# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/ require 'rails_helper' require 'models/application_model_examples' require 'models/concerns/has_groups_examples' require 'models/concerns/has_history_examples' require 'models/concerns/has_roles_examples' require 'models/concerns/has_groups_permissions_examples' require 'models/concerns/has_xss_sanitized_note_examples' require 'models/concerns/has_image_sanitized_note_examples' require 'models/concerns/can_be_imported_examples' require 'models/concerns/can_csv_import_examples' require 'models/concerns/can_csv_import_user_examples' require 'models/concerns/has_object_manager_attributes_examples' require 'models/user/can_lookup_search_index_attributes_examples' require 'models/user/performs_geo_lookup_examples' require 'models/concerns/has_taskbars_examples' RSpec.describe User, type: :model do subject(:user) { create(:user) } let(:customer) { create(:customer) } let(:agent) { create(:agent) } let(:admin) { create(:admin) } it_behaves_like 'ApplicationModel', can_assets: { associations: :organization }, can_param: { sample_data_attribute: :email } it_behaves_like 'HasGroups', group_access_factory: :agent it_behaves_like 'HasHistory' it_behaves_like 'HasRoles', group_access_factory: :agent it_behaves_like 'HasXssSanitizedNote', model_factory: :user it_behaves_like 'HasImageSanitizedNote', model_factory: :user it_behaves_like 'HasGroups and Permissions', group_access_no_permission_factory: :user it_behaves_like 'CanBeImported' # it_behaves_like 'CanCsvImport', unique_attributes: 'email' include_examples 'CanCsvImport - User specific tests' it_behaves_like 'HasObjectManagerAttributes' it_behaves_like 'CanLookupSearchIndexAttributes' it_behaves_like 'HasTaskbars' it_behaves_like 'UserPerformsGeoLookup' it_behaves_like 'Association clears cache', association: :roles it_behaves_like 'Association clears cache', association: :organizations describe 'Class methods:' do describe '.identify' do it 'returns users by given login' do expect(described_class.identify(user.login)).to eq(user) end it 'returns users by given email' do expect(described_class.identify(user.email)).to eq(user) end it 'returns nil for empty username' do expect(described_class.identify('')).to be_nil end end describe '.reset_notifications_preferences!' do let(:sample_notifications) { { sample_notifications: true } } def change_setting_ticket_agent_default_notifications Setting.set('ticket_agent_default_notifications', sample_notifications) end context 'when user is agent' do before do # Create the agent, before the default notifications are set, so agent change_setting_ticket_agent_default_notifications end it 'changes existing matrix' do expect { described_class.reset_notifications_preferences!(agent) } .to change { agent.preferences.dig('notification_config', 'matrix') } .to sample_notifications end it 'sets matrix if preferences are empty' do agent.update_columns preferences: nil expect { described_class.reset_notifications_preferences!(agent) } .to change { agent.preferences&.dig('notification_config', 'matrix') } .to(sample_notifications) .from(nil) end it 'does not touch selected groups do' do agent.preferences['notification_config']['group_ids'] = ['123'] agent.save! expect { described_class.reset_notifications_preferences!(agent) } .not_to change { agent.preferences&.dig('notification_config', 'group_ids') } end end context 'when user is not agent' do before do # Create the customer, before the default notifications are set, so customer change_setting_ticket_agent_default_notifications end it 'does not change existing matrix' do expect { described_class.reset_notifications_preferences!(customer) } .not_to change { customer.preferences.dig('notification_config', 'matrix') } end it 'sets matrix if preferences are empty' do customer.update_columns preferences: nil expect { described_class.reset_notifications_preferences!(customer) } .not_to change { customer.preferences&.dig('notification_config', 'matrix') } .from(nil) end end end describe '.by_mobile' do let!(:user) { create(:customer, mobile: saved_mobile) } let(:saved_mobile) { '+4912341234' } context 'with a number saved with prefixed +' do context 'searching for the same mobile number' do it 'finds the user (by direct lookup)' do expect(described_class.by_mobile(number: saved_mobile)).to eq(user) end end context 'searching for the E.164 number without prefixed +' do it 'finds the user (through CTI lookup)' do expect(described_class.by_mobile(number: '4912341234')).to eq(user) end end end context 'with a number saved without prefixed +' do let(:saved_mobile) { '4912341234' } context 'searching for the same mobile number' do it 'finds the user (by direct lookup)' do expect(described_class.by_mobile(number: saved_mobile)).to eq(user) end end context 'searching for the number prefixed with +' do it 'finds the user (through CTI lookup)' do expect(described_class.by_mobile(number: '+4912341234')).to eq(user) end end end context 'with a non-matching number' do it 'does not find the user' do expect(described_class.by_mobile(number: '99999999999')).to be_nil end end end end describe 'Instance methods:' do describe '#out_of_office?' do context 'without any out_of_office_* attributes set' do it 'returns false' do expect(agent.out_of_office?).to be(false) end end context 'with valid #out_of_office_* attributes' do before do agent.update( out_of_office_start_at: Time.current.yesterday, out_of_office_end_at: Time.current.tomorrow, out_of_office_replacement_id: 1 ) end context 'but #out_of_office: false' do before { agent.update(out_of_office: false) } it 'returns false' do expect(agent.out_of_office?).to be(false) end end context 'and #out_of_office: true' do before { agent.update(out_of_office: true) } it 'returns true' do expect(agent.out_of_office?).to be(true) end context 'after the #out_of_office_end_at time has passed' do before { travel 2.days } it 'returns false (even though #out_of_office has not changed)' do expect(agent.out_of_office).to be(true) expect(agent.out_of_office?).to be(false) end end end end context 'date range is inclusive' do before do freeze_time agent.update( out_of_office: true, out_of_office_start_at: 1.day.from_now.to_date, out_of_office_end_at: 1.week.from_now.to_date, out_of_office_replacement_id: 1 ) end it 'today in office' do expect(agent).not_to be_out_of_office end it 'tomorrow not in office' do travel 1.day expect(agent).to be_out_of_office end it 'after 7 days not in office' do travel 7.days expect(agent).to be_out_of_office end it 'after 8 days in office' do travel 8.days expect(agent).not_to be_out_of_office end end # https://github.com/zammad/zammad/issues/3590 context 'when setting the same date' do before do freeze_time target_date = 1.day.from_now.to_date agent.update( out_of_office: true, out_of_office_start_at: target_date, out_of_office_end_at: target_date, out_of_office_replacement_id: 1 ) end it 'agent is out of office tomorrow' do travel 1.day expect(agent).to be_out_of_office end it 'agent is not out of office the day after tomorrow' do travel 2.days expect(agent).not_to be_out_of_office end it 'agent is not out of office today' do expect(agent).not_to be_out_of_office end context 'given it respects system time zone' do before do travel_to Time.current.end_of_day end it 'agent is in office if in UTC' do expect(agent).not_to be_out_of_office end it 'agent is out of office if ahead of UTC' do travel_to Time.current.end_of_day Setting.set('timezone_default', 'Europe/Vilnius') expect(agent).to be_out_of_office end end end end describe '#someones_out_of_office_replacement?' do it 'returns true when is replacing someone' do create(:agent).update!