chore: add tests for cert and audit log download via api (#3043 )

2026-06-28 07:10:48 +10:00 · 2026-06-27 19:54:14 +10:00
6 changed files with 288 additions and 172 deletions
@@ -1,118 +0,0 @@
-import { Alert, AlertDescription } from '@documenso/ui/primitives/alert';
-import { Button } from '@documenso/ui/primitives/button';
-import {
-  Dialog,
-  DialogClose,
-  DialogContent,
-  DialogDescription,
-  DialogFooter,
-  DialogHeader,
-  DialogTitle,
-  DialogTrigger,
-} from '@documenso/ui/primitives/dialog';
-import { Trans } from '@lingui/react/macro';
-import { useState } from 'react';
-
-export type BrandingPreferencesResetDialogProps = {
-  disabled?: boolean;
-  hasAdvancedBranding: boolean;
-  isSubmitting: boolean;
-  onReset: () => Promise<void>;
-  trigger?: React.ReactNode;
-};
-
-export const BrandingPreferencesResetDialog = ({
-  disabled = false,
-  hasAdvancedBranding,
-  isSubmitting,
-  onReset,
-  trigger,
-}: BrandingPreferencesResetDialogProps) => {
-  const [open, setOpen] = useState(false);
-  const [isResetting, setIsResetting] = useState(false);
-
-  const isLoading = isSubmitting || isResetting;
-
-  const handleResetToDefaults = async () => {
-    setIsResetting(true);
-
-    try {
-      await onReset();
-      setOpen(false);
-    } finally {
-      setIsResetting(false);
-    }
-  };
-
-  return (
-    <Dialog open={open} onOpenChange={(value) => !isLoading && !disabled && setOpen(value)}>
-      <DialogTrigger asChild>
-        {trigger ?? (
-          <Button variant="destructive" type="button" disabled={disabled || isLoading}>
-            <Trans>Reset</Trans>
-          </Button>
-        )}
-      </DialogTrigger>
-
-      <DialogContent>
-        <DialogHeader>
-          <DialogTitle>
-            <Trans>Reset branding preferences</Trans>
-          </DialogTitle>
-
-          <DialogDescription>
-            <Trans>
-              This will reset all branding preferences to their default values and save the changes immediately.
-            </Trans>
-          </DialogDescription>
-        </DialogHeader>
-
-        <Alert variant="warning">
-          <AlertDescription>
-            <p>
-              <Trans>Once confirmed, the following will be reset:</Trans>
-            </p>
-
-            <ul className="mt-0.5 list-inside list-disc">
-              <li>
-                <Trans>Custom branding enabled setting</Trans>
-              </li>
-              <li>
-                <Trans>Branding logo</Trans>
-              </li>
-              <li>
-                <Trans>Brand website and brand details</Trans>
-              </li>
-              <li>
-                <Trans>Brand colours, including background, foreground, primary, and border colours</Trans>
-              </li>
-
-              {hasAdvancedBranding && (
-                <>
-                  <li>
-                    <Trans>Border radius</Trans>
-                  </li>
-                  <li>
-                    <Trans>Custom CSS</Trans>
-                  </li>
-                </>
-              )}
-            </ul>
-          </AlertDescription>
-        </Alert>
-
-        <DialogFooter>
-          <DialogClose asChild>
-            <Button type="button" variant="secondary" disabled={isLoading}>
-              <Trans>Cancel</Trans>
-            </Button>
-          </DialogClose>
-
-          <Button type="button" variant="destructive" loading={isLoading} onClick={() => void handleResetToDefaults()}>
-            <Trans>Reset to defaults</Trans>
-          </Button>
-        </DialogFooter>
-      </DialogContent>
-    </Dialog>
-  );
-};
@@ -2,7 +2,6 @@ import { useCurrentOrganisation } from '@documenso/lib/client-only/providers/org
 import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
 import { DEFAULT_BRAND_COLORS, DEFAULT_BRAND_RADIUS } from '@documenso/lib/constants/theme';
 import { ZCssVarsSchema } from '@documenso/lib/types/css-vars';
-import { normalizeBrandingColors } from '@documenso/lib/utils/normalize-branding-colors';
 import { cn } from '@documenso/ui/lib/utils';
 import { Accordion, AccordionContent, AccordionItem, AccordionTrigger } from '@documenso/ui/primitives/accordion';
 import { Button } from '@documenso/ui/primitives/button';
@@ -19,7 +18,6 @@ import { useEffect, useState } from 'react';
 import { useForm } from 'react-hook-form';
 import { z } from 'zod';

