feat: electronic signing, add settings for eIDEasy #4328
Conversation
|
@juliusknorr could you please review this when you have time? How to test, if you want: take the eideasy test url/clientid/secret from CollaboraOnline/online#10630 (comment), go to the richdocuments admin settings and configure the 3 values. Then open a PDF in COOL, Insert menu -> add electronic signature, you'll need to decide what provider to use, accept the default. Then you need a test personal ID, use the value from the above GH comment. Once the popup is closed, you will notice a signature green sign / warning sign in the statusbar (depending on if the test CA is manually trusted), you can view the signature there. #4311 (comment) has a screenshot on how this looks like on my end currently. Thanks. |
|
Oh and forgot to mention: it seems to me that none of the 4 failing checks are related to the changes in this PR, but please let me know if I overlooked something. Thanks. |
|
One more small thing: the properties used here are now documented at https://sdk.collaboraonline.com/docs/advanced_integration.html#electronic-signature-handling, so it's a bit safer to depend on them here. |
juliusknorr
added
enhancement
|
Yes, CI failures are unrelated 👍 |
src/components/AdminSettings.vue
Outdated
| <h2>{{ t('richdocuments', 'Electronic signature settings') }}</h2> | ||
| <SettingsInputText v-model="settings.esignature_base_url" | ||
| :label="t('richdocuments', 'URL for the electronic signature API')" | ||
| :hint="t('richdocuments', 'The production API URL is https://id.eideasy.com, the test API URL is https://test.eideasy.com.')" |
There was a problem hiding this comment.
Not a blocker, just curious, apart from development is there any reason to configure the test API URL in productive usage? If not I'd remove the input for this one and rather document how to set this value with the CLI for developers.
There was a problem hiding this comment.
Yes, this is basically for development only, you're right. Where to document this, is docs/app_settings.md a good place to mention it?
There was a problem hiding this comment.
Yes, that sounds good, there might be more undocumented ones, but that is the best place from my perspective 👍
There was a problem hiding this comment.
OK, let me see, I think by now this is the only outstanding part of this PR.
|
Left some quick comments, but generally looks fine from my side. 👍 Have not tested yet. |
vmiklos
force-pushed
the
private/vmiklos/main
branch
from
67bd10e to
45875ff
Compare
|
Just pushing what I have so far, I still need to address the comment about making the API URL cmdline-only + moving to ServerPrivateInfo. |
vmiklos
force-pushed
the
private/vmiklos/main
branch
from
45875ff to
b1ce7cd
Compare
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests. The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files). Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments. <CollaboraOnline/online#10630 (comment)> has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar. Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
vmiklos
force-pushed
the
private/vmiklos/main
branch
from
b1ce7cd to
a9fa62c
Compare
|
@juliusknorr please take a look, I think I addressed your comments so far. Thanks! |
|
@elzody thanks for the review :) |
|
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
Summary
Electronic signing needs to store settings as richdocuments settings. This involves the API URL, a client ID visible to the browser and a secret, which is only used during server-side requests.
The WOPI CheckFileInfo reply sends this information to the COOL server, similar to how it's done for digital signing (via PEM files).
Add the settings as admin settings, otherwise normal users would be able to use eIDEasy services outside richdocuments.
CollaboraOnline/online#10630 (comment) has instructions on what test data to use to try out the service in a test environment. Additionally, if the test CA is configured to be trusted as a user setting, then the green stamp icon will show up in the status bar.
Checklist