[stable32] chore: bump dependencies#6828
Merged
Merged
Conversation
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
When a sign request UUID is provided via header but user is not authenticated, the session ID should be based on the UUID to maintain consistency across multiple HTTP requests. Previously, each request without authentication created a new session ID, causing signature elements to be saved with one session ID but retrieved with a different one, resulting in 'Element not found' errors. - Extract session consistency logic to private method with proper docblock - Store the sign request UUID in the session when provided - Fixes test: CRUD of signature element to signer by email without account - Resolves issues where GET requests without sign request UUID header could not find elements created in POST requests with the header Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
…uests apps (mysql) - Apps notifications, activity, and guests require composer install - Without installing dependencies, app:enable fails with autoload errors - Use composer --working-dir instead of cd for cleaner shell commands - Resolves 'Failed opening required vendor/autoload.php' error in behat tests Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
…uests apps (pgsql) - Apps notifications, activity, and guests require composer install - Without installing dependencies, app:enable fails with autoload errors - Use composer --working-dir instead of cd for cleaner shell commands - Resolves 'Failed opening required vendor/autoload.php' error in behat tests Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
…uests apps (sqlite) - Apps notifications, activity, and guests require composer install - Without installing dependencies, app:enable fails with autoload errors - Use composer --working-dir instead of cd for cleaner shell commands - Resolves 'Failed opening required vendor/autoload.php' error in behat tests Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
…uests apps (mariadb) - Apps notifications, activity, and guests require composer install - Without installing dependencies, app:enable fails with autoload errors - Use composer --working-dir instead of cd for cleaner shell commands - Resolves 'Failed opening required vendor/autoload.php' error in behat tests Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Uses vi.hoisted() to ensure mocks are properly initialized before module imports, preventing null reference errors in CI environment. This pattern guarantees mock setup happens in the correct phase of Vitest execution. Changes: - Wrap all mock functions and capturedActionRef in vi.hoisted() - Update all mock references to use mocks.* pattern - Remove duplicate 'let action' declaration outside describe block - Ensures action capture happens before first test runs Fixes GitHub Actions test failures on CI (works locally without this fix due to different module loading timing). Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Replace vi.hoisted() pattern with standard mock variable declarations following the same pattern used in other stable tests (SelectAction, settingsService, etc). This approach: - Declares mock variables outside describe block - Initializes them in beforeAll() instead of vi.hoisted() - Avoids potential timing issues in CI environments - Maintains same test coverage and assertions The vi.hoisted() approach worked locally but showed intermittent failures in GitHub Actions due to module import timing. This pattern has proven stable across other test files. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
…eanup Critical Bug Fix: - Previously deleted entire session folder when removing one element - Now deletes only the specific file by nodeId, preserving other elements - Automatically cleans up empty session folders to prevent clutter Implementation: - Split deleteSignatureElement into two distinct paths: * IUser: uses UserElementMapper with DB lookup by user_id + node_id * Non-IUser: uses deleteSignatureElementFromSession with strict validation - New deleteSignatureElementFromSession() method: * Validates session folder exists before attempting deletion * Uses getFirstNodeById() to ensure element is within session folder * Checks element is a File (not Folder or other Node type) * Deletes only the specific file by nodeId * Cleans up empty session folder after last element deletion * Throws DoesNotExistException if element not found Security Improvements: - Prevents deletion of files outside session scope - Validates node type before deletion - Maintains proper separation of authenticated vs unauthenticated flows Test Coverage: - Added 8 comprehensive unit tests (all passing): * testDeleteSignatureElementWithUserDeletesFromDB * testDeleteSignatureElementWithUserWhenFileNotFound * testDeleteSignatureElementWithoutUserDeletesFromSession * testDeleteSignatureElementWithoutUserThrowsWhenSessionFolderNotFound * testDeleteSignatureElementWithoutUserThrowsWhenNodeNotInSession * testDeleteSignatureElementWithoutUserThrowsWhenNodeIsNotFile * testDeleteSignatureElementOnlyDeletesSpecificFileNotWholeFolder * testDeleteSignatureElementDeletesEmptySessionFolder - Tests validate security logic, error handling, and cleanup behavior - Integration tests (Behat) already cover end-to-end scenarios Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
… files by nodeId Critical fix for CI test failure 'CRUD of signature element to guest' returning 404 on DELETE. Root cause: Guests save signature files in appdata (guest_app/<userId>), not in their getUserFolder. The original getFileByNodeId() tried to search getUserFolder first for ALL authenticated users, including guests. This search would fail for guests but could return false positives or fail silently, causing subsequent operations to fail. When getUserElements() calls signatureFileExists() → getFileByNodeId() with a guest userId, the method would search in the wrong location, leading to: 1. Files not found during GET (though fallback sometimes worked) 2. Database records incorrectly deleted as 'orphaned' 3. DELETE operations returning 404 'Element not found' Solution: Check if user is in 'guest_app' group before attempting getUserFolder search. For guests, skip directly to appdata search path which is their correct storage location. Storage paths by user type: - Normal user: getUserFolder (e.g., /files/username/LibreSign/) - Guest user: appdata (e.g., appdata_*/libresign/guest_app/<userId>/) - Unauthenticated: appdata (e.g., appdata_*/libresign/unauthenticated/) The fix ensures guests' files are found in their correct appdata location, preventing the cascade of failures that led to 404 errors on DELETE operations. Fixes: https://github.com/LibreSign/libresign/actions/runs/21969295590 Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
github-project-automation
Bot
moved this from 0. Needs triage
to 4. to release
in Roadmap
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #6825