-import { BrandingPreferencesResetDialog } from '~/components/dialogs/branding-preferences-reset-dialog';
 import { useOptionalCurrentTeam } from '~/providers/team';
 import { useCspNonce } from '~/utils/nonce';

@@ -69,7 +67,6 @@ export function BrandingPreferencesForm({

  const [previewUrl, setPreviewUrl] = useState<string>('');
  const [hasLoadedPreview, setHasLoadedPreview] = useState(false);
-  const [colorPickerKey, setColorPickerKey] = useState(0);

  const parsedColors = ZCssVarsSchema.safeParse(settings.brandingColors);
  const initialColors = parsedColors.success ? parsedColors.data : {};
@@ -88,41 +85,6 @@ export function BrandingPreferencesForm({

  const isBrandingEnabled = form.watch('brandingEnabled');

-  const hasResetBrandingColors =
-    settings.brandingColors === null ||
-    settings.brandingColors === undefined ||
-    (parsedColors.success && normalizeBrandingColors(parsedColors.data) === null);
-
-  const isResetDisabled =
-    !form.formState.isDirty &&
-    settings.brandingEnabled === (canInherit ? null : false) &&
-    !settings.brandingLogo &&
-    !settings.brandingUrl &&
-    !settings.brandingCompanyDetails &&
-    !settings.brandingCss &&
-    hasResetBrandingColors;
-
-  const handleResetToDefaults = async () => {
-    const data: TBrandingPreferencesFormSchema = {
-      brandingEnabled: canInherit ? null : false,
-      brandingLogo: null,
-      brandingUrl: '',
-      brandingCompanyDetails: '',
-      brandingColors: {},
-      brandingCss: '',
-    };
-
-    await onFormSubmit(data);
-
-    if (previewUrl.startsWith('blob:')) {
-      URL.revokeObjectURL(previewUrl);
-    }
-
-    setPreviewUrl('');
-    setColorPickerKey((key) => key + 1);
-    form.reset(data);
-  };
-
  useEffect(() => {
    if (settings.brandingLogo) {
      const file = JSON.parse(settings.brandingLogo);
@@ -384,7 +346,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`background-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.background}
@@ -408,7 +369,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`foreground-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.foreground}
@@ -432,7 +392,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`primary-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.primary}
@@ -456,7 +415,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`primary-foreground-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.primaryForeground}
@@ -480,7 +438,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`border-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.border}
@@ -504,7 +461,6 @@ export function BrandingPreferencesForm({
                        </FormDescription>
                        <FormControl>
                          <ColorPicker
-                            key={`ring-${colorPickerKey}`}
                            nonce={nonce}
                            value={field.value ?? ''}
                            defaultValue={DEFAULT_BRAND_COLORS.ring}
@@ -586,12 +542,6 @@ export function BrandingPreferencesForm({
            <Button type="submit" loading={form.formState.isSubmitting}>
              <Trans>Update</Trans>
            </Button>
-            <BrandingPreferencesResetDialog
-              disabled={isResetDisabled}
-              hasAdvancedBranding={hasAdvancedBranding}
-              isSubmitting={form.formState.isSubmitting}
-              onReset={handleResetToDefaults}
-            />
          </div>
        </fieldset>
      </form>
@@ -146,7 +146,7 @@ export const downloadRoute = new Hono<HonoEnv>()
   * Requires API key authentication via Authorization header.
   */
  .get(
-    '/envelope/:envelopeId/audit-log/pdf',
+    '/envelope/:envelopeId/audit-log/download',
    sValidator('param', ZDownloadEnvelopeAuditLogPdfRequestParamsSchema),
    async (c) => {
      const logger = c.get('logger');
@@ -220,7 +220,7 @@ export const downloadRoute = new Hono<HonoEnv>()
   * Requires API key authentication via Authorization header.
   */
  .get(
-    '/envelope/:envelopeId/certificate/pdf',
+    '/envelope/:envelopeId/certificate/download',
    sValidator('param', ZDownloadEnvelopeCertificatePdfRequestParamsSchema),
    async (c) => {
      const logger = c.get('logger');
@@ -0,0 +1,284 @@
+import { NEXT_PUBLIC_WEBAPP_URL } from '@documenso/lib/constants/app';
+import { hashString } from '@documenso/lib/server-only/auth/hash';
+import { createApiToken } from '@documenso/lib/server-only/public-api/create-api-token';
+import { alphaid } from '@documenso/lib/universal/id';
+import { prisma } from '@documenso/prisma';
+import { DocumentVisibility, TeamMemberRole } from '@documenso/prisma/client';
+import { seedCompletedDocument } from '@documenso/prisma/seed/documents';
