From 6319e8b92e860a4d84a91b76f4c3ca413798bec0 Mon Sep 17 00:00:00 2001
From: Vitor Mattos <vitor@php.rio>
Date: Fri, 22 Mar 2024 17:23:23 -0300
Subject: [PATCH 1/3] Send to api the right identify method

When we are siging a document using email token to a signer that is
identified by account, is necessary to send the right identify method to
backend that at this case need to be "account" and not "email".

Signed-off-by: Vitor Mattos <vitor@php.rio>
---
 src/views/SignPDF/_partials/ModalEmailManager.vue | 4 ++--
 src/views/SignPDF/_partials/Sign.vue              | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/views/SignPDF/_partials/ModalEmailManager.vue b/src/views/SignPDF/_partials/ModalEmailManager.vue
index 9db28949e6..0330d3e1bb 100644
--- a/src/views/SignPDF/_partials/ModalEmailManager.vue
+++ b/src/views/SignPDF/_partials/ModalEmailManager.vue
@@ -167,7 +167,7 @@ export default {
 						generateOcsUrl('/apps/libresign/api/v1/sign/file_id/{fileId}/code', { fileId: this.fileId }),
 						{
 							identify: this.sendTo,
-							identifyMethod: 'email',
+							identifyMethod: this.signMethodsStore.settings.emailToken.identifyMethod,
 							signMethod: 'emailToken',
 						},
 					)
@@ -177,7 +177,7 @@ export default {
 						generateOcsUrl('/apps/libresign/api/v1/sign/uuid/{uuid}/code', { uuid: this.uuid }),
 						{
 							identify: this.sendTo,
-							identifyMethod: 'email',
+							identifyMethod: this.signMethodsStore.settings.emailToken.identifyMethod,
 							signMethod: 'emailToken',
 						},
 					)
diff --git a/src/views/SignPDF/_partials/Sign.vue b/src/views/SignPDF/_partials/Sign.vue
index a6bc958c98..f62aa9c7ec 100644
--- a/src/views/SignPDF/_partials/Sign.vue
+++ b/src/views/SignPDF/_partials/Sign.vue
@@ -261,7 +261,7 @@ export default {
 		},
 		async signWithEmailToken() {
 			return this.signDocument({
-				method: 'email',
+				method: this.signMethodsStore.settings.emailToken.identifyMethod,
 				token: this.signMethodsStore.settings.emailToken.token,
 			})
 		},

From 9fb3b6ce1af2ed2d7040afcb3b8a58d002c9de0e Mon Sep 17 00:00:00 2001
From: Vitor Mattos <vitor@php.rio>
Date: Fri, 22 Mar 2024 17:25:48 -0300
Subject: [PATCH 2/3] Validate email token when is using account

Signed-off-by: Vitor Mattos <vitor@php.rio>
---
 lib/Service/IdentifyMethod/Account.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/Service/IdentifyMethod/Account.php b/lib/Service/IdentifyMethod/Account.php
index 4d7b0c147b..fdbb4aa008 100644
--- a/lib/Service/IdentifyMethod/Account.php
+++ b/lib/Service/IdentifyMethod/Account.php
@@ -83,6 +83,7 @@ public function validateToIdentify(): void {
 		$signer = $this->getSigner();
 		$this->throwIfNotAuthenticated();
 		$this->authenticatedUserIsTheSigner($signer);
+		$this->throwIfInvalidToken();
 		$this->throwIfMaximumValidityExpired();
 		$this->throwIfRenewalIntervalExpired();
 		$this->throwIfAlreadySigned();

From 12de5c23c05576d8b2d8e15923d6ed8d5fea2fd1 Mon Sep 17 00:00:00 2001
From: Vitor Mattos <vitor@php.rio>
Date: Fri, 22 Mar 2024 17:27:42 -0300
Subject: [PATCH 3/3] Fix way to get email when is using account as identify
 method

Signed-off-by: Vitor Mattos <vitor@php.rio>
---
 .../SignatureMethod/EmailToken.php            | 25 +++++++++++++++----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/lib/Service/IdentifyMethod/SignatureMethod/EmailToken.php b/lib/Service/IdentifyMethod/SignatureMethod/EmailToken.php
index 7b7b465d61..ec93663569 100644
--- a/lib/Service/IdentifyMethod/SignatureMethod/EmailToken.php
+++ b/lib/Service/IdentifyMethod/SignatureMethod/EmailToken.php
@@ -24,6 +24,8 @@
 
 namespace OCA\Libresign\Service\IdentifyMethod\SignatureMethod;
 
+use OCA\Libresign\Exception\LibresignException;
+use OCA\Libresign\Helper\JSActions;
 use OCA\Libresign\Service\IdentifyMethod\IdentifyMethodService;
 use Wobeto\EmailBlur\Blur;
 
@@ -40,19 +42,32 @@ public function __construct(
 	}
 
 	public function toArray(): array {
-		$return = parent::toArray();
 		$entity = $this->getEntity();
+
+		if ($entity->getIdentifierKey() === 'email') {
+			$email = $entity->getIdentifierValue();
+		} elseif ($entity->getIdentifierKey() === 'account') {
+			$signer = $this->identifyMethodService->getUserManager()->get($entity->getIdentifierValue());
+			$email = $signer->getEMailAddress();
+		}
+		if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+			throw new LibresignException(json_encode([
+				'action' => JSActions::ACTION_DO_NOTHING,
+				'errors' => [$this->identifyMethodService->getL10n()->t('Invalid email')],
+			]));
+		}
+		$return = parent::toArray();
+		$return['identifyMethod'] = $entity->getIdentifierKey();
 		$return['needCode'] = empty($entity->getCode())
 			|| empty($entity->getIdentifiedAtDate())
 			|| empty($this->codeSentByUser);
 		$return['hasConfirmCode'] = !empty($entity->getCode());
-		$return['blurredEmail'] = $this->getBlurredEmail();
-		$return['hashOfEmail'] = md5($this->getEntity()->getIdentifierValue());
+		$return['blurredEmail'] = $this->blurEmail($email);
+		$return['hashOfEmail'] = md5($email);
 		return $return;
 	}
 
-	private function getBlurredEmail(): string {
-		$email = $this->getEntity()->getIdentifierValue();
+	private function blurEmail(string $email): string {
 		$blur = new Blur($email);
 		return $blur->make();
 	}