( out_of_office: true, out_of_office_start_at: 1.day.ago, out_of_office_end_at: 1.day.from_now, out_of_office_replacement_id: user.id, ) expect(user).to be_someones_out_of_office_replacement end it 'returns false when is not replacing anyone' do expect(user).not_to be_someones_out_of_office_replacement end end describe '#out_of_office_agent' do it { is_expected.to respond_to(:out_of_office_agent) } context 'when user has no designated substitute' do it 'returns nil' do expect(user.out_of_office_agent).to be_nil end end context 'when user has designated substitute' do subject(:user) do create(:user, out_of_office: out_of_office, out_of_office_start_at: Time.zone.yesterday, out_of_office_end_at: Time.zone.tomorrow, out_of_office_replacement_id: substitute.id,) end let(:substitute) { create(:user) } context 'but is not out of office' do let(:out_of_office) { false } it 'returns nil' do expect(user.out_of_office_agent).to be_nil end end context 'and is out of office' do let(:out_of_office) { true } it 'returns the designated substitute' do expect(user.out_of_office_agent).to eq(substitute) end end context 'with recursive out of office structure' do let(:out_of_office) { true } let(:substitute) do create(:user, out_of_office: out_of_office, out_of_office_start_at: Time.zone.yesterday, out_of_office_end_at: Time.zone.tomorrow, out_of_office_replacement_id: user_active.id,) end let!(:user_active) { create(:user) } it 'returns the designated substitute recursive' do expect(user.out_of_office_agent).to eq(user_active) end end context 'with recursive out of office structure with a endless loop' do let(:out_of_office) { true } let(:substitute) do create(:user, out_of_office: out_of_office, out_of_office_start_at: Time.zone.yesterday, out_of_office_end_at: Time.zone.tomorrow, out_of_office_replacement_id: user_active.id,) end let!(:user_active) do create(:user, out_of_office: out_of_office, out_of_office_start_at: Time.zone.yesterday, out_of_office_end_at: Time.zone.tomorrow, out_of_office_replacement_id: agent.id,) end before do user_active.update(out_of_office_replacement_id: substitute.id) end it 'returns the designated substitute recursive with a endless loop' do expect(user.out_of_office_agent).to eq(substitute) end end context 'with stack depth exceeding limit' do let(:replacement_chain) do user = create(:agent) 14 .times .each_with_object([user]) do |_, memo| memo << create(:agent, :ooo, ooo_agent: memo.last) end .reverse end let(:ids_executed) { [] } before do allow_any_instance_of(described_class).to receive(:out_of_office_agent).and_wrap_original do |method, **kwargs| ids_executed << method.receiver.id method.call(**kwargs) end allow(Rails.logger).to receive(:warn) end it 'returns the last agent at the limit' do expect(replacement_chain.first.out_of_office_agent).to eq replacement_chain[10] end it 'does not evaluate element beyond the limit' do user_beyond_limit = replacement_chain[11] replacement_chain.first.out_of_office_agent expect(ids_executed).not_to include(user_beyond_limit.id) end it 'does evaluate element within the limit' do user_within_limit = replacement_chain[5] replacement_chain.first.out_of_office_agent expect(ids_executed).to include(user_within_limit.id) end it 'logs error below the limit' do replacement_chain.first.out_of_office_agent expect(Rails.logger).to have_received(:warn).with(%r{#{Regexp.escape('Found more than 10 replacement levels for agent')}}) end it 'does not logs warn within the limit' do replacement_chain[10].out_of_office_agent expect(Rails.logger).not_to have_received(:warn) end end end end describe '#out_of_office_agent_of' do context 'when no other agents are out-of-office' do it 'returns an empty ActiveRecord::Relation' do expect(agent.out_of_office_agent_of) .to be_an(ActiveRecord::Relation) .and be_empty end end context 'when designated as the substitute' do let!(:agent_on_holiday) do create( :agent, out_of_office_start_at: Time.current.yesterday, out_of_office_end_at: Time.current.tomorrow, out_of_office_replacement_id: agent.id, out_of_office: out_of_office ) end context 'of an in-office agent' do let(:out_of_office) { false } it 'returns an empty ActiveRecord::Relation' do expect(agent.out_of_office_agent_of) .to be_an(ActiveRecord::Relation) .and be_empty end end context 'of an out-of-office agent' do let(:out_of_office) { true } it 'returns an ActiveRecord::Relation including that agent' do expect(agent.out_of_office_agent_of) .to contain_exactly(agent_on_holiday) end end context 'when inherited' do let(:out_of_office) { true } let!(:agent_on_holiday_sub) do create( :agent, out_of_office_start_at: Time.current.yesterday, out_of_office_end_at: Time.current.tomorrow, out_of_office_replacement_id: agent_on_holiday.id, out_of_office: out_of_office ) end it 'returns an ActiveRecord::Relation including both agents' do expect(agent.out_of_office_agent_of) .to contain_exactly(agent_on_holiday, agent_on_holiday_sub) end end context 'when inherited endless loop' do let(:out_of_office) { true } let!(:agent_on_holiday_sub) do create( :agent, out_of_office_start_at: Time.current.yesterday, out_of_office_end_at: Time.current.tomorrow, out_of_office_replacement_id: agent_on_holiday.id, out_of_office: out_of_office ) end let!(:agent_on_holiday_sub2) do create( :agent, out_of_office_start_at: Time.current.yesterday, out_of_office_end_at: Time.current.tomorrow, out_of_office_replacement_id: agent_on_holiday_sub.id, out_of_office: out_of_office ) end before do agent_on_holiday_sub.update(out_of_office_replacement_id: agent_on_holiday_sub2.id) end it 'returns an ActiveRecord::Relation including both agents referencing each other' do expect(agent_on_holiday_sub.out_of_office_agent_of) .to contain_exactly(agent_on_holiday_sub, agent_on_holiday_sub2) end end end end describe '#by_reset_token' do subject(:user) { token.user } let(:token) { create(:token_password_reset) } context 'with a valid token' do it 'returns the matching user' do expect(described_class.by_reset_token(token.token)).to eq(user) end end context 'with an invalid token' do it 'returns nil' do expect(described_class.by_reset_token('not-existing')).to be_nil end end end describe '#password_reset_via_token' do subject(:user) { token.user } let!