+import { seedTeam, seedTeamMember } from '@documenso/prisma/seed/teams';
+import { seedUser } from '@documenso/prisma/seed/users';
+import { type APIRequestContext, expect, test } from '@playwright/test';
+import type { Team, User } from '@prisma/client';
+
+const WEBAPP_BASE_URL = NEXT_PUBLIC_WEBAPP_URL();
+const API_BASE_URL = `${WEBAPP_BASE_URL}/api/v2-beta`;
+
+/**
+ * Create an API token directly, bypassing the role check in `createApiToken`.
+ *
+ * This simulates a token that was minted while the user had permission, and which
+ * survives a later downgrade to a lower team role (e.g. MEMBER). Such a token must
+ * still respect document visibility at request time.
+ */
+const seedApiTokenForUser = async ({
+  userId,
+  teamId,
+  tokenName,
+}: {
+  userId: number;
+  teamId: number;
+  tokenName: string;
+}) => {
+  const token = `api_${alphaid(16)}`;
+
+  await prisma.apiToken.create({
+    data: {
+      name: tokenName,
+      token: hashString(token),
+      expires: null,
+      userId,
+      teamId,
+    },
+  });
+
+  return { token };
+};
+
+test.describe.configure({
+  mode: 'parallel',
+});
+
+const downloadAuditLogPdf = (request: APIRequestContext, envelopeId: string, authToken?: string) => {
+  return request.get(`${API_BASE_URL}/envelope/${envelopeId}/audit-log/download`, {
+    headers: authToken ? { Authorization: `Bearer ${authToken}` } : {},
+  });
+};
+
+const downloadCertificatePdf = (request: APIRequestContext, envelopeId: string, authToken?: string) => {
+  return request.get(`${API_BASE_URL}/envelope/${envelopeId}/certificate/download`, {
+    headers: authToken ? { Authorization: `Bearer ${authToken}` } : {},
+  });
+};
+
+test.describe('Envelope certificate / audit log PDF download API V2 - access control', () => {
+  let userA: User, teamA: Team, userB: User, teamB: Team, tokenA: string, tokenB: string;
+
+  test.beforeEach(async () => {
+    ({ user: userA, team: teamA } = await seedUser());
+    ({ token: tokenA } = await createApiToken({
+      userId: userA.id,
+      teamId: teamA.id,
+      tokenName: 'userA',
+      expiresIn: null,
+    }));
+
+    ({ user: userB, team: teamB } = await seedUser());
+    ({ token: tokenB } = await createApiToken({
+      userId: userB.id,
+      teamId: teamB.id,
+      tokenName: 'userB',
+      expiresIn: null,
+    }));
+  });
+
+  test('should reject audit log download without an API token', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    const res = await downloadAuditLogPdf(request, document.id);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('should reject certificate download without an API token', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    const res = await downloadCertificatePdf(request, document.id);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('should reject audit log download from a user in a different team', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    const res = await downloadAuditLogPdf(request, document.id, tokenB);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should reject certificate download from a user in a different team', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    const res = await downloadCertificatePdf(request, document.id, tokenB);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should reject a disabled user downloading the audit log', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    await prisma.user.update({
+      where: { id: userA.id },
+      data: { disabled: true },
+    });
+
+    const res = await downloadAuditLogPdf(request, document.id, tokenA);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('should reject a disabled user downloading the certificate', async ({ request }) => {
+    const document = await seedCompletedDocument(userA, teamA.id, ['recipient@test.documenso.com']);
+
+    await prisma.user.update({
+      where: { id: userA.id },
+      data: { disabled: true },
+    });
+
+    const res = await downloadCertificatePdf(request, document.id, tokenA);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(401);
+  });
+
+  test('should return 404 for a non-existent envelope id', async ({ request }) => {
+    const auditLogRes = await downloadAuditLogPdf(request, 'envelope_doesnotexist', tokenA);
+    expect(auditLogRes.status()).toBe(404);
+
+    const certificateRes = await downloadCertificatePdf(request, 'envelope_doesnotexist', tokenA);
+    expect(certificateRes.status()).toBe(404);
+  });
+});
+
+test.describe('Envelope certificate / audit log PDF download API V2 - document visibility', () => {
+  test.describe.configure({
+    mode: 'parallel',
+  });
+
