+
{this.props.children}
diff --git a/client/src/app/main/main-view-ticket-page.js b/client/src/app/main/main-view-ticket-page.js
index 08f2cbb8..6933be76 100644
--- a/client/src/app/main/main-view-ticket-page.js
+++ b/client/src/app/main/main-view-ticket-page.js
@@ -12,16 +12,19 @@ class MainViewTicketPage extends React.Component {
return (
);
}
onRetrieveFail() {
- if (!this.props.config['user-system-enabled']) {
- setTimeout(() => {history.push('/check-ticket')}, 2000);
- }
+ setTimeout(() => {history.push('/check-ticket')}, 2000);
}
}
diff --git a/client/src/core-components/widget-transition.scss b/client/src/core-components/widget-transition.scss
index d52a76d5..f8024ce3 100644
--- a/client/src/core-components/widget-transition.scss
+++ b/client/src/core-components/widget-transition.scss
@@ -6,9 +6,9 @@
-webkit-perspective: 0;
-webkit-backface-visibility: hidden;
-webkit-transform: translate3d(0,0,0);
- display: inline-block;
visibility: visible;
backface-visibility: hidden;
+ display: inline-block;
position: absolute;
left: 0;
}
diff --git a/client/src/data/fixtures/system-fixtures.js b/client/src/data/fixtures/system-fixtures.js
index a84b2b25..76d9f00a 100755
--- a/client/src/data/fixtures/system-fixtures.js
+++ b/client/src/data/fixtures/system-fixtures.js
@@ -30,7 +30,7 @@ module.exports = [
'allowedLanguages': ['en', 'es', 'de', 'fr', 'pt', 'jp', 'ru', 'cn', 'in', 'tr'],
'supportedLanguages': ['en', 'es', 'de'],
'registration': true,
- 'user-system-enabled': true,
+ 'mandatory-login': true,
'tags': [{id:1,name:'bug', color:'#eb144c'},{id: 2,name:'suggestion',color:'#ff6900'}]
}
};
@@ -52,7 +52,7 @@ module.exports = [
'allowedLanguages': ['en', 'es', 'de', 'fr', 'pt', 'jp', 'ru', 'cn', 'in', 'tr'],
'supportedLanguages': ['en', 'es', 'de'],
'registration': true,
- 'user-system-enabled': true,
+ 'mandatory-login': true,
'tags': [{id:1,name:'bug', color:'#eb144c'},{id: 2,name:'suggestion',color:'#ff6900'}]
}
};
diff --git a/client/src/data/languages/en.js b/client/src/data/languages/en.js
index a8380b5b..3bceeb42 100644
--- a/client/src/data/languages/en.js
+++ b/client/src/data/languages/en.js
@@ -174,7 +174,7 @@ export default {
'ALL_NOTIFICATIONS': 'All notifications',
'VERIFY_SUCCESS': 'User verified',
'VERIFY_FAILED': 'Could not verify',
- 'ENABLE_USER_SYSTEM': 'Use user system for customers',
+ 'ENABLE_MANDATORY_LOGIN': 'Mandatory login for customers',
'ENABLE_USER_REGISTRATION': 'Enable user registration',
'INCLUDE_USERS_VIA_CSV': 'Include users via CSV file',
'BACKUP_DATABASE': 'Backup database',
@@ -324,8 +324,8 @@ export default {
'VERIFY_FAILED_DESCRIPTION': 'The verification could not be done.',
'STATISTICS_DESCRIPTION': 'Here you can view statistics related to tickets and signups.',
'ADVANCED_SETTINGS_DESCRIPTION': 'Here you can change the advanced settings of your system. Please be careful, the changes you make can not be reversed.',
- 'USER_SYSTEM_DISABLED': 'User system has been disabled',
- 'USER_SYSTEM_ENABLED': 'User system has been enabled',
+ 'MANDATORY_LOGIN_DISABLED': 'Mandatory login has been disabled',
+ 'MANDATORY_LOGIN_ENABLED': 'Mandatory login has been enabled',
'REGISTRATION_DISABLED': 'Registration has been disabled',
'REGISTRATION_ENABLED': 'Registration has been enabled',
'ADD_API_KEY_DESCRIPTION': 'Insert the name and a registration api key will be generated.',
diff --git a/client/src/lib-app/session-store.js b/client/src/lib-app/session-store.js
index f221df5b..995a32f0 100644
--- a/client/src/lib-app/session-store.js
+++ b/client/src/lib-app/session-store.js
@@ -6,9 +6,10 @@ class SessionStore {
this.storage = LocalStorage;
}
- createSession(userId, token) {
+ createSession(userId, token, ticketNumber = '') {
this.setItem('userId', userId);
this.setItem('token', token);
+ this.setItem('ticketNumber', ticketNumber);
}
getSessionData() {
@@ -19,12 +20,17 @@ class SessionStore {
}
isLoggedIn() {
- return !!this.getItem('userId');
+ return !!this.getItem('userId') && !this.getItem('ticketNumber');
+ }
+
+ isLoggedInWithTicket() {
