From c0fb5caf9cb44dbee589f34a4501183d63edee8b Mon Sep 17 00:00:00 2001 From: David Nguyen Date: Tue, 26 Mar 2024 18:33:20 +0800 Subject: [PATCH] fix: update reauth constraints and tests --- .../[token]/document-action-auth-dialog.tsx | 17 ++-- .../sign/[token]/document-auth-provider.tsx | 4 +- .../src/app/(signing)/sign/[token]/form.tsx | 13 +-- .../app/(signing)/sign/[token]/name-field.tsx | 3 +- .../(signing)/sign/[token]/sign-dialog.tsx | 25 +++--- .../sign/[token]/signature-field.tsx | 3 +- .../sign/[token]/signing-field-container.tsx | 15 ++++ .../app/(signing)/sign/[token]/text-field.tsx | 3 +- .../e2e/document-auth/action-auth.spec.ts | 15 +++- .../e2e/pr-718-add-stepper-component.spec.ts | 85 ++++++++++--------- .../document/complete-document-with-token.ts | 37 ++++---- .../field/sign-field-with-token.ts | 26 ++++-- .../seed/pr-718-add-stepper-component.ts | 29 ------- 13 files changed, 141 insertions(+), 134 deletions(-) delete mode 100644 packages/prisma/seed/pr-718-add-stepper-component.ts diff --git a/apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx b/apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx index a904eb062..7ab92f75c 100644 --- a/apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/document-action-auth-dialog.tsx @@ -9,12 +9,12 @@ import { DateTime } from 'luxon'; import { signOut } from 'next-auth/react'; import { match } from 'ts-pattern'; -import { RECIPIENT_ROLES_DESCRIPTION } from '@documenso/lib/constants/recipient-roles'; import { DocumentAuth, type TRecipientActionAuth, type TRecipientActionAuthTypes, } from '@documenso/lib/types/document-auth'; +import type { FieldType } from '@documenso/prisma/client'; import { trpc } from '@documenso/trpc/react'; import { Alert, AlertDescription } from '@documenso/ui/primitives/alert'; import { Button } from '@documenso/ui/primitives/button'; @@ -33,7 +33,7 @@ export type DocumentActionAuthDialogProps = { title?: string; documentAuthType: TRecipientActionAuthTypes; description?: string; - actionTarget?: 'FIELD' | 'DOCUMENT'; + actionTarget: FieldType | 'DOCUMENT'; isSubmitting?: boolean; open: boolean; onOpenChange: (value: boolean) => void; @@ -53,7 +53,6 @@ export const DocumentActionAuthDialog = ({ title, description, documentAuthType, - actionTarget = 'FIELD', // onReauthFormSubmit, isSubmitting, open, @@ -135,19 +134,14 @@ export const DocumentActionAuthDialog = ({ // setFormErrorCode(null); // }, [open, form]); - const defaultRecipientActionVerb = RECIPIENT_ROLES_DESCRIPTION[recipient.role].actionVerb; - return ( - - {title || `${defaultRecipientActionVerb} ${actionTarget.toLowerCase()}`} - + {title || 'Sign field'} - {description || - `Reauthentication is required to ${defaultRecipientActionVerb.toLowerCase()} the ${actionTarget.toLowerCase()}`} + {description || `Reauthentication is required to sign the field`} @@ -156,8 +150,7 @@ export const DocumentActionAuthDialog = ({
- To {defaultRecipientActionVerb.toLowerCase()} this {actionTarget.toLowerCase()}, - you need to be logged in as {recipient.email} + To sign this field, you need to be logged in as {recipient.email} diff --git a/apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx b/apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx index 1e09ac594..c216f3905 100644 --- a/apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/document-auth-provider.tsx @@ -13,7 +13,7 @@ import type { } from '@documenso/lib/types/document-auth'; import { DocumentAuth } from '@documenso/lib/types/document-auth'; import { extractDocumentAuthMethods } from '@documenso/lib/utils/document-auth'; -import type { Document, Recipient, User } from '@documenso/prisma/client'; +import { type Document, FieldType, type Recipient, type User } from '@documenso/prisma/client'; import type { DocumentActionAuthDialogProps } from './document-action-auth-dialog'; import { DocumentActionAuthDialog } from './document-action-auth-dialog'; @@ -106,7 +106,7 @@ export const DocumentAuthProvider = ({ const executeActionAuthProcedure = async (options: ExecuteActionAuthProcedureOptions) => { // Directly run callback if no auth required. - if (!derivedRecipientActionAuth) { + if (!derivedRecipientActionAuth || options.actionTarget !