+  test('should hide an ADMIN-only document from a downgraded member (audit log)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const member = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+    const { token: memberToken } = await seedApiTokenForUser({
+      userId: member.id,
+      teamId: team.id,
+      tokenName: 'member-audit-log-token',
+    });
+
+    // ADMIN-visibility document owned by the team owner - a member must not see it.
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.ADMIN },
+    });
+
+    const res = await downloadAuditLogPdf(request, document.id, memberToken);
+
+    // Visibility failure surfaces as not-found, matching the canonical access checks.
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should hide an ADMIN-only document from a downgraded member (certificate)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const member = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+    const { token: memberToken } = await seedApiTokenForUser({
+      userId: member.id,
+      teamId: team.id,
+      tokenName: 'member-certificate-token',
+    });
+
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.ADMIN },
+    });
+
+    const res = await downloadCertificatePdf(request, document.id, memberToken);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should hide a MANAGER_AND_ABOVE document from a downgraded member (audit log)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const member = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+    const { token: memberToken } = await seedApiTokenForUser({
+      userId: member.id,
+      teamId: team.id,
+      tokenName: 'member-manager-vis-token',
+    });
+
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.MANAGER_AND_ABOVE },
+    });
+
+    const res = await downloadAuditLogPdf(request, document.id, memberToken);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should hide a MANAGER_AND_ABOVE document from a downgraded member (certificate)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const member = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+    const { token: memberToken } = await seedApiTokenForUser({
+      userId: member.id,
+      teamId: team.id,
+      tokenName: 'member-manager-vis-cert-token',
+    });
+
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.MANAGER_AND_ABOVE },
+    });
+
+    const res = await downloadCertificatePdf(request, document.id, memberToken);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should hide an ADMIN-only document from a downgraded manager (certificate)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const manager = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MANAGER });
+
+    const { token: managerToken } = await seedApiTokenForUser({
+      userId: manager.id,
+      teamId: team.id,
+      tokenName: 'manager-admin-vis-cert-token',
+    });
+
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.ADMIN },
+    });
+
+    const res = await downloadCertificatePdf(request, document.id, managerToken);
+
+    expect(res.ok()).toBeFalsy();
+    expect(res.status()).toBe(404);
+  });
+
+  test('should allow a member to download an EVERYONE-visibility document (audit log)', async ({ request }) => {
+    const { team, owner } = await seedTeam();
+    const member = await seedTeamMember({ teamId: team.id, role: TeamMemberRole.MEMBER });
+
+    const { token: memberToken } = await seedApiTokenForUser({
+      userId: member.id,
+      teamId: team.id,
+      tokenName: 'member-everyone-vis-token',
+    });
+
+    const document = await seedCompletedDocument(owner, team.id, ['recipient@test.documenso.com'], {
+      createDocumentOptions: { visibility: DocumentVisibility.EVERYONE },
+    });
+
+    const res = await downloadAuditLogPdf(request, document.id, memberToken);
+
+    expect(res.ok()).toBeTruthy();
+    expect(res.status()).toBe(200);
+    expect(res.headers()['content-type']).toContain('application/pdf');
+  });
+});
@@ -5,7 +5,7 @@ import type { TrpcRouteMeta } from '../trpc';
 export const downloadEnvelopeAuditLogPdfMeta: TrpcRouteMeta = {
  openapi: {
    method: 'GET',
-    path: '/envelope/{envelopeId}/audit-log/pdf',
+    path: '/envelope/{envelopeId}/audit-log/download',
    summary: 'Download envelope audit log PDF',
    description: 'Download the audit log for a document as a PDF.',
    tags: ['Envelope'],
@@ -5,7 +5,7 @@ import type { TrpcRouteMeta } from '../trpc';
 export const downloadEnvelopeCertificatePdfMeta: TrpcRouteMeta = {
  openapi: {
    method: 'GET',
-    path: '/envelope/{envelopeId}/certificate/pdf',
+    path: '/envelope/{envelopeId}/certificate/download',
    summary: 'Download envelope certificate PDF',
    description: 'Download the signing certificate for a completed document as a PDF.',
    tags: ['Envelope'],