Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

fix: correct OR ObjectService API, add Meeting.chair + Participant.nextcloudUserId, HMAC-sign mail votes#323

Merged
rubenvdlinde merged 1 commit into
developmentfrom
fix/critical-or-api-schema-mail-signing
May 27, 2026
Merged

fix: correct OR ObjectService API, add Meeting.chair + Participant.nextcloudUserId, HMAC-sign mail votes#323
rubenvdlinde merged 1 commit into
developmentfrom
fix/critical-or-api-schema-mail-signing

Conversation

@rubenvdlinde

Copy link
Copy Markdown
Contributor

Summary

Fixes 4 CRITICALs in a single PR:

Additional: test stubs updated to real OR API signatures; unit test mocks updated from old fake API to find()/findAll(); PHPCS ternary violations expanded to if/else blocks; PHPMD baseline updated for pre-existing complexity debt.

Test plan

  • composer check:strict passes (PHPCS zero errors, PHPStan no new errors in changed files, PHPMD baseline clean)
  • All unit service tests pass (ALVMinutesServiceTest, LiveDecisionServiceTest, ActionItemAnalyticsServiceTest, MinutesGenerationServiceTest, MotionServiceTest)
  • decidesk_register.json validates — Meeting has chair field, Participant has nextcloudUserId field
  • VotingService, MailReplyHandler, MinutesController callable via API without 500
  • Mail vote HMAC reject path: votes without valid HMAC signature are skipped
  • Secret ballot rejection: isSecret rounds reject email votes with rejectReason: secret-ballot

Resolves four CRITICALs:

#296 C1 — Replace non-existent findObject/findObjects/getObject(register:,schema:,uuid:)
calls throughout all service and controller files with the real OR API:
find(id:,register:,schema:) + entity->jsonSerialize(), and setRegister/setSchema +
findAll(['filters'=>...]) for collections.

#297 C2 — Add missing `chair` field (string UUID) to Meeting schema in
decidesk_register.json; bump Meeting schema version 0.3.0 → 0.4.0 and top-level
register version 0.1.0 → 0.2.0.

#298 C3 — Add missing `nextcloudUserId` field (string) to Participant schema in
decidesk_register.json; bump Participant schema version 0.1.0 → 0.2.0.

#299 C4 — MailReplyHandler now HMAC-signs _mail entries at ingestion time
(hash_hmac/sha256 with per-round derived secret); verifyMailHmac() with
hash_equals() guards ballot counting; email votes on isSecret rounds are
rejected (reason: secret-ballot).

Also: update test stubs and unit tests to match real OR API signatures;
expand ternary jsonSerialize patterns to if/else blocks to satisfy PHPCS;
update PHPMD baseline for pre-existing complexity violations.
@rubenvdlinde rubenvdlinde merged commit 90666a5 into development May 27, 2026
rubenvdlinde added a commit that referenced this pull request May 27, 2026
…loudUserId in chair check

- AgendaController::requireChairOrAdmin: check nextcloudUserId field (PR #323) for chair/secretary role match, with fallback to legacy owner field
- DecideskToolProvider::listOpenActionItems (scope=all): post-filter to action items linked to meetings the caller participates in; admins unfiltered
- DecideskToolProvider::listRecentMeetings: post-filter to meetings the caller participates in via getCallerMeetingUuids helper; admins unfiltered

Fixes #306, #307
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant