Request two different signatures from the same account/email address

LibreSign / libresign

✍️ Nextcloud app to sign PDF documents

https://libresign.coop

GNU Affero General Public License v3.0

482 stars 56 forks source link

Request two different signatures from the same account/email address #2432

Open DazeEnd opened 7 months ago

DazeEnd commented 7 months ago

Is your feature request related to a problem? Please describe. My customers are accountants and tax preparers. Many of their clients are married and share a single email address. There does not appear to be a way to request signatures from two people who share the same email address.

Describe the solution you'd like I would like to be able to add an account or email address as a signer more than once, with the ability to place signature fields for each instance. The first time the document is signed by the account/email address the first signature would be applied. The second time the document is signed, the second signature would be applied.

In the case of an email signature, two separate emails could be sent, or two different links could be sent in the same email.

Ideally, more than one signature could be defined for an account so that the two signers could switch back and forth between the signatures. But it would be acceptable to make the user change his/her signature before signing the second time.

Here is a mock up showing the same email address added as a signer two different times:

Describe alternatives you've considered N/A

Additional context If there is already a way to request two different signatures from the same account or email address, please let me know.

I am sure that this seems like an odd edge case. But it is extremely common for two spouses to share the same email address, especially when they are senior citizens or not very savvy with technology.

vitormattos commented 7 months ago

At the screen to add visible elements, you need to choose the page to add the signature and after this, click at signer. When you click at signer name, will be added the signature element to current page, change the position of this element and if you wish to add other signature of same signer, click again at the name of signer. This is the current scenario. By this way, is possible put more than one visible element to the same signer.

You wish to send the sign request to the same email and generate two sign links to be sign two times, not in two places, but two times. This isn't possible because to each signer is generated a certificate when the signer don't have an account.

The best way in your scenario is to use two different emails. With some email services is possible to use characters that change the username but the email is sent to the same inbox. By example, the dot at gmail accounts is irrelevant, if the account is daze.end@gmail.com, by example, you can send to dazeend, d.a.z.e.end or other variants that will send the email to your main inbox. To LibreSign this is different accounts. Another way with gmail accounts is the plus signal after the username, if you send to dazeend+loremipsum@yourdomain the email will go to your inbox.

Maybe you can use phone number to sign the document using sms, but you also will need different phone numbers to different signers. Also is possible to sign using token to Telegram and Signal account but will be necessary implement changes to be compatible with stable28. At this release I only implemented signature using account and email, but at previous version of LibreSign was possible to sign using SMS, Telegram and Signal.

DazeEnd commented 7 months ago

@vitormattos wrote:

You wish to send the sign request to the same email and generate two sign links to be sign two times, not in two places, but two times. This isn't possible because to each signer is generated a certificate when the signer don't have an account.

Correct. I want want signatures from two different people, not just the same signature in two places. For example, I want to allow spouses John Smith and Mary Smith to both sign the document even though they share the email address smith_family@example.com.

I don't understand the LibreSign codebase well enough to know if this this is a dumb idea, but would it be possible to use something other than the plain email address to identify the signer? Perhaps a UUID (which is associated with the email address in the database) or the email address with a random string appended? Those should create a unique identifier that can be associated with an email address.

@vitormattos wrote:

By example, the dot at gmail accounts is irrelevant, if the account is daze.end@gmail.com, by example, you can send to dazeend, d.a.z.e.end or other variants that will send the email to your main inbox. To LibreSign this is different accounts. Another way with gmail accounts is the plus signal after the username, if you send to dazeend+loremipsum@yourdomain the email will go to your inbox.

I am familiar with these tricks, but I need a solution that (1) works for all email addresses no matter the provider, and (2) is easy to explain to my customers (many of whom are not very tech savvy) and for my customers to explain to their clients.

vitormattos commented 7 months ago

What you think about this?

Maybe you can use phone number to sign the document using sms, but you also will need different phone numbers to different signers. Also is possible to sign using token to Telegram and Signal account but will be necessary implement changes to be compatible with stable28. At this release I only implemented signature using account and email, but at previous version of LibreSign was possible to sign using SMS, Telegram and Signal.

DazeEnd commented 7 months ago

Telegram and Signal would not work for my customers. Few of them have ever heard of those services, and I would guess that zero have an account with either Telegram or Signal.

