# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/ require 'rails_helper' require 'models/application_model_examples' require 'models/concerns/has_groups_examples' require 'models/concerns/has_history_examples' require 'models/concerns/has_roles_examples' require 'models/concerns/has_groups_permissions_examples' require 'models/concerns/has_xss_sanitized_note_examples' require 'models/concerns/has_image_sanitized_note_examples' require 'models/concerns/can_be_imported_examples' require 'models/concerns/can_csv_import_examples' require 'models/concerns/can_csv_import_user_examples' require 'models/concerns/has_object_manager_attributes_examples' require 'models/user/can_lookup_search_index_attributes_examples' require 'models/user/performs_geo_lookup_examples' require 'models/concerns/has_taskbars_examples' require 'models/concerns/has_two_factor_examples' RSpec.describe User, type: :model do subject(:user) { create(:user) } let(:customer) { create(:customer) } let(:agent) { create(:agent) } let(:admin) { create(:admin) } it_behaves_like 'ApplicationModel', can_assets: { associations: :organization }, can_param: { sample_data_attribute: :email } it_behaves_like 'HasGroups', group_access_factory: :agent it_behaves_like 'HasHistory' it_behaves_like 'HasRoles', group_access_factory: :agent it_behaves_like 'HasXssSanitizedNote', model_factory: :user it_behaves_like 'HasImageSanitizedNote', model_factory: :user it_behaves_like 'HasGroups and Permissions', group_access_no_permission_factory: :user it_behaves_like 'CanBeImported' # it_behaves_like 'CanCsvImport', unique_attributes: 'email' include_examples 'CanCsvImport - User specific tests' it_behaves_like 'HasObjectManagerAttributes' it_behaves_like 'CanLookupSearchIndexAttributes' it_behaves_like 'HasTaskbars' it_behaves_like 'UserPerformsGeoLookup' it_behaves_like 'Association clears cache', association: :roles it_behaves_like 'Association clears cache', association: :organizations it_behaves_like 'User::HasTwoFactor' describe 'Class methods:' do describe '.identify' do it 'returns users by given login' do expect(described_class.identify(user.login)).to eq(user) end it 'returns users by given email' do expect(described_class.identify(user.email)).to eq(user) end it 'returns nil for empty username' do expect(described_class.identify('')).to be_nil end end describe '.reset_notifications_preferences!' do let(:sample_notifications) { { sample_notifications: true } } def change_setting_ticket_agent_default_notifications Setting.set('ticket_agent_default_notifications', sample_notifications) end context 'when user is agent' do before do # Create the agent, before the default notifications are set, so agent change_setting_ticket_agent_default_notifications end it 'changes existing matrix' do expect { described_class.reset_notifications_preferences!(agent) } .to change { agent.preferences.dig('notification_config', 'matrix') } .to sample_notifications end it 'sets matrix if preferences are empty' do agent.update_columns preferences: nil expect { described_class.reset_notifications_preferences!(agent) } .to change { agent.preferences&.dig('notification_config', 'matrix') } .to(sample_notifications) .from(nil) end it 'does not touch selected groups do' do agent.preferences['notification_config']['group_ids'] = ['123'] agent.save! expect { described_class.reset_notifications_preferences!(agent) } .not_to change { agent.preferences&.dig('notification_config', 'group_ids') } end end context 'when user is not agent' do before do # Create the customer, before the default notifications are set, so customer change_setting_ticket_agent_default_notifications end it 'does not change existing matrix' do expect { described_class.reset_notifications_preferences!(customer) } .not_to change { customer.preferences.dig('notification_config', 'matrix') } end it 'sets matrix if preferences are empty' do customer.update_columns preferences: nil expect { described_class.reset_notifications_preferences!(customer) } .not_to change { customer.preferences&.dig('notification_config', 'matrix') } .from(nil) end end end describe '.by_mobile' do let!(:user) { create(:customer, mobile: saved_mobile) } let(:saved_mobile) { '+4912341234' } context 'with a number saved with prefixed +' do context 'searching for the same mobile number' do it 'finds the user (by direct lookup)' do expect(described_class.by_mobile(number: saved_mobile)).to eq(user) end end context 'searching for the E.164 number without prefixed +' do it 'finds the user (through CTI lookup)' do expect(described_class.by_mobile(number: '4912341234')).to eq(user) end end end context 'with a number saved without prefixed +' do let(:saved_mobile) { '4912341234' } context 'searching for the same mobile number' do it 'finds the user (by direct lookup)' do expect(described_class.by_mobile(number: saved_mobile)).to eq(user) end end context 'searching for the number prefixed with +' do it 'finds the user (through CTI lookup)' do expect(described_class.by_mobile(number: '+4912341234')).to eq(user) end end end context 'with a non-matching number' do it 'does not find the user' do expect(described_class.by_mobile(number: '99999999999')).to be_nil end end end end describe 'Instance methods:' do describe '#by_reset_token' do subject(:user) { token.user } let(:token) { create(:token_password_reset) } context 'with a valid token' do it 'returns the matching user' do expect(described_class.by_reset_token(token.token)).to eq(user) end end context 'with an invalid token' do it 'returns nil' do expect(described_class.by_reset_token('not-existing')).to be_nil end end end describe '#password_reset_via_token' do subject(:user) { token.user } let!