== FieldType.SIGNATURE) { await options.onReauthFormSubmit(); return; } diff --git a/apps/web/src/app/(signing)/sign/[token]/form.tsx b/apps/web/src/app/(signing)/sign/[token]/form.tsx index e0c477754..2b9b9d294 100644 --- a/apps/web/src/app/(signing)/sign/[token]/form.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/form.tsx @@ -20,7 +20,6 @@ import { Input } from '@documenso/ui/primitives/input'; import { Label } from '@documenso/ui/primitives/label'; import { SignaturePad } from '@documenso/ui/primitives/signature-pad'; -import { useRequiredDocumentAuthContext } from './document-auth-provider'; import { useRequiredSigningContext } from './provider'; import { SignDialog } from './sign-dialog'; @@ -37,7 +36,6 @@ export const SigningForm = ({ document, recipient, fields, redirectUrl }: Signin const { data: session } = useSession(); const { fullName, signature, setFullName, setSignature } = useRequiredSigningContext(); - const { executeActionAuthProcedure } = useRequiredDocumentAuthContext(); const [validateUninsertedFields, setValidateUninsertedFields] = useState(false); @@ -67,10 +65,13 @@ export const SigningForm = ({ document, recipient, fields, redirectUrl }: Signin return; } - await executeActionAuthProcedure({ - onReauthFormSubmit: completeDocument, - actionTarget: 'DOCUMENT', - }); + await completeDocument(); + + // Reauth is currently not required for completing the document. + // await executeActionAuthProcedure({ + // onReauthFormSubmit: completeDocument, + // actionTarget: 'DOCUMENT', + // }); }; const completeDocument = async (authOptions?: TRecipientActionAuth) => { diff --git a/apps/web/src/app/(signing)/sign/[token]/name-field.tsx b/apps/web/src/app/(signing)/sign/[token]/name-field.tsx index 554460acb..9d7fa16e4 100644 --- a/apps/web/src/app/(signing)/sign/[token]/name-field.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/name-field.tsx @@ -8,7 +8,7 @@ import { Loader } from 'lucide-react'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth'; -import type { Recipient } from '@documenso/prisma/client'; +import { type Recipient } from '@documenso/prisma/client'; import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature'; import { trpc } from '@documenso/trpc/react'; import { Button } from '@documenso/ui/primitives/button'; @@ -69,6 +69,7 @@ export const NameField = ({ field, recipient }: NameFieldProps) => { void executeActionAuthProcedure({ onReauthFormSubmit: async (authOptions) => await onSign(authOptions, localFullName), + actionTarget: field.type, }); }; diff --git a/apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx b/apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx index cb1f5b52c..9b2877033 100644 --- a/apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/sign-dialog.tsx @@ -12,8 +12,6 @@ import { import { truncateTitle } from '~/helpers/truncate-title'; -import { useRequiredDocumentAuthContext } from './document-auth-provider'; - export type SignDialogProps = { isSubmitting: boolean; document: Document; @@ -31,27 +29,26 @@ export const SignDialog = ({ onSignatureComplete, role, }: SignDialogProps) => { - const { executeActionAuthProcedure, isAuthRedirectRequired } = useRequiredDocumentAuthContext(); - const [showDialog, setShowDialog] = useState(false); const truncatedTitle = truncateTitle(document.title); const isComplete = fields.every((field) => field.inserted); - const handleOpenChange = async (open: boolean) => { + const handleOpenChange = (open: boolean) => { if (isSubmitting || !isComplete) { return; } - if (isAuthRedirectRequired) { - await executeActionAuthProcedure({ - actionTarget: 'DOCUMENT', - onReauthFormSubmit: () => { - // Do nothing since the user should be redirected. - }, - }); + // Reauth is currently not required for signing the document. + // if (isAuthRedirectRequired) { + // await executeActionAuthProcedure({ + // actionTarget: 'DOCUMENT', + // onReauthFormSubmit: () => { + // // Do nothing since the user should be redirected. + // }, + // }); - return; - } + // return; + // } setShowDialog(open); }; diff --git a/apps/web/src/app/(signing)/sign/[token]/signature-field.tsx b/apps/web/src/app/(signing)/sign/[token]/signature-field.tsx index 487fde058..f92d1e209 100644 --- a/apps/web/src/app/(signing)/sign/[token]/signature-field.