feat: sign usign twofactor_gateway

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>

Author: vitormattos

img/logo-signal-app.svg

@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Collaboration\Collaborators;
+
+use OCA\Libresign\Db\IdentifyMethodMapper;
+use OCP\Collaboration\Collaborators\ISearchPlugin;
+use OCP\Collaboration\Collaborators\ISearchResult;
+use OCP\Collaboration\Collaborators\SearchResultType;
+use OCP\IUserSession;
+
+class SignerPlugin implements ISearchPlugin {
+	public const TYPE_SIGNER = 50; // IShare::TYPE_SIGNER = 50; It's a custom share type. Not defined in OCP\Share\IShare
+	public static string $method = '';
+
+	public function __construct(
+		protected IdentifyMethodMapper $identifyMethodMapper,
+		private IUserSession $userSession,
+	) {
+	}
+
+	public static function setMethod(string $method): void {
+		self::$method = $method;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
+		$user = $this->userSession->getUser()->getUID();
+
+		$limit + 1;
+		$identifiers = $this->identifyMethodMapper->searchByIdentifierValue(
+			$search,
+			$user,
+			self::$method,
+			$limit,
+			$offset,
+		);
+
+		$result = ['wide' => [], 'exact' => []];
+
+		$hasMore = false;
+		if (count($identifiers) > $limit) {
+			$hasMore = true;
+			array_pop($identifiers);
+		}
+
+		foreach ($identifiers as $row) {
+			$item = $this->rowToSearchResultItem($row);
+			if (strtolower($row['identifier_value']) === strtolower($search)
+				|| strtolower($row['display_name']) === strtolower($search)
+			) {
+				$result['exact'][] = $item;
+			} else {
+				$result['wide'][] = $item;
+			}
+		}
+
+		if (!count($identifiers) && !$this->canValidateMethod()) {
+			$result['exact'][] = [
+				'label' => $search,
+				'shareWithDisplayNameUnique' => $search,
+				'key' => self::$method,
+				'value' => [
+					'shareWith' => $search,
+					'shareType' => self::TYPE_SIGNER,
+				],
+			];
+		}
+
+		$type = new SearchResultType('signer');
+		$searchResult->addResultSet($type, $result['wide'], $result['exact']);
+
+		return $hasMore;
+	}
+
+	private function canValidateMethod(): bool {
+		return in_array(self::$method, ['Email', 'Account'], true);
+	}
+
+	private function rowToSearchResultItem(array $row): array {
+		$item = [
+			'label' => $row['display_name'],
+			'shareWithDisplayNameUnique' => $row['identifier_value'],
+			'key' => $row['identifier_key'],
+			'value' => [
+				'shareWith' => $row['identifier_value'],
+				'shareType' => self::TYPE_SIGNER,
+			]
+		];
+
+		return $item;
+	}
+}

lib/Collaboration/Collaborators/SignerPlugin.php

@@ -9,6 +9,7 @@
 namespace OCA\Libresign\Controller;
 
 use OCA\Libresign\AppInfo\Application;
+use OCA\Libresign\Collaboration\Collaborators\SignerPlugin;
 use OCA\Libresign\Middleware\Attribute\RequireManager;
 use OCA\Libresign\ResponseDefinitions;
 use OCA\Libresign\Service\IdentifyMethod\Account;
@@ -55,17 +56,17 @@ public function __construct(
 	#[NoAdminRequired]
 	#[RequireManager]
 	#[ApiRoute(verb: 'GET', url: '/api/{apiVersion}/identify-account/search', requirements: ['apiVersion' => '(v1)'])]
-	public function search(string $search = '', int $page = 1, int $limit = 25): DataResponse {
-		$shareTypes = $this->getShareTypes();
-		$lookup = false;
-
-		// only search for string larger than a given threshold
-		$threshold = 1;
-		if (strlen($search) < $threshold) {
+	public function search(string $search = '', string $method, int $page = 1, int $limit = 25): DataResponse {
+		// only search for string larger than a minimum length
+		if (strlen($search) < 1) {
 			return new DataResponse();
 		}
 
