Update test_workflows.py

and this
2025-12-29 13:48:09 -06:00 · 2025-12-28 21:45:01 -08:00 · 2025-12-28 21:41:51 -08:00 · 2025-12-28 21:02:02 -08:00 · 2025-12-28 21:00:06 -08:00 · 2025-12-28 20:58:10 -08:00
37 changed files with 1014 additions and 65 deletions
--- a/docs/api.md
+++ b/docs/api.md
@@ -294,6 +294,13 @@ The following methods are supported:
        -   `"delete_original": true` to delete the original documents after editing.
        -   `"update_document": true` to update the existing document with the edited PDF.
        -   `"include_metadata": true` to copy metadata from the original document to the edited document.
+-   `remove_password`
+    -   Requires `parameters`:
+        -   `"password": "PASSWORD_STRING"` The password to remove from the PDF documents.
+    -   Optional `parameters`:
+        -   `"update_document": true` to replace the existing document with the password-less PDF.
+        -   `"delete_original": true` to delete the original document after editing.
+        -   `"include_metadata": true` to copy metadata from the original document to the new password-less document.
 -   `merge`
    -   No additional `parameters` required.
    -   The ordering of the merged document is determined by the list of IDs.
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -1007,7 +1007,7 @@ still perform some basic text pre-processing before matching.

 : See also `PAPERLESS_NLTK_DIR`.

-    Defaults to 1.
+    Defaults to true, enabling the feature.

 #### [`PAPERLESS_DATE_PARSER_LANGUAGES=<lang>`](#PAPERLESS_DATE_PARSER_LANGUAGES) {#PAPERLESS_DATE_PARSER_LANGUAGES}

@@ -1074,7 +1074,7 @@ valid crontab(5) expression describing when to run.

 : Enables compression of the responses from the webserver.

-: Defaults to 1, enabling compression.
+: Defaults to true, enabling compression.