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/signature-field.tsx @@ -8,7 +8,7 @@ import { Loader } from 'lucide-react'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth'; -import type { Recipient } from '@documenso/prisma/client'; +import { type Recipient } from '@documenso/prisma/client'; import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature'; import { trpc } from '@documenso/trpc/react'; import { Button } from '@documenso/ui/primitives/button'; @@ -89,6 +89,7 @@ export const SignatureField = ({ field, recipient }: SignatureFieldProps) => { void executeActionAuthProcedure({ onReauthFormSubmit: async (authOptions) => await onSign(authOptions, localSignature), + actionTarget: field.type, }); }; diff --git a/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx b/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx index f5e598dab..825a15d0f 100644 --- a/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/signing-field-container.tsx @@ -3,6 +3,7 @@ import React from 'react'; import { type TRecipientActionAuth } from '@documenso/lib/types/document-auth'; +import { FieldType } from '@documenso/prisma/client'; import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature'; import { FieldRootContainer } from '@documenso/ui/components/field/field'; import { Tooltip, TooltipContent, TooltipTrigger } from '@documenso/ui/primitives/tooltip'; @@ -55,11 +56,24 @@ export const SigningFieldContainer = ({ return; } + // Bypass reauth for non signature fields. + if (field.type !== FieldType.SIGNATURE) { + const presignResult = await onPreSign?.(); + + if (presignResult === false) { + return; + } + + await onSign(); + return; + } + if (isAuthRedirectRequired) { await executeActionAuthProcedure({ onReauthFormSubmit: () => { // Do nothing since the user should be redirected. }, + actionTarget: field.type, }); return; @@ -76,6 +90,7 @@ export const SigningFieldContainer = ({ await executeActionAuthProcedure({ onReauthFormSubmit: onSign, + actionTarget: field.type, }); }; diff --git a/apps/web/src/app/(signing)/sign/[token]/text-field.tsx b/apps/web/src/app/(signing)/sign/[token]/text-field.tsx index 5d27f3909..68ce3254c 100644 --- a/apps/web/src/app/(signing)/sign/[token]/text-field.tsx +++ b/apps/web/src/app/(signing)/sign/[token]/text-field.tsx @@ -8,7 +8,7 @@ import { Loader } from 'lucide-react'; import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error'; import type { TRecipientActionAuth } from '@documenso/lib/types/document-auth'; -import type { Recipient } from '@documenso/prisma/client'; +import { type Recipient } from '@documenso/prisma/client'; import type { FieldWithSignature } from '@documenso/prisma/types/field-with-signature'; import { trpc } from '@documenso/trpc/react'; import { Button } from '@documenso/ui/primitives/button'; @@ -61,6 +61,7 @@ export const TextField = ({ field, recipient }: TextFieldProps) => { void executeActionAuthProcedure({ onReauthFormSubmit: async (authOptions) => await onSign(authOptions), + actionTarget: field.type, }); }; diff --git a/packages/app-tests/e2e/document-auth/action-auth.spec.ts b/packages/app-tests/e2e/document-auth/action-auth.spec.ts index f0d3cee95..88ed1ac1d 100644 --- a/packages/app-tests/e2e/document-auth/action-auth.spec.ts +++ b/packages/app-tests/e2e/document-auth/action-auth.spec.ts @@ -124,7 +124,8 @@ test('[DOCUMENT_AUTH]: should allow signing with valid global auth', async ({ pa await unseedUser(recipientWithAccount.id); }); -test('[DOCUMENT_AUTH]: should deny signing document when required for global auth', async ({ +// Currently document auth for signing/approving/viewing is not required. +test.skip('[DOCUMENT_AUTH]: should deny signing document when required for global auth', async ({ page, }) => { const user = await seedUser(); @@ -184,6 +185,10 @@ test('[DOCUMENT_AUTH]: should deny signing fields when required for global auth' await expect(page.getByRole('heading', { name: 'Sign Document' })).toBeVisible(); for (const field of Field) { + if (field.type !== FieldType.SIGNATURE) { + continue; + } + await page.locator(`#field-${field.id}`).getByRole('button').click(); await expect(page.getByRole('paragraph')).toContainText( 'Reauthentication is required to sign the field', @@ -249,6 +254,10 @@ test('[DOCUMENT_AUTH]: should allow field signing when required for recipient au if (isAuthRequired) { for (const field of Field) { + if (field.type !