+ return !!this.getItem('userId') && this.getItem('ticketNumber');
}
closeSession() {
this.removeItem('userId');
this.removeItem('token');
+ this.removeItem('ticketNumber');
this.clearRememberData();
this.clearUserData();
@@ -58,7 +64,7 @@ class SessionStore {
this.setItem('layout', configs.layout);
this.setItem('title', configs.title);
this.setItem('registration', configs.registration);
- this.setItem('user-system-enabled', configs['user-system-enabled']);
+ this.setItem('mandatory-login', configs['mandatory-login']);
this.setItem('allow-attachments', configs['allow-attachments']);
this.setItem('maintenance-mode', configs['maintenance-mode']);
this.setItem('max-size', configs['max-size']);
@@ -76,7 +82,7 @@ class SessionStore {
layout: this.getItem('layout'),
title: this.getItem('title'),
registration: (this.getItem('registration') * 1),
- 'user-system-enabled': (this.getItem('user-system-enabled') * 1),
+ 'mandatory-login': (this.getItem('mandatory-login') * 1),
'allow-attachments': (this.getItem('allow-attachments') * 1),
'maintenance-mode': (this.getItem('maintenance-mode') * 1),
'max-size': this.getItem('max-size'),
diff --git a/client/src/reducers/_reducers.js b/client/src/reducers/_reducers.js
index ff73dfc3..0fa0bc68 100644
--- a/client/src/reducers/_reducers.js
+++ b/client/src/reducers/_reducers.js
@@ -6,10 +6,12 @@ import configReducer from 'reducers/config-reducer';
import modalReducer from 'reducers/modal-reducer';
import articlesReducer from 'reducers/articles-reducer';
import adminDataReducer from 'reducers/admin-data-reducer';
+import loginFormReducer from './login-form-reducer';
export default combineReducers({
session: sessionReducer,
config: configReducer,
+ loginForm: loginFormReducer,
modal: modalReducer,
articles: articlesReducer,
adminData: adminDataReducer,
diff --git a/client/src/reducers/config-reducer.js b/client/src/reducers/config-reducer.js
index 3d8fe52f..53a471f4 100644
--- a/client/src/reducers/config-reducer.js
+++ b/client/src/reducers/config-reducer.js
@@ -46,7 +46,7 @@ class ConfigReducer extends Reducer {
return _.extend({}, state, payload.data, {
language: currentLanguage || payload.data.language || 'en',
registration: !!(payload.data.registration * 1),
- 'user-system-enabled': !!(payload.data['user-system-enabled']* 1),
+ 'mandatory-login': !!(payload.data['mandatory-login']* 1),
'allow-attachments': !!(payload.data['allow-attachments']* 1),
'maintenance-mode': !!(payload.data['maintenance-mode']* 1),
departments: payload.data.departments && payload.data.departments.map(department => _.extend({}, department, {private: department.private * 1})),
@@ -56,7 +56,7 @@ class ConfigReducer extends Reducer {
onUserSystemSettingsChange(state, payload) {
return _.extend({}, state, {
- 'user-system-enabled': !!(payload['user-system-enabled'] * 1),
+ 'mandatory-login': !!(payload['mandatory-login'] * 1),
'registration': !!(payload['registration'] * 1)
});
}
diff --git a/client/src/reducers/login-form-reducer.js b/client/src/reducers/login-form-reducer.js
new file mode 100644
index 00000000..7b748b8f
--- /dev/null
+++ b/client/src/reducers/login-form-reducer.js
@@ -0,0 +1,34 @@
+import _ from 'lodash';
+
+import Reducer from 'reducers/reducer';
+
+class loginFormReducer extends Reducer {
+
+ getInitialState() {
+ return {
+ loginFormShown: false,
+ };
+ }
+
+ getTypeHandlers() {
+ return {
+ 'SHOW_LOGIN_FORM': this.showLoginForm,
+ 'HIDE_LOGIN_FORM': this.hideLoginForm,
+ };
+ }
+
+ showLoginForm(state, payload) {
+ return _.extend({}, state, {
+ loginFormShown: payload
+ });
+ }
+
+ hideLoginForm(state, payload) {
+ return _.extend({}, state, {
+ loginFormShown: payload
+ });
+ }
+}
+
+export default loginFormReducer.getInstance();
+
diff --git a/server/controllers/article/get-all.php b/server/controllers/article/get-all.php
index 7f37dedf..4b8a272a 100755
--- a/server/controllers/article/get-all.php
+++ b/server/controllers/article/get-all.php
@@ -25,7 +25,7 @@ class GetAllArticlesController extends Controller {
public function validations() {