(:token) { create(:token_password_reset) } it 'changes the password of the token user and destroys the token' do expect { described_class.password_reset_via_token(token.token, 'VYxesRc6O2') } .to change { user.reload.password } .and change(Token, :count).by(-1) end end describe '#admin_password_auth_new_token' do context 'with user role agent' do subject(:user) { create(:agent) } it 'returns no token' do expect(described_class.admin_password_auth_new_token(user.login)).to be_nil end end context 'with user role admin' do subject(:user) { create(:admin) } it 'returns token' do expect(described_class.admin_password_auth_new_token(user.login).keys).to include(:user, :token) end it 'delete existing tokens when creating multiple times' do described_class.admin_password_auth_new_token(user.login) described_class.admin_password_auth_new_token(user.login) expect(Token.where(action: 'AdminAuth', user_id: user.id).count).to eq(1) end end end describe '#admin_password_auth_via_token' do context 'with invalid token' do it 'returns nil' do expect(described_class.admin_password_auth_via_token('not-existing')).to be_nil end end context 'with valid token' do let(:user) { create(:admin) } it 'returns the matching user' do result = described_class.admin_password_auth_new_token(user.login) token = result[:token].token expect(described_class.admin_password_auth_via_token(token)).to match(user) end it 'destroys token' do result = described_class.admin_password_auth_new_token(user.login) token = result[:token].token expect { described_class.admin_password_auth_via_token(token) }.to change(Token, :count).by(-1) end end end describe '#permissions' do let(:user) { create(:agent).tap { |u| u.roles = [u.roles.first] } } let(:role) { user.roles.first } let(:permissions) { role.permissions } it 'is a simple association getter' do expect(user.permissions).to match_array(permissions) end context 'for inactive permissions' do before { permissions.first.update(active: false) } it 'omits them from the returned hash' do expect(user.permissions).not_to include(permissions.first) end end context 'for permissions on inactive roles' do before { role.update(active: false) } it 'omits them from the returned hash' do expect(user.permissions).not_to include(*role.permissions) end end end describe '#permissions?' do subject(:user) { create(:user, roles: [role]) } let(:role) { create(:role, permissions: [permission]) } let(:permission) { create(:permission, name: permission_name) } context 'with privileges for a root permission (e.g., "foo", not "foo.bar")' do let(:permission_name) { 'foo' } context 'when given that exact permission' do it 'returns true' do expect(user.permissions?('foo')).to be(true) end end context 'when given an active sub-permission' do before { create(:permission, name: 'foo.bar') } it 'returns true' do expect(user.permissions?('foo.bar')).to be(true) end end describe 'chain-of-ancestry quirk' do context 'when given an inactive sub-permission' do before { create(:permission, name: 'foo.bar.baz', active: false) } it 'returns false, even with active ancestors' do expect(user.permissions?('foo.bar.baz')).to be(false) end end context 'when given a sub-permission that does not exist' do before { create(:permission, name: 'foo.bar', active: false) } it 'can return true, even with inactive ancestors' do expect(user.permissions?('foo.bar.baz')).to be(true) end end end context 'when given a glob' do context 'matching that permission' do it 'returns true' do expect(user.permissions?('foo.*')).to be(true) end end context 'NOT matching that permission' do it 'returns false' do expect(user.permissions?('bar.*')).to be(false) end end end end context 'with privileges for a sub-permission (e.g., "foo.bar", not "foo")' do let(:permission_name) { 'foo.bar' } context 'when given that exact sub-permission' do it 'returns true' do expect(user.permissions?('foo.bar')).to be(true) end context 'but the permission is inactive' do before { permission.update(active: false) } it 'returns false' do expect(user.permissions?('foo.bar')).to be(false) end end end context 'when given a sibling sub-permission' do let(:sibling_permission) { create(:permission, name: 'foo.baz') } context 'that exists' do before { sibling_permission } it 'returns false' do expect(user.permissions?('foo.baz')).to be(false) end end context 'that does not exist' do it 'returns false' do expect(user.permissions?('foo.baz')).to be(false) end end end context 'when given the parent permission' do it 'returns false' do expect(user.permissions?('foo')).to be(false) end end context 'when given a glob' do context 'matching that sub-permission' do it 'returns true' do expect(user.permissions?('foo.*')).to be(true) end context 'but the permission is inactive' do before { permission.update(active: false) } it 'returns false' do expect(user.permissions?('foo.*')).to be(false) end end end context 'NOT matching that sub-permission' do it 'returns false' do expect(user.permissions?('bar.*')).to be(false) end end end end end describe '#permissions_with_child_ids' do context 'with privileges for a root permission (e.g., "foo", not "foo.bar")' do subject(:user) { create(:user, roles: [role]) } let(:role) { create(:role, permissions: [permission]) } let!(:permission) { create(:permission, name: 'foo') } let!(:child_permission) { create(:permission, name: 'foo.bar') } let!(:inactive_child_permission) { create(:permission, name: 'foo.baz', active: false) } it 'includes the IDs of user’s explicit permissions' do expect(user.permissions_with_child_ids) .to include(permission.id) end it 'includes the IDs of user’s active sub-permissions' do expect(user.permissions_with_child_ids) .to include(child_permission.id) .and not_include(inactive_child_permission.id) end end end describe '#permissions_with_child_names' do context 'with privileges for a root permission (e.g., "foo", not "foo.bar")' do subject(:user) { create(:user, roles: [role]) } let(:role) { create(:role, permissions: [permission]) } let!(:permission) { create(:permission, name: 'foo') } let!(:child_permission) { create(:permission, name: 'foo.bar') } let!(:inactive_child_permission) { create(:permission, name: 'foo.baz', active: false) } it 'includes the names of user’s explicit permissions' do expect(user.permissions_with_child_names) .to include(permission.name) end it 'includes the names of user’s active sub-permissions' do expect(user.permissions_with_child_names) .to include(child_permission.name) .and not_include(inactive_child_permission.name) end end end describe '#locale' do subject(:user) { create(:user, preferences: preferences) } context 'with no #preferences[:locale]' do let(:preferences) { {} } context 'with default locale' do before { Setting.set('locale_default', 'foo') } it 'returns the system-wide default locale' do expect(user.locale).to eq('foo') end end context 'without default locale' do before { Setting.set('locale_default', nil) } it 'returns en-us' do expect(user.locale).to eq('en-us') end end end context 'with a #preferences[:locale]' do let(:preferences) { { locale: 'bar' } } it 'returns the user’s configured locale' do expect(user.locale).to eq('bar') end end end describe '#check_login' do let(:agent) { create(:agent) } it 'does use the origin login' do new_agent = create(:agent) expect(new_agent.login).not_to end_with('1') end it 'does number up agent logins (1)' do new_agent = create(:agent, login: agent.login) expect(new_agent.login).to eq("#{agent.login}1") end it 'does number up agent logins (5)' do new_agent = create(:agent, login: agent.login) 4.times do new_agent = create(:agent, login: agent.login) end expect(new_agent.login).to eq("#{agent.login}5") end it 'does backup with uuid in cases of many duplicates' do new_agent = create(:agent, login: agent.login) 20.times do new_agent = create(:agent, login: agent.login) end expect(new_agent.login.sub!(agent.login, '')).to be_a_uuid end end describe '#check_name' do it 'guesses user first/last name with non-ASCII characters' do user = create(:user, firstname: 'perkūnas ąžuolas', lastname: '') expect(user).to have_attributes(firstname: 'Perkūnas', lastname: 'Ąžuolas') end end describe '#two_factor_configured?' do let(:user) { create(:user) } context 'with no two factor configured' do it 'returns false' do expect(user.two_factor_configured?).to be(false) end end context 'with two factor configured' do before do create(:user_two_factor_preference, :authenticator_app, user: user) end it 'returns true' do # 'user' variable is cached + was created before the preference was set. expect(user.reload.two_factor_configured?).to be(true) end end end end describe 'Attributes:' do describe '#out_of_office' do context 'with #out_of_office_start_at: nil' do before { agent.update(out_of_office_start_at: nil, out_of_office_end_at: Time.current) } it 'cannot be set to true' do expect { agent.update(out_of_office: true) } .to raise_error(Exceptions::UnprocessableEntity) end end context 'with #out_of_office_end_at: nil' do before { agent.update(out_of_office_start_at: Time.current, out_of_office_end_at: nil) } it 'cannot be set to true' do expect { agent.update(out_of_office: true) } .to raise_error(Exceptions::UnprocessableEntity) end end context 'when #out_of_office_start_at is AFTER #out_of_office_end_at' do before { agent.update(out_of_office_start_at: Time.current.tomorrow, out_of_office_end_at: Time.current.next_month) } it 'cannot be set to true' do expect { agent.update(out_of_office: true) } .to raise_error(Exceptions::UnprocessableEntity) end end context 'when #out_of_office_start_at is AFTER Time.current' do before { agent.update(out_of_office_start_at: Time.current.tomorrow, out_of_office_end_at: Time.current.yesterday) } it 'cannot be set to true' do expect { agent.update(out_of_office: true) } .to raise_error(Exceptions::UnprocessableEntity) end end context 'when #out_of_office_end_at is BEFORE Time.current' do before { agent.update(out_of_office_start_at: Time.current.last_month, out_of_office_end_at: Time.current.yesterday) } it 'cannot be set to true' do expect { agent.update(out_of_office: true) } .to raise_error(Exceptions::UnprocessableEntity) end end end describe '#out_of_office_replacement_id' do it 'cannot be set to invalid user ID' do expect { agent.update(out_of_office_replacement_id: described_class.pluck(:id).max.next) } .to raise_error(ActiveRecord::InvalidForeignKey) end it 'can be set to a valid user ID' do expect { agent.update(out_of_office_replacement_id: 1) } .not_to raise_error end end describe '#login_failed' do before { user.update(login_failed: 1) } it 'is reset to 0 when password is updated' do expect { user.update(password: Faker::Internet.password) } .to change(user, :login_failed).to(0) end end describe '#password' do let(:password) { Faker::Internet.password } context 'when set to plaintext password' do it 'hashes password before saving to DB' do user.password = password expect { user.save } .to change { PasswordHash.crypted?(user.password) } end end context 'for existing user records' do before do user.update(password: password) allow(user).to receive(:ensured_password).and_call_original end context 'when changed to empty string' do it 'keeps previous password' do expect { user.update!(password: '') } .not_to change(user, :password) end it 'calls #ensured_password' do user.update!(password: '') expect(user).to have_received(:ensured_password) end end context 'when changed to nil' do it 'keeps previous password' do expect { user.update!(password: nil) } .not_to change(user, :password) end it 'calls #ensured_password' do user.update!(password: nil) expect(user).to have_received(:ensured_password) end end context 'when changed another attribute' do it 'keeps previous password' do expect { user.update!(email: "123#{user.email}") } .not_to change(user, :password) end it 'does not call #ensured_password' do user.update!(email: "123#{user.email}") expect(user).not_to have_received(:ensured_password) end end end context 'for new user records' do context 'when passed as an empty string' do let(:another_user) { create(:user, password: '') } it 'sets password to nil' do expect(another_user.password).to be_nil end end context 'when passed as nil' do let(:another_user) { create(:user, password: nil) } it 'sets password to nil' do expect(another_user.password).to be_nil end end end context 'when set to SHA2 digest (to facilitate OTRS imports)' do it 'does not re-hash before saving' do user.password = "{sha2}#{Digest::SHA2.hexdigest(password)}" expect { user.save }.not_to change(user, :password) end end context 'when set to Argon2 digest' do it 'does not re-hash before saving' do user.password = PasswordHash.crypt(password) expect { user.save }.not_to change(user, :password) end end context 'when creating two users with the same password' do before { user.update(password: password) } let(:another_user) { create(:user, password: password) } it 'does not generate the same password hash' do expect(user.password).not_to eq(another_user.password) end end context 'when saving a very long password' do let(:long_string) { "asd1ASDasd!