    !!! note

--- a/src-ui/angular.json
+++ b/src-ui/angular.json
@@ -31,6 +31,7 @@
          "fi-FI": "src/locale/messages.fi_FI.xlf",
          "fr-FR": "src/locale/messages.fr_FR.xlf",
          "hu-HU": "src/locale/messages.hu_HU.xlf",
+          "id-ID": "src/locale/messages.id_ID.xlf",
          "it-IT": "src/locale/messages.it_IT.xlf",
          "ja-JP": "src/locale/messages.ja_JP.xlf",
          "lb-LU": "src/locale/messages.lb_LU.xlf",
--- a/src-ui/messages.xlf
+++ b/src-ui/messages.xlf
@@ -10028,179 +10028,186 @@
          <context context-type="linenumber">135</context>
        </context-group>
      </trans-unit>
+      <trans-unit id="8312065814232621608" datatype="html">
+        <source>Indonesian</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
+          <context context-type="linenumber">141</context>
+        </context-group>
+      </trans-unit>
      <trans-unit id="2935232983274991580" datatype="html">
        <source>Italian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">147</context>
        </context-group>
      </trans-unit>
      <trans-unit id="6924606686202701860" datatype="html">
        <source>Japanese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">147</context>
+          <context context-type="linenumber">153</context>
        </context-group>
      </trans-unit>
      <trans-unit id="6145439649200570157" datatype="html">
        <source>Korean</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">153</context>
+          <context context-type="linenumber">159</context>
        </context-group>
      </trans-unit>
      <trans-unit id="1334425850005897370" datatype="html">
        <source>Luxembourgish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">159</context>
+          <context context-type="linenumber">165</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3071065188816255493" datatype="html">
        <source>Dutch</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">165</context>
+          <context context-type="linenumber">171</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8069284467804715623" datatype="html">
        <source>Norwegian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">171</context>
+          <context context-type="linenumber">177</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4977087909184008115" datatype="html">
        <source>Persian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">177</context>
+          <context context-type="linenumber">183</context>
        </context-group>
      </trans-unit>
      <trans-unit id="792060551707690640" datatype="html">
        <source>Polish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">183</context>
+          <context context-type="linenumber">189</context>
        </context-group>
      </trans-unit>
      <trans-unit id="9184513005098760425" datatype="html">
        <source>Portuguese (Brazil)</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">189</context>
+          <context context-type="linenumber">195</context>
        </context-group>
      </trans-unit>
      <trans-unit id="153799456510623899" datatype="html">
        <source>Portuguese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">195</context>
+          <context context-type="linenumber">201</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8118856427047826368" datatype="html">
        <source>Romanian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">201</context>
+          <context context-type="linenumber">207</context>
        </context-group>
      </trans-unit>
      <trans-unit id="7137419789978325708" datatype="html">
        <source>Russian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">207</context>
+          <context context-type="linenumber">213</context>
        </context-group>
      </trans-unit>
      <trans-unit id="9102963095355753902" datatype="html">
        <source>Slovak</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">213</context>
+          <context context-type="linenumber">219</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4287008301409320881" datatype="html">
        <source>Slovenian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">219</context>
+          <context context-type="linenumber">225</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8608389829607915090" datatype="html">
        <source>Serbian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">225</context>
+          <context context-type="linenumber">231</context>
        </context-group>
      </trans-unit>
      <trans-unit id="499386805970351976" datatype="html">
        <source>Swedish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">231</context>
+          <context context-type="linenumber">237</context>
        </context-group>
      </trans-unit>
      <trans-unit id="5682359291233237791" datatype="html">
        <source>Turkish</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">237</context>
+          <context context-type="linenumber">243</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3578644052206125685" datatype="html">
        <source>Ukrainian</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">243</context>
+          <context context-type="linenumber">249</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3611216939636790848" datatype="html">
        <source>Vietnamese</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">249</context>
+          <context context-type="linenumber">255</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4689443708886954687" datatype="html">
        <source>Chinese Simplified</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">255</context>
+          <context context-type="linenumber">261</context>
        </context-group>
      </trans-unit>
      <trans-unit id="8082606363137705994" datatype="html">
        <source>Chinese Traditional</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">261</context>
+          <context context-type="linenumber">267</context>
        </context-group>
      </trans-unit>
      <trans-unit id="4912706592792948707" datatype="html">
        <source>ISO 8601</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">269</context>
+          <context context-type="linenumber">275</context>
        </context-group>
      </trans-unit>
      <trans-unit id="313643372755303297" datatype="html">
        <source>Successfully completed one-time migratration of settings to the database!</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">603</context>
+          <context context-type="linenumber">609</context>
        </context-group>
      </trans-unit>
      <trans-unit id="5558341108007064934" datatype="html">
        <source>Unable to migrate settings to the database, please try saving manually.</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">604</context>
+          <context context-type="linenumber">610</context>
        </context-group>
      </trans-unit>
      <trans-unit id="1168781785897678748" datatype="html">
        <source>You can restart the tour from the settings page.</source>
        <context-group purpose="location">
          <context context-type="sourcefile">src/app/services/settings.service.ts</context>
-          <context context-type="linenumber">677</context>
+          <context context-type="linenumber">683</context>
        </context-group>
      </trans-unit>
      <trans-unit id="3852289441366561594" datatype="html">
--- a/src-ui/setup-jest.ts
+++ b/src-ui/setup-jest.ts
@@ -28,6 +28,7 @@ import localeFa from '@angular/common/locales/fa'
 import localeFi from '@angular/common/locales/fi'
 import localeFr from '@angular/common/locales/fr'
 import localeHu from '@angular/common/locales/hu'
+import localeId from '@angular/common/locales/id'
 import localeIt from '@angular/common/locales/it'
 import localeJa from '@angular/common/locales/ja'
 import localeKo from '@angular/common/locales/ko'
@@ -63,6 +64,7 @@ registerLocaleData(localeFa)
 registerLocaleData(localeFi)
 registerLocaleData(localeFr)
 registerLocaleData(localeHu)
+registerLocaleData(localeId)
 registerLocaleData(localeIt)
 registerLocaleData(localeJa)
 registerLocaleData(localeKo)
--- a/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.html
+++ b/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.html
@@ -0,0 +1,75 @@
+<div class="modal-header">
+  <h4 class="modal-title" id="modal-basic-title">{{title}}</h4>
+  <button type="button" class="btn-close" aria-label="Close" (click)="cancel()">
+  </button>
+</div>
+<div class="modal-body">
+  @if (message) {
+    <p class="mb-3" [innerHTML]="message"></p>
+  }
+  <div class="btn-group mb-3" role="group">
+    <input
+      type="radio"
+      class="btn-check"
+      name="passwordRemoveMode"
+      id="removeReplace"
+      [(ngModel)]="updateDocument"
+      [value]="true"
+      (ngModelChange)="onUpdateDocumentChange($event)"
+    />
+    <label class="btn btn-outline-primary btn-sm" for="removeReplace">
+      <i-bs name="pencil"></i-bs>
+      <span class="ms-2" i18n>Replace current document</span>
+    </label>
+    <input
+      type="radio"
+      class="btn-check"
+      name="passwordRemoveMode"
+      id="removeCreate"
+      [(ngModel)]="updateDocument"
+      [value]="false"
+      (ngModelChange)="onUpdateDocumentChange($event)"
+    />
+    <label class="btn btn-outline-primary btn-sm" for="removeCreate">
+      <i-bs name="plus"></i-bs>
+      <span class="ms-2" i18n>Create new document</span>
+    </label>
+  </div>
+  @if (!updateDocument) {
+    <div class="d-flex flex-column flex-md-row w-100 gap-3 align-items-center">
+      <div class="form-group d-flex">
+        <div class="form-check">
+          <input class="form-check-input" type="checkbox" id="copyMetaRemove" [(ngModel)]="includeMetadata" />
+          <label class="form-check-label" for="copyMetaRemove" i18n> Copy metadata
+          </label>
+        </div>
+        <div class="form-check ms-3">
+          <input class="form-check-input" type="checkbox" id="deleteOriginalRemove" [(ngModel)]="deleteOriginal" />
+          <label class="form-check-label" for="deleteOriginalRemove" i18n> Delete original</label>
+        </div>
+      </div>
+    </div>
+  }
+</div>
+<div class="modal-footer flex-nowrap gap-2">
+  <button
+    type="button"
+    class="btn"
+    [class]="cancelBtnClass"
+    (click)="cancel()"
+    [disabled]="!buttonsEnabled"
+  >
+    <span class="d-inline-block" style="padding-bottom: 1px;">
+      {{cancelBtnCaption}}
+    </span>
+  </button>
+  <button
+    type="button"
+    class="btn"
+    [class]="btnClass"
+    (click)="confirm()"
+    [disabled]="!confirmButtonEnabled || !buttonsEnabled"
+  >
+    {{btnCaption}}
+  </button>
+</div>
--- a/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.scss
+++ b/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.scss
--- a/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.spec.ts
+++ b/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.spec.ts
@@ -0,0 +1,53 @@
+import { ComponentFixture, TestBed } from '@angular/core/testing'
+import { By } from '@angular/platform-browser'
+import { NgbActiveModal } from '@ng-bootstrap/ng-bootstrap'
+import { NgxBootstrapIconsModule, allIcons } from 'ngx-bootstrap-icons'
+import { PasswordRemovalConfirmDialogComponent } from './password-removal-confirm-dialog.component'
+
+describe('PasswordRemovalConfirmDialogComponent', () => {
+  let component: PasswordRemovalConfirmDialogComponent
+  let fixture: ComponentFixture<PasswordRemovalConfirmDialogComponent>
+
+  beforeEach(async () => {
+    await TestBed.configureTestingModule({
+      providers: [NgbActiveModal],
+      imports: [
+        NgxBootstrapIconsModule.pick(allIcons),
+        PasswordRemovalConfirmDialogComponent,
+      ],
+    }).compileComponents()
+
+    fixture = TestBed.createComponent(PasswordRemovalConfirmDialogComponent)
+    component = fixture.componentInstance
+    fixture.detectChanges()
+  })
+
+  it('should default to replacing the document', () => {
+    expect(component.updateDocument).toBe(true)
+    expect(
+      fixture.debugElement.query(By.css('#removeReplace')).nativeElement.checked
+    ).toBe(true)
+  })
+
+  it('should allow creating a new document with metadata and delete toggle', () => {
+    component.onUpdateDocumentChange(false)
+    fixture.detectChanges()
+
+    expect(component.updateDocument).toBe(false)
+    expect(fixture.debugElement.query(By.css('#copyMetaRemove'))).not.toBeNull()
+
+    component.includeMetadata = false
+    component.deleteOriginal = true
+    component.onUpdateDocumentChange(true)
+    expect(component.updateDocument).toBe(true)
+    expect(component.includeMetadata).toBe(true)
+    expect(component.deleteOriginal).toBe(false)
+  })
+
+  it('should emit confirm when confirmed', () => {
+    let confirmed = false
+    component.confirmClicked.subscribe(() => (confirmed = true))
+    component.confirm()
+    expect(confirmed).toBe(true)
+  })
+})
--- a/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.ts
+++ b/src-ui/src/app/components/common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component.ts
@@ -0,0 +1,38 @@
+import { Component, Input } from '@angular/core'
+import { FormsModule } from '@angular/forms'
+import { NgxBootstrapIconsModule } from 'ngx-bootstrap-icons'
+import { ConfirmDialogComponent } from '../confirm-dialog.component'
+
+@Component({
+  selector: 'pngx-password-removal-confirm-dialog',
+  templateUrl: './password-removal-confirm-dialog.component.html',
+  styleUrls: ['./password-removal-confirm-dialog.component.scss'],
+  imports: [FormsModule, NgxBootstrapIconsModule],
+})
+export class PasswordRemovalConfirmDialogComponent extends ConfirmDialogComponent {
+  updateDocument: boolean = true
+  includeMetadata: boolean = true
+  deleteOriginal: boolean = false
+
+  @Input()
+  override title = $localize`Remove password protection`
+
+  @Input()
+  override message =
+    $localize`Create an unprotected copy or replace the existing file.`
+
+  @Input()
+  override btnCaption = $localize`Start`
+
+  constructor() {
+    super()
+  }
+
+  onUpdateDocumentChange(updateDocument: boolean) {
+    this.updateDocument = updateDocument
+    if (this.updateDocument) {
+      this.deleteOriginal = false
+      this.includeMetadata = true
+    }
+  }
+}
--- a/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.html
+++ b/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.html
@@ -430,6 +430,22 @@
          </div>
        </div>
      }
+      @case (WorkflowActionType.PasswordRemoval) {
+        <div class="row">
+          <div class="col">
+            <p class="small" i18n>
+              One or more passwords separated by commas or new lines. The workflow will try them in order until one succeeds.
+            </p>
+            <pngx-input-textarea
+              i18n-title
+              title="Passwords"
+              formControlName="passwords"
+              rows="4"
+              [error]="error?.actions?.[i]?.passwords"
+            ></pngx-input-textarea>
+          </div>
+        </div>
+      }
    }
  </div>
 </ng-template>
--- a/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.ts
+++ b/src-ui/src/app/components/common/edit-dialog/workflow-edit-dialog/workflow-edit-dialog.component.ts
@@ -139,6 +139,10 @@ export const WORKFLOW_ACTION_OPTIONS = [
    id: WorkflowActionType.Webhook,
    name: $localize`Webhook`,
  },
+  {
+    id: WorkflowActionType.PasswordRemoval,
+    name: $localize`Password removal`,
+  },
 ]

 export enum TriggerFilterType {
@@ -1133,6 +1137,7 @@ export class WorkflowEditDialogComponent
          headers: new FormControl(action.webhook?.headers),
          include_document: new FormControl(!!action.webhook?.include_document),
        }),
+        passwords: new FormControl(action.passwords),
      }),
      { emitEvent }
    )
--- a/src-ui/src/app/components/common/preview-popup/preview-popup.component.html
+++ b/src-ui/src/app/components/common/preview-popup/preview-popup.component.html
@@ -14,7 +14,7 @@
        @if (previewText) {
          <div class="bg-light p-3 overflow-auto whitespace-preserve" width="100%">{{previewText}}</div>
        } @else {
-          <object [data]="previewURL | safeUrl" width="100%" class="bg-light" [class.p-2]="!isPdf"></object>
+          <object [data]="previewUrl | safeUrl" width="100%" class="bg-light" [class.p-2]="!isPdf"></object>
        }
      } @else {
        @if (requiresPassword) {
@@ -24,7 +24,7 @@
        }
        @if (!requiresPassword) {
          <pdf-viewer
-            [src]="previewURL"
+            [src]="previewUrl"
            [original-size]="false"
            [show-borders]="false"
            [show-all]="true"
--- a/src-ui/src/app/components/common/preview-popup/preview-popup.component.ts
+++ b/src-ui/src/app/components/common/preview-popup/preview-popup.component.ts
@@ -71,7 +71,7 @@ export class PreviewPopupComponent implements OnDestroy {
    return (this.isPdf && this.useNativePdfViewer) || !this.isPdf
  }

