[stable33] fix(validation): harden unified files contract by backportbot-libresign[bot] · Pull Request #7445 · LibreSign/libresign

backportbot-libresign · 2026-04-07T00:36:38Z

Backport of #7442

Warning, This backport's changes differ from the original and might be incomplete ⚠️

Todo

Review and resolve any conflicts
Amend HEAD commit to remove the line stating to skip CI

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…ction Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…edFile Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…lidatedFile Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…gress Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…y url Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…llection Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…act guards Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

… validation Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…tries - Replace array_map with foreach to properly filter invalid signer entries - Validate signRequestId as required field (must be integer or numeric string) - Type-cast fields explicitly: displayName, email, statusText to string; status to int - Skip empty array returns for non-array inputs - Preserve identifyMethods when present - Ensures all returned summaries comply with OpenAPI schema contract Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

- Test rejection of array inputs (prevent numeric keys conversion) - Test filtering of non-string values - Test empty object and null handling - Verify proper handling of mixed string/non-string values - Covers edge cases like empty strings and various input types Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…vice - Extract normalizeRouteRecord from Validation.vue to dedicated service - Add explicit array rejection to prevent numeric keys (e.g., {'0': 'a', '1': 'b'}) - Type-cast string values explicitly for type safety - Drop non-string values with logging - Improve contract enforcement for route params/query handling Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

- Remove local normalizeRouteRecord function from Validation.vue - Import and use normalizeRouteRecord from services/routeNormalization - Improves maintainability and enables dedicated testing - No behavioral change, preserves all existing functionality Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

- Test acceptance of requested_by.displayName as null (missing profile info) - Test type validation still works (rejects non-string and missing) - Covers edge case where requester profile information is unavailable Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

- Update isRequestedBy() to allow displayName as null - Aligns with OpenAPI contract that allows null for missing profile info - Prevents rejection of valid API payloads when requester info is unavailable Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

…thod Extracted the signRequestId type casting and validation logic from mapSignerDetailsToSummary() into a dedicated private method extractValidSignRequestId(). This improves code readability by: - Removing inline validation comment (code is now self-documenting) - Centralizing validation logic in a named method that clearly explains the operation (extracting a valid ID or returning null) - Making the validation testable and reusable - Simplifying the main loop by delegating validation concern The method name clearly conveys intent without requiring explanatory comments. All 178 FileServiceTest assertions pass with no regressions. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Extracted validation and transformation logic into self-documenting helper functions: - isValidRecordInput(): Type guard clearly stating 'is object and not array' - shouldRejectAsArray(): Explains the design decision to reject arrays - buildStringOnlyRecord(): Separates string-filtering logic with clear intent Benefits: - Removed inline conditional logic that required explanatory comments - Each function name now conveys purpose without additional documentation - Improved testability of individual concerns - Simplified main normalizeRouteRecord() function body All 9 routeNormalization tests pass with no regressions. Full test suite validates: 2317 tests across 171 files. TypeScript type checking clean. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

The method name extractValidSignRequestId() and its return type ?int already express the full contract. The comment was paraphrasing both without adding new information. Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

vitormattos added 30 commits April 7, 2026 00:36

test(files): enforce single-file files collection contract

17be163

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(files): always expose files collection for single files

c2db8cf

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor(validation): remove legacy shape fallbacks

3646c35

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

docs(api): require files and filesCount in validated file contract

19f2303

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

docs(file-controller): document unified files collection response

9769bc8

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

docs(request-signature): document unified files collection response

1726c93

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

docs(openapi): align validation descriptions with unified files colle…

5737020

…ction Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(openapi): require filesCount and files in ValidatedFile schema

52c5a51

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(openapi-full): require filesCount and files in ValidatedFile schema

723e115

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(types/openapi): make filesCount and files non-optional in Validat…

43385ee

…edFile Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(types/openapi-full): make filesCount and files non-optional in Va…

4e873fd

…lidatedFile Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(validation): fix isEnvelope test to reflect nodeType-only detection

31f4c78

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(validation): rely solely on nodeType for isEnvelope detection

001b6eb

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(signing-progress): enforce single-file docs use signer-based pro…

e3bf40f

…gress Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(signing-progress): remove legacy files.length envelope detection

edc608f

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(sign-pdf): canonical files[0].file URL takes priority over legac…

21e0640

…y url Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(sign-pdf): prefer canonical files collection URL over legacy doc.url

c77a6b6

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(file-status-list): add filesCount and files to validation fixture

42502cd

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(file-validation): add filesCount and files fields to test fixture

c1af838

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

chore(playwright): add fast-fail mode for local debugging

9483359

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(file-service): assert canonical child file URL in single-file co…

65e0358

…llection Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(file-service): sync single-file collection with canonical file URL

2a8ea62

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(validation): align fixtures with strict OpenAPI contract

6c07001

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(validation): enforce strict OpenAPI-normalized payload parsing

08cd6d7

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor(signing-progress): use ValidationFileRecord contract types

c6a7bbc

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor(validation): replace payload normalization with strict contr…

555fac8

…act guards Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix: align single-file child payload with OpenAPI schema

d07f802

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix: normalize validation metadata required fields

d833d35

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test: cover metadata contract normalization

bbfccc0

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor: use proper Psalm types in mapSignerDetailsToSummary

02aea8e

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

vitormattos added 15 commits April 7, 2026 00:36

refactor(validation): type modification status flow

932734a

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor(validation): extract document normalization service

6038d23

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

refactor(validation): slim view by isolating document contracts

0183488

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(validation): cover validation document normalization service

23f2992

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(validation): expand business rule coverage with data providers

77ab3fd

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(file): use nullable status property default

0396449

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(fileService): add regression tests for mapSignerDetailsToSummary…

628c8c1

… validation Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

backportbot-libresign bot requested a review from vitormattos April 7, 2026 00:36

github-project-automation bot added this to Roadmap Apr 7, 2026

backportbot-libresign bot added the 3. to review label Apr 7, 2026

github-project-automation bot moved this to 0. Needs triage in Roadmap Apr 7, 2026

backportbot-libresign bot added this to the Next Patch (33) milestone Apr 7, 2026

backportbot-libresign bot assigned vitormattos Apr 7, 2026

vitormattos force-pushed the backport/7442/stable33 branch from 5ed59b0 to fe84fea Compare April 7, 2026 01:33

vitormattos added 3 commits April 6, 2026 22:43

fix(validation): rely on nodeType for envelope detection

d76f1f2

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

test(Sign): cover mixed envelope submit result precedence

79cb7da

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

fix(Sign): submit envelope signatures per file signer uuid

0814283

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

vitormattos marked this pull request as ready for review April 7, 2026 01:52

vitormattos merged commit eda1ccd into stable33 Apr 7, 2026
65 checks passed

vitormattos deleted the backport/7442/stable33 branch April 7, 2026 01:53

github-project-automation bot moved this from 0. Needs triage to 4. to release in Roadmap Apr 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[stable33] fix(validation): harden unified files contract#7445

[stable33] fix(validation): harden unified files contract#7445
vitormattos merged 81 commits intostable33from
backport/7442/stable33

backportbot-libresign bot commented Apr 7, 2026 •

edited by vitormattos

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

backportbot-libresign bot commented Apr 7, 2026 • edited by vitormattos Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Todo

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

backportbot-libresign bot commented Apr 7, 2026 •

edited by vitormattos

Loading