From 0bab0e0b7de6dcbf35c86b0d5c1ad9e22d0911d6 Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Sun, 1 Mar 2026 17:16:24 -0300 Subject: [PATCH 1/2] test(support): add deleteUserPfx helper to remove user certificate Add deleteUserPfx() to playwright/support/nc-provisioning.ts to send DELETE /ocs/v2.php/apps/libresign/api/v1/account/pfx authenticated as the target user. This ensures tests that require the certificate creation flow always start from a clean state. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- playwright/support/nc-provisioning.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/playwright/support/nc-provisioning.ts b/playwright/support/nc-provisioning.ts index 794b2ceb6b..68fb315ec4 100644 --- a/playwright/support/nc-provisioning.ts +++ b/playwright/support/nc-provisioning.ts @@ -143,6 +143,19 @@ type OpenSslCertNames = { L?: string } +/** + * Deletes the PFX certificate of a user so the next signing attempt + * starts without an existing certificate. + * Equivalent to: DELETE /ocs/v2.php/apps/libresign/api/v1/account/pfx + */ +export async function deleteUserPfx( + request: APIRequestContext, + userId: string, + password: string, +): Promise { + await ocsRequest(request, 'DELETE', '/apps/libresign/api/v1/account/pfx', userId, password) +} + /** * Configures the OpenSSL certificate engine. * Equivalent to: `occ libresign:configure:openssl --cn=... --c=... ...` From bd8567a399c6224eaa9e3b73829b1d3e8637eefa Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Sun, 1 Mar 2026 17:16:33 -0300 Subject: [PATCH 2/2] test(e2e): add scenario for signing with pkcs12 certificate Add e2e test covering the full flow where a user signs a document using a PKCS#12 certificate generated by herself: - configure OpenSSL root certificate - enable password signature method - delete any existing PFX to guarantee the create-password step appears - upload PDF, add signer, request signatures - create password on first sign attempt - sign the document with the created password - assert document validity on the validation page Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- ...gn-herself-with-pkcs12-certificate.spec.ts | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts diff --git a/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts b/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts new file mode 100644 index 0000000000..a9774eb97e --- /dev/null +++ b/playwright/e2e/sign-herself-with-pkcs12-certificate.spec.ts @@ -0,0 +1,63 @@ +/** + * SPDX-FileCopyrightText: 2026 LibreCode coop and contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +import { expect, test } from '@playwright/test' +import { login } from '../support/nc-login' +import { configureOpenSsl, deleteUserPfx, setAppConfig } from '../support/nc-provisioning' + +test('sign herself with pkcs12 certificate', async ({ page }) => { + const adminUser = process.env.NEXTCLOUD_ADMIN_USER ?? 'admin' + const adminPassword = process.env.NEXTCLOUD_ADMIN_PASSWORD ?? 'admin' + + await login(page.request, adminUser, adminPassword) + + await configureOpenSsl(page.request, 'LibreSign Test', { + C: 'BR', + OU: ['Organization Unit'], + ST: 'Rio de Janeiro', + O: 'LibreSign', + L: 'Rio de Janeiro', + }) + + await setAppConfig( + page.request, + 'libresign', + 'identify_methods', + JSON.stringify([ + { name: 'account', enabled: true, mandatory: true, signatureMethods: { password: { enabled: true } } }, + { name: 'email', enabled: false, mandatory: false }, + ]), + ) + + // Ensure the user has no existing certificate so the test always goes + // through the "create password" flow. + await deleteUserPfx(page.request, adminUser, adminPassword) + + await page.goto('./apps/libresign') + + await page.getByRole('button', { name: 'Upload from URL' }).click() + await page.getByRole('textbox', { name: 'URL of a PDF file' }).fill('https://raw.githubusercontent.com/LibreSign/libresign/main/tests/php/fixtures/pdfs/small_valid.pdf') + await page.getByRole('button', { name: 'Send' }).click() + await page.getByRole('button', { name: 'Add signer' }).click() + await page.getByPlaceholder('Account').fill(adminUser) + await page.getByText('admin@email.tld').click() + await page.getByRole('button', { name: 'Save' }).click() + await page.getByRole('button', { name: 'Request signatures' }).click() + await page.getByRole('button', { name: 'Send' }).click() + await page.getByRole('button', { name: 'Sign document' }).click() + await page.getByRole('button', { name: 'Define a password and sign the document.' }).click() + await page.getByLabel('Enter a password').fill('Password1234') + await page.getByRole('button', { name: 'Confirm' }).click() + await page.getByRole('button', { name: 'Sign the document.' }).click() + await page.getByLabel('Signature password').fill('Password1234') + await page.getByRole('button', { name: 'Sign document' }).click() + await page.waitForURL('**/validation/**') + await expect(page.getByText('This document is valid')).toBeVisible() + await page.getByRole('button', { name: 'Expand details' }).click() + await page.getByRole('button', { name: 'Expand validation status', exact: true }).click() + await expect(page.getByRole('link', { name: 'Document integrity verified' })).toBeVisible() + await page.getByRole('button', { name: 'Expand document certification', exact: true }).click() + await expect(page.getByRole('link', { name: 'Document has not been' })).toBeVisible() +})