Merge pull request #5459 from LibreSign/feat/sign-using-twofactor_gateway

feat: sign usign twofactor_gateway

Author: vitormattos

img/logo-signal-app.svg

@@ -21,6 +21,7 @@
 use OCA\Libresign\Listener\MailNotifyListener;
 use OCA\Libresign\Listener\NotificationListener;
 use OCA\Libresign\Listener\SignedCallbackListener;
+use OCA\Libresign\Listener\TwofactorGatewayListener;
 use OCA\Libresign\Listener\UserDeletedListener;
 use OCA\Libresign\Middleware\GlobalInjectionMiddleware;
 use OCA\Libresign\Middleware\InjectionMiddleware;
@@ -80,6 +81,10 @@ public function register(IRegistrationContext $context): void {
 		$context->registerEventListener(SendSignNotificationEvent::class, MailNotifyListener::class);
 		$context->registerEventListener(SignedEvent::class, MailNotifyListener::class);
 
+		// TwofactorGateway listener
+		$context->registerEventListener(SendSignNotificationEvent::class, TwofactorGatewayListener::class);
+		$context->registerEventListener(SignedEvent::class, TwofactorGatewayListener::class);
+
 		$context->registerEventListener(UserDeletedEvent::class, UserDeletedListener::class);
 	}
 }

img/logo-telegram-app.svg

@@ -0,0 +1,100 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 LibreCode coop and contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Libresign\Collaboration\Collaborators;
+
+use OCA\Libresign\Db\IdentifyMethodMapper;
+use OCP\Collaboration\Collaborators\ISearchPlugin;
+use OCP\Collaboration\Collaborators\ISearchResult;
+use OCP\Collaboration\Collaborators\SearchResultType;
+use OCP\IUserSession;
+
+class SignerPlugin implements ISearchPlugin {
+	public const TYPE_SIGNER = 50; // IShare::TYPE_SIGNER = 50; It's a custom share type. Not defined in OCP\Share\IShare
+	public static string $method = '';
+
+	public function __construct(
+		protected IdentifyMethodMapper $identifyMethodMapper,
+		private IUserSession $userSession,
+	) {
+	}
+
+	public static function setMethod(string $method): void {
+		self::$method = $method;
+	}
+
+	/**
+	 * {@inheritdoc}
+	 */
+	public function search($search, $limit, $offset, ISearchResult $searchResult): bool {
+		$user = $this->userSession->getUser()->getUID();
+
+		$limit++;
+		$identifiers = $this->identifyMethodMapper->searchByIdentifierValue(
+			$search,
+			$user,
+			self::$method,
+			$limit,
+			$offset,
+		);
+
+		$result = ['wide' => [], 'exact' => []];
+
+		$hasMore = false;
+		if (count($identifiers) > $limit) {
+			$hasMore = true;
+			array_pop($identifiers);
+		}
+
+		foreach ($identifiers as $row) {
+			$item = $this->rowToSearchResultItem($row);
+			if (strtolower($row['identifier_value']) === strtolower($search)
+				|| strtolower($row['display_name']) === strtolower($search)
+			) {
+				$result['exact'][] = $item;
+			} else {
+				$result['wide'][] = $item;
+			}
+		}
+
+		if (empty($identifiers) && self::$method && !$this->canValidateMethod()) {
+			$result['exact'][] = [
+				'label' => $search,
+				'shareWithDisplayNameUnique' => $search,
+				'method' => self::$method,
+				'value' => [
+					'shareWith' => $search,
+					'shareType' => self::TYPE_SIGNER,
+				],
+			];
+		}
+
+		$type = new SearchResultType('signer');
+		$searchResult->addResultSet($type, $result['wide'], $result['exact']);
+
+		return $hasMore;
+	}
+
+	private function canValidateMethod(): bool {
+		return in_array(self::$method, ['email', 'account'], true);
+	}
+
+	private function rowToSearchResultItem(array $row): array {
+		$item = [
+			'label' => $row['display_name'],
+			'shareWithDisplayNameUnique' => $row['identifier_value'],
+			'method' => $row['identifier_key'],
+			'value' => [
+				'shareWith' => $row['identifier_value'],
+				'shareType' => self::TYPE_SIGNER,
+			]
+		];
+
+		return $item;
+	}
+}

lib/AppInfo/Application.php

@@ -378,7 +378,7 @@ private function fetchPreview(
 	/**
 	 * Send a file
 	 *
-	 * Send a new file to Nextcloud and return the fileId to request to sign usign fileId
+	 * Send a new file to Nextcloud and return the fileId to request signature
 	 *
 	 * @param LibresignNewFile $file File to save
 	 * @param string $name The name of file to sign

lib/Collaboration/Collaborators/SignerPlugin.php

@@ -9,6 +9,7 @@
 namespace OCA\Libresign\Controller;
 