#{Faker::Lorem.characters(number: 1_000)}" } it 'marks object as invalid by adding error' do user.update(password: long_string) expect(user.errors.first.full_message).to eq('Password is too long') end end end describe '#phone' do subject(:user) { create(:user, phone: orig_number) } context 'when included on create' do let(:orig_number) { '1234567890' } it 'adds corresponding CallerId record' do expect { user } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(1) end end context 'when added on update' do let(:orig_number) { nil } let(:new_number) { '1234567890' } before { user } # create user it 'adds corresponding CallerId record' do expect { user.update(phone: new_number) } .to change { Cti::CallerId.where(caller_id: new_number).count }.by(1) end end context 'when falsely added on update (change: [nil, ""])' do let(:orig_number) { nil } let(:new_number) { '' } before { user } # create user it 'does not attempt to update CallerId record' do allow(Cti::CallerId).to receive(:build).with(any_args) expect(Cti::CallerId.where(object: 'User', o_id: user.id).count) .to eq(0) expect { user.update(phone: new_number) } .not_to change { Cti::CallerId.where(object: 'User', o_id: user.id).count } expect(Cti::CallerId).not_to have_received(:build) end end context 'when removed on update' do let(:orig_number) { '1234567890' } let(:new_number) { nil } before { user } # create user it 'removes corresponding CallerId record' do expect { user.update(phone: nil) } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(-1) end end context 'when changed on update' do let(:orig_number) { '1234567890' } let(:new_number) { orig_number.next } before { user } # create user it 'replaces CallerId record' do expect { user.update(phone: new_number) } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(-1) .and change { Cti::CallerId.where(caller_id: new_number).count }.by(1) end end end describe '#preferences' do describe '"mail_delivery_failed{,_data}" keys' do before do user.update( preferences: { mail_delivery_failed: true, mail_delivery_failed_data: Time.current } ) end it 'deletes "mail_delivery_failed"' do expect { user.update(email: Faker::Internet.email) } .to change { user.preferences.key?(:mail_delivery_failed) }.to(false) end it 'leaves "mail_delivery_failed_data" untouched' do expect { user.update(email: Faker::Internet.email) } .to not_change { user.preferences[:mail_delivery_failed_data] } end end end describe '#image' do describe 'when value is invalid' do let(:value) { 'Th1515n0t4v4l1dh45h' } it 'prevents create' do expect { create(:user, image: value) }.to raise_error(Exceptions::UnprocessableEntity, %r{#{value}}) end it 'prevents update' do expect { create(:user).update!(image: value) }.to raise_error(Exceptions::UnprocessableEntity, %r{#{value}}) end end end describe '#image_source' do describe 'when value is invalid' do let(:value) { 'Th1515n0t4v4l1dh45h' } let(:escaped) { Regexp.escape(value) } it 'valid create' do expect(create(:user, image_source: 'https://zammad.org/avatar.png').image_source).not_to be_nil end it 'removes invalid image source of create' do expect(create(:user, image_source: value).image_source).to be_nil end it 'removes invalid image source of update' do user = create(:user) user.update!(image_source: value) expect(user.image_source).to be_nil end end end describe 'fetch_avatar_for_email', performs_jobs: true do it 'enqueues avatar job when creating a user with email' do expect { create(:user) }.to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when creating a user without email' do expect { create(:user, :without_email) }.not_to have_enqueued_job AvatarCreateJob end context 'with an existing user' do before do agent clear_jobs end it 'enqueues avatar job when updating a user with email' do expect { agent.update! email: 'avatar@example.com' }.to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when updating a user without email' do expect { agent.update! login: 'avatar_login', email: nil }.not_to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when updating a user having email' do expect { agent.update! firstname: 'no avatar update' }.not_to have_enqueued_job AvatarCreateJob end end end end describe 'Associations:' do subject(:user) { create(:agent, groups: [group_subject]) } let!(:group_subject) { create(:group) } it 'does remove references before destroy' do refs_known = { 'Group' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Token' => { 'user_id' => 1 }, 'Ticket::Article' => { 'created_by_id' => 1, 'updated_by_id' => 1, 'origin_by_id' => 1 }, 'Ticket::StateType' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Sender' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Type' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Flag' => { 'created_by_id' => 0 }, 'Ticket::Priority' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::SharedDraftStart' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Ticket::SharedDraftZoom' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Ticket::TimeAccounting' => { 'created_by_id' => 0 }, 'Ticket::TimeAccounting::Type' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::State' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Flag' => { 'created_by_id' => 0 }, 'PostmasterFilter' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'PublicLink' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'User::TwoFactorPreference' => { 'created_by_id' => 1, 'updated_by_id' => 1, 'user_id' => 1 }, 'OnlineNotification' => { 'user_id' => 1, 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket' => { 'created_by_id' => 0, 'updated_by_id' => 0, 'owner_id' => 1, 'customer_id' => 3 }, 'Template' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Avatar' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Scheduler' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Chat' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'HttpLog' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'EmailAddress' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Taskbar' => { 'user_id' => 1 }, 'Sla' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'UserDevice' => { 'user_id' => 1 }, 'Chat::Message' => { 'created_by_id' => 1 }, 'Chat::Agent' => { 'created_by_id' => 1, 'updated_by_id' => 1 }, 'Chat::Session' => { 'user_id' => 1, 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Tag' => { 'created_by_id' => 0 }, 'RecentView' => { 'created_by_id' => 1 }, 'KnowledgeBase::Answer::Translation' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'LdapSource' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'KnowledgeBase::Answer' => { 'archived_by_id' => 1, 'published_by_id' => 1, 'internal_by_id' => 1 }, 'Report::Profile' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Package' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Job' => { 'created_by_id' => 0, 'updated_by_id' => 1 }, 'Store' => { 'created_by_id' => 0 }, 'Cti::CallerId' => { 'user_id' => 1 }, 'DataPrivacyTask' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Trigger' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Translation' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ObjectManager::Attribute' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'User' => { 'created_by_id' => 2, 'out_of_office_replacement_id' => 1, 'updated_by_id' => 2 }, 'User::OverviewSorting' => { 'created_by_id' => 0, 'updated_by_id' => 0, 'user_id' => 1 }, 'Organization' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Macro' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'CoreWorkflow' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Mention' => { 'created_by_id' => 1, 'updated_by_id' => 0, 'user_id' => 1 }, 