feat: add document auth

[dguyen]

Description

Add support for two types of authentication on a document:

• Access authentication - The required authentication to view the document sign/complete page
• Action authentication - The required authentication to sign fields and sign/approve/view a document

Currently supported auth methods:

• Account

Passkeys will be added in at a later date.

Global document access and action authentication

These options allow us to configure the access and action requirements for all recipients in the document in one easy location.

Recipient action authentication

This setting allows us to individually set the action authentication requirements for a specific recipient. This overrides the global settings for more control.

Recipient access authentication

Same as above but for access. Currently not available via UI.

Changes Made

• Replaced the title document flow step with a generic settings step
• Moved the advanced settings dropdown to the generic settings step of the document flow
• Added global document action and access values
• Added recipient action and access values (recipient access override values are currently unused, but they should work)
• Added an advanced options setting on the add signers document flow to allow selecting recipient action auth
• Added logic to prevent signing fields without being authenticated

Notes

Since we're bringing the advanced tab from the Add subject document step to the first step, I've removed the restriction where we display the date dropdown only when a date field is configured, because it's early in the step.

Testing Performed

Pending tests

Checklist

• I have tested these changes locally and they work as expected.

Summary by CodeRabbit

• New Features
  • Enhanced document editing with settings configuration, including signers and fields.
  • Added document and recipient authentication options across the application.
  • Introduced new components for managing document flow, such as settings, signers, and subjects.
  • Improved document signing process with authentication checks and error handling.
• Bug Fixes
  • Fixed UI inconsistencies in the document download button by adjusting conditional rendering logic.
  • Enhanced input field styling with better placeholder visibility and transition effects.
• Documentation
  • Updated rendering logic for document history to include new audit log types.
• Refactor
  • Streamlined authentication and authorization checks across signing components.
  • Improved codebase with the addition of utility functions for document and recipient authentication.
• Style
  • Adjusted checkbox styling for better visual integration.

[coderabbitai]

Important

Auto Review Skipped

Auto reviews are limited to the following labels: coderabbit. Please add one of these labels to enable auto reviews.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository.

To trigger a single review, invoke the @coderabbitai review command.

Walkthrough

The updates span across multiple components and libraries, primarily focusing on enhancing document and recipient authentication, improving error handling, and refining the UI/UX for document management processes. New functionalities include settings configuration for documents, advanced authentication options, and streamlined document flow management. These changes aim to provide a more secure, flexible, and user-friendly experience for document creation, editing, and signing processes.

Changes

Files	Change Summary
apps/marketing/.../singleplayer/client.tsx	Added authOptions field initialized to null in SinglePlayerClient.
apps/web/.../[id]/edit-document.tsx	Updated EditDocumentForm to include document settings configuration.
apps/web/.../sign/[token]/complete/page.tsx	Enhanced authorization check using getServerComponentSession and isRecipientAuthorized.
apps/web/.../sign/[token]/*	Updated authentication and error handling across multiple components.
apps/web/.../document-history-sheet.tsx	Added new handling for document audit log types and updated rendering logic.
packages/lib/*	Introduced new functionalities and updates in constants, errors, server-only operations, and utilities.
packages/prisma/*	Added authOptions column and field to "Document" and "Recipient" tables/models.
packages/trpc/server/*	Updated functionalities in document, field, and recipient routers for authentication and settings.
packages/ui/.../animate-generic-fade-in-out.tsx	Added key prop for improved component re-rendering.
packages/ui/.../document-download-button.tsx	Added conditional rendering for download icon based on loading state.
packages/ui/primitives/checkbox.tsx	Updated styling with bg-background class.
packages/ui/primitives/document-flow/*	Updated components and types for document flow management.
packages/ui/primitives/input.tsx	Adjusted CSS class composition for input element.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
prd-app	🔄 Building (Inspect)	Visit Preview		Mar 27, 2024 7:26am
stg-app	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 27, 2024 7:26am
stg-marketing	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 27, 2024 7:26am

1 Ignored Deployment

Name	Status	Preview	Comments	Updated (UTC)
prd-marketing	⬜️ Ignored (Inspect)			Mar 27, 2024 7:26am

[dguyen]

@coderabbitai review

[coderabbitai]

Review Status

Actionable comments generated: 16

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between fd4d546 and 8d1b0ad.

Files selected for processing (50)