+		$shareTypes = $this->getShareTypes();
+		$lookup = false;
+
 		$offset = $limit * ($page - 1);
+		$this->registerPlugin($method);
 		[$result] = $this->collaboratorSearch->search($search, $shareTypes, $lookup, $limit, $offset);
 		$result['exact'] = $this->unifyResult($result['exact']);
 		$result = $this->unifyResult($result);
@@ -78,6 +79,19 @@ public function search(string $search = '', int $page = 1, int $limit = 25): Dat
 		return new DataResponse($return);
 	}
 
+	private function registerPlugin(string $method): void {
+		SignerPlugin::setMethod($method);
+
+		$refObject = new \ReflectionObject($this->collaboratorSearch);
+		$refProperty = $refObject->getProperty('pluginList');
+		$refProperty->setAccessible(true);
+
+		$plugins = $refProperty->getValue($this->collaboratorSearch);
+		$plugins[SignerPlugin::TYPE_SIGNER] = [SignerPlugin::class];
+
+		$refProperty->setValue($this->collaboratorSearch, $plugins);
+	}
+
 	private function getShareTypes(): array {
 		if (count($this->shareTypes) > 0) {
 			return $this->shareTypes;
@@ -90,6 +104,8 @@ private function getShareTypes(): array {
 		if ($settings['enabled']) {
 			$this->shareTypes[] = IShare::TYPE_USER;
 		}
+
+		$this->shareTypes[] = SignerPlugin::TYPE_SIGNER;
 		return $this->shareTypes;
 	}
 
@@ -109,21 +125,33 @@ private function unifyResult(array $list): array {
 	}
 
 	private function formatForNcSelect(array $list): array {
+		$return = [];
 		foreach ($list as $key => $item) {
-			$list[$key] = [
+			$return[$key] = [
 				'id' => $item['value']['shareWith'],
 				'isNoUser' => $item['value']['shareType'] !== IShare::TYPE_USER,
 				'displayName' => $item['label'],
 				'subname' => $item['shareWithDisplayNameUnique'] ?? '',
-				'shareType' => $item['value']['shareType'],
 			];
 			if ($item['value']['shareType'] === IShare::TYPE_EMAIL) {
-				$list[$key]['icon'] = 'icon-mail';
+				$return[$key]['method'] = 'email';
+				$return[$key]['icon'] = 'icon-mail';
 			} elseif ($item['value']['shareType'] === IShare::TYPE_USER) {
-				$list[$key]['icon'] = 'icon-user';
+				$return[$key]['method'] = 'accoung';
+				$return[$key]['icon'] = 'icon-user';
+			} elseif ($item['value']['shareType'] === SignerPlugin::TYPE_SIGNER) {
+				$return[$key]['method'] = $item['key'];
+				if ($item['key'] === 'email') {
+					$return[$key]['icon'] = 'icon-mail';
+				} elseif ($item['key'] === 'account') {
+					$return[$key]['icon'] = 'icon-user';
+				} else {
+					$return[$key]['iconSvg'] = 'svg' . ucfirst($item['key']);
+					$return[$key]['iconName'] = $item['key'];
+				}
 			}
 		}
-		return $list;
+		return $return;
 	}
 
 	private function addHerselfAccount(array $return, string $search): array {

lib/Controller/IdentifyAccountController.php

@@ -220,7 +220,7 @@ public function signRenew(string $method): DataResponse {
 	 *
 	 * @param string $uuid UUID of LibreSign file
 	 * @param 'account'|'email'|null $identifyMethod Identify signer method
-	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign
+	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign, twofactorGateway
 	 * @param string|null $identify Identify value, i.e. the signer email, account or phone number
 	 * @return DataResponse<Http::STATUS_OK, array{message: string}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{message: string}, array{}>
 	 *
@@ -246,7 +246,7 @@ public function getCodeUsingUuid(string $uuid, ?string $identifyMethod, ?string
 	 *
 	 * @param int $fileId Id of LibreSign file
 	 * @param 'account'|'email'|null $identifyMethod Identify signer method
-	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign
+	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign, twofactorGateway
 	 * @param string|null $identify Identify value, i.e. the signer email, account or phone number
 	 * @return DataResponse<Http::STATUS_OK, array{message: string}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{message: string}, array{}>
 	 *