-  get previewURL() {
+  get previewUrl() {
    return this.documentService.getPreviewUrl(this.document.id)
  }

@@ -93,7 +93,7 @@ export class PreviewPopupComponent implements OnDestroy {
  init() {
    if (this.document.mime_type?.includes('text')) {
      this.http
-        .get(this.previewURL, { responseType: 'text' })
+        .get(this.previewUrl, { responseType: 'text' })
        .pipe(first(), takeUntil(this.unsubscribeNotifier))
        .subscribe({
          next: (res) => {
@@ -126,10 +126,6 @@ export class PreviewPopupComponent implements OnDestroy {
    }
  }

-  get previewUrl() {
-    return this.documentService.getPreviewUrl(this.document.id)
-  }
-
  mouseEnterPreview() {
    this.mouseOnPreview = true
    if (!this.popover.isOpen()) {
--- a/src-ui/src/app/components/document-detail/document-detail.component.html
+++ b/src-ui/src/app/components/document-detail/document-detail.component.html
@@ -65,6 +65,12 @@
      <button ngbDropdownItem (click)="editPdf()" [disabled]="!userIsOwner || !userCanEdit || originalContentRenderType !== ContentRenderType.PDF">
        <i-bs name="pencil"></i-bs>&nbsp;<ng-container i18n>PDF Editor</ng-container>
      </button>
+
+      @if (userIsOwner && (requiresPassword || password)) {
+        <button ngbDropdownItem (click)="removePassword()" [disabled]="!password">
+          <i-bs name="unlock"></i-bs>&nbsp;<ng-container i18n>Remove Password</ng-container>
+        </button>
+      }
    </div>
  </div>

@@ -379,7 +385,7 @@
 <ng-template #previewContent>
  <div class="thumb-preview position-absolute pe-none text-center" [class.fade]="previewLoaded">
    @if (showThumbnailOverlay) {
-      <img [src]="thumbUrl | safeUrl" class="mx-auto" [attr.width]="previewZoomScale === 'page-fit' ? 'auto' : '100%'" [attr.height]="previewZoomScale === 'page-fit' ? '100%' : 'auto'" alt="Document loading..." i18n-alt />
+      <img [src]="thumbUrl" class="mx-auto" [attr.width]="previewZoomScale === 'page-fit' ? 'auto' : '100%'" [attr.height]="previewZoomScale === 'page-fit' ? '100%' : 'auto'" alt="Document loading..." i18n-alt />
    }
    <div class="position-absolute top-0 start-0 m-2 p-2 d-flex align-items-center justify-content-center">
      <div>
@@ -414,7 +420,7 @@
      }
      @case (ContentRenderType.Image) {
        <div class="preview-sticky">
-          <img [src]="previewUrl | safeUrl" width="100%" height="100%" alt="{{title}}" />
+          <img [src]="previewUrl" width="100%" height="100%" alt="{{title}}" />
        </div>
      }
      @case (ContentRenderType.TIFF) {
--- a/src-ui/src/app/components/document-detail/document-detail.component.spec.ts
+++ b/src-ui/src/app/components/document-detail/document-detail.component.spec.ts
@@ -66,6 +66,7 @@ import { SettingsService } from 'src/app/services/settings.service'
 import { ToastService } from 'src/app/services/toast.service'
 import { environment } from 'src/environments/environment'
 import { ConfirmDialogComponent } from '../common/confirm-dialog/confirm-dialog.component'
+import { PasswordRemovalConfirmDialogComponent } from '../common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component'
 import { CustomFieldsDropdownComponent } from '../common/custom-fields-dropdown/custom-fields-dropdown.component'
 import {
  DocumentDetailComponent,
@@ -1209,6 +1210,88 @@ describe('DocumentDetailComponent', () => {
    expect(closeSpy).toHaveBeenCalled()
  })

+  it('should support removing password protection from pdfs', () => {
+    let modal: NgbModalRef
+    modalService.activeInstances.subscribe((m) => (modal = m[0]))
+    initNormally()
+    component.password = 'secret'
+    component.removePassword()
+    const dialog =
+      modal.componentInstance as PasswordRemovalConfirmDialogComponent
+    dialog.updateDocument = false
+    dialog.includeMetadata = false
+    dialog.deleteOriginal = true
+    dialog.confirm()
+    const req = httpTestingController.expectOne(
+      `${environment.apiBaseUrl}documents/bulk_edit/`
+    )
+    expect(req.request.body).toEqual({
+      documents: [doc.id],
+      method: 'remove_password',
+      parameters: {
+        password: 'secret',
+        update_document: false,
+        include_metadata: false,
+        delete_original: true,
+      },
+    })
+    req.flush(true)
+  })
+
+  it('should require the current password before removing it', () => {
+    initNormally()
+    const errorSpy = jest.spyOn(toastService, 'showError')
+    component.requiresPassword = true
+    component.password = ''
+
+    component.removePassword()
+
+    expect(errorSpy).toHaveBeenCalled()
+    httpTestingController.expectNone(
+      `${environment.apiBaseUrl}documents/bulk_edit/`
+    )
+  })
+
+  it('should handle failures when removing password protection', () => {
+    let modal: NgbModalRef
+    modalService.activeInstances.subscribe((m) => (modal = m[0]))
+    initNormally()
+    const errorSpy = jest.spyOn(toastService, 'showError')
+    component.password = 'secret'
+
+    component.removePassword()
+    const dialog =
+      modal.componentInstance as PasswordRemovalConfirmDialogComponent
+    dialog.confirm()
+    const req = httpTestingController.expectOne(
+      `${environment.apiBaseUrl}documents/bulk_edit/`
+    )
+    req.error(new ErrorEvent('failed'))
+
+    expect(errorSpy).toHaveBeenCalled()
+    expect(component.networkActive).toBe(false)
+    expect(dialog.buttonsEnabled).toBe(true)
+  })
+
+  it('should refresh the document when removing password in update mode', () => {
+    let modal: NgbModalRef
+    modalService.activeInstances.subscribe((m) => (modal = m[0]))
+    const refreshSpy = jest.spyOn(openDocumentsService, 'refreshDocument')
+    initNormally()
+    component.password = 'secret'
+
+    component.removePassword()
+    const dialog =
+      modal.componentInstance as PasswordRemovalConfirmDialogComponent
+    dialog.confirm()
+    const req = httpTestingController.expectOne(
+      `${environment.apiBaseUrl}documents/bulk_edit/`
+    )
+    req.flush(true)
+
+    expect(refreshSpy).toHaveBeenCalledWith(doc.id)
+  })
+
  it('should support keyboard shortcuts', () => {
    initNormally()