(:token) { create(:token_password_reset) } it 'changes the password of the token user and destroys the token' do expect { described_class.password_reset_via_token(token.token, 'VYxesRc6O2') } .to change { user.reload.password } .and change(Token, :count).by(-1) end end describe '#admin_password_auth_new_token' do context 'with user role agent' do subject(:user) { create(:agent) } it 'returns no token' do expect(described_class.admin_password_auth_new_token(user.login)).to be_nil end end context 'with user role admin' do subject(:user) { create(:admin) } it 'returns token' do expect(described_class.admin_password_auth_new_token(user.login).keys).to include(:user, :token) end it 'delete existing tokens when creating multiple times' do described_class.admin_password_auth_new_token(user.login) described_class.admin_password_auth_new_token(user.login) expect(Token.where(action: 'AdminAuth', user_id: user.id).count).to eq(1) end end end describe '#admin_password_auth_via_token' do context 'with invalid token' do it 'returns nil' do expect(described_class.admin_password_auth_via_token('not-existing')).to be_nil end end context 'with valid token' do let(:user) { create(:admin) } it 'returns the matching user' do result = described_class.admin_password_auth_new_token(user.login) token = result[:token].token expect(described_class.admin_password_auth_via_token(token)).to match(user) end it 'destroys token' do result = described_class.admin_password_auth_new_token(user.login) token = result[:token].token expect { described_class.admin_password_auth_via_token(token) }.to change(Token, :count).by(-1) end end end describe '#locale' do subject(:user) { create(:user, preferences: preferences) } context 'with no #preferences[:locale]' do let(:preferences) { {} } context 'with default locale' do before { Setting.set('locale_default', 'foo') } it 'returns the system-wide default locale' do expect(user.locale).to eq('foo') end end context 'without default locale' do before { Setting.set('locale_default', nil) } it 'returns en-us' do expect(user.locale).to eq('en-us') end end end context 'with a #preferences[:locale]' do let(:preferences) { { locale: 'bar' } } it 'returns the user’s configured locale' do expect(user.locale).to eq('bar') end end end describe '#check_login' do let(:agent) { create(:agent) } it 'does use the origin login' do new_agent = create(:agent) expect(new_agent.login).not_to end_with('1') end it 'does number up agent logins (1)' do new_agent = create(:agent, login: agent.login) expect(new_agent.login).to eq("#{agent.login}1") end it 'does number up agent logins (5)' do new_agent = create(:agent, login: agent.login) 4.times do new_agent = create(:agent, login: agent.login) end expect(new_agent.login).to eq("#{agent.login}5") end it 'does backup with uuid in cases of many duplicates' do new_agent = create(:agent, login: agent.login) 20.times do new_agent = create(:agent, login: agent.login) end expect(new_agent.login.sub!(agent.login, '')).to be_a_uuid end end describe '#check_name' do it 'guesses user first/last name with non-ASCII characters' do user = create(:user, firstname: 'perkūnas ąžuolas', lastname: '') expect(user).to have_attributes(firstname: 'Perkūnas', lastname: 'Ąžuolas') end end end describe 'Attributes:' do describe '#login_failed' do before { user.update(login_failed: 1) } it 'is reset to 0 when password is updated' do expect { user.update(password: Faker::Internet.password) } .to change(user, :login_failed).to(0) end end describe '#password' do let(:password) { Faker::Internet.password } context 'when set to plaintext password' do it 'hashes password before saving to DB' do user.password = password expect { user.save } .to change { PasswordHash.crypted?(user.password) } end end context 'for existing user records' do before do user.update(password: password) allow(user).to receive(:ensured_password).and_call_original end context 'when changed to empty string' do it 'keeps previous password' do expect { user.update!(password: '') } .not_to change(user, :password) end it 'calls #ensured_password' do user.update!(password: '') expect(user).to have_received(:ensured_password) end end context 'when changed to nil' do it 'keeps previous password' do expect { user.update!(password: nil) } .not_to change(user, :password) end it 'calls #ensured_password' do user.update!(password: nil) expect(user).to have_received(:ensured_password) end end context 'when changed another attribute' do it 'keeps previous password' do expect { user.update!