• apps/marketing/src/app/(marketing)/singleplayer/client.tsx (1 hunks)
• apps/web/src/app/(dashboard)/documents/[id]/edit-document.tsx (11 hunks)
• apps/web/src/app/(signing)/sign/[token]/complete/page.tsx (4 hunks)
• apps/web/src/app/(signing)/sign/[token]/date-field.tsx (2 hunks)
• apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx (1 hunks)
• apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx (1 hunks)
• apps/web/src/app/(signing)/sign/[token]/email-field.tsx (2 hunks)
• apps/web/src/app/(signing)/sign/[token]/form.tsx (4 hunks)
• apps/web/src/app/(signing)/sign/[token]/name-field.tsx (6 hunks)
• apps/web/src/app/(signing)/sign/[token]/page.tsx (3 hunks)
• apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx (2 hunks)
• apps/web/src/app/(signing)/sign/[token]/signature-field.tsx (8 hunks)
• apps/web/src/app/(signing)/sign/[token]/signing-auth-page.tsx (1 hunks)
• apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx (3 hunks)
• apps/web/src/app/(signing)/sign/[token]/signing-page-view.tsx (1 hunks)
• apps/web/src/app/(signing)/sign/[token]/text-field.tsx (7 hunks)
• apps/web/src/components/document/document-history-sheet.tsx (4 hunks)
• packages/lib/constants/document-auth.ts (1 hunks)
• packages/lib/errors/app-error.ts (1 hunks)
• packages/lib/server-only/document/complete-document-with-token.ts (3 hunks)
• packages/lib/server-only/document/get-document-by-token.ts (4 hunks)
• packages/lib/server-only/document/is-recipient-authorized.ts (1 hunks)
• packages/lib/server-only/document/update-document-settings.ts (1 hunks)
• packages/lib/server-only/document/viewed-document.ts (2 hunks)
• packages/lib/server-only/field/sign-field-with-token.ts (4 hunks)
• packages/lib/server-only/field/update-field.ts (4 hunks)
• packages/lib/server-only/recipient/set-recipients-for-document.ts (6 hunks)
• packages/lib/types/document-audit-logs.ts (10 hunks)
• packages/lib/types/document-auth.ts (1 hunks)
• packages/lib/utils/document-audit-logs.ts (5 hunks)
• packages/lib/utils/document-auth.ts (1 hunks)
• packages/prisma/migrations/20240311113243_add_document_auth/migration.sql (1 hunks)
• packages/prisma/schema.prisma (2 hunks)
• packages/trpc/server/document-router/router.ts (4 hunks)
• packages/trpc/server/document-router/schema.ts (3 hunks)
• packages/trpc/server/field-router/router.ts (2 hunks)
• packages/trpc/server/field-router/schema.ts (2 hunks)
• packages/trpc/server/recipient-router/router.ts (2 hunks)
• packages/trpc/server/recipient-router/schema.ts (3 hunks)
• packages/trpc/server/trpc.ts (1 hunks)
• packages/ui/components/animate/animate-generic-fade-in-out.tsx (1 hunks)
• packages/ui/components/document/document-download-button.tsx (1 hunks)
• packages/ui/primitives/checkbox.tsx (1 hunks)
• packages/ui/primitives/document-flow/add-settings.tsx (1 hunks)
• packages/ui/primitives/document-flow/add-settings.types.ts (1 hunks)
• packages/ui/primitives/document-flow/add-signers.tsx (8 hunks)
• packages/ui/primitives/document-flow/add-signers.types.ts (2 hunks)
• packages/ui/primitives/document-flow/add-subject.tsx (4 hunks)
• packages/ui/primitives/document-flow/add-subject.types.ts (1 hunks)
• packages/ui/primitives/input.tsx (1 hunks)

Files skipped from review due to trivial changes (1)

• packages/trpc/server/trpc.ts

Additional comments: 123

packages/prisma/migrations/20240311113243_add_document_auth/migration.sql (2)

• 2-2: Ensure that the authOptions column in the "Document" table is indexed if it will be queried frequently. This can help improve query performance.
• 5-5: Similar to the "Document" table, consider indexing the authOptions column in the "Recipient" table if it's expected to be a common query parameter.

packages/ui/primitives/document-flow/add-subject.types.ts (1)

• 1-9: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-10]

The schema definition for ZAddSubjectFormSchema is concise and correctly uses Zod for validation. However, ensure that the removal of default values for timezone, dateFormat, and redirectUrl is intentional and does not impact other parts of the application expecting these fields.

Verification successful

---

The verification process has revealed that timezone, dateFormat, and redirectUrl are indeed used across various parts of the application, with explicit default values set in some contexts. This suggests that the removal or modification of these fields or their default values in one part of the application should be carefully considered to ensure consistency and avoid unintended side effects on the application's functionality. It is crucial to verify that any changes made align with the overall application design and do not negatively impact other components that rely on these fields.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify if other parts of the application are impacted by the removal of default values.
rg 'timezone|dateFormat|redirectUrl' --type ts

Length of output: 10143

packages/ui/primitives/input.tsx (1)

• 13-13: The updated CSS class composition for the input element, including the transition effect for the aria-invalid state, enhances the user interface by providing visual feedback on input validation. Ensure that the transition effect is tested across different browsers for consistency.

packages/lib/constants/document-auth.ts (1)

• 17-31: The definition of DOCUMENT_AUTH_TYPES and the introduction of the isAuthRedirectRequired field align with the PR objectives to enhance document authentication. Ensure that the isAuthRedirectRequired field is appropriately utilized in the authentication flow to redirect users when necessary.

packages/ui/primitives/document-flow/add-signers.types.ts (1)

• 17-19: The inclusion of the actionAuth field with optional validation using ZRecipientActionAuthTypesSchema in ZAddSignersFormSchema is a significant enhancement that aligns with the PR objectives. Ensure that the form correctly handles the optional nature of actionAuth and provides appropriate feedback to the user.

packages/ui/primitives/checkbox.tsx (1)

• 19-19: The addition of the bg-background class to the Checkbox component enhances the visual consistency of the checkbox with the application's design. Ensure that the change is tested across different themes (if applicable) to maintain visual consistency.

packages/ui/primitives/document-flow/add-settings.types.ts (1)

