mirror of
https://github.com/gotenberg/gotenberg.git
synced 2026-07-02 00:17:40 +08:00
feat(pdfengines): support owner-only encryption and document permissions
This commit is contained in:
@@ -72,6 +72,7 @@ Available tags:
|
||||
- `the (response|webhook request) PDF(s) should be valid "<standard>" with a tolerance of <N> failed rule(s)` (standards: `PDF/A-1b`, `PDF/A-2b`, `PDF/A-3b`, `PDF/UA-1`, `PDF/UA-2`)
|
||||
- `the (response|webhook request) PDF(s) (should|should NOT) be flatten`
|
||||
- `the (response|webhook request) PDF(s) (should|should NOT) be encrypted`
|
||||
- `the (response|webhook request) PDF(s) (should|should NOT) allow "<action>"` (actions: `printing`, `copying`, `modifying`, `annotating`)
|
||||
- `the (response|webhook request) PDF(s) (should|should NOT) have the "<filename>" file embedded`
|
||||
- `the "<name>" PDF should have <N> image(s)`
|
||||
- `the Gotenberg container (should|should NOT) log the following entries:` (table of log substrings)
|
||||
|
||||
@@ -113,9 +113,31 @@ Feature: /forms/pdfengines/encrypt
|
||||
Then the response status code should be 400
|
||||
Then the response body should match string:
|
||||
"""
|
||||
Invalid form data: form field 'userPassword' is required
|
||||
Invalid form data: a 'userPassword' or 'ownerPassword' is required
|
||||
"""
|
||||
|
||||
# https://github.com/gotenberg/gotenberg/discussions/1571
|
||||
# Owner-only: opens without a password but restricts printing.
|
||||
Scenario: POST /forms/pdfengines/encrypt (Owner-only, restrict printing)
|
||||
Given I have a default Gotenberg container
|
||||
When I make a "POST" request to Gotenberg at the "/forms/pdfengines/encrypt" endpoint with the following form data and header(s):
|
||||
| files | testdata/page_1.pdf | file |
|
||||
| ownerPassword | owner-secret | field |
|
||||
| allowPrinting | false | field |
|
||||
Then the response status code should be 200
|
||||
Then the response header "Content-Type" should be "application/pdf"
|
||||
Then there should be 1 PDF(s) in the response
|
||||
Then the response PDF(s) should NOT be encrypted
|
||||
Then the response PDF(s) should NOT allow "printing"
|
||||
|
||||
# Permission restrictions need a password to anchor them.
|
||||
Scenario: POST /forms/pdfengines/encrypt (Permissions without password)
|
||||
Given I have a default Gotenberg container
|
||||
When I make a "POST" request to Gotenberg at the "/forms/pdfengines/encrypt" endpoint with the following form data and header(s):
|
||||
| files | testdata/page_1.pdf | file |
|
||||
| allowPrinting | false | field |
|
||||
Then the response status code should be 400
|
||||
|
||||
Scenario: POST /forms/pdfengines/encrypt (Routes Disabled)
|
||||
Given I have a Gotenberg container with the following environment variable(s):
|
||||
| PDFENGINES_DISABLE_ROUTES | true |
|
||||
|
||||
@@ -1217,6 +1217,67 @@ func (s *scenario) thePdfsShouldBeFlatten(ctx context.Context, kind, should stri
|
||||
return nil
|
||||
}
|
||||
|
||||
// permissionFlags maps a human action to the permission key reported in a PDF's
|
||||
// encryption dictionary.
|
||||
var permissionFlags = map[string]string{
|
||||
"printing": "print",
|
||||
"copying": "copy",
|
||||
"modifying": "change",
|
||||
"annotating": "addNotes",
|
||||
}
|
||||
|
||||
// thePdfsShouldAllowAction asserts whether every response PDF permits a given
|
||||
// action (printing, copying, modifying, annotating). It reads the document's
|
||||
// permission flags; an unencrypted document has no restrictions.
|
||||
func (s *scenario) thePdfsShouldAllowAction(ctx context.Context, kind, should, action string) error {
|
||||
flag, ok := permissionFlags[action]
|
||||
if !ok {
|
||||
return fmt.Errorf("unsupported permission action %q", action)
|
||||
}
|
||||
|
||||
dirPath := s.teststoreDir
|
||||
|
||||
_, err := os.Stat(dirPath)
|
||||
if os.IsNotExist(err) {
|
||||
return fmt.Errorf("directory %q does not exist", dirPath)
|
||||
}
|
||||
|
||||
var paths []string
|
||||
err = filepath.Walk(dirPath, func(path string, info os.FileInfo, pathErr error) error {
|
||||
if pathErr != nil {
|
||||
return pathErr
|
||||
}
|
||||
if strings.EqualFold(filepath.Ext(info.Name()), ".pdf") {
|
||||
paths = append(paths, path)
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
return fmt.Errorf("walk %q: %w", dirPath, err)
|
||||
}
|
||||
|
||||
invert := should == "should NOT"
|
||||
for _, path := range paths {
|
||||
output, err := execCommandInIntegrationToolsContainer(ctx, []string{"pdfinfo", filepath.Base(path)}, path)
|
||||
if err != nil {
|
||||
return fmt.Errorf("read permissions of %q: %w", path, err)
|
||||
}
|
||||
|
||||
stripped := strings.ReplaceAll(strings.ReplaceAll(output, " ", ""), "\n", "")
|
||||
denied := strings.Contains(stripped, flag+":no")
|
||||
allowed := strings.Contains(stripped, flag+":yes")
|
||||
|
||||
if invert && !denied {
|
||||
return fmt.Errorf("expected PDF %q to deny %q, got: %q", path, action, output)
|
||||
}
|
||||
if !invert && !allowed {
|
||||
return fmt.Errorf("expected PDF %q to allow %q, got: %q", path, action, output)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (s *scenario) thePdfsShouldBeEncrypted(ctx context.Context, kind string, should string) error {
|
||||
dirPath := s.teststoreDir
|
||||
|
||||
@@ -1474,6 +1535,7 @@ func InitializeScenario(ctx *godog.ScenarioContext) {
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) should be valid "([^"]*)" with a tolerance of (\d+) failed rule\(s\)$`, s.thePdfsShouldBeValidWithAToleranceOf)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) be flatten$`, s.thePdfsShouldBeFlatten)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) be encrypted`, s.thePdfsShouldBeEncrypted)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) allow "([^"]*)"$`, s.thePdfsShouldAllowAction)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) (should|should NOT) have the "([^"]*)" file embedded$`, s.thePdfsShouldHaveEmbeddedFile)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) should have the "([^"]*)" file embedded with relationship "([^"]*)"$`, s.thePdfsShouldHaveEmbeddedFileWithRelationship)
|
||||
ctx.Then(`^the (response|webhook request) PDF\(s\) should declare Factur-X XMP with conformance level "([^"]*)"$`, s.thePdfsShouldDeclareFacturXConformanceLevel)
|
||||
|
||||
Reference in New Issue
Block a user