search

docusealco / docuseal

Open source DocuSign alternative. Create, fill, and sign digital documents ✍️
https://www.docuseal.co
GNU Affero General Public License v3.0
5.61k stars 372 forks source link

500 error when entering time server URLs #225

Closed psybers closed 3 months ago

psybers commented 4 months ago

Docuseal v1.4.5 (via docker compose)

When editing the settings, I put "ntp://time.google.com/" for the timeserver URL, not knowing what URL format was wanted here.

This resulted in a 500 error:

DocuSeal
500
We're sorry, but something went wrong

The logs are following:

app-1                  | E, [2024-03-02T21:06:13.258807 #1] ERROR -- : [9f196722-5fbb-49db-9895-e371bd23cd5c]
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c] NoMethodError (undefined method `request_uri' for #<URI::Generic ntp://time.google.com/>):
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c]
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c] lib/submissions/timestamp_handler.rb:37:in `sign'
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c] app/controllers/timestamp_server_controller.rb:29:in `test_timeserver_url'
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c] app/controllers/timestamp_server_controller.rb:10:in `create'
app-1                  | [9f196722-5fbb-49db-9895-e371bd23cd5c] lib/api_path_consider_json_middleware.rb:15:in `call'
app-1                  | I, [2024-03-02T21:06:13.260950 #1]  INFO -- : [9f196722-5fbb-49db-9895-e371bd23cd5c] {"method":"GET","path":"/500","format":"turbo_stream","controller":"ErrorsController","action":"show","status":500,"allocations":420,"duration":1.27,"view":0.64,"db":0.0,"fwd":"100.100.2.81"}

I'd recommend two fixes. First, obviously, trap that error so there is not a 500 when users enter invalid URL formats. Second, the hover on the information i could perhaps provide more detail as to what is expected here.

omohokcoj commented 4 months ago

@psybers thanks for the suggestion - for PDF signing the timeserver should be accessed via HTTPS and support RFC 3161 timestamp protocol https://www.freetsa.org/index_en.php ntp://time.google.com/ can't be used with docuseal to timestamp PDFs

psybers commented 4 months ago

I figured that out.

My second recommendation was a better hint message along the lines of what you just said, so people don't have to guess.

omohokcoj commented 3 months ago

RFC 3161 mention has been added to the timeserver URL input tooltip

psybers commented 3 months ago

I would also recommend not crashing (500 error) if they use a 'wrong' URL format.