return [
- 'permission' => (Controller::isUserSystemEnabled()) ? 'user' : 'any',
+ 'permission' => (Controller::isLoginMandatory()) ? 'user' : 'any',
'requestData' => []
];
}
diff --git a/server/controllers/system.php b/server/controllers/system.php
index 51aca2bc..9d0d48e7 100755
--- a/server/controllers/system.php
+++ b/server/controllers/system.php
@@ -27,8 +27,8 @@ $systemControllerGroup->addController(new DeleteAllUsersController);
$systemControllerGroup->addController(new BackupDatabaseController);
$systemControllerGroup->addController(new DownloadController);
$systemControllerGroup->addController(new CSVImportController);
-$systemControllerGroup->addController(new DisableUserSystemController);
-$systemControllerGroup->addController(new EnableUserSystemController);
+$systemControllerGroup->addController(new EnableMandatoryLoginController);
+$systemControllerGroup->addController(new DisableMandatoryLoginController);
$systemControllerGroup->addController(new TestSMTPController);
$systemControllerGroup->addController(new TestIMAPController);
$systemControllerGroup->addController(new EmailPollingController);
diff --git a/server/controllers/system/disable-mandatory-login.php b/server/controllers/system/disable-mandatory-login.php
new file mode 100644
index 00000000..bc4227a5
--- /dev/null
+++ b/server/controllers/system/disable-mandatory-login.php
@@ -0,0 +1,54 @@
+ 'staff_3',
+ 'requestData' => []
+ ];
+ }
+
+ public function handler() {
+ $password = Controller::request('password');
+
+ if(!Setting::getSetting('registration')->getValue()) {
+ throw new Exception(ERRORS::REGISTRATION_IS_DESACTIVATED);
+ }
+
+ if(!Hashing::verifyPassword($password, Controller::getLoggedUser()->password)) {
+ throw new RequestException(ERRORS::INVALID_PASSWORD);
+ }
+
+ $mandatoryLoginRow = Setting::getSetting('mandatory-login');
+
+ $mandatoryLoginRow->value = 0;
+ $mandatoryLoginRow->store();
+
+ Response::respondSuccess();
+ }
+}
\ No newline at end of file
diff --git a/server/controllers/system/disable-registration.php b/server/controllers/system/disable-registration.php
index f1ba1b9c..776fe17e 100755
--- a/server/controllers/system/disable-registration.php
+++ b/server/controllers/system/disable-registration.php
@@ -16,6 +16,7 @@
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_PASSWORD
+ * @apiUse MANDATORY_LOGIN_IS_DESACTIVATED
*
* @apiSuccess {Object} data Empty object
*
@@ -39,7 +40,9 @@ class DisableRegistrationController extends Controller {
throw new RequestException(ERRORS::INVALID_PASSWORD);
return;
}
-
+ if(!Setting::getSetting('mandatory-login')->getValue()) {
+ throw new Exception(ERRORS::MANDATORY_LOGIN_IS_DESACTIVATED);
+ }
$registrationRow = Setting::getSetting('registration');
$registrationRow->value = false;
diff --git a/server/controllers/system/disable-user-system.php b/server/controllers/system/disable-user-system.php
deleted file mode 100755
index 522a5e91..00000000
--- a/server/controllers/system/disable-user-system.php
+++ /dev/null
@@ -1,82 +0,0 @@
- 'staff_3',
- 'requestData' => []
- ];
- }
-
- public function handler() {
- $password = Controller::request('password');
-
- if(!Hashing::verifyPassword($password, Controller::getLoggedUser()->password)) {
- throw new RequestException(ERRORS::INVALID_PASSWORD);
-
- }
-
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::SYSTEM_USER_IS_ALREADY_DISABLED);
- }
-
- $userSystemEnabled = Setting::getSetting('user-system-enabled');
- $userSystemEnabled->value = 0 ;
- $userSystemEnabled->store();
-
- $userList = User::getAll();
-
- foreach($userList as $user) {
- $ticketNumberList = '';
-
- foreach($user->sharedTicketList as $ticket) {
- $ticket->authorEmail = $user->email;
- $ticket->authorName = $user->name;
- $ticket->author = null;
-
- $ticketNumberList .= $ticket->ticketNumber . ' - ' . $ticket->title . '
';
- $ticket->store();
- }
-
- $mailSender = MailSender::getInstance();
-
- $mailSender->setTemplate(MailTemplate::USER_SYSTEM_DISABLED, [
- 'to' => $user->email,
- 'name' => $user->name,