--- a/src-ui/src/app/components/document-detail/document-detail.component.ts
+++ b/src-ui/src/app/components/document-detail/document-detail.component.ts
@@ -83,6 +83,7 @@ import { getFilenameFromContentDisposition } from 'src/app/utils/http'
 import { ISODateAdapter } from 'src/app/utils/ngb-iso-date-adapter'
 import * as UTIF from 'utif'
 import { ConfirmDialogComponent } from '../common/confirm-dialog/confirm-dialog.component'
+import { PasswordRemovalConfirmDialogComponent } from '../common/confirm-dialog/password-removal-confirm-dialog/password-removal-confirm-dialog.component'
 import { CustomFieldsDropdownComponent } from '../common/custom-fields-dropdown/custom-fields-dropdown.component'
 import { CorrespondentEditDialogComponent } from '../common/edit-dialog/correspondent-edit-dialog/correspondent-edit-dialog.component'
 import { DocumentTypeEditDialogComponent } from '../common/edit-dialog/document-type-edit-dialog/document-type-edit-dialog.component'
@@ -175,6 +176,7 @@ export enum ZoomSetting {
    NgxBootstrapIconsModule,
    PdfViewerModule,
    TextAreaComponent,
+    PasswordRemovalConfirmDialogComponent,
  ],
 })
 export class DocumentDetailComponent
@@ -1428,6 +1430,63 @@ export class DocumentDetailComponent
      })
  }

+  removePassword() {
+    if (this.requiresPassword || !this.password) {
+      this.toastService.showError(
+        $localize`Please enter the current password before attempting to remove it.`
+      )
+      return
+    }
+    const modal = this.modalService.open(
+      PasswordRemovalConfirmDialogComponent,
+      {
+        backdrop: 'static',
+      }
+    )
+    modal.componentInstance.title = $localize`Remove password protection`
+    modal.componentInstance.message = $localize`Create an unprotected copy or replace the existing file.`
+    modal.componentInstance.btnCaption = $localize`Start`
+
+    modal.componentInstance.confirmClicked
+      .pipe(takeUntil(this.unsubscribeNotifier))
+      .subscribe(() => {
+        const dialog =
+          modal.componentInstance as PasswordRemovalConfirmDialogComponent
+        dialog.buttonsEnabled = false
+        this.networkActive = true
+        this.documentsService
+          .bulkEdit([this.document.id], 'remove_password', {
+            password: this.password,
+            update_document: dialog.updateDocument,
+            include_metadata: dialog.includeMetadata,
+            delete_original: dialog.deleteOriginal,
+          })
+          .pipe(first(), takeUntil(this.unsubscribeNotifier))
+          .subscribe({
+            next: () => {
+              this.toastService.showInfo(
+                $localize`Password removal operation for "${this.document.title}" will begin in the background.`
+              )
+              this.networkActive = false
+              modal.close()
+              if (!dialog.updateDocument && dialog.deleteOriginal) {
+                this.openDocumentService.closeDocument(this.document)
+              } else if (dialog.updateDocument) {
+                this.openDocumentService.refreshDocument(this.documentId)
+              }
+            },
+            error: (error) => {
+              dialog.buttonsEnabled = true
+              this.networkActive = false
+              this.toastService.showError(
+                $localize`Error executing password removal operation`,
+                error
+              )
+            },
+          })
+      })
+  }
+
  printDocument() {
    const printUrl = this.documentsService.getDownloadUrl(
      this.document.id,
--- a/src-ui/src/app/data/workflow-action.ts
+++ b/src-ui/src/app/data/workflow-action.ts
@@ -5,6 +5,7 @@ export enum WorkflowActionType {
  Removal = 2,
  Email = 3,
  Webhook = 4,
+  PasswordRemoval = 5,
 }

 export interface WorkflowActionEmail extends ObjectWithId {
@@ -97,4 +98,6 @@ export interface WorkflowAction extends ObjectWithId {
  email?: WorkflowActionEmail

  webhook?: WorkflowActionWebhook
+
+  passwords?: string
 }
--- a/src-ui/src/app/services/settings.service.ts
+++ b/src-ui/src/app/services/settings.service.ts
@@ -136,6 +136,12 @@ const LANGUAGE_OPTIONS = [
    englishName: 'Hungarian',
    dateInputFormat: 'yyyy.mm.dd',
  },
+  {
+    code: 'id-id',
+    name: $localize`Indonesian`,
+    englishName: 'Indonesian',
+    dateInputFormat: 'dd-mm-yyyy',
+  },
  {
    code: 'it-it',
    name: $localize`Italian`,
--- a/src-ui/src/main.ts
+++ b/src-ui/src/main.ts
@@ -132,6 +132,7 @@ import {
  threeDotsVertical,
  trash,
  uiRadios,
+  unlock,
  upcScan,
  windowStack,
  x,
@@ -171,6 +172,7 @@ import localeFa from '@angular/common/locales/fa'
 import localeFi from '@angular/common/locales/fi'
 import localeFr from '@angular/common/locales/fr'
 import localeHu from '@angular/common/locales/hu'
+import localeId from '@angular/common/locales/id'
 import localeIt from '@angular/common/locales/it'
 import localeJa from '@angular/common/locales/ja'
 import localeKo from '@angular/common/locales/ko'
@@ -209,6 +211,7 @@ registerLocaleData(localeFa)
 registerLocaleData(localeFi)
 registerLocaleData(localeFr)
 registerLocaleData(localeHu)
+registerLocaleData(localeId)
 registerLocaleData(localeIt)
 registerLocaleData(localeJa)
 registerLocaleData(localeKo)
@@ -346,6 +349,7 @@ const icons = {
  threeDotsVertical,
  trash,
  uiRadios,
+  unlock,
  upcScan,
  windowStack,
  x,
--- a/src/documents/barcodes.py
+++ b/src/documents/barcodes.py
@@ -186,7 +186,11 @@ class BarcodePlugin(ConsumeTaskPlugin):

        # Update/overwrite an ASN if possible
        # After splitting, as otherwise each split document gets the same ASN
-        if self.settings.barcode_enable_asn and (located_asn := self.asn) is not None:
+        if (
+            self.settings.barcode_enable_asn
+            and not self.metadata.skip_asn
+            and (located_asn := self.asn) is not None
+        ):
            logger.info(f"Found ASN in barcode: {located_asn}")
            self.metadata.asn = located_asn

--- a/src/documents/bulk_edit.py
+++ b/src/documents/bulk_edit.py
@@ -433,6 +433,8 @@ def merge(

    if user is not None:
        overrides.owner_id = user.id
+    # Avoid copying or detecting ASN from merged PDFs to prevent collision
+    overrides.skip_asn = True

    logger.info("Adding merged document to the task queue.")

@@ -644,6 +646,77 @@ def edit_pdf(
    return "OK"


+def remove_password(
+    doc_ids: list[int],
+    password: str,
+    *,
+    update_document: bool = False,
+    delete_original: bool = False,
+    include_metadata: bool = True,
+    user: User | None = None,
+) -> Literal["OK"]:
+    """
+    Remove password protection from PDF documents.
+    """
+    import pikepdf
+
+    for doc_id in doc_ids:
+        doc = Document.objects.get(id=doc_id)
+        try:
+            logger.info(
+                f"Attempting password removal from document {doc_ids[0]}",
+            )
+            with pikepdf.open(doc.source_path, password=password) as pdf:
+                temp_path = doc.source_path.with_suffix(".tmp.pdf")
+                pdf.remove_unreferenced_resources()
+                pdf.save(temp_path)
+
+                if update_document:
+                    # replace the original document with the unprotected one
+                    temp_path.replace(doc.source_path)
+                    doc.checksum = hashlib.md5(doc.source_path.read_bytes()).hexdigest()
+                    doc.page_count = len(pdf.pages)
+                    doc.save()
+                    update_document_content_maybe_archive_file.delay(document_id=doc.id)
+                else:
+                    consume_tasks = []
+                    overrides = (
+                        DocumentMetadataOverrides().from_document(doc)
+                        if include_metadata
+                        else DocumentMetadataOverrides()
+                    )
+                    if user is not None:
+                        overrides.owner_id = user.id
+
+                    filepath: Path = (
+                        Path(tempfile.mkdtemp(dir=settings.SCRATCH_DIR))
+                        / f"{doc.id}_unprotected.pdf"
+                    )
+                    temp_path.replace(filepath)
+                    consume_tasks.append(
+                        consume_file.s(
+                            ConsumableDocument(
+                                source=DocumentSource.ConsumeFolder,
+                                original_file=filepath,
+                            ),
+                            overrides,
+                        ),
+                    )
+
+                    if delete_original:
+                        chord(header=consume_tasks, body=delete.si([doc.id])).delay()
+                    else:
+                        group(consume_tasks).delay()
+
+        except Exception as e:
+            logger.exception(f"Error removing password from document {doc.id}: {e}")
+            raise ValueError(
+                f"An error occurred while removing the password: {e}",
+            ) from e
+
+    return "OK"
+
+
 def reflect_doclinks(
    document: Document,
    field: CustomField,
--- a/src/documents/consumer.py
+++ b/src/documents/consumer.py
@@ -696,7 +696,7 @@ class ConsumerPlugin(
                pk=self.metadata.storage_path_id,
            )