• 22-40: The definition of ZAddSettingsFormSchema, including the global access and action authentication settings, as well as the optional fields with default values and validation, is a comprehensive enhancement that aligns with the PR objectives. Ensure that the form correctly handles the optional nature of these fields and provides appropriate feedback to the user.

packages/ui/components/document/document-download-button.tsx (1)

• 63-63: The conditional rendering logic to show the download icon only when not in a loading state is correctly implemented and enhances the user experience by providing visual feedback during the download operation.

packages/trpc/server/field-router/schema.ts (1)

• 49-49: The addition of the authOptions field to ZSignFieldWithTokenMutationSchema is correctly implemented, enhancing the document authentication capabilities as intended. The use of Zod for schema validation is appropriate and ensures type safety and validation.

packages/trpc/server/recipient-router/schema.ts (2)

• 19-19: The addition of the actionAuth field to ZAddSignersMutationSchema is correctly implemented, enhancing recipient-specific authentication capabilities. The use of Zod for schema validation ensures type safety and validation.
• 62-62: The addition of the authOptions field to ZCompleteDocumentWithTokenMutationSchema is correctly implemented, further enhancing document authentication capabilities. The optional nature of the field ensures backward compatibility and flexibility.

apps/web/src/app/(signing)/sign/[token]/signing-auth-page.tsx (1)

• 1-67: The implementation of the SigningAuthPageView component is well-done, correctly integrating with the new authentication features. The use of React hooks, async/await, and error handling patterns is appropriate and enhances the user experience by providing clear instructions and feedback.

packages/lib/server-only/document/viewed-document.ts (2)

• 14-14: The addition of the recipientAccessAuth field to ViewedDocumentOptions is correctly implemented, enhancing the handling of document viewing with new authentication options. The careful consideration of this field in the viewedDocument function aligns with the objectives of enhancing document authentication.
• 60-60: The update to include recipientAccessAuth in the audit log creation process is a good practice, ensuring that the new authentication options are comprehensively tracked. This enhances the auditability of document access.

packages/lib/utils/document-auth.ts (1)

• 12-72: The utility functions extractDocumentAuthMethods, createDocumentAuthOptions, and createRecipientAuthOptions are well-implemented, providing a clear and type-safe way to handle document and recipient authentication options. The use of Zod for validation enhances the robustness of the authentication feature.

packages/lib/server-only/document/is-recipient-authorized.ts (1)

• 10-86: The implementation of the isRecipientAuthorized function is well-done, correctly determining recipient authorization based on the new authentication options. The use of pattern matching for handling different authentication methods is expressive and enhances the readability and maintainability of the code.

packages/trpc/server/recipient-router/router.ts (2)

• 31-31: The addition of actionAuth to the signer object in the addSigners mutation is correctly implemented, enhancing the flexibility and security of the document signing process by incorporating recipient-specific authentication options.
• 75-81: The addition of authOptions to the completeDocumentWithToken function and the use of ctx.user?.id for setting the userId are correctly implemented, aligning with the objectives of enhancing document authentication and ensuring the use of the current user's ID when available.

packages/lib/server-only/field/update-field.ts (3)

• 4-6: The addition of DOCUMENT_AUDIT_LOG_TYPE and diffFieldChanges imports indicates an enhancement in audit logging capabilities for field updates. Ensure these utilities are properly implemented and tested.
• 37-37: Using findFirstOrThrow instead of a direct update ensures that the field exists before attempting an update, enhancing error handling. This change is a good practice for data integrity and error management.
• 80-97: The update to createDocumentAuditLogData call with additional parameters and changes in the data object structure enhances the detail and accuracy of audit logs. Ensure that the new parameters and data structure are correctly documented and validated.

Consider adding validation for the new parameters to ensure they meet expected formats and values before proceeding with the audit log creation.

apps/web/src/app/(signing)/sign/[token]/email-field.tsx (2)

• 9-10: The addition of AppError and AppErrorCode imports for improved error handling is a positive change. It aligns with best practices for user feedback and error management in UI components.
• 55-59: Adding error handling for AppErrorCode.UNAUTHORIZED is essential for a better user experience, especially in scenarios requiring authentication. This change ensures that unauthorized actions are caught and handled gracefully.

packages/trpc/server/field-router/router.ts (2)

• 3-3: The addition of AppError import for enhanced error handling in the fieldRouter is a good practice. It aligns with the application's error handling strategy and improves maintainability.
• 89-89: Replacing the error handling logic to throw AppError converted to TRPCError is a significant improvement. It ensures consistency in error handling across the application and enhances the user experience by providing more descriptive error messages.

packages/lib/server-only/document/get-document-by-token.ts (2)

• 4-6: The addition of imports for error handling and type definitions is a positive change, enhancing the file's functionality and maintainability. Ensure these new utilities and types are correctly implemented and documented.
• 69-90: Updating getDocumentAndSenderByToken and getDocumentAndRecipientByToken functions to handle access authorization based on the recipient enhances the application's security model. This change ensures that document access is properly authorized and managed. However, ensure that error handling for unauthorized access is user-friendly and informative.