'Channel' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Role' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'History' => { 'created_by_id' => 6 }, 'Webhook' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Overview' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'PGPKey' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ActivityStream' => { 'created_by_id' => 0 }, 'StatsStore' => { 'created_by_id' => 0 }, 'TextModule' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Calendar' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'UserGroup' => { 'user_id' => 1 }, 'Signature' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Authorization' => { 'user_id' => 1 } } # delete objects token = create(:token, user: user) online_notification = create(:online_notification, user: user) taskbar = create(:taskbar, user: user) user_device = create(:user_device, user: user) cti_caller_id = create(:cti_caller_id, user: user) authorization = create(:twitter_authorization, user: user) recent_view = create(:recent_view, created_by: user) avatar = create(:avatar, o_id: user.id) overview = create(:overview, created_by_id: user.id, user_ids: [user.id]) mention = build(:mention, mentionable: create(:ticket), user: user).tap { |elem| elem.save!(validate: false) } mention_created_by = build(:mention, mentionable: create(:ticket), user: create(:agent), created_by: user).tap { |elem| elem.save!(validate: false) } user_created_by = create(:customer, created_by_id: user.id, updated_by_id: user.id, out_of_office_replacement_id: user.id) chat_session = create(:'chat/session', user: user) chat_message = create(:'chat/message', chat_session: chat_session) chat_message2 = create(:'chat/message', chat_session: chat_session, created_by: user) draft_start = create(:ticket_shared_draft_start, created_by: user) draft_zoom = create(:ticket_shared_draft_zoom, created_by: user) public_link = create(:public_link, created_by: user) user_two_factor_preference = create(:user_two_factor_preference, :authenticator_app, user: user) user_overview_sorting = create(:'user/overview_sorting', user: user) expect(overview.reload.user_ids).to eq([user.id]) # create a chat agent for admin user (id=1) before agent user # to be sure that the data gets removed and not mapped which # would result in a foreign key because of the unique key on the # created_by_id and updated_by_id. create(:'chat/agent') chat_agent_user = create(:'chat/agent', created_by_id: user.id, updated_by_id: user.id) # invalid user (by email) which has been updated by the user which # will get deleted (#3935) invalid_user = build(:user, email: 'abc', created_by_id: user.id, updated_by_id: user.id) invalid_user.save!(validate: false) # move ownership objects group = create(:group, created_by_id: user.id) job = create(:job, updated_by_id: user.id) ticket = create(:ticket, group: group_subject, owner: user) ticket_article = create(:ticket_article, ticket: ticket, created_by_id: user.id, updated_by_id: user.id, origin_by_id: user.id) customer_ticket1 = create(:ticket, group: group_subject, customer: user) customer_ticket2 = create(:ticket, group: group_subject, customer: user) customer_ticket3 = create(:ticket, group: group_subject, customer: user) knowledge_base_answer = create(:knowledge_base_answer, archived_by_id: user.id, published_by_id: user.id, internal_by_id: user.id) refs_user = Models.references('User', user.id, true) expect(refs_user).to eq(refs_known) user.destroy expect { token.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { online_notification.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { taskbar.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_device.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { cti_caller_id.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { authorization.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { recent_view.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { avatar.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket1.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket2.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket3.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_agent_user.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { mention.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect(mention_created_by.reload.created_by_id).not_to eq(user.id) expect(overview.reload.user_ids).to eq([]) expect { chat_session.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_message.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_message2.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_two_factor_preference.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_overview_sorting.reload }.to raise_exception(ActiveRecord::RecordNotFound) # move ownership objects expect { group.reload }.to change(group, :created_by_id).to(1) expect { job.reload }.to change(job, :updated_by_id).to(1) expect { ticket.reload }.to change(ticket, :owner_id).to(1) expect { ticket_article.reload } .to change(ticket_article, :origin_by_id).to(1) .and change(ticket_article, :updated_by_id).to(1) .and change(ticket_article, :created_by_id).to(1) expect { knowledge_base_answer.reload } .to change(knowledge_base_answer, :archived_by_id).to(1) .and change(knowledge_base_answer, :published_by_id).to(1) .and change(knowledge_base_answer, :internal_by_id).to(1) expect { user_created_by.reload } .to change(user_created_by, :created_by_id).to(1) .and change(user_created_by, :updated_by_id).to(1) .and change(user_created_by, :out_of_office_replacement_id).to(1) expect { draft_start.reload }.to change(draft_start, :created_by_id).to(1) expect { draft_zoom.reload }.to change(draft_zoom, :created_by_id).to(1) expect { invalid_user.reload }.to change(invalid_user, :created_by_id).to(1) expect { public_link.reload }.to change(public_link, :created_by_id).to(1) end it 'does delete cache after user deletion' do online_notification = create(:online_notification, created_by_id: user.id) online_notification.attributes_with_association_ids user.destroy expect(online_notification.reload.attributes_with_association_ids['created_by_id']).to eq(1) end it 'does return an exception on blocking dependencies' do expect { user.send(:destroy_move_dependency_ownership) }.to raise_error(RuntimeError, 'Failed deleting references! Check logic for UserGroup->user_id.') end describe '#organization' do describe 'email domain-based assignment' do subject(:user) { build(:user) } context 'when not set on creation' do before { user.assign_attributes(organization: nil) } context 'and #email domain matches an existing Organization#domain' do before { user.assign_attributes(email: 'user@example.com') } let(:organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is false (default)' do before { organization.update(domain_assignment: false) } it 'remains nil' do expect { user.save }.not_to change(user, :organization) end end context 'and Organization#domain_assignment is true' do before { organization.update(domain_assignment: true) } it 'is automatically set to matching Organization' do expect { user.save } .to change(user, :organization).to(organization) end end end context 'and #email domain doesn’t match any Organization#domain' do before { user.assign_attributes(email: 'user@example.net') } let(:organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is true' do before { organization.update(domain_assignment: true) } it 'remains nil' do expect { user.save }.not_to change(user, :organization) end end end end context 'when set on creation' do before { user.assign_attributes(organization: specified_organization) } let(:specified_organization) { create(:organization, domain: 'example.net') } context 'and #email domain matches a DIFFERENT Organization#domain' do before { user.assign_attributes(email: 'user@example.com') } let!