-        if self.metadata.asn is not None:
+        if self.metadata.asn is not None and not self.metadata.skip_asn:
            document.archive_serial_number = self.metadata.asn

        if self.metadata.owner_id:
@@ -812,8 +812,8 @@ class ConsumerPreflightPlugin(
        """
        Check that if override_asn is given, it is unique and within a valid range
        """
-        if self.metadata.asn is None:
-            # check not necessary in case no ASN gets set
+        if self.metadata.skip_asn or self.metadata.asn is None:
+            # if skip is set or ASN is None
            return
        # Validate the range is above zero and less than uint32_t max
        # otherwise, Whoosh can't handle it in the index
--- a/src/documents/data_models.py
+++ b/src/documents/data_models.py
@@ -22,7 +22,7 @@ class DocumentMetadataOverrides:
    document_type_id: int | None = None
    tag_ids: list[int] | None = None
    storage_path_id: int | None = None
-    created: datetime.datetime | None = None
+    created: datetime.date | None = None
    asn: int | None = None
    owner_id: int | None = None
    view_users: list[int] | None = None
@@ -30,6 +30,7 @@ class DocumentMetadataOverrides:
    change_users: list[int] | None = None
    change_groups: list[int] | None = None
    custom_fields: dict | None = None
+    skip_asn: bool = False

    def update(self, other: "DocumentMetadataOverrides") -> "DocumentMetadataOverrides":
        """
@@ -49,6 +50,8 @@ class DocumentMetadataOverrides:
            self.storage_path_id = other.storage_path_id
        if other.owner_id is not None:
            self.owner_id = other.owner_id
+        if other.skip_asn:
+            self.skip_asn = True

        # merge
        if self.tag_ids is None:
@@ -100,6 +103,7 @@ class DocumentMetadataOverrides:
        overrides.storage_path_id = doc.storage_path.id if doc.storage_path else None
        overrides.owner_id = doc.owner.id if doc.owner else None
        overrides.tag_ids = list(doc.tags.values_list("id", flat=True))
+        overrides.created = doc.created

        overrides.view_users = list(
            get_users_with_perms(
--- a/src/documents/migrations/1075_workflowaction_passwords_alter_workflowaction_type.py
+++ b/src/documents/migrations/1075_workflowaction_passwords_alter_workflowaction_type.py
@@ -0,0 +1,38 @@
+# Generated by Django 5.2.7 on 2025-12-29 03:56
+
+from django.db import migrations
+from django.db import models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("documents", "1074_workflowrun_deleted_at_workflowrun_restored_at_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="workflowaction",
+            name="passwords",
+            field=models.TextField(
+                blank=True,
+                help_text="Passwords to try when removing PDF protection. Separate with commas or new lines.",
+                null=True,
+                verbose_name="passwords",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="workflowaction",
+            name="type",
+            field=models.PositiveIntegerField(
+                choices=[
+                    (1, "Assignment"),
+                    (2, "Removal"),
+                    (3, "Email"),
+                    (4, "Webhook"),
+                    (5, "Password removal"),
+                ],
+                default=1,
+                verbose_name="Workflow Action Type",
+            ),
+        ),
+    ]
--- a/src/documents/models.py
+++ b/src/documents/models.py
@@ -1287,6 +1287,10 @@ class WorkflowAction(models.Model):
            4,
            _("Webhook"),
        )
+        PASSWORD_REMOVAL = (
+            5,
+            _("Password removal"),
+        )

    type = models.PositiveIntegerField(
        _("Workflow Action Type"),
@@ -1514,6 +1518,15 @@ class WorkflowAction(models.Model):
        verbose_name=_("webhook"),
    )

+    passwords = models.TextField(
+        _("passwords"),
+        null=True,
+        blank=True,
+        help_text=_(
+            "Passwords to try when removing PDF protection. Separate with commas or new lines.",
+        ),
+    )
+
    class Meta:
        verbose_name = _("workflow action")
        verbose_name_plural = _("workflow actions")
--- a/src/documents/serialisers.py
+++ b/src/documents/serialisers.py
@@ -1421,6 +1421,7 @@ class BulkEditSerializer(
            "split",
            "delete_pages",
            "edit_pdf",
+            "remove_password",
        ],
        label="Method",
        write_only=True,
@@ -1496,6 +1497,8 @@ class BulkEditSerializer(
            return bulk_edit.delete_pages
        elif method == "edit_pdf":
            return bulk_edit.edit_pdf
+        elif method == "remove_password":
+            return bulk_edit.remove_password
        else:  # pragma: no cover
            # This will never happen as it is handled by the ChoiceField
            raise serializers.ValidationError("Unsupported method.")
@@ -1692,6 +1695,12 @@ class BulkEditSerializer(
                        f"Page {op['page']} is out of bounds for document with {doc.page_count} pages.",
                    )

+    def validate_parameters_remove_password(self, parameters):
+        if "password" not in parameters:
+            raise serializers.ValidationError("password not specified")
+        if not isinstance(parameters["password"], str):
+            raise serializers.ValidationError("password must be a string")
+
    def validate(self, attrs):
        method = attrs["method"]
        parameters = attrs["parameters"]
@@ -1732,6 +1741,8 @@ class BulkEditSerializer(
                    "Edit PDF method only supports one document",
                )
            self._validate_parameters_edit_pdf(parameters, attrs["documents"][0])
+        elif method == bulk_edit.remove_password:
+            self.validate_parameters_remove_password(parameters)

        return attrs

@@ -2429,6 +2440,7 @@ class WorkflowActionSerializer(serializers.ModelSerializer):
            "remove_change_groups",
            "email",
            "webhook",
+            "passwords",
        ]

    def validate(self, attrs):
@@ -2485,6 +2497,20 @@ class WorkflowActionSerializer(serializers.ModelSerializer):
                "Webhook data is required for webhook actions",
            )

+        if (
+            "type" in attrs
+            and attrs["type"] == WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL
+        ):
+            passwords = attrs.get("passwords")
+            if passwords is None or not isinstance(passwords, str):
+                raise serializers.ValidationError(
+                    "Passwords are required for password removal actions",
+                )
+            if not passwords.strip():
+                raise serializers.ValidationError(
+                    "Passwords are required for password removal actions",
+                )
+
        return attrs


--- a/src/documents/signals/handlers.py
+++ b/src/documents/signals/handlers.py
@@ -46,6 +46,7 @@ from documents.permissions import get_objects_for_user_owner_aware
 from documents.templating.utils import convert_format_str_to_template_format
 from documents.workflows.actions import build_workflow_action_context
 from documents.workflows.actions import execute_email_action
+from documents.workflows.actions import execute_password_removal_action
 from documents.workflows.actions import execute_webhook_action
 from documents.workflows.mutations import apply_assignment_to_document
 from documents.workflows.mutations import apply_assignment_to_overrides
@@ -792,6 +793,12 @@ def run_workflows(
                        logging_group,
                        original_file,
                    )
+                elif (
+                    action.type == WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL
+                    and not use_overrides
+                ):
+                    # Password removal only makes sense on actual documents
+                    execute_password_removal_action(action, document, logging_group)

            if not use_overrides:
                # limit title to 128 characters
--- a/src/documents/tests/test_api_bulk_edit.py
+++ b/src/documents/tests/test_api_bulk_edit.py
@@ -1582,6 +1582,58 @@ class TestBulkEditAPI(DirectoriesMixin, APITestCase):
        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
        self.assertIn(b"out of bounds", response.content)