Improve error messages for unauthorized access to provide users with clear guidance on how to obtain access or whom to contact for assistance.

apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx (1)

• 15-15: The addition of useRequiredDocumentAuthContext to manage authentication procedures before opening the dialog is a good practice. It ensures that the dialog opens conditionally based on authentication requirements, enhancing security and user experience.

apps/web/src/app/(signing)/sign/[token]/date-field.tsx (2)

• 14-15: The addition of AppError and AppErrorCode imports for improved error handling is a positive change. It aligns with best practices for user feedback and error management in UI components.
• 69-73: Adding error handling for AppErrorCode.UNAUTHORIZED is essential for a better user experience, especially in scenarios requiring authentication. This change ensures that unauthorized actions are caught and handled gracefully.

apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx (2)

• 5-5: The addition of TRecipientActionAuth import indicates an enhancement in handling authentication for signing fields. Ensure this type is properly used and integrated within the component's logic.
• 10-10: Incorporating useRequiredDocumentAuthContext for managing authentication procedures is a good practice. It ensures that the component interacts correctly with the application's authentication context, enhancing security and user experience.

apps/web/src/app/(signing)/sign/[token]/page.tsx (7)

• 7-7: The import of isRecipientAuthorized indicates the addition of authorization logic for recipients. Ensure that this function is thoroughly tested, especially for edge cases and error handling.
• 14-14: The replacement of truncateTitle with extractDocumentAuthMethods suggests a shift towards more complex document authentication logic. It's crucial to verify that this change does not impact other areas of the application where truncateTitle was used.

Verification successful

---

The search results indicate that truncateTitle is still being used in various parts of the application, including within the signing-page-view.tsx, sign-dialog.tsx, complete/page.tsx, and trigger-multiselect-combobox.tsx files. This suggests that the replacement of truncateTitle with extractDocumentAuthMethods in the specific context of sign/[token]/page.tsx does not eliminate the use of truncateTitle elsewhere in the application. Therefore, the concern that the replacement might impact other areas where truncateTitle was used is unfounded, as truncateTitle continues to be utilized in other components.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for usages of `truncateTitle` to ensure they've been properly replaced or removed.
rg --type tsx --type ts 'truncateTitle'

Length of output: 67

---

---

Script:

#!/bin/bash
# Corrected script to search for usages of `truncateTitle` without specifying file types, to avoid the previous error.
rg 'truncateTitle'

Length of output: 1097

* 17-21: Introduction of `DocumentAuthProvider` and `SigningPageView` components. This change centralizes the authentication logic and UI rendering for signing pages. Ensure that these components are modular and reusable for future authentication methods. * 54-57: The use of `extractDocumentAuthMethods` to derive recipient access authentication methods is a significant change. It's important to ensure that the logic correctly handles all possible authentication configurations. * 59-64: The logic to check document access validity using `isRecipientAuthorized` is crucial for security. Ensure comprehensive testing around this logic to prevent unauthorized access. * 70-74: The call to `viewedDocument` upon successful document access validation is a good practice for audit logging. Verify that error handling is in place for any potential failures in this call. * 122-123: The use of `DocumentAuthProvider` to wrap `SigningPageView` indicates a structured approach to handling document and recipient authentication. This pattern should enhance the maintainability of the authentication logic.

packages/lib/types/document-auth.ts (1)

• 1-121: The introduction of various Zod schemas for document and recipient authentication types is a robust approach to ensuring data integrity and validation. It's important to ensure that these schemas are comprehensive and align with the application's authentication requirements.

packages/lib/errors/app-error.ts (1)

• 140-148: The addition of a try-catch block in the parseFromJSONString method improves the robustness of JSON parsing error handling. This change helps prevent potential crashes due to malformed JSON strings. Ensure that this error handling strategy is consistent with other parts of the application.

packages/trpc/server/document-router/schema.ts (2)

• 44-66: The introduction of ZSetSettingsForDocumentMutationSchema is a significant addition that allows for the validation of document settings updates. Ensure that this schema accurately reflects all possible settings that can be updated and consider future extensibility for additional settings.
• 119-120: Making timezone and dateFormat optional in ZSendDocumentMutationSchema reflects a simplification of the document sending process. Verify that this change aligns with the application's requirements and does not impact user experience negatively.

packages/lib/server-only/document/complete-document-with-token.ts (2)

• 82-97: The addition of authorization checks using isRecipientAuthorized before allowing a document to be completed is crucial for security. Ensure that this logic correctly handles all authentication types and properly denies access when necessary.
• 99-127: The transactional update logic for marking a recipient as signed and creating an audit log entry is well-structured. Ensure that error handling is in place for each step of the transaction to maintain data integrity in case of failures.

packages/ui/primitives/document-flow/add-subject.tsx (3)

• 4-4: The change from Controller, useForm to only useForm indicates a simplification in form handling. Ensure that this change does not remove any required functionality or negatively impact form behavior.
• 44-44: The removal of touchedFields from the form state indicates a simplification in form state management. Verify that this change does not affect form validation or user feedback mechanisms negatively.
• 127-132: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [58-161]

The significant refactoring of the AddSubjectFormPartial component to focus on essential fields and remove advanced options like date format, time zone, and redirect URL simplifies the user interface. Ensure that this simplification aligns with the application's requirements and does not remove any critical functionality.

packages/lib/server-only/document/update-document-settings.ts (3)

• 33-35: The validation to ensure that there is data to update is a good practice. It prevents unnecessary database operations and ensures that the API call has a clear intent.
• 83-88: Restricting title updates to documents in the DRAFT status is a critical business rule. Ensure that this rule is clearly communicated to users to avoid confusion.
• 105-132: The creation of audit logs for changes in global access and action authentication settings is essential for tracking and auditing. Verify that these logs capture all necessary information and are created only when changes occur.

apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx (1)

• 58-161: The introduction of DocumentAuthProvider as a context provider for document authentication is a significant architectural enhancement. It centralizes authentication logic, making it easier to manage and reuse. Ensure that this provider is flexible enough to accommodate future authentication methods and scenarios.

apps/web/src/app/(signing)/sign/[token]/text-field.tsx (7)

• 9-10: Imports for AppError, AppErrorCode, and TRecipientActionAuth have been added to handle errors and type definitions for recipient action authentication. This aligns with the PR's objective to enhance document authentication mechanisms.
• 20-20: The import of useRequiredDocumentAuthContext is crucial for accessing the document authentication context, enabling the component to execute authentication procedures. This is a necessary addition for supporting the new authentication features.
• 33-33: The addition of executeActionAuthProcedure from the document authentication context is essential for handling the authentication process during the signing action. This function likely encapsulates the logic for verifying authentication requirements, which is key to the new authentication enhancements.
• 59-65: The onDialogSignClick function, which handles the dialog sign click event, correctly sets the modal visibility to false and invokes the executeActionAuthProcedure with a callback for the onSign function. This approach ensures that the signing process is contingent upon successful authentication, aligning with the PR's objectives.
• 67-73: The onPreSign function checks if the local text is empty and, if so, displays the custom text modal. This preemptive check is a good practice to ensure that a user cannot proceed with signing without entering the required text, enhancing the user experience and data integrity.
• 46-80: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [76-87]

The onSign function has been modified to include an optional authOptions parameter, which is used when signing the field. This modification is crucial for integrating the new authentication mechanism into the signing process, ensuring that the action authentication requirements are met before proceeding.

• 130-136: The SigningFieldContainer component has been updated with new props, including onPreSign, onSign, and onRemove. These updates are necessary to integrate the new authentication and signing logic into the component, ensuring that the signing process adheres to the enhanced authentication requirements.

packages/lib/server-only/field/sign-field-with-token.ts (6)

• 11-13: The addition of imports for AppError, AppErrorCode, and TRecipientActionAuth is necessary for error handling and type definitions related to recipient action authentication. These changes are consistent with the PR's goal of enhancing document authentication.
• 16-17: The import of utility functions extractDocumentAuthMethods and isRecipientAuthorized indicates the introduction of more sophisticated authentication checks. These functions likely play a critical role in determining the appropriate authentication requirements and verifying if a recipient meets those requirements.
• 24-25: The addition of userId and authOptions to the SignFieldWithTokenOptions type is crucial for supporting the new authentication features. These parameters enable the function to perform recipient-specific authentication checks based on the provided authentication options.
• 82-93: The use of extractDocumentAuthMethods to derive recipient action authentication and the subsequent check with isRecipientAuthorized are key enhancements for enforcing authentication requirements. This logic ensures that only authorized recipients can perform actions on the document, aligning with the PR's objectives.
• 95-97: The error handling for unauthorized access attempts is appropriately implemented using the AppError class. This ensures that a clear and consistent error response is provided when authentication requirements are not met, enhancing security and user feedback.
• 186-190: The update to fieldSecurity based on the derived recipient action authentication is a significant change. It ensures that the security settings for a field are dynamically adjusted based on the recipient's authentication status, further enhancing document security.

apps/web/src/app/(signing)/sign/[token]/name-field.tsx (7)

• 9-10: The imports for AppError, AppErrorCode, and TRecipientActionAuth are necessary for handling errors and type definitions for recipient action authentication. These additions are consistent with the PR's goal of enhancing document authentication mechanisms.
• 20-20: The import of useRequiredDocumentAuthContext is crucial for accessing the document authentication context, enabling the component to execute authentication procedures. This addition supports the new authentication features.
• 37-37: The addition of executeActionAuthProcedure from the document authentication context is essential for handling the authentication process during the signing action. This function likely encapsulates the logic for verifying authentication requirements, which is key to the new authentication enhancements.
• 66-72: The onDialogSignClick function, which handles the dialog sign click event, correctly sets the modal visibility to false and invokes the executeActionAuthProcedure with a callback for the onSign function. This approach ensures that the signing process is contingent upon successful authentication, aligning with the PR's objectives.
• 54-60: The onPreSign function checks if the provided full name is empty and, if so, displays the full name modal. This preemptive check is a good practice to ensure that a user cannot proceed with signing without entering the required name, enhancing the user experience and data integrity.
• 75-89: The onSign function has been modified to include an optional authOptions parameter, which is used when signing the field. This modification is crucial for integrating the new authentication mechanism into the signing process, ensuring that the action authentication requirements are met before proceeding.
• 130-136: The SigningFieldContainer component has been updated with new props, including onPreSign, onSign, and onRemove. These updates are necessary to integrate the new authentication and signing logic into the component, ensuring that the signing process adheres to the enhanced authentication requirements.

apps/web/src/app/(signing)/sign/[token]/complete/page.tsx (2)

• 9-11: The addition of imports for getServerComponentSession and isRecipientAuthorized functions is crucial for handling session management and recipient authorization checks. These changes support the PR's objective of enhancing document access control.
• 62-71: The implementation of a check for document access authorization based on the recipient's email is a significant enhancement. Redirecting to SigningAuthPageView if access is not valid ensures that only authorized recipients can view the completed signing page, aligning with the PR's goals of improving document security.