(email: "123#{user.email}") } .not_to change(user, :password) end it 'does not call #ensured_password' do user.update!(email: "123#{user.email}") expect(user).not_to have_received(:ensured_password) end end end context 'for new user records' do context 'when passed as an empty string' do let(:another_user) { create(:user, password: '') } it 'sets password to nil' do expect(another_user.password).to be_nil end end context 'when passed as nil' do let(:another_user) { create(:user, password: nil) } it 'sets password to nil' do expect(another_user.password).to be_nil end end end context 'when set to SHA2 digest (to facilitate OTRS imports)' do it 'does not re-hash before saving' do user.password = "{sha2}#{Digest::SHA2.hexdigest(password)}" expect { user.save }.not_to change(user, :password) end end context 'when set to Argon2 digest' do it 'does not re-hash before saving' do user.password = PasswordHash.crypt(password) expect { user.save }.not_to change(user, :password) end end context 'when creating two users with the same password' do before { user.update(password: password) } let(:another_user) { create(:user, password: password) } it 'does not generate the same password hash' do expect(user.password).not_to eq(another_user.password) end end context 'when saving a very long password' do let(:long_string) { "asd1ASDasd!#{Faker::Lorem.characters(number: 1_000)}" } it 'marks object as invalid by adding error' do user.update(password: long_string) expect(user.errors.first.full_message).to eq('Password is too long') end end end describe '#phone' do subject(:user) { create(:user, phone: orig_number) } context 'when included on create' do let(:orig_number) { '1234567890' } it 'adds corresponding CallerId record' do expect { user } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(1) end end context 'when added on update' do let(:orig_number) { nil } let(:new_number) { '1234567890' } before { user } # create user it 'adds corresponding CallerId record' do expect { user.update(phone: new_number) } .to change { Cti::CallerId.where(caller_id: new_number).count }.by(1) end end context 'when falsely added on update (change: [nil, ""])' do let(:orig_number) { nil } let(:new_number) { '' } before { user } # create user it 'does not attempt to update CallerId record' do allow(Cti::CallerId).to receive(:build).with(any_args) expect(Cti::CallerId.where(object: 'User', o_id: user.id).count) .to eq(0) expect { user.update(phone: new_number) } .not_to change { Cti::CallerId.where(object: 'User', o_id: user.id).count } expect(Cti::CallerId).not_to have_received(:build) end end context 'when removed on update' do let(:orig_number) { '1234567890' } let(:new_number) { nil } before { user } # create user it 'removes corresponding CallerId record' do expect { user.update(phone: nil) } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(-1) end end context 'when changed on update' do let(:orig_number) { '1234567890' } let(:new_number) { orig_number.next } before { user } # create user it 'replaces CallerId record' do expect { user.update(phone: new_number) } .to change { Cti::CallerId.where(caller_id: orig_number).count }.by(-1) .and change { Cti::CallerId.where(caller_id: new_number).count }.by(1) end end end describe '#preferences' do describe '"mail_delivery_failed{,_data}" keys' do before do user.update( preferences: { mail_delivery_failed: true, mail_delivery_failed_data: Time.current } ) end it 'deletes "mail_delivery_failed"' do expect { user.update(email: Faker::Internet.email) } .to change { user.preferences.key?(:mail_delivery_failed) }.to(false) end it 'leaves "mail_delivery_failed_data" untouched' do expect { user.update(email: Faker::Internet.email) } .to not_change { user.preferences[:mail_delivery_failed_data] } end end end describe '#image' do describe 'when value is invalid' do let(:value) { 'Th1515n0t4v4l1dh45h' } it 'prevents create' do expect { create(:user, image: value) }.to raise_error(Exceptions::UnprocessableEntity, %r{#{value}}) end it 'prevents update' do expect { create(:user).update!(image: value) }.to raise_error(Exceptions::UnprocessableEntity, %r{#{value}}) end end end describe '#image_source' do describe 'when value is invalid' do let(:value) { 'Th1515n0t4v4l1dh45h' } let(:escaped) { Regexp.escape(value) } it 'valid create' do expect(create(:user, image_source: 'https://zammad.org/avatar.png').image_source).not_to be_nil end it 'removes invalid image source of create' do expect(create(:user, image_source: value).image_source).to be_nil end it 'removes invalid image source of update' do user = create(:user) user.update!