- 'tickets' => $ticketNumberList,
- 'url' => Setting::getSetting('url')->getValue()
- ]);
-
- $mailSender->send();
-
- $user->delete();
- }
-
- Response::respondSuccess();
- }
-}
diff --git a/server/controllers/system/download.php b/server/controllers/system/download.php
index a8027f2f..29009f5d 100755
--- a/server/controllers/system/download.php
+++ b/server/controllers/system/download.php
@@ -57,7 +57,7 @@ class DownloadController extends Controller {
}
break;
case FileManager::PERMISSION_ARTICLE:
- if(Controller::isUserSystemEnabled() && !$session->sessionExists()) {
+ if(!$session->sessionExists()) {
return Response::respond403();
}
break;
diff --git a/server/controllers/system/email-polling.php b/server/controllers/system/email-polling.php
index 092da5e3..0725b7f5 100755
--- a/server/controllers/system/email-polling.php
+++ b/server/controllers/system/email-polling.php
@@ -20,6 +20,8 @@ class EmailPollingController extends Controller {
}
public function handler() {
+ throw new RequestException(ERRORS::NO_PERMISSION);
+
$commentController = new CommentController();
$createController = new CreateController();
$defaultLanguage = Setting::getSetting('language')->getValue();
@@ -29,8 +31,6 @@ class EmailPollingController extends Controller {
if(Controller::request('token') !== Setting::getSetting('imap-token')->getValue())
throw new RequestException(ERRORS::INVALID_TOKEN);
- if(Controller::isUserSystemEnabled())
- throw new RequestException(ERRORS::USER_SYSTEM_ENABLED);
$this->mailbox = new \PhpImap\Mailbox(
Setting::getSetting('imap-host')->getValue(),
diff --git a/server/controllers/system/enable-mandatory-login.php b/server/controllers/system/enable-mandatory-login.php
new file mode 100644
index 00000000..a01ee12a
--- /dev/null
+++ b/server/controllers/system/enable-mandatory-login.php
@@ -0,0 +1,50 @@
+ 'staff_3',
+ 'requestData' => []
+ ];
+ }
+
+ public function handler() {
+ $password = Controller::request('password');
+
+ if(!Hashing::verifyPassword($password, Controller::getLoggedUser()->password)) {
+ throw new RequestException(ERRORS::INVALID_PASSWORD);
+ return;
+ }
+
+ $mandatoryLoginRow = Setting::getSetting('mandatory-login');
+
+ $mandatoryLoginRow->value = 1;
+ $mandatoryLoginRow->store();
+
+ Response::respondSuccess();
+ }
+}
\ No newline at end of file
diff --git a/server/controllers/system/enable-user-system.php b/server/controllers/system/enable-user-system.php
deleted file mode 100755
index 59342b5e..00000000
--- a/server/controllers/system/enable-user-system.php
+++ /dev/null
@@ -1,104 +0,0 @@
- 'staff_3',
- 'requestData' => []
- ];
- }
-
- public function handler() {
- $password = Controller::request('password');
-
- if(!Hashing::verifyPassword($password, Controller::getLoggedUser()->password)) {
- throw new RequestException(ERRORS::INVALID_PASSWORD);
-
- }
-
- if(Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::SYSTEM_USER_IS_ALREADY_ENABLED);
- }
-
- $userSystemEnabled = Setting::getSetting('user-system-enabled');
- $userSystemEnabled->value = 1 ;
- $userSystemEnabled->store();
-
- $ticketList = Ticket::getAll();
-
- foreach($ticketList as $ticket) {
- if($ticket->authorStaff) {
- continue;
- }
-
- $userInstance = User::getDataStore($ticket->authorEmail, 'email');
-
- if($userInstance->isNull()) {
- $userInstance = $this->createUser($ticket->authorEmail, $ticket->authorName);
- }
-
- $userInstance->tickets = $userInstance->tickets + 1;
- $userInstance->sharedTicketList->add($ticket);
- $userInstance->store();
-
- $ticket->author = $userInstance;
- $ticket->authorName = null;
- $ticket->authorEmail = null;
- $ticket->store();
- }
-
- Response::respondSuccess();
- }
- public function createUser($email,$name) {
- $userInstance = new User();
-
- $password = Hashing::generateRandomToken();
-
- $userInstance->setProperties([
- 'name' => $name,
- 'signupDate' => Date::getCurrentDate(),
- 'tickets' => 0,
- 'email' => $email,
- 'password' => Hashing::hashPassword($password),
- 'verificationToken' => null
- ]);
-
- $userInstance->store();
-