== FieldType.SIGNATURE) { + continue; + } + await page.locator(`#field-${field.id}`).getByRole('button').click(); await expect(page.getByRole('paragraph')).toContainText( 'Reauthentication is required to sign the field', @@ -356,6 +365,10 @@ test('[DOCUMENT_AUTH]: should allow field signing when required for recipient an if (isAuthRequired) { for (const field of Field) { + if (field.type !== FieldType.SIGNATURE) { + continue; + } + await page.locator(`#field-${field.id}`).getByRole('button').click(); await expect(page.getByRole('paragraph')).toContainText( 'Reauthentication is required to sign the field', diff --git a/packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts b/packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts index 91203d32c..70b0cfe72 100644 --- a/packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts +++ b/packages/app-tests/e2e/pr-718-add-stepper-component.spec.ts @@ -4,17 +4,21 @@ import path from 'node:path'; import { getDocumentByToken } from '@documenso/lib/server-only/document/get-document-by-token'; import { getRecipientByEmail } from '@documenso/lib/server-only/recipient/get-recipient-by-email'; import { DocumentStatus } from '@documenso/prisma/client'; -import { TEST_USER } from '@documenso/prisma/seed/pr-718-add-stepper-component'; +import { seedUser } from '@documenso/prisma/seed/users'; + +import { apiSignin } from './fixtures/authentication'; test(`[PR-718]: should be able to create a document`, async ({ page }) => { await page.goto('/signin'); const documentTitle = `example-${Date.now()}.pdf`; - // Sign in - await page.getByLabel('Email').fill(TEST_USER.email); - await page.getByLabel('Password', { exact: true }).fill(TEST_USER.password); - await page.getByRole('button', { name: 'Sign In' }).click(); + const user = await seedUser(); + + await apiSignin({ + page, + email: user.email, + }); // Upload document const [fileChooser] = await Promise.all([ @@ -82,10 +86,12 @@ test('should be able to create a document with multiple recipients', async ({ pa const documentTitle = `example-${Date.now()}.pdf`; - // Sign in - await page.getByLabel('Email').fill(TEST_USER.email); - await page.getByLabel('Password', { exact: true }).fill(TEST_USER.password); - await page.getByRole('button', { name: 'Sign In' }).click(); + const user = await seedUser(); + + await apiSignin({ + page, + email: user.email, + }); // Upload document const [fileChooser] = await Promise.all([ @@ -103,7 +109,7 @@ test('should be able to create a document with multiple recipients', async ({ pa await page.waitForURL(/\/documents\/\d+/); // Set title - await expect(page.getByRole('heading', { name: 'Add Title' })).toBeVisible(); + await expect(page.getByRole('heading', { name: 'General' })).toBeVisible(); await page.getByLabel('Title').fill(documentTitle); @@ -112,13 +118,12 @@ test('should be able to create a document with multiple recipients', async ({ pa // Add signers await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible(); - await page.getByLabel('Email*').fill('user1@example.com'); - await page.getByLabel('Name').fill('User 1'); - + // Add 2 signers. + await page.getByPlaceholder('Email').fill('user1@example.com'); + await page.getByPlaceholder('Name').fill('User 1'); await page.getByRole('button', { name: 'Add Signer' }).click(); - - await page.getByLabel('Email*').nth(1).fill('user2@example.com'); - await page.getByLabel('Name').nth(1).fill('User 2'); + await page.getByRole('textbox', { name: 'Email', exact: true }).fill('user2@example.com'); + await page.getByRole('textbox', { name: 'Name', exact: true }).fill('User 2'); await page.getByRole('button', { name: 'Continue' }).click(); @@ -177,10 +182,12 @@ test('should be able to create, send and sign a document', async ({ page }) => { const documentTitle = `example-${Date.now()}.pdf`; - // Sign in - await page.getByLabel('Email').fill(TEST_USER.email); - await page.getByLabel('Password', { exact: true }).fill(TEST_USER.password); - await page.getByRole('button', { name: 'Sign In' }).click(); + const user = await seedUser(); + + await apiSignin({ + page, + email: user.email, + }); // Upload document const [fileChooser] = await Promise.all([ @@ -198,7 +205,7 @@ test('should be able to create, send and sign a document', async ({ page }) => { await page.waitForURL(/\/documents\/\d+/); // Set