apps/web/src/app/(signing)/sign/[token]/signature-field.tsx (7)

• 9-10: The imports for AppError, AppErrorCode, and TRecipientActionAuth are necessary for handling errors and type definitions for recipient action authentication. These additions are consistent with the PR's goal of enhancing document authentication mechanisms.
• 20-20: The import of useRequiredDocumentAuthContext is crucial for accessing the document authentication context, enabling the component to execute authentication procedures. This addition supports the new authentication features.
• 39-39: The addition of executeActionAuthProcedure from the document authentication context is essential for handling the authentication process during the signing action. This function likely encapsulates the logic for verifying authentication requirements, which is key to the new authentication enhancements.
• 82-92: The onDialogSignClick function, which handles the dialog sign click event, correctly sets the modal visibility to false and invokes the executeActionAuthProcedure with a callback for the onSign function. This approach ensures that the signing process is contingent upon successful authentication, aligning with the PR's objectives.
• 70-76: The onPreSign function checks if the provided signature is empty and, if so, displays the signature modal. This preemptive check is a good practice to ensure that a user cannot proceed with signing without providing a signature, enhancing the user experience and data integrity.
• 67-103: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [95-109]

The onSign function has been modified to include an optional authOptions parameter, which is used when signing the field. This modification is crucial for integrating the new authentication mechanism into the signing process, ensuring that the action authentication requirements are met before proceeding.

• 150-156: The SigningFieldContainer component has been updated with new props, including onPreSign, onSign, and onRemove. These updates are necessary to integrate the new authentication and signing logic into the component, ensuring that the signing process adheres to the enhanced authentication requirements.

packages/lib/server-only/recipient/set-recipients-for-document.ts (4)

• 2-5: The addition of imports for TRecipientActionAuthTypes and ZRecipientAuthOptionsSchema is necessary for handling type definitions and schema validation related to recipient action authentication. These changes support the PR's objective of enhancing document authentication mechanisms.
• 12-12: The import of createRecipientAuthOptions is crucial for generating recipient authentication options based on the provided actionAuth values. This function likely plays a key role in configuring recipient-specific authentication settings, aligning with the PR's goals of introducing more granular control over document authentication.
• 26-26: The addition of the actionAuth field to SetRecipientsForDocumentOptions is essential for supporting the new recipient-specific action authentication settings. This change enables the backend to process and store recipient-specific authentication requirements, enhancing the flexibility and security of the document authentication process.
• 120-127: The handling of actionAuth in recipient data, including the parsing and creation of recipient authentication options, is a significant enhancement. This logic ensures that recipient-specific action authentication settings are correctly processed and stored, furthering the PR's objectives of introducing more granular authentication controls.

apps/web/src/app/(signing)/sign/[token]/form.tsx (5)

• 11-11: The import of TRecipientActionAuth from @documenso/lib/types/document-auth is correctly added to support the new authentication features. This type will be used in the authentication procedures within the component.
• 23-23: The use of useRequiredDocumentAuthContext is appropriate here as it provides necessary authentication context for the document being signed. This context is crucial for implementing the new authentication logic.
• 40-40: The executeActionAuthProcedure function is retrieved from the document authentication context. This is a good practice as it encapsulates the authentication logic outside of the component, making the component cleaner and more maintainable.
• 70-73: The executeActionAuthProcedure function is correctly used to handle the authentication process before completing the document. This ensures that the document can only be completed if the user passes the necessary authentication checks.
• 76-80: The completeDocument function is well-implemented, making use of the completeDocumentWithToken mutation to complete the signing process. It correctly handles the authOptions parameter, allowing for flexible authentication mechanisms. However, it's important to ensure that the authOptions parameter is properly validated and sanitized before being used to prevent security vulnerabilities.

apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx (4)

• 1-5: The comment at the beginning of the file provides useful context about the presence of commented-out code related to password authentication. It's good practice to leave such comments for future developers, especially when there are plans to reuse the code for upcoming features like passkeys and 2FA.
• 30-30: The use of useRequiredDocumentAuthContext is appropriate for accessing the recipient's information within the authentication dialog. This ensures that the dialog can adapt based on the recipient's role and other context-specific details.
• 71-73: The handling of loading states with isSigningOut and isSubmitting is a good practice. It ensures that the user interface reflects the ongoing operations, preventing duplicate actions and improving the user experience.
• 140-180: The rendering logic within the DocumentActionAuthDialog component is correctly implemented, handling different document authentication types and providing a user-friendly interface for reauthentication. The use of the match function from ts-pattern for conditional rendering based on documentAuthType is a clean and readable approach.

However, it's important to ensure that all authentication types are handled correctly and that the UI is accessible and user-friendly.

Verification successful

Given the limitations of the provided context and the nature of the initial script, which was a placeholder for manual verification, it's clear that a more direct approach to verify the handling of all authentication types in the UI is required. To proceed, we need to gather more information about the DocumentAuth enum and its usage within the component. This will help in verifying whether all authentication types are correctly handled in the UI and that the interface is accessible and user-friendly.

