search

jhpyle / docassemble

A free, open-source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown.
https://docassemble.org
MIT License
796 stars 258 forks source link

ImageMagick in Docker container fails to insert signature into PDF #319

Closed wohanley closed 4 years ago

wohanley commented 4 years ago

I have Docassemble installed through Docker. When I get to the point in an interview where my PDF template is filled in, the signature field is blank. The webapp logs show failed to make overlay: convert /tmp/tmpmuvb5zbe.png -background none -density 299 -gravity NorthEast -extent 1636x1161 /tmp/datemp4spoa1c2.pdf, and closer inspection of convert's output shows attempt to perform an operation not allowed by the security policy 'PDF' @ error/constitute.c/IsCoderAuthorized/408.

I "fixed" this by changing the relevant line in /etc/ImageMagick-6/policy.xml in the Docker container to <policy domain="coder" rights="read | write" pattern="PDF" />, where "read | write" was formerly "none". I don't know if this is a good solution, and in particular, I have little understanding of the security implications. Is there a better way to approach this? Thanks!

jhpyle commented 4 years ago

The file f3-lawyer-certificate.pdf does not contain recognizable fields. Perhaps this is because you created it in Adobe LiveCycle but did not save it with backward compatibility. Docassemble can only plug in fields if the PDF uses the AcroForm standard for fillable fields.

Note that signature fields must have unique names. https://docassemble.org/docs/documents.html#signature If you are concatenating two files together and they both have a digital signature fields called plaintiff_lawyer_signature, then it is not going to work.

wohanley commented 4 years ago

f3-lawyer-certificate.pdf might be a bit ragged right now, yeah, but it shouldn't be relevant here: I'm not trying to fill it and I get the same behaviour with it completely removed from the playground. The only template I'm trying to fill when this happens is f3-base.pdf, which as far as I can tell has OK fields and which does get filled in perfectly correctly, as long as I make that change to policy.xml.

jhpyle commented 4 years ago

I was able to put a signature into f3-base.pdf without changing policy.xml. What is your "system version" according to the Configuration page?

wohanley commented 4 years ago

1.1.84, if I'm looking at the right number (very first thing on the Configuration page). About 3 weeks out of date, I think. I'll try updating.

wohanley commented 4 years ago

Same observations on 1.1.94.

jhpyle commented 4 years ago

Thanks. Your system version (because it was so recent) allowed me to reproduce the issue. A docker stop followed by docker start will result in the policy file being changed, and the Dockerfile in docassemble-os also makes the edit.

wohanley commented 4 years ago

Thanks!