63 @@ +/** + * SPDX-FileCopyrightText: 2026 LibreCode coop and contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +import { expect, test } from '@playwright/test' +import { login } from '../support/nc-login' +import { configureOpenSsl, deleteUserPfx, setAppConfig } from '../support/nc-provisioning' + +test('sign herself with pkcs12 certificate', async ({ page }) => { + const adminUser = process.env.NEXTCLOUD_ADMIN_USER ?? 'admin' + const adminPassword = process.env.NEXTCLOUD_ADMIN_PASSWORD ?? 'admin' + + await login(page.request, adminUser, adminPassword) + + await configureOpenSsl(page.request, 'LibreSign Test', { + C: 'BR', + OU: ['Organization Unit'], + ST: 'Rio de Janeiro', + O: 'LibreSign', + L: 'Rio de Janeiro', + }) + + await setAppConfig( + page.request, + 'libresign', + 'identify_methods', + JSON.stringify([ + { name: 'account', enabled: true, mandatory: true, signatureMethods: { password: { enabled: true } } }, + { name: 'email', enabled: false, mandatory: false }, + ]), + ) + + // Ensure the user has no existing certificate so the test always goes + // through the "create password" flow. + await deleteUserPfx(page.request, adminUser, adminPassword) + + await page.goto('./apps/libresign') + + await page.getByRole('button', { name: 'Upload from URL' }).click() + await page.getByRole('textbox', { name: 'URL of a PDF file' }).fill('https://raw.githubusercontent.com/LibreSign/libresign/main/tests/php/fixtures/pdfs/small_valid.pdf') + await page.getByRole('button', { name: 'Send' }).click() + await page.getByRole('button', { name: 'Add signer' }).click() + await page.getByPlaceholder('Account').fill(adminUser) + await page.getByText('admin@email.tld').click() + await page.getByRole('button', { name: 'Save' }).click() + await page.getByRole('button', { name: 'Request signatures' }).click() + await page.getByRole('button', { name: 'Send' }).click() + await page.getByRole('button', { name: 'Sign document' }).click() + await page.getByRole('button', { name: 'Define a password and sign the document.' }).click() + await page.getByLabel('Enter a password').fill('Password1234') + await page.getByRole('button', { name: 'Confirm' }).click() + await page.getByRole('button', { name: 'Sign the document.' }).click() + await page.getByLabel('Signature password').fill('Password1234') + await page.getByRole('button', { name: 'Sign document' }).click() + await page.waitForURL('**/validation/**') + await expect(page.getByText('This document is valid')).toBeVisible() + await page.getByRole('button', { name: 'Expand details' }).click() + await page.getByRole('button', { name: 'Expand validation status', exact: true }).click() + await expect(page.getByRole('link', { name: 'Document integrity verified' })).toBeVisible() + await page.getByRole('button', { name: 'Expand document certification', exact: true }).click() + await expect(page.getByRole('link', { name: 'Document has not been' })).toBeVisible() +}) diff --git a/playwright/support/nc-provisioning.ts b/playwright/support/nc-provisioning.ts index 794b2ceb6b..68fb315ec4 100644 --- a/playwright/support/nc-provisioning.ts +++ b/playwright/support/nc-provisioning.ts @@ -143,6 +143,19 @@ type OpenSslCertNames = { L?: string } +/** + * Deletes the PFX certificate of a user so the next signing attempt + * starts without an existing certificate. + * Equivalent to: DELETE /ocs/v2.php/apps/libresign/api/v1/account/pfx + */ +export async function deleteUserPfx( + request: APIRequestContext, + userId: string, + password: string, +): Promise { + await ocsRequest(request, 'DELETE', '/apps/libresign/api/v1/account/pfx', userId, password) +} + /** * Configures the OpenSSL certificate engine. * Equivalent to: `occ libresign:configure:openssl --cn=... --c=... ...`