When using the "Guests" app, guest users cannot sign documents

[DazeEnd]

Describe the bug The "Guests" app (written by the Nextcloud team) allows "guest users" to be invited to a Nextcloud instance. These guest users have limited access to the Nextcloud instance. In particular, they can only access apps that appear in an "allowlist" and they have limited access to the "Files" app.

When a signature is requested from a guest user, the user is unable to save his signature, and therefore unable to sign the document.

To Reproduce

1. Log into Nextcloud as the admin user.

2. Open the Apps screen and verify that the "Guest" app is enabled.

3. Go to Settings > Administration > Guests, and make sure that "libresign" is added to the allowlist for guests.

4. Open LibreSign and request a signature from a guest user.

5. Log out of Nextcloud.

6. Log into Nextcloud as the guest user whose signature was requested in step 4.

7. Open LibreSign, click on "Files" in the sidebar, click on the document, then click on the "Sign" button that appears in the sidebar on the right side of the screen. This will open the signing screen.

8. In the signing screen, click on the "Define your signature" button, and draw your signature. Click the "Save" button, then confirm your signature by clicking the other "Save" button.

Expected behavior The signature should be saved and the guest user should be presented with a button that allows him to sign the document.

Actual behavior An error message is presented that reads: No create permission for folder "/LibreSign"

Screenshots

Environment information (please complete the following information):

• OS: AlmaLinux 8.9
• Browser: Chrome
• LibreSign Version: v8.0.0-rc6
• Nextcloud Server Version: v28.0.2
• Logs (get the entries from nextcloud.log related with LibreSign i.e tail -f data/nextcloud.log|grep libresign): No messages were printed to nextcloud.log when performing these steps.

Additional context I suspect that this problem is caused because of the limited access that guest users have to the Files app. Guest users only have access to folders and files that a regular Nextcloud user shares with the guest. They cannot create files or folders in their home directory.

[DazeEnd]

Testing in LibreSign v8.0.0-rc7 running on Nextcloud 28.0.2, this issue is NOT completely fixed.

In my testing, when a guest user saves his signature there is no longer an error (which is good), but the signature is never displayed, and the "Define your signature" button never goes away. The end result is that guest users are still unable to sign documents.

[vitormattos]

Hi @DazeEnd could you test again with the new release?

[DazeEnd]

@vitormattos I’ll install it on Monday. 👍

[vitormattos]

I also need try to reproduce the last scenario that you exposed.

[DazeEnd]

I could not test this in RC8, because of problems documented in #2535.

[vitormattos]

Was fixed by:

• 2565

[vitormattos]

Fixed at: https://github.com/LibreSign/libresign/releases/download/v8.0.0-rc9/libresign-v8.0.0-rc9.tar.gz

[DazeEnd]

@vitormattos This is NOT fixed for me in v8.0.0-rc9, running on Nextcloud v28.0.2. I am still seeing the same problems as described above. The "Define your signature" button never goes away, even after the guest user saves his signature. As a result, the guest user is unable to sign the document.

There were no messages logged to nextcloud.log while testing this issue.

[DazeEnd]

@vitormattos I am still seeing problems with this issue in LibreSign v8.0.0-rc11 running on Nextcloud 28.0.4. LibreSign says that my signature was created successfully, but the "Define your signature" button never goes away, and the guest account is never allowed to sign the document. See the video below illustrating the problem. Screencast from 2024-04-15 16-49-37.webm

[vitormattos]

Hi @DazeEnd I made a lot of fixes but I forgot to check this issue. I will do this tomorrow.

[DazeEnd]

@vitormattos I’m traveling the rest of the week. I will look at this when I return to the office on Monday.On Apr 18, 2024, at 11:25 AM, Vitor Mattos @.***> wrote: I made the same scenario here and got success. Nextcloud server from branch stable28 LibreSign from branch stable28 Could you check and send here the response from API when you click on Save button? Here at my tests is returning: { "message": "Element created with success", "elements": [ { "id": 3, "type": "signature", "file": { "url": "\/core\/preview?y=100&fileId=276&x=350", "nodeId": 276 }, "starred": 0, "createdAt": "2024-04-18 15:24:02" } ] }

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>

[vitormattos]

I identified the problem and I'm working to finish the solution here:

• 2811

To prevent to this problem occur again, I'm creating integration tests.

[vitormattos]

Hi @DazeEnd could you test again?

I implemented an integration test to cover this scenario too:

https://github.com/LibreSign/libresign/blob/bcb2ff50027b463696e93cbffc90ceb1fd07796d/tests/integration/features/account/signature.feature#L123-L144

I will close because the integration test worked fine.

If the problem persists, don't hesitate to go back here and report the problem that persists or you also can create a new issue if is a new scenario related to this problem.

Thanks a lot by your contributions to LibreSign!

[DazeEnd]

@vitormattos I just ran a few tests, and this issue appears to be fixed for me running LibreSign v8.0.0 (final) on Nextcloud 28.0.4. Thanks!