 use OCA\Libresign\AppInfo\Application;
+use OCA\Libresign\Collaboration\Collaborators\SignerPlugin;
 use OCA\Libresign\Middleware\Attribute\RequireManager;
 use OCA\Libresign\ResponseDefinitions;
 use OCA\Libresign\Service\IdentifyMethod\Account;
@@ -45,6 +46,7 @@ public function __construct(
 	 * Used to identify who can sign the document. The return of this endpoint is related with Administration Settiongs > LibreSign > Identify method.
 	 *
 	 * @param string $search search params
+	 * @param string $method filter by method (email, account, sms, signal, telegram, whatsapp, xmpp)
 	 * @param int $page the number of page to return. Default: 1
 	 * @param int $limit Total of elements to return. Default: 25
 	 * @return DataResponse<Http::STATUS_OK, LibresignIdentifyAccount[], array{}>
@@ -55,29 +57,43 @@ public function __construct(
 	#[NoAdminRequired]
 	#[RequireManager]
 	#[ApiRoute(verb: 'GET', url: '/api/{apiVersion}/identify-account/search', requirements: ['apiVersion' => '(v1)'])]
-	public function search(string $search = '', int $page = 1, int $limit = 25): DataResponse {
-		$shareTypes = $this->getShareTypes();
-		$lookup = false;
-
-		// only search for string larger than a given threshold
-		$threshold = 1;
-		if (strlen($search) < $threshold) {
+	public function search(string $search = '', string $method = '', int $page = 1, int $limit = 25): DataResponse {
+		// only search for string larger than a minimum length
+		if (strlen($search) < 1) {
 			return new DataResponse();
 		}
 
+		$shareTypes = $this->getShareTypes();
+		$lookup = false;
+
 		$offset = $limit * ($page - 1);
+		$this->registerPlugin($method);
 		[$result] = $this->collaboratorSearch->search($search, $shareTypes, $lookup, $limit, $offset);
 		$result['exact'] = $this->unifyResult($result['exact']);
 		$result = $this->unifyResult($result);
 		$result = $this->excludeEmptyShareWith($result);
 		$return = $this->formatForNcSelect($result);
 		$return = $this->addHerselfAccount($return, $search);
 		$return = $this->addHerselfEmail($return, $search);
+		$return = $this->replaceShareTypeByMethod($return);
 		$return = $this->excludeNotAllowed($return);
 
 		return new DataResponse($return);
 	}
 
+	private function registerPlugin(string $method): void {
+		SignerPlugin::setMethod($method);
+
+		$refObject = new \ReflectionObject($this->collaboratorSearch);
+		$refProperty = $refObject->getProperty('pluginList');
+		$refProperty->setAccessible(true);
+
+		$plugins = $refProperty->getValue($this->collaboratorSearch);
+		$plugins[SignerPlugin::TYPE_SIGNER] = [SignerPlugin::class];
+
+		$refProperty->setValue($this->collaboratorSearch, $plugins);
+	}
+
 	private function getShareTypes(): array {
 		if (count($this->shareTypes) > 0) {
 			return $this->shareTypes;
@@ -90,6 +106,8 @@ private function getShareTypes(): array {
 		if ($settings['enabled']) {
 			$this->shareTypes[] = IShare::TYPE_USER;
 		}
+
+		$this->shareTypes[] = SignerPlugin::TYPE_SIGNER;
 		return $this->shareTypes;
 	}
 
@@ -109,21 +127,35 @@ private function unifyResult(array $list): array {
 	}
 
 	private function formatForNcSelect(array $list): array {
+		$formattedList = [];
 		foreach ($list as $key => $item) {
-			$list[$key] = [
+			$formattedList[$key] = [
 				'id' => $item['value']['shareWith'],
-				'isNoUser' => $item['value']['shareType'] !== IShare::TYPE_USER,
+				'isNoUser' => $item['value']['shareType'] !== IShare::TYPE_USER
+					&& isset($item['method'])
+					&& $item['method'] !== 'account',
 				'displayName' => $item['label'],
 				'subname' => $item['shareWithDisplayNameUnique'] ?? '',
-				'shareType' => $item['value']['shareType'],
 			];
 			if ($item['value']['shareType'] === IShare::TYPE_EMAIL) {
-				$list[$key]['icon'] = 'icon-mail';
+				$formattedList[$key]['method'] = 'email';
+				$formattedList[$key]['icon'] = 'icon-mail';
 			} elseif ($item['value']['shareType'] === IShare::TYPE_USER) {
-				$list[$key]['icon'] = 'icon-user';
+				$formattedList[$key]['method'] = 'account';
+				$formattedList[$key]['icon'] = 'icon-user';
+			} elseif ($item['value']['shareType'] === SignerPlugin::TYPE_SIGNER) {
+				$formattedList[$key]['method'] = $item['method'] ?? '';
+				if ($item['method'] === 'email') {
+					$formattedList[$key]['icon'] = 'icon-mail';
+				} elseif ($item['method'] === 'account') {
+					$formattedList[$key]['icon'] = 'icon-user';
+				} else {
+					$formattedList[$key]['iconSvg'] = 'svg' . ucfirst($item['method']);
+					$formattedList[$key]['iconName'] = $item['method'];
+				}
 			}
 		}
-		return $list;
+		return $formattedList;
 	}
 