(image_source: value) expect(user.image_source).to be_nil end end end describe 'fetch_avatar_for_email', performs_jobs: true do it 'enqueues avatar job when creating a user with email' do expect { create(:user) }.to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when creating a user without email' do expect { create(:user, :without_email) }.not_to have_enqueued_job AvatarCreateJob end context 'with an existing user' do before do agent clear_jobs end it 'enqueues avatar job when updating a user with email' do expect { agent.update! email: 'avatar@example.com' }.to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when updating a user without email' do expect { agent.update! login: 'avatar_login', email: nil }.not_to have_enqueued_job AvatarCreateJob end it 'does not enqueue avatar job when updating a user having email' do expect { agent.update! firstname: 'no avatar update' }.not_to have_enqueued_job AvatarCreateJob end end end end describe 'Associations:' do subject(:user) { create(:agent, groups: [group_subject]) } let!(:group_subject) { create(:group) } it 'does remove references before destroy' do refs_known = { 'Group' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Token' => { 'user_id' => 1 }, 'Ticket::Article' => { 'created_by_id' => 1, 'updated_by_id' => 1, 'origin_by_id' => 1 }, 'Ticket::StateType' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Sender' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Type' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::Article::Flag' => { 'created_by_id' => 0 }, 'Ticket::Priority' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::SharedDraftStart' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Ticket::SharedDraftZoom' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'Ticket::TimeAccounting' => { 'created_by_id' => 0 }, 'Ticket::TimeAccounting::Type' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket::State' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'PostmasterFilter' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'PublicLink' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'User::TwoFactorPreference' => { 'created_by_id' => 1, 'updated_by_id' => 1, 'user_id' => 1 }, 'OnlineNotification' => { 'user_id' => 1, 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Ticket' => { 'created_by_id' => 0, 'updated_by_id' => 0, 'owner_id' => 1, 'customer_id' => 3 }, 'Template' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Avatar' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Scheduler' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Chat' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'HttpLog' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'EmailAddress' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Taskbar' => { 'user_id' => 1 }, 'Sla' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'UserDevice' => { 'user_id' => 1 }, 'Chat::Message' => { 'created_by_id' => 1 }, 'Chat::Agent' => { 'created_by_id' => 1, 'updated_by_id' => 1 }, 'Chat::Session' => { 'user_id' => 1, 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Tag' => { 'created_by_id' => 0 }, 'RecentView' => { 'created_by_id' => 1 }, 'KnowledgeBase::Answer::Translation' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'LdapSource' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'KnowledgeBase::Answer' => { 'archived_by_id' => 1, 'published_by_id' => 1, 'internal_by_id' => 1 }, 'Report::Profile' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Package' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Job' => { 'created_by_id' => 0, 'updated_by_id' => 1 }, 'Store' => { 'created_by_id' => 0 }, 'Cti::CallerId' => { 'user_id' => 1 }, 'DataPrivacyTask' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Trigger' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Translation' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ObjectManager::Attribute' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'User' => { 'created_by_id' => 2, 'out_of_office_replacement_id' => 1, 'updated_by_id' => 2 }, 'User::OverviewSorting' => { 'created_by_id' => 0, 'updated_by_id' => 0, 'user_id' => 1 }, 'Organization' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Macro' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'CoreWorkflow' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Mention' => { 'created_by_id' => 1, 'updated_by_id' => 0, 'user_id' => 1 }, 'Channel' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Role' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'History' => { 'created_by_id' => 6 }, 'Webhook' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Overview' => { 'created_by_id' => 1, 'updated_by_id' => 0 }, 'PGPKey' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ActivityStream' => { 'created_by_id' => 0 }, 'StatsStore' => { 'created_by_id' => 0 }, 'TextModule' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Calendar' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'UserGroup' => { 'user_id' => 1 }, 'Signature' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Authorization' => { 'user_id' => 1 }, 'SystemReport' => { 'created_by_id' => 0 }, 'Checklist' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'Checklist::Item' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ChecklistTemplate' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, 'ChecklistTemplate::Item' => { 'created_by_id' => 0, 'updated_by_id' => 0 }, } # delete objects token = create(:token, user: user) online_notification = create(:online_notification, user: user) taskbar = create(:taskbar, user: user) user_device = create(:user_device, user: user) cti_caller_id = create(:cti_caller_id, user: user) authorization = create(:twitter_authorization, user: user) recent_view = create(:recent_view, created_by: user) avatar = create(:avatar, o_id: user.id) overview = create(:overview, created_by_id: user.id, user_ids: [user.id]) mention = build(:mention, mentionable: create(:ticket), user: user).tap { |elem| elem.save!