lib/Controller/SignFileController.php

@@ -73,4 +73,61 @@ public function neutralizeDeletedUser(string $userId, string $displayName): void
 			$update->executeStatement();
 		}
 	}
+
+	public function searchByIdentifierValue(string $search, string $userId, string $method, int $limit = 20, int $offset = 0): array {
+		$qb = $this->db->getQueryBuilder();
+
+		$latestQb = $this->db->getQueryBuilder();
+		$latestQb->select('im2.identifier_key')
+			->addSelect('im2.identifier_value')
+			->addSelect($latestQb->func()->max('sr2.created_at', 'created_at'))
+			->from('libresign_identify_method', 'im2')
+			->join('im2', 'libresign_sign_request', 'sr2',
+				$latestQb->expr()->eq('sr2.id', 'im2.sign_request_id')
+			)
+			->join('im2', 'libresign_file', 'f2',
+				$latestQb->expr()->eq('f2.id', 'sr2.file_id')
+			)
+			->where($latestQb->expr()->eq('f2.user_id', $latestQb->createNamedParameter($userId)))
+			->andWhere($latestQb->expr()->eq('im2.identifier_key', $latestQb->createNamedParameter($method)))
+			->andWhere(
+				$latestQb->expr()->orX(
+					$latestQb->expr()->iLike(
+						'im2.identifier_value',
+						$latestQb->createNamedParameter('%' . $this->db->escapeLikeParameter($search) . '%')
+					),
+					$latestQb->expr()->iLike(
+						'sr2.display_name',
+						$latestQb->createNamedParameter('%' . $this->db->escapeLikeParameter($search) . '%')
+					)
+				)
+			)
+			->groupBy('im2.identifier_key')
+			->addGroupBy('im2.identifier_value');
+
+		foreach ($latestQb->getParameters() as $name => $value) {
+			$qb->setParameter($name, $value);
+		}
+
+		$qb->select('im.identifier_key', 'im.identifier_value', 'sr.display_name')
+			->from('libresign_identify_method', 'im')
+			->join('im', $qb->createFunction('(' . $latestQb->getSQL() . ')'), 'latest',
+				$qb->expr()->andX(
+					$qb->expr()->eq('latest.identifier_key', 'im.identifier_key'),
+					$qb->expr()->eq('latest.identifier_value', 'im.identifier_value')
+				)
+			)
+			->join('im', 'libresign_sign_request', 'sr',
+				$qb->expr()->eq('sr.id', 'im.sign_request_id'),
+			)
+			->setMaxResults($limit)
+			->setFirstResult($offset);
+
+		$cursor = $qb->executeQuery();
+		$return = [];
+		while ($row = $cursor->fetch()) {
+			$return[] = $row;
+		}
+		return $return;
+	}
 }

lib/Db/IdentifyMethodMapper.php

@@ -138,6 +138,14 @@
  *     blurredEmail: string,
  *     hashOfEmail: string,
  * }
+ * @psalm-type LibresignSignatureMethodTwofactorGatewayToken = array{
+ *     label: string,
+ *     identifyMethod: "twofactorGateway",
+ *     needCode: bool,
+ *     hasConfirmCode: bool,
+ *     blurredIdentifier: string,
+ *     hashOfIdentifier: string,
+ * }
  * @psalm-type LibresignSignatureMethodPassword = array{
  *     label: string,
  *     name: string,
@@ -146,6 +154,7 @@
  * @psalm-type LibresignSignatureMethods = array{
  *     clickToSign?: LibresignSignatureMethod,
  *     emailToken?: LibresignSignatureMethodEmailToken,
+ *     twofactorGatewayToken?: LibresignSignatureMethodTwofactorGatewayToken,
  *     password?: LibresignSignatureMethodPassword,
  * }
  * @psalm-type LibresignNotify = array{