(:matching_organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is true' do before { matching_organization.update(domain_assignment: true) } it 'is NOT automatically set to matching Organization' do expect { user.save } .not_to change(user, :organization).from(specified_organization) end end end end end end end describe 'Callbacks, Observers, & Async Transactions -' do describe 'System-wide agent limit checks:' do let(:agent_role) { Role.lookup(name: 'Agent') } let(:admin_role) { Role.lookup(name: 'Admin') } let(:current_agents) { described_class.with_permissions('ticket.agent') } describe '#validate_agent_limit_by_role' do context 'for Integer value of system_agent_limit' do context 'before exceeding the agent limit' do before { Setting.set('system_agent_limit', current_agents.count + 1) } it 'grants agent creation' do expect { create(:agent) } .to change(current_agents, :count).by(1) end it 'grants role change' do future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to change(current_agents, :count).by(1) end describe 'role updates' do let(:agent) { create(:agent) } it 'grants update by instances' do expect { agent.roles = [admin_role, agent_role] } .not_to raise_error end it 'grants update by id (Integer)' do expect { agent.role_ids = [admin_role.id, agent_role.id] } .not_to raise_error end it 'grants update by id (String)' do expect { agent.role_ids = [admin_role.id.to_s, agent_role.id.to_s] } .not_to raise_error end end end context 'when exceeding the agent limit' do it 'creation of new agents' do Setting.set('system_agent_limit', current_agents.count + 2) create_list(:agent, 2) expect { create(:agent) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end it 'prevents role change' do Setting.set('system_agent_limit', current_agents.count) future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end context 'for String value of system_agent_limit' do context 'before exceeding the agent limit' do before { Setting.set('system_agent_limit', (current_agents.count + 1).to_s) } it 'grants agent creation' do expect { create(:agent) } .to change(current_agents, :count).by(1) end it 'grants role change' do future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to change(current_agents, :count).by(1) end describe 'role updates' do let(:agent) { create(:agent) } it 'grants update by instances' do expect { agent.roles = [admin_role, agent_role] } .not_to raise_error end it 'grants update by id (Integer)' do expect { agent.role_ids = [admin_role.id, agent_role.id] } .not_to raise_error end it 'grants update by id (String)' do expect { agent.role_ids = [admin_role.id.to_s, agent_role.id.to_s] } .not_to raise_error end end end context 'when exceeding the agent limit' do it 'creation of new agents' do Setting.set('system_agent_limit', (current_agents.count + 2).to_s) create_list(:agent, 2) expect { create(:agent) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end it 'prevents role change' do Setting.set('system_agent_limit', current_agents.count.to_s) future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end context 'when limit was exceeded but users where removed' do let(:agent_1) { create(:agent) } let(:agent_2) { create(:agent) } before do agent_1 && agent_2 Setting.set('system_agent_limit', current_agents.count) end it 'allows to create a new agent after destroying agents to be under the limit' do agent_1.destroy! agent_2.destroy! expect { create(:agent) } .not_to raise_error end end end end describe '#validate_agent_limit_by_attributes' do context 'for Integer value of system_agent_limit' do before { Setting.set('system_agent_limit', current_agents.count) } context 'when exceeding the agent limit' do it 'prevents re-activation of agents' do inactive_agent = create(:agent, active: false) expect { inactive_agent.update!(active: true) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end context 'for String value of system_agent_limit' do before { Setting.set('system_agent_limit', current_agents.count.to_s) } context 'when exceeding the agent limit' do it 'prevents re-activation of agents' do inactive_agent = create(:agent, active: false) expect { inactive_agent.update!(active: true) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end end end describe 'Touching associations on update:' do subject!(:user) { create(:customer) } let!(:organization) { create(:organization) } context 'when a customer gets a organization' do it 'touches its organization' do expect { user.update(organization: organization) } .to change { organization.reload.updated_at } end end end describe 'Cti::CallerId syncing:' do context 'with a #phone attribute' do subject(:user) { build(:user, phone: '1234567890') } it 'adds CallerId record on creation (via Cti::CallerId.build)' do expect(Cti::CallerId).to receive(:build).with(user) user.save end it 'does not update CallerId record on touch/update (via Cti::CallerId.build)' do expect(Cti::CallerId).to receive(:build).with(user) user.save expect(Cti::CallerId).not_to receive(:build).with(user) user.touch end it 'destroys CallerId record on deletion' do user.save expect { user.destroy } .to change(Cti::CallerId, :count).by(-1) end end end describe 'Cti::Log syncing:' do context 'with existing Log records', performs_jobs: true do context 'for incoming calls from an unknown number' do let!(:log) { create(:'cti/log', :with_preferences, from: '1234567890', direction: 'in') } context 'when creating a new user with that number' do subject(:user) { build(:user, phone: log.from) } it 'populates #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.save perform_enqueued_jobs commit_transaction: true end.to change { log.reload.preferences[:from]&.first } .to(hash_including('caller_id' => user.phone)) end end context 'when updating a user with that number' do subject(:user) { create(:user) } it 'populates #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: log.from) perform_enqueued_jobs commit_transaction: true end.to change { log.reload.preferences[:from]&.first } .to(hash_including('object' => 'User', 'o_id' => user.id)) end end context 'when creating a new user with an empty number' do subject(:user) { build(:user, phone: '') } it 'does not modify any Log records' do expect do user.save perform_enqueued_jobs commit_transaction: true end.not_to change { log.reload.attributes } end end context 'when creating a new user with no number' do subject(:user) { build(:user, phone: nil) } it 'does not modify any Log records' do expect do user.save perform_enqueued_jobs commit_transaction: true end.not_to change { log.reload.attributes } end end end context 'for incoming calls from the given user' do subject(:user) { create(:user, phone: '1234567890') } let!