(validate: false) } mention_created_by = build(:mention, mentionable: create(:ticket), user: create(:agent), created_by: user).tap { |elem| elem.save!(validate: false) } user_created_by = create(:customer, created_by_id: user.id, updated_by_id: user.id, out_of_office_replacement_id: user.id) chat_session = create(:'chat/session', user: user) chat_message = create(:'chat/message', chat_session: chat_session) chat_message2 = create(:'chat/message', chat_session: chat_session, created_by: user) draft_start = create(:ticket_shared_draft_start, created_by: user) draft_zoom = create(:ticket_shared_draft_zoom, created_by: user) public_link = create(:public_link, created_by: user) user_two_factor_preference = create(:user_two_factor_preference, :authenticator_app, user: user) user_overview_sorting = create(:'user/overview_sorting', user: user) expect(overview.reload.user_ids).to eq([user.id]) # create a chat agent for admin user (id=1) before agent user # to be sure that the data gets removed and not mapped which # would result in a foreign key because of the unique key on the # created_by_id and updated_by_id. create(:'chat/agent') chat_agent_user = create(:'chat/agent', created_by_id: user.id, updated_by_id: user.id) # invalid user (by email) which has been updated by the user which # will get deleted (#3935) invalid_user = build(:user, email: 'abc', created_by_id: user.id, updated_by_id: user.id) invalid_user.save!(validate: false) # move ownership objects group = create(:group, created_by_id: user.id) job = create(:job, updated_by_id: user.id) ticket = create(:ticket, group: group_subject, owner: user) ticket_article = create(:ticket_article, ticket: ticket, created_by_id: user.id, updated_by_id: user.id, origin_by_id: user.id) customer_ticket1 = create(:ticket, group: group_subject, customer: user) customer_ticket2 = create(:ticket, group: group_subject, customer: user) customer_ticket3 = create(:ticket, group: group_subject, customer: user) knowledge_base_answer = create(:knowledge_base_answer, archived_by_id: user.id, published_by_id: user.id, internal_by_id: user.id) refs_user = Models.references('User', user.id, true) expect(refs_user).to eq(refs_known) user.destroy expect { token.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { online_notification.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { taskbar.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_device.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { cti_caller_id.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { authorization.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { recent_view.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { avatar.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket1.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket2.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { customer_ticket3.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_agent_user.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { mention.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect(mention_created_by.reload.created_by_id).not_to eq(user.id) expect(overview.reload.user_ids).to eq([]) expect { chat_session.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_message.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { chat_message2.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_two_factor_preference.reload }.to raise_exception(ActiveRecord::RecordNotFound) expect { user_overview_sorting.reload }.to raise_exception(ActiveRecord::RecordNotFound) # move ownership objects expect { group.reload }.to change(group, :created_by_id).to(1) expect { job.reload }.to change(job, :updated_by_id).to(1) expect { ticket.reload }.to change(ticket, :owner_id).to(1) expect { ticket_article.reload } .to change(ticket_article, :origin_by_id).to(1) .and change(ticket_article, :updated_by_id).to(1) .and change(ticket_article, :created_by_id).to(1) expect { knowledge_base_answer.reload } .to change(knowledge_base_answer, :archived_by_id).to(1) .and change(knowledge_base_answer, :published_by_id).to(1) .and change(knowledge_base_answer, :internal_by_id).to(1) expect { user_created_by.reload } .to change(user_created_by, :created_by_id).to(1) .and change(user_created_by, :updated_by_id).to(1) .and change(user_created_by, :out_of_office_replacement_id).to(1) expect { draft_start.reload }.to change(draft_start, :created_by_id).to(1) expect { draft_zoom.reload }.to change(draft_zoom, :created_by_id).to(1) expect { invalid_user.reload }.to change(invalid_user, :created_by_id).to(1) expect { public_link.reload }.to change(public_link, :created_by_id).to(1) end it 'does delete cache after user deletion' do online_notification = create(:online_notification, created_by_id: user.id) online_notification.attributes_with_association_ids user.destroy expect(online_notification.reload.attributes_with_association_ids['created_by_id']).to eq(1) end it 'does return an exception on blocking dependencies' do expect { user.send(:destroy_move_dependency_ownership) }.to raise_error(RuntimeError, 'Failed deleting references! Check logic for UserGroup->user_id.') end describe '#organization' do describe 'email domain-based assignment' do subject(:user) { build(:user) } context 'when not set on creation' do before { user.assign_attributes(organization: nil) } context 'and #email domain matches an existing Organization#domain' do before { user.assign_attributes(email: 'user@example.com') } let(:organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is false (default)' do before { organization.update(domain_assignment: false) } it 'remains nil' do expect { user.save }.not_to change(user, :organization) end end context 'and Organization#domain_assignment is true' do before { organization.update(domain_assignment: true) } it 'is automatically set to matching Organization' do expect { user.save } .to change(user, :organization).to(organization) end end end context 'and #email domain doesn’t match any Organization#domain' do before { user.assign_attributes(email: 'user@example.net') } let(:organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is true' do before { organization.update(domain_assignment: true) } it 'remains nil' do expect { user.save }.not_to change(user, :organization) end end end end context 'when set on creation' do before { user.assign_attributes(organization: specified_organization) } let(:specified_organization) { create(:organization, domain: 'example.net') } context 'and #email domain matches a DIFFERENT Organization#domain' do before { user.assign_attributes(email: 'user@example.com') } let!(:matching_organization) { create(:organization, domain: 'example.com') } context 'and Organization#domain_assignment is true' do before { matching_organization.update(domain_assignment: true) } it 'is NOT automatically set to matching Organization' do expect { user.save } .not_to change(user, :organization).from(specified_organization) end end end end end end end describe 'Callbacks, Observers, & Async Transactions -' do describe 'System-wide agent limit checks:' do let(:agent_role) { Role.lookup(name: 'Agent') } let(:admin_role) { Role.lookup(name: 'Admin') } let(:current_agents) { described_class.with_permissions('ticket.agent') } describe '#validate_agent_limit_by_role' do context 'for Integer value of system_agent_limit' do context 'before exceeding the agent limit' do before { Setting.set('system_agent_limit', current_agents.count + 1) } it 'grants agent creation' do expect { create(:agent) } .to change(current_agents, :count).by(1) end it 'grants role change' do future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to change(current_agents, :count).by(1) end describe 'role updates' do let(:agent) { create(:agent) } it 'grants update by instances' do expect { agent.roles = [admin_role, agent_role] } .not_to raise_error end it 'grants update by id (Integer)' do expect { agent.role_ids = [admin_role.id, agent_role.id] } .not_to raise_error end it 'grants update by id (String)' do expect { agent.role_ids = [admin_role.id.to_s, agent_role.id.to_s] } .not_to raise_error end end end context 'when exceeding the agent limit' do it 'creation of new agents' do Setting.set('system_agent_limit', current_agents.count + 2) create_list(:agent, 2) expect { create(:agent) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end it 'prevents role change' do Setting.set('system_agent_limit', current_agents.count) future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end context 'for String value of system_agent_limit' do context 'before exceeding the agent limit' do before { Setting.set('system_agent_limit', (current_agents.count + 1).to_s) } it 'grants agent creation' do expect { create(:agent) } .to change(current_agents, :count).by(1) end it 'grants role change' do future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to change(current_agents, :count).by(1) end describe 'role updates' do let(:agent) { create(:agent) } it 'grants update by instances' do expect { agent.roles = [admin_role, agent_role] } .not_to raise_error end it 'grants update by id (Integer)' do expect { agent.role_ids = [admin_role.id, agent_role.id] } .not_to raise_error end it 'grants update by id (String)' do expect { agent.role_ids = [admin_role.id.to_s, agent_role.id.to_s] } .not_to raise_error end end end context 'when exceeding the agent limit' do it 'creation of new agents' do Setting.set('system_agent_limit', (current_agents.count + 2).to_s) create_list(:agent, 2) expect { create(:agent) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end it 'prevents role change' do Setting.set('system_agent_limit', current_agents.count.to_s) future_agent = create(:customer) expect { future_agent.roles = [agent_role] } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end context 'when limit was exceeded but users where removed' do let(:agent_1) { create(:agent) } let(:agent_2) { create(:agent) } before do agent_1 && agent_2 Setting.set('system_agent_limit', current_agents.count) end it 'allows to create a new agent after destroying agents to be under the limit' do agent_1.destroy! agent_2.destroy! expect { create(:agent) } .not_to raise_error end end end end describe '#validate_agent_limit_by_attributes' do context 'for Integer value of system_agent_limit' do before { Setting.set('system_agent_limit', current_agents.count) } context 'when exceeding the agent limit' do it 'prevents re-activation of agents' do inactive_agent = create(:agent, active: false) expect { inactive_agent.update!