lib/ResponseDefinitions.php

@@ -18,6 +18,7 @@
 use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Helper\JSActions;
 use OCA\Libresign\Service\IdentifyMethod\SignatureMethod\AbstractSignatureMethod;
+use OCA\Libresign\Service\IdentifyMethod\SignatureMethod\ISignatureMethod;
 use OCA\Libresign\Service\SessionService;
 use OCP\IUser;
 use Wobeto\EmailBlur\Blur;
@@ -34,7 +35,7 @@ abstract class AbstractIdentifyMethod implements IIdentifyMethod {
 	 * @var string[]
 	 */
 	public array $availableSignatureMethods = [];
-	protected string $defaultSignatureMethod = '';
+	protected string $defaultSignatureMethod = ISignatureMethod::SIGNATURE_METHOD_CLICK_TO_SIGN;
 	/**
 	 * @var AbstractSignatureMethod[]
 	 */
@@ -60,6 +61,10 @@ public function getFriendlyName(): string {
 		return $this->friendlyName;
 	}
 
+	public function setFriendlyName(string $friendlyName): void {
+		$this->friendlyName = $friendlyName;
+	}
+
 	public function setCodeSentByUser(string $code): void {
 		$this->codeSentByUser = $code;
 	}
@@ -79,14 +84,18 @@ public function getEntity(): IdentifyMethod {
 
 	public function signatureMethodsToArray(): array {
 		return array_map(fn (AbstractSignatureMethod $method) => [
-			'label' => $method->friendlyName,
+			'label' => $method->getFriendlyName(),
 			'name' => $method->getName(),
 			'enabled' => $method->isEnabled(),
 		], $this->signatureMethods);
 	}
 
+	public function getAvailableSignatureMethods(): array {
+		return $this->availableSignatureMethods;
+	}
+
 	public function getEmptyInstanceOfSignatureMethodByName(string $name): AbstractSignatureMethod {
-		if (!in_array($name, $this->availableSignatureMethods)) {
+		if (!in_array($name, $this->getAvailableSignatureMethods())) {
 			throw new InvalidArgumentException(sprintf('%s is not a valid signature method of identify method %s', $name, $this->getName()));
 		}
 		$className = 'OCA\Libresign\Service\IdentifyMethod\\SignatureMethod\\' . ucfirst($name);
@@ -284,7 +293,7 @@ protected function getSettingsFromDatabase(array $default = [], array $immutable
 		$default = array_merge(
 			[
 				'name' => $this->name,
-				'friendly_name' => $this->friendlyName,
+				'friendly_name' => $this->getFriendlyName(),
 				'enabled' => true,
 				'mandatory' => true,
 				'signatureMethods' => $this->signatureMethodsToArray(),
@@ -310,7 +319,8 @@ private function loadSavedSettings(): void {
 			return $carry;
 		}, []);
 		$enabled = false;
-		foreach ($this->availableSignatureMethods as $signatureMethodName) {
+		$availableSignatureMethods = $this->getAvailableSignatureMethods();
+		foreach ($availableSignatureMethods as $signatureMethodName) {
 			$this->signatureMethods[$signatureMethodName]
 				= $this->getEmptyInstanceOfSignatureMethodByName($signatureMethodName);
 			if (isset($this->settings['signatureMethods'][$signatureMethodName]['enabled'])
@@ -320,6 +330,13 @@ private function loadSavedSettings(): void {
 				$enabled = true;
 			}
 		}
+		if (isset($this->settings['signatureMethods'])) {
+			foreach (array_keys($this->settings['signatureMethods']) as $signatureMethodName) {
+				if (!in_array($signatureMethodName, $availableSignatureMethods, true)) {
+					unset($this->settings['signatureMethods'][$signatureMethodName]);
+				}
+			}
+		}
 		if (!$enabled && $this->defaultSignatureMethod) {
 			$this->signatureMethods[$this->defaultSignatureMethod]->enable();
 		}

lib/Service/IdentifyMethod/AbstractIdentifyMethod.php

@@ -47,7 +47,7 @@ public function __construct(
 		private MailService $mail,
 	) {
 		// TRANSLATORS Name of possible authenticator method. This signalize that the signer could be identified by Nextcloud acccount
-		$this->friendlyName = $this->identifyService->getL10n()->t('Account');
+		$this->setFriendlyName($this->identifyService->getL10n()->t('Account'));
 		parent::__construct(
 			$identifyService,
 		);