(:logs) { create_list(:'cti/log', 5, :with_preferences, from: user.phone, direction: 'in') } context 'when updating #phone attribute' do context 'to another number' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: '0123456789') perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end context 'to an empty string' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: '') perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end context 'to nil' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: nil) perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end end context 'when updating attributes other than #phone' do it 'does not modify any Log records' do expect do user.update(mobile: '2345678901') perform_enqueued_jobs commit_transaction: true end.not_to change { logs.map { |x| x.reload.attributes } } end end end end end end describe 'Assign user to multiple organizations #1573' do context 'when importing users via csv' do let(:organization1) { create(:organization) } let(:organization2) { create(:organization) } let(:organization3) { create(:organization) } let(:organization4) { create(:organization) } let(:user) { create(:agent, organization: organization1, organizations: [organization2, organization3]) } def csv_import(string) User.csv_import( string: string, parse_params: { col_sep: ',', }, try: false, delete: false, ) end before do user end it 'does not change user on re-import' do expect { csv_import(described_class.csv_example) }.not_to change { user.reload.updated_at } end it 'does not change user on different organization order' do string = described_class.csv_example string.sub!(organization3.name, organization2.name) string.sub!(organization2.name, organization3.name) expect { csv_import(string) }.not_to change { user.reload.updated_at } end it 'does change user on different organizations' do string = described_class.csv_example string.sub!(organization2.name, organization4.name) expect { csv_import(string) }.to change { user.reload.updated_at } end end context 'when creating users' do it 'does not allow creation without primary organization but secondary organizations' do expect { create(:agent, organization: nil, organizations: create_list(:organization, 1)) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: Secondary organizations are only allowed when the primary organization is given.') end it 'does not allow creation with more than 250 organizations' do expect { create(:agent, organization: create(:organization), organizations: create_list(:organization, 251)) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: More than 250 secondary organizations are not allowed.') end end end describe 'Check default agent notifications preferences' do context 'when creating users' do it 'does apply default agent notification to agent preferences' do user = create(:agent) expect(user.reload.preferences[:notification_config][:matrix]).to eq(Setting.get('ticket_agent_default_notifications')) end it 'does not apply default agent notification to customer preferences' do user = create(:customer) expect(user.reload.preferences[:notification_config]).to be_blank end end context 'when adding role to existing user' do it 'does apply default agent notification to agent preferences (without "ticket.agent" permission before)' do future_agent = create(:customer) expect { future_agent.roles = [Role.lookup(name: 'Agent')] } .to change { future_agent.reload.preferences.dig('notification_config', 'matrix') } .to Setting.get('ticket_agent_default_notifications') end it 'does not apply default agent notification to agent preferences (with "ticket.agent" permission before)' do agent = create(:agent) expect { agent.roles = [Role.lookup(name: 'Customer')] } .not_to change { agent.reload.preferences.dig('notification_config', 'matrix') } end end end describe 'Sanitizes name attributes for offending URLs' do shared_examples 'sanitizing user name attributes' do |firstname, lastname| it 'sanitizes user name attributes' do expect(user).to have_attributes(firstname: firstname, lastname: lastname) end end context 'with firstname attribute only' do let(:user) { create(:customer, firstname: value, lastname: nil, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:value) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:value) { 'zammad.org' } it_behaves_like 'sanitizing user name attributes', 'zammad.org' end context 'when containing a URL with a scheme' do let(:value) { 'Click here to confirm https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click', 'here to confirm zammad.org/participate then log in' end context 'when containing a URL with an invalid scheme' do let(:value) { 'A: Testing' } it_behaves_like 'sanitizing user name attributes', 'A:', 'Testing' end end context 'with lastname attribute only' do let(:user) { create(:customer, firstname: nil, lastname: value, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:value) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', nil, 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:value) { 'zammad.org' } it_behaves_like 'sanitizing user name attributes', nil, 'zammad.org' end context 'when containing a URL with a scheme' do let(:value) { 'Click here to confirm https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click', 'here to confirm zammad.org/participate then log in' end end context 'with both firstname and lastname attribute' do let(:user) { create(:customer, firstname: firstname, lastname: lastname, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:firstname) { 'Click here to confirm' } let(:lastname) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', 'Click here to confirm', 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:firstname) { 'zammad.org' } let(:lastname) { 'Foundation' } it_behaves_like 'sanitizing user name attributes', 'zammad.org', 'Foundation' end context 'when containing a URL with a scheme' do let(:firstname) { 'Click here to confirm' } let(:lastname) { 'https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click here to confirm', 'zammad.org/participate then log in' end context 'when containing a URL with an invalid scheme' do let(:firstname) { 'Dummy R: Berlin' } let(:lastname) { 'Mail' } it_behaves_like 'sanitizing user name attributes', 'Dummy R: Berlin', 'Mail' end end end end