(active: true) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end context 'for String value of system_agent_limit' do before { Setting.set('system_agent_limit', current_agents.count.to_s) } context 'when exceeding the agent limit' do it 'prevents re-activation of agents' do inactive_agent = create(:agent, active: false) expect { inactive_agent.update!(active: true) } .to raise_error(Exceptions::UnprocessableEntity) .and not_change(current_agents, :count) end end end end end describe 'Touching associations on update:' do subject!(:user) { create(:customer) } let!(:organization) { create(:organization) } context 'when a customer gets a organization' do it 'touches its organization' do expect { user.update(organization: organization) } .to change { organization.reload.updated_at } end end end describe 'Cti::CallerId syncing:' do context 'with a #phone attribute' do subject(:user) { build(:user, phone: '1234567890') } it 'adds CallerId record on creation (via Cti::CallerId.build)' do expect(Cti::CallerId).to receive(:build).with(user) user.save end it 'does not update CallerId record on touch/update (via Cti::CallerId.build)' do expect(Cti::CallerId).to receive(:build).with(user) user.save expect(Cti::CallerId).not_to receive(:build).with(user) user.touch end it 'destroys CallerId record on deletion' do user.save expect { user.destroy } .to change(Cti::CallerId, :count).by(-1) end end end describe 'Cti::Log syncing:' do context 'with existing Log records', performs_jobs: true do context 'for incoming calls from an unknown number' do let!(:log) { create(:'cti/log', :with_preferences, from: '1234567890', direction: 'in') } context 'when creating a new user with that number' do subject(:user) { build(:user, phone: log.from) } it 'populates #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.save perform_enqueued_jobs commit_transaction: true end.to change { log.reload.preferences[:from]&.first } .to(hash_including('caller_id' => user.phone)) end end context 'when updating a user with that number' do subject(:user) { create(:user) } it 'populates #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: log.from) perform_enqueued_jobs commit_transaction: true end.to change { log.reload.preferences[:from]&.first } .to(hash_including('object' => 'User', 'o_id' => user.id)) end end context 'when creating a new user with an empty number' do subject(:user) { build(:user, phone: '') } it 'does not modify any Log records' do expect do user.save perform_enqueued_jobs commit_transaction: true end.not_to change { log.reload.attributes } end end context 'when creating a new user with no number' do subject(:user) { build(:user, phone: nil) } it 'does not modify any Log records' do expect do user.save perform_enqueued_jobs commit_transaction: true end.not_to change { log.reload.attributes } end end end context 'for incoming calls from the given user' do subject(:user) { create(:user, phone: '1234567890') } let!(:logs) { create_list(:'cti/log', 5, :with_preferences, from: user.phone, direction: 'in') } context 'when updating #phone attribute' do context 'to another number' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: '0123456789') perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end context 'to an empty string' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: '') perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end context 'to nil' do it 'empties #preferences[:from] hash in all associated Log records (in a bg job)' do expect do user.update(phone: nil) perform_enqueued_jobs commit_transaction: true end.to change { logs.map(&:reload).map { |log| log.preferences[:from] } } .to(Array.new(5) { nil }) end end end context 'when updating attributes other than #phone' do it 'does not modify any Log records' do expect do user.update(mobile: '2345678901') perform_enqueued_jobs commit_transaction: true end.not_to change { logs.map { |x| x.reload.attributes } } end end end end end end describe 'Assign user to multiple organizations #1573' do context 'when importing users via csv' do let(:organization1) { create(:organization) } let(:organization2) { create(:organization) } let(:organization3) { create(:organization) } let(:organization4) { create(:organization) } let(:user) { create(:agent, organization: organization1, organizations: [organization2, organization3]) } def csv_import(string) User.csv_import( string: string, parse_params: { col_sep: ',', }, try: false, delete: false, ) end before do user end it 'does not change user on re-import' do expect { csv_import(described_class.csv_example) }.not_to change { user.reload.updated_at } end it 'does not change user on different organization order' do string = described_class.csv_example string.sub!(organization3.name, organization2.name) string.sub!(organization2.name, organization3.name) expect { csv_import(string) }.not_to change { user.reload.updated_at } end it 'does change user on different organizations' do string = described_class.csv_example string.sub!(organization2.name, organization4.name) expect { csv_import(string) }.to change { user.reload.updated_at } end end context 'when creating users' do it 'does not allow creation without primary organization but secondary organizations' do expect { create(:agent, organization: nil, organizations: create_list(:organization, 1)) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: Secondary organizations are only allowed when the primary organization is given.') end it 'does not allow creation with more than 250 organizations' do expect { create(:agent, organization: create(:organization), organizations: create_list(:organization, 251)) }.to raise_error(ActiveRecord::RecordInvalid, 'Validation failed: More than 250 secondary organizations are not allowed.') end end end describe 'Check default agent notifications preferences' do context 'when creating users' do it 'does apply default agent notification to agent preferences' do user = create(:agent) expect(user.reload.preferences[:notification_config][:matrix]).to eq(Setting.get('ticket_agent_default_notifications')) end it 'does not apply default agent notification to customer preferences' do user = create(:customer) expect(user.reload.preferences[:notification_config]).to be_blank end end context 'when adding role to existing user' do it 'does apply default agent notification to agent preferences (without "ticket.agent" permission before)' do future_agent = create(:customer) expect { future_agent.roles = [Role.lookup(name: 'Agent')] } .to change { future_agent.reload.preferences.dig('notification_config', 'matrix') } .to Setting.get('ticket_agent_default_notifications') end it 'does not apply default agent notification to agent preferences (with "ticket.agent" permission before)' do agent = create(:agent) expect { agent.roles = [Role.lookup(name: 'Customer')] } .not_to change { agent.reload.preferences.dig('notification_config', 'matrix') } end end end describe 'Sanitizes name attributes for offending URLs' do shared_examples 'sanitizing user name attributes' do |firstname, lastname| it 'sanitizes user name attributes' do expect(user).to have_attributes(firstname: firstname, lastname: lastname) end end context 'with firstname attribute only' do let(:user) { create(:customer, firstname: value, lastname: nil, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:value) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:value) { 'zammad.org' } it_behaves_like 'sanitizing user name attributes', 'zammad.org' end context 'when containing a URL with a scheme' do let(:value) { 'Click here to confirm https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click', 'here to confirm zammad.org/participate then log in' end context 'when containing a URL with an invalid scheme' do let(:value) { 'A: Testing' } it_behaves_like 'sanitizing user name attributes', 'A:', 'Testing' end end context 'with lastname attribute only' do let(:user) { create(:customer, firstname: nil, lastname: value, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:value) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', nil, 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:value) { 'zammad.org' } it_behaves_like 'sanitizing user name attributes', nil, 'zammad.org' end context 'when containing a URL with a scheme' do let(:value) { 'Click here to confirm https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click', 'here to confirm zammad.org/participate then log in' end end context 'with both firstname and lastname attribute' do let(:user) { create(:customer, firstname: firstname, lastname: lastname, email: Faker::Internet.unique.email) } context 'when equaling a URL with a scheme' do let(:firstname) { 'Click here to confirm' } let(:lastname) { 'https://zammad.org/participate' } it_behaves_like 'sanitizing user name attributes', 'Click here to confirm', 'zammad.org/participate' end context 'when equaling a URL without a scheme' do let(:firstname) { 'zammad.org' } let(:lastname) { 'Foundation' } it_behaves_like 'sanitizing user name attributes', 'zammad.org', 'Foundation' end context 'when containing a URL with a scheme' do let(:firstname) { 'Click here to confirm' } let(:lastname) { 'https://zammad.org/participate then log in' } it_behaves_like 'sanitizing user name attributes', 'Click here to confirm', 'zammad.org/participate then log in' end context 'when containing a URL with an invalid scheme' do let(:firstname) { 'Dummy R: Berlin' } let(:lastname) { 'Mail' } it_behaves_like 'sanitizing user name attributes', 'Dummy R: Berlin', 'Mail' end end end end