---

Based on the provided script outputs and the analysis of the DocumentActionAuthDialog component, it appears that the application is designed to handle different document authentication types in a structured and user-friendly manner. The usage of the DocumentAuth enum within a context provider and the conditional rendering logic in the dialog component for at least two authentication types (ACCOUNT and EXPLICIT_NONE) suggests a thoughtful approach to authentication management. While the script output does not provide a complete list of all possible DocumentAuth enum values, the evidence suggests that the application is likely handling authentication types correctly. However, without direct access to the enum definition and a full understanding of the application's authentication flow, a definitive conclusion on the exhaustive handling of all types cannot be made.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify that all authentication types are correctly handled in the UI.
# This script is a placeholder for manual verification.
echo "Manual verification required: Ensure that all authentication types are correctly handled in the UI and that the interface is accessible and user-friendly."

Length of output: 318

---

---

Script:

#!/bin/bash
# Search for the DocumentAuth enum definition
rg "enum DocumentAuth" --type-add 'custom:*.tsx' --type 'custom'

# Search for usage of DocumentAuth within the component to verify handling of all types
rg "DocumentAuth" --type-add 'custom:*.tsx' --type 'custom' -C 10

Length of output: 60048

apps/marketing/src/app/(marketing)/singleplayer/client.tsx (1)

• 164-164: The addition of authOptions initialized to null is aligned with the PR's objectives. Ensure that downstream components consuming placeholderRecipient properly handle the authOptions field, especially its null initialization.

Verification successful

---

The search results indicate that placeholderRecipient is used in a manner consistent with the addition of the authOptions field, primarily within the context of client.tsx and for setting up placeholder recipients in add-template-placeholder-recipients.tsx. There's no direct evidence of authOptions being specifically handled, suggesting that its addition is unlikely to cause immediate issues based on the current usage patterns. However, it's important to remain vigilant for potential future issues as more components interact with placeholderRecipient.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Search for usage of placeholderRecipient in the project to ensure proper handling of authOptions.
rg "placeholderRecipient" --type tsx

Length of output: 64

---

---

Script:

#!/bin/bash
# Corrected search for usage of placeholderRecipient in the project, including both .ts and .tsx files.
rg "placeholderRecipient" --glob "*.ts" --glob "*.tsx"

Length of output: 727

apps/web/src/app/(dashboard)/documents/[id]/edit-document.tsx (7)

• 20-21: The addition of AddSettingsFormPartial and its corresponding type TAddSettingsFormSchema supports the new settings-based approach to document editing. Ensure these components are correctly implemented and integrated within the application.
• 45-46: The update from title to settings in the EditDocumentStep type and the EditDocumentSteps array aligns with the PR's objective to enhance document settings management. Ensure that all references and dependencies are updated accordingly.
• 64-65: The transition from addTitle to setSettingsForDocument reflects the shift towards a more comprehensive settings management approach. Verify that the setSettingsForDocument mutation is correctly implemented on the server side and that it handles all necessary settings updates.

Verification successful

---

The setSettingsForDocument mutation is implemented within the documentRouter in router.ts, as part of the server-side code. This mutation takes input that includes documentId, teamId, data, and meta, and performs two main actions:

1. If meta.timezone, meta.dateFormat, or meta.redirectUrl are provided, it calls upsertDocumentMeta to update these meta settings for the document.
2. It then calls updateDocumentSettings to update other document settings based on the provided data.

This implementation indicates that the mutation is designed to handle a comprehensive set of settings updates for a document, including meta information like timezone, date format, and redirect URL, as well as other unspecified settings contained within data.

Given this information, it can be concluded that the transition from addTitle to setSettingsForDocument in the client-side code is supported by a corresponding server-side implementation that is capable of handling a broad range of document settings updates. This aligns with the original review comment's observation about the shift towards a more comprehensive settings management approach.

Scripts Executed

The following scripts were executed for the analysis:

---

Script:

#!/bin/bash
# Verify the implementation of setSettingsForDocument mutation.
rg "setSettingsForDocument" --type ts

Length of output: 462

---

---

Script:

#!/bin/bash
# Inspect the implementation of setSettingsForDocument mutation in router.ts
fd "router.ts" packages/trpc/server/document-router --exec cat {}

Length of output: 10374

* 109-131: > 📝 **NOTE** > This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [112-139]

The renaming of the form submission handler to onAddSettingsFormSubmit is appropriate for the new settings-based document editing flow. Ensure that the handler correctly processes and submits the new settings data, including error handling.

• 258-264: The use of AddSettingsFormPartial for the settings step is consistent with the PR's objectives. Confirm that the component is properly configured to handle the settings data and integrates well with the document flow.
• 120-123: The addition of globalAccessAuth and globalActionAuth fields in the settings form submission handler supports the new authentication features. Ensure these fields are correctly processed and stored in the backend.
• 139-139: The updated error message in the settings form submission handler reflects the broader scope of settings being updated. Ensure that error handling is comprehensive and user-friendly.

packages/trpc/server/document-router/router.ts (2)

• 15-15: The addition of updateDocumentSettings and ZSetSettingsForDocumentMutationSchema is necessary for the new document settings functionality. Ensure that these imports are correctly implemented and used securely within the setSettingsForDocument procedure.

Also applies to: 31-31

• 159-196: The implementation of the setSettingsForDocument procedure is crucial for updating document settings. Ensure that it correctly processes input data, performs necessary validations, and securely updates document settings. Additionally, verify that error handling is comprehensive and user-friendly.

packages/lib/utils/document-audit-logs.ts (3)

• 25-25: The addition of ZRecipientAuthOptionsSchema and updates to handle authOptions in audit logs support the new authentication features. Ensure that authOptions are properly compared and logged, and verify the correctness and completeness of the implementation.