In theory, SMS would be a possibility since almost everyone has access to SMS messages. However, I assume that sending an SMS would require a Twilio account (or something similar), which probably would not work for my customers.

Email really is the best solution from my customer's perspective, since that is what they and their clients are used to using.

DazeEnd commented 7 months ago

I had another idea. Would it be possible to send to send signature requests to both a Nextcloud account and and its associated email address? For example, if the Nextcloud account "John Smith" was associated with the email address smith_family@example.com, could we add the "John Smith" account as a signer, and then request a separate signature from the smith_family@example.com email address?

DazeEnd commented 7 months ago

@DazeEnd wrote:

I had another idea. Would it be possible to send to send signature requests to both a Nextcloud account and and its associated email address? For example, if the Nextcloud account "John Smith" was associated with the email address smith_family@example.com, could we add the "John Smith" account as a signer, and then request a separate signature from the smith_family@example.com email address?

Expanding on this idea, I dug into the code a little bit. It appears that Nextcloud accounts and email addresses are handled differently:

/src/Components/Request/IdentifySigner.vue:

    methods: {
        saveSigner() {
            const signer = {
                displayName: this.displayName,
                identify: this.identify,
                identifyMethods: [],
            }
            let canSave = false
            if (this.methods.account.enabled) {
                if (Object.keys(this.methods.account.value).length > 0) {
                    canSave = true
                    signer.identifyMethods.push({
                        method: 'account',
                        value: this.methods.account.value,
                    })
                }
            }
            if (this.methods.email.enabled) {
                if (Object.keys(this.methods.email.value).length > 0) {
                    canSave = true
                    signer.identifyMethods.push({
                        method: 'email',
                        value: this.methods.email.value,
                    })
                }
            }

In this snippet, it appears that Nextcloud accounts and email addresses use different identifiers. I think email accounts are identified based on the string value of the email address, while Nextcloud accounts use some sort of account identifier?

(I apologize if this is completely wrong. I'm an experienced programmer, but I have never looked at Vue.js or Nextcloud apps before, and I had a little trouble following the code paths.)

Since they use different identifiers, would it be possible to present both the Nextcloud account and the email address as options when the entered string matches both an account and is a valid email address? The requester could then add both the Nextcloud account and the email address as separate signers if two signatures are required on the document.

Mock-up: Both the matching account and email address being offered as options: email and account mockup

Mock-up: Both the matching account and email address selected as signers:

vitormattos commented 7 months ago

Is this your idea? Only a mockup. Screenshot_20240306_174934

Add multiple identify methods to the same signer and request to be identified by all. At this scenario will be necessary to have an account.

Another possibility: You can create multiple accounts at Nextcloud with the same email. You will need to give a login that isn't an email. I didn't made this test but I think that will work fine.

DazeEnd commented 7 months ago

@vitormattos wrote:

Is this your idea? Add multiple identify methods to the same signer and request to be identified by all. At this scenario will be necessary to have an account.

So in that case, if you added admin as a signer, would he get two different requests -- one to his account and one to his email address? Would he be able to attach two different signatures? If yes, then how would you handle it when only one signature was required?

Another possibility: You can create multiple accounts at Nextcloud with the same email. You will need to give a login that isn't an email. I didn't made this test but I think that will work fine.

For most people, that would work fine. Unfortunately, in my case the people who will be signing documents have guest accounts (created using the Guests app), and guest accounts use the email address as the username. As a result, it is not possible to have more than one guest account that uses the same email address.

As background, in my case, I have customers and these customers have their own clients. I set up a separate Nextcloud instance for each of my customers. I am the admin of that Nextcloud instance, and my customer is a regular user. My customer can then create guest accounts for his clients without needing admin permission.

vitormattos commented 7 months ago

So in that case, if you added admin as a signer, would he get two different requests -- one to his account and one to his email address? Would he be able to attach two different signatures? If yes, then how would you handle it when only one signature was required?

On my idea, when the signer access the link, will be necessary stay authenticated and will be necessary confirm a token by email. After this will able to sign. I think that don't solve what you want.

Maybe a possible idea (we need to think more about the side effects and think about the flow) is make possible to create multiple certificates to the same account. By this way will be necessary to have an account and also will be necessary to use certificate with password as signature method and the signer will need to remember all password. When the signer go to sign the document, will be asked about what certificate want to use.