+    @mock.patch("documents.serialisers.bulk_edit.remove_password")
+    def test_remove_password(self, m):
+        self.setup_mock(m, "remove_password")
+        response = self.client.post(
+            "/api/documents/bulk_edit/",
+            json.dumps(
+                {
+                    "documents": [self.doc2.id],
+                    "method": "remove_password",
+                    "parameters": {"password": "secret", "update_document": True},
+                },
+            ),
+            content_type="application/json",
+        )
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        m.assert_called_once()
+        args, kwargs = m.call_args
+        self.assertCountEqual(args[0], [self.doc2.id])
+        self.assertEqual(kwargs["password"], "secret")
+        self.assertTrue(kwargs["update_document"])
+        self.assertEqual(kwargs["user"], self.user)
+
+    def test_remove_password_invalid_params(self):
+        response = self.client.post(
+            "/api/documents/bulk_edit/",
+            json.dumps(
+                {
+                    "documents": [self.doc2.id],
+                    "method": "remove_password",
+                    "parameters": {},
+                },
+            ),
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn(b"password not specified", response.content)
+
+        response = self.client.post(
+            "/api/documents/bulk_edit/",
+            json.dumps(
+                {
+                    "documents": [self.doc2.id],
+                    "method": "remove_password",
+                    "parameters": {"password": 123},
+                },
+            ),
+            content_type="application/json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn(b"password must be a string", response.content)
+
    @override_settings(AUDIT_LOG_ENABLED=True)
    def test_bulk_edit_audit_log_enabled_simple_field(self):
        """
--- a/src/documents/tests/test_api_workflows.py
+++ b/src/documents/tests/test_api_workflows.py
@@ -808,3 +808,57 @@ class TestApiWorkflows(DirectoriesMixin, APITestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.action.refresh_from_db()
        self.assertEqual(self.action.assign_title, "Patched Title")
+
+    def test_password_action_passwords_field(self):
+        """
+        GIVEN:
+            - Nothing
+        WHEN:
+            - A workflow password removal action is created with passwords set
+        THEN:
+            - The passwords field is correctly stored and retrieved
+        """
+        passwords = "password1,password2\npassword3"
+        response = self.client.post(
+            "/api/workflow_actions/",
+            {
+                "type": WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+                "passwords": passwords,
+            },
+        )
+        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["passwords"], passwords)
+
+    def test_password_action_no_passwords_field(self):
+        """
+        GIVEN:
+            - Nothing
+        WHEN:
+            - A workflow password removal action is created with no passwords set
+            - A workflow password removal action is created with passwords set to empty string
+        THEN:
+            - The required validation error is raised
+        """
+        response = self.client.post(
+            "/api/workflow_actions/",
+            {
+                "type": WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+            },
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn(
+            "Passwords are required",
+            str(response.data["non_field_errors"][0]),
+        )
+        response = self.client.post(
+            "/api/workflow_actions/",
+            {
+                "type": WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+                "passwords": "",
+            },
+        )
+        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
+        self.assertIn(
+            "Passwords are required",
+            str(response.data["non_field_errors"][0]),
+        )
--- a/src/documents/tests/test_bulk_edit.py
+++ b/src/documents/tests/test_bulk_edit.py
@@ -1,3 +1,4 @@
+import hashlib
 import shutil
 from datetime import date
 from pathlib import Path
@@ -581,7 +582,7 @@ class TestPDFActions(DirectoriesMixin, TestCase):
            - Consume file should be called
        """
        doc_ids = [self.doc1.id, self.doc2.id, self.doc3.id]
-        metadata_document_id = self.doc1.id
+        metadata_document_id = self.doc2.id
        user = User.objects.create(username="test_user")

        result = bulk_edit.merge(
@@ -602,11 +603,14 @@ class TestPDFActions(DirectoriesMixin, TestCase):
            expected_filename,
        )
        self.assertEqual(consume_file_args[1].title, None)
+        self.assertTrue(consume_file_args[1].skip_asn)

        # With metadata_document_id overrides
        result = bulk_edit.merge(doc_ids, metadata_document_id=metadata_document_id)
        consume_file_args, _ = mock_consume_file.call_args
-        self.assertEqual(consume_file_args[1].title, "A (merged)")
+        self.assertEqual(consume_file_args[1].title, "B (merged)")
+        self.assertEqual(consume_file_args[1].created, self.doc2.created)
+        self.assertTrue(consume_file_args[1].skip_asn)

        self.assertEqual(result, "OK")

@@ -647,6 +651,7 @@ class TestPDFActions(DirectoriesMixin, TestCase):
            expected_filename,
        )
        self.assertEqual(consume_file_args[1].title, None)
+        self.assertTrue(consume_file_args[1].skip_asn)

        delete_documents_args, _ = mock_delete_documents.call_args
        self.assertEqual(
@@ -1062,3 +1067,147 @@ class TestPDFActions(DirectoriesMixin, TestCase):
                bulk_edit.edit_pdf(doc_ids, operations, update_document=True)
        mock_group.assert_not_called()
        mock_consume_file.assert_not_called()
+
+    @mock.patch("documents.bulk_edit.update_document_content_maybe_archive_file.delay")
+    @mock.patch("pikepdf.open")
+    def test_remove_password_update_document(self, mock_open, mock_update_document):
+        doc = self.doc1
+        original_checksum = doc.checksum
+
+        fake_pdf = mock.MagicMock()
+        fake_pdf.pages = [mock.Mock(), mock.Mock(), mock.Mock()]
+
+        def save_side_effect(target_path):
+            Path(target_path).write_bytes(b"new pdf content")
+
+        fake_pdf.save.side_effect = save_side_effect
+        mock_open.return_value.__enter__.return_value = fake_pdf
+
+        result = bulk_edit.remove_password(
+            [doc.id],
+            password="secret",
+            update_document=True,
+        )
+
+        self.assertEqual(result, "OK")
+        mock_open.assert_called_once_with(doc.source_path, password="secret")
+        fake_pdf.remove_unreferenced_resources.assert_called_once()
+        doc.refresh_from_db()
+        self.assertNotEqual(doc.checksum, original_checksum)
+        expected_checksum = hashlib.md5(doc.source_path.read_bytes()).hexdigest()
+        self.assertEqual(doc.checksum, expected_checksum)
+        self.assertEqual(doc.page_count, len(fake_pdf.pages))
+        mock_update_document.assert_called_once_with(document_id=doc.id)
+
+    @mock.patch("documents.bulk_edit.chord")
+    @mock.patch("documents.bulk_edit.group")
+    @mock.patch("documents.tasks.consume_file.s")
+    @mock.patch("documents.bulk_edit.tempfile.mkdtemp")
+    @mock.patch("pikepdf.open")
+    def test_remove_password_creates_consumable_document(
+        self,
+        mock_open,
+        mock_mkdtemp,
+        mock_consume_file,
+        mock_group,
+        mock_chord,
+    ):
+        doc = self.doc2
+        temp_dir = self.dirs.scratch_dir / "remove-password"
+        temp_dir.mkdir(parents=True, exist_ok=True)
+        mock_mkdtemp.return_value = str(temp_dir)
+
+        fake_pdf = mock.MagicMock()
+        fake_pdf.pages = [mock.Mock(), mock.Mock()]
+
+        def save_side_effect(target_path):
+            Path(target_path).write_bytes(b"password removed")
+
+        fake_pdf.save.side_effect = save_side_effect
+        mock_open.return_value.__enter__.return_value = fake_pdf
+        mock_group.return_value.delay.return_value = None
+
+        user = User.objects.create(username="owner")
+
+        result = bulk_edit.remove_password(
+            [doc.id],
+            password="secret",
+            include_metadata=False,
+            update_document=False,
+            delete_original=False,
+            user=user,
+        )
+
+        self.assertEqual(result, "OK")
+        mock_open.assert_called_once_with(doc.source_path, password="secret")
+        mock_consume_file.assert_called_once()
+        consume_args, _ = mock_consume_file.call_args
+        consumable_document = consume_args[0]
+        overrides = consume_args[1]
+        expected_path = temp_dir / f"{doc.id}_unprotected.pdf"
+        self.assertTrue(expected_path.exists())
+        self.assertEqual(
+            Path(consumable_document.original_file).resolve(),
+            expected_path.resolve(),
+        )
+        self.assertEqual(overrides.owner_id, user.id)
+        mock_group.assert_called_once_with([mock_consume_file.return_value])
+        mock_group.return_value.delay.assert_called_once()
+        mock_chord.assert_not_called()
+
+    @mock.patch("documents.bulk_edit.delete")
+    @mock.patch("documents.bulk_edit.chord")
+    @mock.patch("documents.bulk_edit.group")
+    @mock.patch("documents.tasks.consume_file.s")
+    @mock.patch("documents.bulk_edit.tempfile.mkdtemp")
+    @mock.patch("pikepdf.open")
+    def test_remove_password_deletes_original(
+        self,
+        mock_open,
+        mock_mkdtemp,
+        mock_consume_file,
+        mock_group,
+        mock_chord,
+        mock_delete,
+    ):
+        doc = self.doc2
+        temp_dir = self.dirs.scratch_dir / "remove-password-delete"
+        temp_dir.mkdir(parents=True, exist_ok=True)
+        mock_mkdtemp.return_value = str(temp_dir)
+
+        fake_pdf = mock.MagicMock()
+        fake_pdf.pages = [mock.Mock(), mock.Mock()]
+
+        def save_side_effect(target_path):
+            Path(target_path).write_bytes(b"password removed")
+
+        fake_pdf.save.side_effect = save_side_effect
+        mock_open.return_value.__enter__.return_value = fake_pdf
+        mock_chord.return_value.delay.return_value = None
+
+        result = bulk_edit.remove_password(
+            [doc.id],
+            password="secret",
+            include_metadata=False,
+            update_document=False,
+            delete_original=True,
+        )
+
+        self.assertEqual(result, "OK")
+        mock_open.assert_called_once_with(doc.source_path, password="secret")
+        mock_consume_file.assert_called_once()
+        mock_group.assert_not_called()
+        mock_chord.assert_called_once()
+        mock_chord.return_value.delay.assert_called_once()
+        mock_delete.si.assert_called_once_with([doc.id])
+
+    @mock.patch("pikepdf.open")
+    def test_remove_password_open_failure(self, mock_open):
+        mock_open.side_effect = RuntimeError("wrong password")
+
+        with self.assertLogs("paperless.bulk_edit", level="ERROR") as cm:
+            with self.assertRaises(ValueError) as exc:
+                bulk_edit.remove_password([self.doc1.id], password="secret")
+
+        self.assertIn("wrong password", str(exc.exception))
+        self.assertIn("Error removing password from document", cm.output[0])
--- a/src/documents/tests/test_consumer.py
+++ b/src/documents/tests/test_consumer.py
@@ -412,6 +412,14 @@ class TestConsumer(
        self.assertEqual(document.archive_serial_number, 123)
        self._assert_first_last_send_progress()