 	private function addHerselfAccount(array $return, string $search): array {
@@ -132,7 +164,14 @@ private function addHerselfAccount(array $return, string $search): array {
 			return $return;
 		}
 		$user = $this->userSession->getUser();
-		if (!str_contains($user->getUID(), $search) && !str_contains(strtolower($user->getDisplayName()), $search)) {
+		$search = strtolower($search);
+		if (!str_contains($user->getUID(), $search)
+			&& !str_contains(strtolower($user->getDisplayName()), $search)
+			&& (
+				$user->getEMailAddress() === null
+				|| ($user->getEMailAddress() !== null && !str_contains($user->getEMailAddress(), $search))
+			)
+		) {
 			return $return;
 		}
 		$filtered = array_filter($return, fn ($i) => $i['id'] === $user->getUID());
@@ -145,7 +184,7 @@ private function addHerselfAccount(array $return, string $search): array {
 			'displayName' => $user->getDisplayName(),
 			'subname' => $user->getEMailAddress(),
 			'icon' => 'icon-user',
-			'shareType' => IShare::TYPE_USER,
+			'method' => 'account',
 		];
 		return $return;
 	}
@@ -159,7 +198,9 @@ private function addHerselfEmail(array $return, string $search): array {
 		if (empty($user->getEMailAddress())) {
 			return $return;
 		}
-		if (!str_contains($user->getEMailAddress(), $search) && !str_contains($user->getDisplayName(), $search)) {
+		if (!str_contains($user->getEMailAddress(), $search)
+			&& !str_contains($user->getDisplayName(), $search)
+		) {
 			return $return;
 		}
 		$filtered = array_filter($return, fn ($i) => $i['id'] === $user->getUID());
@@ -172,7 +213,7 @@ private function addHerselfEmail(array $return, string $search): array {
 			'displayName' => $user->getDisplayName(),
 			'subname' => $user->getEMailAddress(),
 			'icon' => 'icon-mail',
-			'shareType' => IShare::TYPE_EMAIL,
+			'method' => 'email',
 		];
 		return $return;
 	}
@@ -182,7 +223,21 @@ private function excludeEmptyShareWith(array $list): array {
 	}
 
 	private function excludeNotAllowed(array $list): array {
-		$shareTypes = $this->getShareTypes();
-		return array_filter($list, fn ($result) => in_array($result['shareType'], $shareTypes));
+		return array_filter($list, fn ($result) => isset($result['method']) && !empty($result['method']));
+	}
+
+	private function replaceShareTypeByMethod(array $list): array {
+		foreach ($list as $key => $item) {
+			if (isset($item['method']) && !empty($item['method'])) {
+				continue;
+			}
+			$list[$key]['method'] = match ($item['shareType']) {
+				IShare::TYPE_EMAIL => 'email',
+				IShare::TYPE_USER => 'account',
+				default => '',
+			};
+			unset($list[$key]['shareType']);
+		}
+		return $list;
 	}
 }

lib/Controller/FileController.php

@@ -220,7 +220,7 @@ public function signRenew(string $method): DataResponse {
 	 *
 	 * @param string $uuid UUID of LibreSign file
 	 * @param 'account'|'email'|null $identifyMethod Identify signer method
-	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign
+	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign, sms, signal, telegram, whatsapp, xmpp
 	 * @param string|null $identify Identify value, i.e. the signer email, account or phone number
 	 * @return DataResponse<Http::STATUS_OK, array{message: string}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{message: string}, array{}>
 	 *
@@ -246,7 +246,7 @@ public function getCodeUsingUuid(string $uuid, ?string $identifyMethod, ?string
 	 *
 	 * @param int $fileId Id of LibreSign file
 	 * @param 'account'|'email'|null $identifyMethod Identify signer method
-	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign
+	 * @param string|null $signMethod Method used to sign the document, i.e. emailToken, account, clickToSign, sms, signal, telegram, whatsapp, xmpp
 	 * @param string|null $identify Identify value, i.e. the signer email, account or phone number
 	 * @return DataResponse<Http::STATUS_OK, array{message: string}, array{}>|DataResponse<Http::STATUS_UNPROCESSABLE_ENTITY, array{message: string}, array{}>
 	 *