feat(pdfengines): support owner-only encryption and document permissions

This commit is contained in:
Julien Neuhart
2026-06-06 14:03:58 +02:00
parent 287ee5be72
commit 3b1e4cbac4
22 changed files with 411 additions and 67 deletions
+1
View File
@@ -72,6 +72,7 @@ Available tags:
- `the (response|webhook request) PDF(s) should be valid "<standard>" with a tolerance of <N> failed rule(s)` (standards: `PDF/A-1b`, `PDF/A-2b`, `PDF/A-3b`, `PDF/UA-1`, `PDF/UA-2`)
- `the (response|webhook request) PDF(s) (should|should NOT) be flatten`
- `the (response|webhook request) PDF(s) (should|should NOT) be encrypted`
- `the (response|webhook request) PDF(s) (should|should NOT) allow "<action>"` (actions: `printing`, `copying`, `modifying`, `annotating`)
- `the (response|webhook request) PDF(s) (should|should NOT) have the "<filename>" file embedded`
- `the "<name>" PDF should have <N> image(s)`
- `the Gotenberg container (should|should NOT) log the following entries:` (table of log substrings)
@@ -113,9 +113,31 @@ Feature: /forms/pdfengines/encrypt
Then the response status code should be 400
Then the response body should match string:
"""
Invalid form data: form field 'userPassword' is required
Invalid form data: a 'userPassword' or 'ownerPassword' is required
"""
# https://github.com/gotenberg/gotenberg/discussions/1571
# Owner-only: opens without a password but restricts printing.
Scenario: POST /forms/pdfengines/encrypt (Owner-only, restrict printing)
Given I have a default Gotenberg container
When I make a "POST" request to Gotenberg at the "/forms/pdfengines/encrypt" endpoint with the following form data and header(s):
| files | testdata/page_1.pdf | file |
| ownerPassword | owner-secret | field |
| allowPrinting | false | field |
Then the response status code should be 200
Then the response header "Content-Type" should be "application/pdf"
Then there should be 1 PDF(s) in the response
Then the response PDF(s) should NOT be encrypted
Then the response PDF(s) should NOT allow "printing"
# Permission restrictions need a password to anchor them.
Scenario: POST /forms/pdfengines/encrypt (Permissions without password)
Given I have a default Gotenberg container
When I make a "POST" request to Gotenberg at the "/forms/pdfengines/encrypt" endpoint with the following form data and header(s):
| files | testdata/page_1.pdf | file |
| allowPrinting | false | field |
Then the response status code should be 400
Scenario: POST /forms/pdfengines/encrypt (Routes Disabled)
Given I have a Gotenberg container with the following environment variable(s):
| PDFENGINES_DISABLE_ROUTES | true |
+62
View File
@@ -1217,6 +1217,67 @@ func (s *scenario) thePdfsShouldBeFlatten(ctx context.Context, kind, should stri
return nil
}
// permissionFlags maps a human action to the permission key reported in a PDF's
// encryption dictionary.
var permissionFlags = map[string]string{
"printing": "print",
"copying": "copy",
"modifying": "change",
"annotating": "addNotes",
}
// thePdfsShouldAllowAction asserts whether every response PDF permits a given
// action (printing, copying, modifying, annotating). It reads the document's
// permission flags; an unencrypted document has no restrictions.
func (s *scenario) thePdfsShouldAllowAction(ctx context.Context, kind, should, action string) error {
flag, ok := permissionFlags[action]
if !ok {
return fmt.Errorf("unsupported permission action %q", action)
}
dirPath := s.teststoreDir
_, err := os.Stat(dirPath)
if os.IsNotExist(err) {
return fmt.Errorf("directory %q does not exist", dirPath)
}
var paths []string
err = filepath.Walk(dirPath, func(path string, info os.FileInfo, pathErr error) error {
if pathErr != nil {
return pathErr
}
if strings.EqualFold(filepath.Ext(info.Name()), ".pdf") {
paths = append(paths, path)
}
return nil
})
if err != nil {
return fmt.Errorf("walk %q: %w", dirPath, err)
}
invert := should == "should NOT"
for _, path := range paths {
output, err := execCommandInIntegrationToolsContainer(ctx, []string{"pdfinfo", filepath.Base(path)}, path)
if err != nil {
return fmt.Errorf("read permissions of %q: %w", path, err)
}
stripped := strings.ReplaceAll(strings.ReplaceAll(output, " ", ""), "\n", "")
denied := strings.Contains(stripped, flag+":no")
allowed := strings.Contains(stripped, flag+":yes")
if invert && !denied {
return fmt.Errorf("expected PDF %q to deny %q, got: %q", path, action, output)
}
if !invert && !allowed {
return fmt.Errorf("expected PDF %q to allow %q, got: %q", path, action, output)
}
}
return nil
}
func (s *scenario) thePdfsShouldBeEncrypted(ctx context.Context, kind string, should string) error {
dirPath := s.teststoreDir
@@ -1474,6 +1535,7 @@ func InitializeScenario(ctx *godog.ScenarioContext) {
ctx.Then(`^the (response|webhook request) PDF\(s\) should be valid "([^"]*)" with a tolerance of (\d+) failed rule\(s\)$`, s.thePdfsShouldBeValidWithAToleranceOf)
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) be flatten$`, s.thePdfsShouldBeFlatten)
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) be encrypted`, s.thePdfsShouldBeEncrypted)
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) allow "([^"]*)"$`, s.thePdfsShouldAllowAction)
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) have the "([^"]*)" file embedded$`, s.thePdfsShouldHaveEmbeddedFile)
ctx.Then(`^the (response|webhook request) PDF\(s\) should have the "([^"]*)" file embedded with relationship "([^"]*)"$`, s.thePdfsShouldHaveEmbeddedFileWithRelationship)
ctx.Then(`^the (response|webhook request) PDF\(s\) should declare Factur-X XMP with conformance level "([^"]*)"$`, s.thePdfsShouldDeclareFacturXConformanceLevel)