+    def testMetadataOverridesSkipAsnPropagation(self):
+        overrides = DocumentMetadataOverrides()
+        incoming = DocumentMetadataOverrides(skip_asn=True)
+
+        overrides.update(incoming)
+
+        self.assertTrue(overrides.skip_asn)
+
    def testOverrideTitlePlaceholders(self):
        c = Correspondent.objects.create(name="Correspondent Name")
        dt = DocumentType.objects.create(name="DocType Name")
--- a/src/documents/tests/test_workflows.py
+++ b/src/documents/tests/test_workflows.py
@@ -3548,6 +3548,99 @@ class TestWorkflows(

        mock_post.assert_called_once()

+    @mock.patch("documents.bulk_edit.remove_password")
+    def test_password_removal_action_attempts_multiple_passwords(
+        self,
+        mock_remove_password,
+    ):
+        doc = Document.objects.create(
+            title="Protected",
+            checksum="pw-checksum",
+        )
+        trigger = WorkflowTrigger.objects.create(
+            type=WorkflowTrigger.WorkflowTriggerType.DOCUMENT_UPDATED,
+        )
+        action = WorkflowAction.objects.create(
+            type=WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+            passwords="wrong, right\n extra ",
+        )
+        workflow = Workflow.objects.create(name="Password workflow")
+        workflow.triggers.add(trigger)
+        workflow.actions.add(action)
+
+        mock_remove_password.side_effect = [
+            ValueError("wrong password"),
+            "OK",
+        ]
+
+        run_workflows(trigger.type, doc)
+
+        assert mock_remove_password.call_count == 2
+        mock_remove_password.assert_has_calls(
+            [
+                mock.call(
+                    [doc.id],
+                    password="wrong",
+                    update_document=True,
+                    user=doc.owner,
+                ),
+                mock.call(
+                    [doc.id],
+                    password="right",
+                    update_document=True,
+                    user=doc.owner,
+                ),
+            ],
+        )
+
+    @mock.patch("documents.bulk_edit.remove_password")
+    def test_password_removal_action_fails_without_correct_password(
+        self,
+        mock_remove_password,
+    ):
+        doc = Document.objects.create(
+            title="Protected",
+            checksum="pw-checksum-2",
+        )
+        trigger = WorkflowTrigger.objects.create(
+            type=WorkflowTrigger.WorkflowTriggerType.DOCUMENT_UPDATED,
+        )
+        action = WorkflowAction.objects.create(
+            type=WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+            passwords=" \n , ",
+        )
+        workflow = Workflow.objects.create(name="Password workflow missing passwords")
+        workflow.triggers.add(trigger)
+        workflow.actions.add(action)
+
+        run_workflows(trigger.type, doc)
+
+        mock_remove_password.assert_not_called()
+
+    @mock.patch("documents.bulk_edit.remove_password")
+    def test_password_removal_action_skips_without_passwords(
+        self,
+        mock_remove_password,
+    ):
+        doc = Document.objects.create(
+            title="Protected",
+            checksum="pw-checksum-2",
+        )
+        trigger = WorkflowTrigger.objects.create(
+            type=WorkflowTrigger.WorkflowTriggerType.DOCUMENT_UPDATED,
+        )
+        action = WorkflowAction.objects.create(
+            type=WorkflowAction.WorkflowActionType.PASSWORD_REMOVAL,
+            passwords="",
+        )
+        workflow = Workflow.objects.create(name="Password workflow missing passwords")
+        workflow.triggers.add(trigger)
+        workflow.actions.add(action)
+
+        run_workflows(trigger.type, doc)
+
+        mock_remove_password.assert_not_called()
+

 class TestWebhookSend:
    def test_send_webhook_data_or_json(
--- a/src/documents/views.py
+++ b/src/documents/views.py
@@ -708,6 +708,7 @@ class DocumentViewSet(
        "title",
        "correspondent__name",
        "document_type__name",
+        "storage_path__name",
        "created",
        "modified",
        "added",
@@ -1503,6 +1504,7 @@ class BulkEditView(PassUserMixin):
        "merge": None,
        "edit_pdf": "checksum",
        "reprocess": "checksum",
+        "remove_password": "checksum",
    }

    permission_classes = (IsAuthenticated,)
@@ -1521,6 +1523,7 @@ class BulkEditView(PassUserMixin):
            bulk_edit.split,
            bulk_edit.merge,
            bulk_edit.edit_pdf,
+            bulk_edit.remove_password,
        ]:
            parameters["user"] = user

