Modified: will not sign if the document has valid signature (#71) (#59)

signebedi · Mar 26, 2024 · 058eaa5 · 058eaa5
1 parent 3687cd0
commit 058eaa5
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/libreforms_fastapi/app/__init__.py b/libreforms_fastapi/app/__init__.py
@@ -80,6 +80,7 @@
     InsufficientPermissions,
     DocumentIsNotDeleted,
     SignatureError,
+    DocumentAlreadyHasValidSignature,
 )
 
 from libreforms_fastapi.utils.pydantic_models import (
@@ -1077,6 +1078,10 @@ async def api_form_sign(
         raise HTTPException(status_code=403, detail=f"{e}")
 
 
+    except DocumentAlreadyHasValidSignature as e:
+        raise HTTPException(status_code=200, detail=f"{e}")
+
+
     # Send email
     if config.SMTP_ENABLED:
         background_tasks.add_task(

diff --git a/libreforms_fastapi/utils/document_database.py b/libreforms_fastapi/utils/document_database.py
@@ -170,17 +170,26 @@ def __init__(self, form_name, document_id):
 class InsufficientPermissions(Exception):
     """Exception raised when attempting to access a document that user lacks permissions for."""
     def __init__(self, form_name, document_id, username):
-        message = f"User '{username}' has insufficient permissions to perform the requested operation on document" \
+        message = f"User '{username}' has insufficient permissions to perform the requested operation on document " \
             f"with ID '{document_id}' collection '{form_name}'."
         super().__init__(message)
 
 class SignatureError(Exception):
     """Exception raised when attempting to sign a document but the process fails."""
     def __init__(self, form_name, document_id, username):
-        message = f"User '{username}' has failed to sign the document" \
+        message = f"User '{username}' has failed to sign the document " \
             f"with ID '{document_id}' collection '{form_name}'."
         super().__init__(message)
 
+class DocumentAlreadyHasValidSignature(Exception):
+    """Exception raised when attempting to sign a document but the it's been signed and the signature is valid."""
+    def __init__(self, form_name, document_id, username):
+        message = f"User '{username}' has failed to sign the document " \
+            f"with ID '{document_id}' collection '{form_name}'. Document already signed and valid."
+        super().__init__(message)
+
+
+
 SignatureError
 # Pulled from https://github.com/signebedi/gita-api
 def fuzzy_search_normalized(text_string, search_term, segment_length=None):
@@ -542,6 +551,15 @@ def sign_document(
                 self.logger.warning(f"Document for {form_name} with document_id {document_id} is deleted and was not updated")
             raise DocumentIsDeleted(form_name, document_id)
 
+        # Before we even begin, we verify whether a signature exists and only proceed if it doesn't. Otherwise, 
+        # we raise a DocumentAlreadyHasValidSignature exception. The idea here is to avoid spamming signatures if
+        # there has been no substantive change to the data since a past signature. This will allow the logic here
+        # to proceed if there is no signature, or if the data has changed since the last signature.
+        has_document_already_been_signed = verify_record_signature(record=document, username=username, env=self.env, public_key=public_key, private_key_path=private_key_path)
+
+        if has_document_already_been_signed:
+            raise DocumentAlreadyHasValidSignature(form_name, document_id, username)
+
         # Now we afix the signature
         try:
             r, signature = sign_record(record=document, username=username, env=self.env, private_key_path=private_key_path)