title - await expect(page.getByRole('heading', { name: 'Add Title' })).toBeVisible(); + await expect(page.getByRole('heading', { name: 'General' })).toBeVisible(); await page.getByLabel('Title').fill(documentTitle); @@ -207,8 +214,8 @@ test('should be able to create, send and sign a document', async ({ page }) => { // Add signers await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible(); - await page.getByLabel('Email*').fill('user1@example.com'); - await page.getByLabel('Name').fill('User 1'); + await page.getByPlaceholder('Email').fill('user1@example.com'); + await page.getByPlaceholder('Name').fill('User 1'); await page.getByRole('button', { name: 'Continue' }).click(); @@ -225,8 +232,9 @@ test('should be able to create, send and sign a document', async ({ page }) => { // Assert document was created await expect(page.getByRole('link', { name: documentTitle })).toBeVisible(); await page.getByRole('link', { name: documentTitle }).click(); + await page.waitForURL(/\/documents\/\d+/); - const url = await page.url().split('/'); + const url = page.url().split('/'); const documentId = url[url.length - 1]; const { token } = await getRecipientByEmail({ @@ -260,10 +268,12 @@ test('should be able to create, send with redirect url, sign a document and redi const documentTitle = `example-${Date.now()}.pdf`; - // Sign in - await page.getByLabel('Email').fill(TEST_USER.email); - await page.getByLabel('Password', { exact: true }).fill(TEST_USER.password); - await page.getByRole('button', { name: 'Sign In' }).click(); + const user = await seedUser(); + + await apiSignin({ + page, + email: user.email, + }); // Upload document const [fileChooser] = await Promise.all([ @@ -280,18 +290,19 @@ test('should be able to create, send with redirect url, sign a document and redi // Wait to be redirected to the edit page await page.waitForURL(/\/documents\/\d+/); - // Set title - await expect(page.getByRole('heading', { name: 'Add Title' })).toBeVisible(); - + // Set title & advanced redirect + await expect(page.getByRole('heading', { name: 'General' })).toBeVisible(); await page.getByLabel('Title').fill(documentTitle); + await page.getByRole('button', { name: 'Advanced Options' }).click(); + await page.getByLabel('Redirect URL').fill('https://documenso.com'); await page.getByRole('button', { name: 'Continue' }).click(); // Add signers await expect(page.getByRole('heading', { name: 'Add Signers' })).toBeVisible(); - await page.getByLabel('Email*').fill('user1@example.com'); - await page.getByLabel('Name').fill('User 1'); + await page.getByPlaceholder('Email').fill('user1@example.com'); + await page.getByPlaceholder('Name').fill('User 1'); await page.getByRole('button', { name: 'Continue' }).click(); @@ -299,11 +310,6 @@ test('should be able to create, send with redirect url, sign a document and redi await expect(page.getByRole('heading', { name: 'Add Fields' })).toBeVisible(); await page.getByRole('button', { name: 'Continue' }).click(); - // Add subject and send - await expect(page.getByRole('heading', { name: 'Add Subject' })).toBeVisible(); - await page.getByRole('button', { name: 'Advanced Options' }).click(); - await page.getByLabel('Redirect URL').fill('https://documenso.com'); - await page.getByRole('button', { name: 'Send' }).click(); await page.waitForURL('/documents'); @@ -311,8 +317,9 @@ test('should be able to create, send with redirect url, sign a document and redi // Assert document was created await expect(page.getByRole('link', { name: documentTitle })).toBeVisible(); await page.getByRole('link', { name: documentTitle }).click(); + await page.waitForURL(/\/documents\/\d+/); - const url = await page.url().split('/'); + const url = page.url().split('/'); const documentId = url[url.length - 1]; const { token } = await getRecipientByEmail({ diff --git a/packages/lib/server-only/document/complete-document-with-token.ts b/packages/lib/server-only/document/complete-document-with-token.ts index 36b74408b..8e3b56002 100644 --- a/packages/lib/server-only/document/complete-document-with-token.ts +++ b/packages/lib/server-only/document/complete-document-with-token.ts @@ -7,11 +7,8 @@ import { prisma } from '@documenso/prisma'; import { DocumentStatus, SigningStatus } from '@documenso/prisma/client'; import { WebhookTriggerEvents } from '@documenso/prisma/client'; -import { AppError, AppErrorCode } from '../../errors/app-error'; import type { TRecipientActionAuth } from '../../types/document-auth'; -import { extractDocumentAuthMethods } from '../../utils/document-auth'; import { triggerWebhook } from '../webhooks/trigger/trigger-webhook'; -import { isRecipientAuthorized } from './is-recipient-authorized'; import { sealDocument } from './seal-document'; import { sendPendingEmail } from './send-pending-email'; @@ -46,8 +43,6 @@ const getDocument = async ({ token, documentId }: CompleteDocumentWithTokenOptio export const completeDocumentWithToken = async ({ token, documentId, - userId, - authOptions, requestMetadata, }: CompleteDocumentWithTokenOptions) => { 'use server'; @@ -79,22 +74,24 @@ export const completeDocumentWithToken = async ({ throw new Error(`Recipient ${recipient.id} has unsigned fields`); } - const { derivedRecipientActionAuth } = extractDocumentAuthMethods({ - documentAuth: document.authOptions, - recipientAuth: recipient.authOptions, - }); + // Document reauth for completing documents is currently not required. - const isValid = await isRecipientAuthorized({ - type: 'ACTION', - document: document, - recipient: recipient, - userId, - authOptions, - }); + // const { derivedRecipientActionAuth } = extractDocumentAuthMethods({ + // documentAuth: document.authOptions, + // recipientAuth: recipient.authOptions, + // }); - if (!isValid) { - throw new AppError(AppErrorCode.UNAUTHORIZED, 'Invalid authentication values'); - } + // const isValid = await isRecipientAuthorized({ + // type: 'ACTION', + // document: document, + // recipient: recipient, + // userId, + // authOptions, + // }); + + // if (!isValid) { + // throw new AppError(AppErrorCode.UNAUTHORIZED, 'Invalid authentication values'); + // } await prisma.$transaction(async (tx) => { await tx.recipient.update({ @@ -121,7 +118,7 @@ export const completeDocumentWithToken = async ({ recipientName: recipient.name, recipientId: recipient.id, recipientRole: recipient.role, - actionAuth: derivedRecipientActionAuth || undefined, + // actionAuth: derivedRecipientActionAuth || undefined, }, }), }); diff --git a/packages/lib/server-only/field/sign-field-with-token.ts b/packages/lib/server-only/field/sign-field-with-token.ts index 198ea8752..b8a5ccf8f 100644 --- a/packages/lib/server-only/field/sign-field-with-token.ts +++ b/packages/lib/server-only/field/sign-field-with-token.ts @@ -79,18 +79,28 @@ export const signFieldWithToken = async ({ throw new Error(`Field ${fieldId} has no recipientId`); } - const { derivedRecipientActionAuth } = extractDocumentAuthMethods({ + let { derivedRecipientActionAuth } = extractDocumentAuthMethods({ documentAuth: document.authOptions, recipientAuth: recipient.authOptions, }); - const isValid = await isRecipientAuthorized({ - type: 'ACTION', - document: document, - recipient: recipient, - userId, - authOptions, - }); + // Override all non-signature fields to not require any auth. + if (field.type !== FieldType.SIGNATURE) { + derivedRecipientActionAuth = null; + } + + let isValid = true; + + // Only require auth on signature fields for now. + if (field.type === FieldType.SIGNATURE) { + isValid = await isRecipientAuthorized({ + type: 'ACTION', + document: document, + recipient: recipient, + userId, + authOptions, + }); + } if (!isValid) { throw new AppError(AppErrorCode.UNAUTHORIZED, 'Invalid authentication values'); diff --git a/packages/prisma/seed/pr-718-add-stepper-component.ts b/packages/prisma/seed/pr-718-add-stepper-component.ts deleted file mode 100644 index d436a97b1..000000000 --- a/packages/prisma/seed/pr-718-add-stepper-component.ts +++ /dev/null @@ -1,29 +0,0 @@ -import { hashSync } from '@documenso/lib/server-only/auth/hash'; - -import { prisma } from '..'; - -// -// https://github.com/documenso/documenso/pull/713 -// - -const PULL_REQUEST_NUMBER = 718; - -const EMAIL_DOMAIN = `pr-${PULL_REQUEST_NUMBER}.documenso.com`; - -export const TEST_USER = { - name: 'User 1', - email: `user1@${EMAIL_DOMAIN}`, - password: 'Password123', -} as const; - -export const seedDatabase = async () => { - await prisma.user.create({ - data: { - name: TEST_USER.name, - email: TEST_USER.email, - password: hashSync(TEST_USER.password), - emailVerified: new Date(), - url: TEST_USER.email, - }, - }); -};