@@ -1549,6 +1552,7 @@ class BulkEditView(PassUserMixin):
                        bulk_edit.rotate,
                        bulk_edit.delete_pages,
                        bulk_edit.edit_pdf,
+                        bulk_edit.remove_password,
                    ]
                )
                or (
@@ -1565,7 +1569,7 @@ class BulkEditView(PassUserMixin):
                and (
                    method in [bulk_edit.split, bulk_edit.merge]
                    or (
-                        method == bulk_edit.edit_pdf
+                        method in [bulk_edit.edit_pdf, bulk_edit.remove_password]
                        and not parameters["update_document"]
                    )
                )
--- a/src/documents/workflows/actions.py
+++ b/src/documents/workflows/actions.py
@@ -1,4 +1,5 @@
 import logging
+import re
 from pathlib import Path

 from django.conf import settings
@@ -259,3 +260,59 @@ def execute_webhook_action(
            f"Error occurred sending webhook: {e}",
            extra={"group": logging_group},
        )
+
+
+def execute_password_removal_action(
+    action: WorkflowAction,
+    document: Document,
+    logging_group,
+) -> None:
+    """
+    Try to remove a password from a document using the configured list.
+    """
+    passwords = action.passwords
+    if not passwords:
+        logger.warning(
+            "Password removal action %s has no passwords configured",
+            action.pk,
+            extra={"group": logging_group},
+        )
+        return
+
+    passwords = [
+        password.strip()
+        for password in re.split(r"[,\n]", passwords)
+        if password.strip()
+    ]
+
+    # import here to avoid circular dependency
+    from documents.bulk_edit import remove_password
+
+    for password in passwords:
+        try:
+            remove_password(
+                [document.id],
+                password=password,
+                update_document=True,
+                user=document.owner,
+            )
+            logger.info(
+                "Removed password from document %s using workflow action %s",
+                document.pk,
+                action.pk,
+                extra={"group": logging_group},
+            )
+            return
+        except ValueError as e:
+            logger.warning(
+                "Password removal failed for document %s with supplied password: %s",
+                document.pk,
+                e,
+                extra={"group": logging_group},
+            )
+
+    logger.error(
+        "Password removal failed for document %s after trying all provided passwords",
+        document.pk,
+        extra={"group": logging_group},
+    )
--- a/src/locale/en_US/LC_MESSAGES/django.po
+++ b/src/locale/en_US/LC_MESSAGES/django.po
@@ -2,7 +2,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: paperless-ngx\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2025-12-12 17:41+0000\n"
+"POT-Creation-Date: 2025-12-24 05:27+0000\n"
 "PO-Revision-Date: 2022-02-17 04:17\n"
 "Last-Translator: \n"
 "Language-Team: English\n"
@@ -1767,82 +1767,86 @@ msgid "Hungarian"
 msgstr ""

 #: paperless/settings.py:789
-msgid "Italian"
+msgid "Indonesian"
 msgstr ""

 #: paperless/settings.py:790
-msgid "Japanese"
+msgid "Italian"
 msgstr ""

 #: paperless/settings.py:791
-msgid "Korean"
+msgid "Japanese"
 msgstr ""

 #: paperless/settings.py:792
-msgid "Luxembourgish"
+msgid "Korean"
 msgstr ""

 #: paperless/settings.py:793
-msgid "Norwegian"
+msgid "Luxembourgish"
 msgstr ""

 #: paperless/settings.py:794
-msgid "Dutch"
+msgid "Norwegian"
 msgstr ""

 #: paperless/settings.py:795
-msgid "Polish"
+msgid "Dutch"
 msgstr ""

 #: paperless/settings.py:796
-msgid "Portuguese (Brazil)"
+msgid "Polish"
 msgstr ""

 #: paperless/settings.py:797
-msgid "Portuguese"
+msgid "Portuguese (Brazil)"
 msgstr ""

 #: paperless/settings.py:798
-msgid "Romanian"
+msgid "Portuguese"
 msgstr ""

 #: paperless/settings.py:799
-msgid "Russian"
+msgid "Romanian"
 msgstr ""

 #: paperless/settings.py:800
-msgid "Slovak"
+msgid "Russian"
 msgstr ""

 #: paperless/settings.py:801
-msgid "Slovenian"
+msgid "Slovak"
 msgstr ""

 #: paperless/settings.py:802
-msgid "Serbian"
+msgid "Slovenian"
 msgstr ""

 #: paperless/settings.py:803
-msgid "Swedish"
+msgid "Serbian"
 msgstr ""

 #: paperless/settings.py:804
-msgid "Turkish"
+msgid "Swedish"
 msgstr ""

 #: paperless/settings.py:805
-msgid "Ukrainian"
+msgid "Turkish"
 msgstr ""

 #: paperless/settings.py:806
-msgid "Vietnamese"
+msgid "Ukrainian"
 msgstr ""

 #: paperless/settings.py:807
-msgid "Chinese Simplified"
+msgid "Vietnamese"
 msgstr ""

 #: paperless/settings.py:808
+msgid "Chinese Simplified"
+msgstr ""
+
+#: paperless/settings.py:809
 msgid "Chinese Traditional"
 msgstr ""

--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -786,6 +786,7 @@ LANGUAGES = [
    ("fi-fi", _("Finnish")),
    ("fr-fr", _("French")),
    ("hu-hu", _("Hungarian")),
+    ("id-id", _("Indonesian")),
    ("it-it", _("Italian")),
    ("ja-jp", _("Japanese")),
    ("ko-kr", _("Korean")),
--- a/src/paperless_mail/tests/test_mail.py
+++ b/src/paperless_mail/tests/test_mail.py
@@ -1108,6 +1108,7 @@ class TestMail(
        self.assertEqual(len(self.mailMocker.bogus_mailbox.messages), 2)
        self.assertEqual(len(self.mailMocker.bogus_mailbox.messages_spam), 1)

+    @pytest.mark.flaky(reruns=4)
    def test_error_skip_rule(self):
        account = MailAccount.objects.create(
            name="test2",
Author	SHA1	Message	Date
shamoon	f7a6f79c8b	Update test_workflows.py	2025-12-28 21:45:01 -08:00
shamoon	87dc22fbf6	Update test_workflows.py	2025-12-28 21:41:51 -08:00
shamoon	2332b3f6ad	and this	2025-12-28 21:02:02 -08:00
shamoon	5fbc985b67	simplify this	2025-12-28 21:00:06 -08:00
shamoon	7f95160a63	add api tests	2025-12-28 20:58:10 -08:00
shamoon	1aaf128bcb	Enhancement: password removal workflow action	2025-12-28 20:05:46 -08:00
shamoon	10db1e6405	Change param order	2025-12-28 16:05:38 -08:00
shamoon	0e2611163b	Fix docs	2025-12-28 16:05:38 -08:00
shamoon	b917db44ed	Cover this last bit	2025-12-28 16:05:38 -08:00
shamoon	bca409d932	Add password removal confirm dialog, with options	2025-12-28 16:05:38 -08:00
shamoon	07d67b3299	whitespace yay	2025-12-28 16:05:38 -08:00
shamoon	5fca9bac50	Fix formatting issue in document-detail.spec.ts	2025-12-28 16:05:38 -08:00
shamoon	b21df970fd	backend test coverage Added a test for the remove_password function to ensure it deletes the original document when specified.	2025-12-28 16:05:38 -08:00
shamoon	833890d0ca	fix frontend test coverage	2025-12-28 16:05:38 -08:00
shamoon	eb1708420e	Just hide for non-owners	2025-12-28 16:05:38 -08:00
shamoon	3bb74772a9	Backend coverage	2025-12-28 16:05:38 -08:00
shamoon	402c9af81b	Add test	2025-12-28 16:05:38 -08:00
shamoon	c1de78162b	Add update_document flag to bulkEdit remove_password	2025-12-28 16:05:38 -08:00
shamoon	f888722a73	Basic remove password bulk edit action	2025-12-28 16:05:38 -08:00
shamoon	99724a25a2	Fix: support ordering by storage path name (#11661 )	2025-12-28 16:05:21 -08:00
shamoon	504c824cfe	Fix: propagate metadata override created value (#11659 )	2025-12-27 19:42:45 -08:00
shamoon	01c7a345cb	Merge branch 'main' into dev	2025-12-26 11:03:55 -08:00
shamoon	985dc9be31	Documentation: default bool value consistency	2025-12-26 08:17:44 -08:00
GitHub Actions	890c2d6757	Auto translate strings	2025-12-24 05:28:28 +00:00
shamoon	00cf026524	Feature: Indonesian translation (#11641 )	2025-12-23 21:26:53 -08:00
shamoon	7604a0b583	Fix: prevent ASN collisions for merge operations (#11634 )	2025-12-19 20:05:34 -08:00
shamoon	4e789acf2d	Chore: mark test_error_skip_rule as flaky	2025-12-18 10:15:04 -08:00
shamoon	d9459d04ea	Chore: refactor preview URL variable naming and safeUrl usage	2025-12-18 09:59:14 -08:00