Also applies to: 80-112

• 197-239: The updates to diffDocumentMetaChanges for comparing additional fields, such as dateFormat, message, subject, timezone, and redirectUrl, enhance the audit logging capabilities. Ensure that these comparisons are accurate and that changes are correctly logged.
• 315-322: The extension of formatDocumentAuditLogAction to include new document authentication types (DOCUMENT_GLOBAL_AUTH_ACCESS_UPDATED and DOCUMENT_GLOBAL_AUTH_ACTION_UPDATED) improves audit log readability and tracking. Confirm that these new types are correctly handled and that the descriptions are clear and informative.

apps/web/src/components/document/document-history-sheet.tsx (4)

• 10-10: Added import for DOCUMENT_AUTH_TYPES from @documenso/lib/constants/document-auth.

This import is necessary for handling the new document audit log types related to global authentication updates.

• 83-87: Modified formatGenericText function to accept an optional text parameter and handle null/undefined cases.

This modification improves the function's robustness by ensuring it can gracefully handle null or undefined inputs.

• 227-243: Added handling for DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACCESS_UPDATED and DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_GLOBAL_AUTH_ACTION_UPDATED in the rendering logic.

The addition of these cases ensures that updates to global document authentication settings are properly reflected in the document history.

• 244-244: Updated the rendering logic for DOCUMENT_AUDIT_LOG_TYPE.DOCUMENT_META_UPDATED.

While the summary mentions this update, the provided code does not show any modifications specific to this log type. Assuming this is an oversight in the summary, the existing handling of DOCUMENT_META_UPDATED appears to be unchanged and correct.

packages/lib/types/document-audit-logs.ts (4)

• 31-32: Added new constants for document audit log types related to global authentication access and action updates.

These new constants are essential for supporting the newly introduced global authentication settings for documents.

• 58-64: Extended schemas for recipient diffs to include access authentication and action authentication.

Extending these schemas is necessary to support the new authentication features at the recipient level, allowing for more granular control.

• 258-272: Updated event schemas for global authentication access and action updates.

These updates to the event schemas are crucial for accurately representing changes to global authentication settings in the audit logs.

• 289-291: Modified event schemas for document opened and recipient completed to include optional access authentication and action authentication fields.

Including these optional fields in the event schemas allows for tracking authentication requirements for document access and recipient actions, enhancing security and audit capabilities.

Also applies to: 299-301

packages/prisma/schema.prisma (1)

• 229-229: Added a new field authOptions of type Json to both the Document and Recipient models.

The addition of the authOptions field is crucial for supporting the new document and recipient-specific authentication settings, allowing for flexible and granular authentication configurations.

Also applies to: 327-327

packages/ui/primitives/document-flow/add-settings.tsx (4)

• 1-1: Using 'use client'; at the top of the file is a good practice for Next.js files that are intended to run only on the client side. This ensures that the file's code will not be accidentally executed in a server context, which is especially important for code that interacts with browser-specific APIs or relies on the presence of the window or document objects.
• 63-65: The use of extractDocumentAuthMethods function to extract document authentication options is a clean approach to handling potentially complex logic outside of the component. This helps in keeping the component code more readable and maintainable. However, ensure that extractDocumentAuthMethods properly handles all expected input cases, including null or undefined document.authOptions, to prevent runtime errors.
• 67-78: The use of useForm from react-hook-form with zodResolver for form validation is a robust choice for managing form state and validation. The defaultValues are correctly set from the document prop, ensuring that the form is initialized with the current document settings. This approach enhances the user experience by pre-populating the form with existing values, making it easier for users to see and modify the current settings.
• 89-93: The useEffect hook is used to set the timezone to the user's local timezone if it hasn't been touched and the document hasn't been sent. This is a thoughtful detail that improves user experience by defaulting to a sensible value while allowing for manual override. However, consider adding a comment explaining why documentHasBeenSent is checked, as it might not be immediately clear to other developers why the timezone should not be updated after the document has been sent.

packages/ui/primitives/document-flow/add-signers.tsx (2)

• 3-3: The addition of useMemo and useState from React aligns with the introduction of new stateful logic and memoization in the component. This is a good practice for optimizing performance and managing component state effectively.
• 170-359: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [177-410]

The form structure and handling of advanced settings are well-organized and modular, making the code easy to read and maintain. The use of conditional rendering based on showAdvancedSettings to display advanced authentication options is a good practice. However, consider abstracting the repetitive logic for form fields into a separate component or function to reduce the complexity and improve modularity.

[dguyen]

Note

Since we're bringing the advanced tab from the Add subject document step to the first step, I've removed the restriction where we display the date dropdown only when a date field is configured, because it's early in the step.

[dguyen]

Should be fine to load the ENV into playwright right?

[Mythie]

Yeah it should be

[Mythie]

Although it should already have the env for the most part 🤔

[dguyen]

Oh, seems like it was commented out 6 months ago

https://github.com/documenso/documenso/blob/main/packages/app-tests/playwright.config.ts#L7

I'll reinstate it

[github-actions]

Thank you for following the naming conventions for pull request titles! 💚🚀

[Mythie]

full trust