- $mailSender = MailSender::getInstance();
- $mailSender->setTemplate(MailTemplate::USER_SYSTEM_ENABLED, [
- 'to' => $email,
- 'name' => $name,
- 'password' => $password,
- 'url' => Setting::getSetting('url')->getValue(),
- ]);
- $mailSender->send();
-
- return $userInstance;
- }
-}
diff --git a/server/controllers/system/get-settings.php b/server/controllers/system/get-settings.php
index ae59cb97..581bc002 100755
--- a/server/controllers/system/get-settings.php
+++ b/server/controllers/system/get-settings.php
@@ -57,7 +57,8 @@ class GetSettingsController extends Controller {
'allowedLanguages' => Language::getAllowedLanguages(),
'session-prefix' => Setting::getSetting('session-prefix')->getValue(),
'mail-template-header-image' => Setting::getSetting('mail-template-header-image')->getValue(),
- 'tags' => Tag::getAll()->toArray()
+ 'tags' => Tag::getAll()->toArray(),
+ 'mandatory-login' => Setting::getSetting('mandatory-login')->getValue(),
];
} else {
$settingsList = [
@@ -73,9 +74,9 @@ class GetSettingsController extends Controller {
'departments' => Controller::isStaffLogged() ? Department::getAllDepartmentNames() : Department::getPublicDepartmentNames(),
'supportedLanguages' => Language::getSupportedLanguages(),
'allowedLanguages' => Language::getAllowedLanguages(),
- 'user-system-enabled' => intval(Setting::getSetting('user-system-enabled')->getValue()),
'session-prefix' => Setting::getSetting('session-prefix')->getValue(),
- 'tags' => Tag::getAll()->toArray()
+ 'tags' => Tag::getAll()->toArray(),
+ 'mandatory-login' => Setting::getSetting('mandatory-login')->getValue(),
];
}
}
diff --git a/server/controllers/system/init-settings.php b/server/controllers/system/init-settings.php
index 2fd51214..1b32de2f 100755
--- a/server/controllers/system/init-settings.php
+++ b/server/controllers/system/init-settings.php
@@ -16,7 +16,6 @@ DataValidator::with('CustomValidations', true);
* @apiPermission any
*
* @apiParam {String} language Indicates the default language of the system.
- * @apiParam {String} user-system-enabled Indicates if the user system should be enabled.
* @apiParam {String} registration Indicates if the registration should be enabled.
* @apiParam {String} server-email Email from where automated emails will be sent.
* @apiParam {String} smtp-host SMTP Server address.
@@ -26,6 +25,7 @@ DataValidator::with('CustomValidations', true);
* @apiParam {String} allow-attachments Indicates if files can be attached to tickets and comments.
* @apiParam {String} title Title of the support center
* @apiParam {String} url Url of the frontend client.
+ * @apiParam {Boolean} mandatory-login Indicates if the login is mandatory.
*
* @apiUse INVALID_LANGUAGE
* @apiUse INIT_SETTINGS_DONE
@@ -85,13 +85,13 @@ class InitSettingsController extends Controller {
'title' => Controller::request('title') ? Controller::request('title') : 'Support Center',
'url' => Controller::request('url') ? Controller::request('url') : ('http://' . $_SERVER['HTTP_HOST']),
'registration' => !!Controller::request('registration'),
- 'user-system-enabled' => !!Controller::request('user-system-enabled'),
'last-stat-day' => date('YmdHi', strtotime(' -12 day ')),
'ticket-gap' => Hashing::generateRandomPrime(100000, 999999),
'ticket-first-number' => Hashing::generateRandomNumber(100000, 999999),
'session-prefix' => 'opensupports-'.Hashing::generateRandomToken().'_',
'mail-template-header-image' => 'https://s3.amazonaws.com/opensupports/logo.png',
'imap-token' => '',
+ 'mandatory-login' => !!Controller::request('mandatory-login'),
]);
}
diff --git a/server/controllers/ticket/check.php b/server/controllers/ticket/check.php
index fd1004e1..66082e40 100755
--- a/server/controllers/ticket/check.php
+++ b/server/controllers/ticket/check.php
@@ -54,20 +54,23 @@ class CheckTicketController extends Controller {
}
public function handler() {
- if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
+ if (Controller::isLoginMandatory()) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
$email = Controller::request('email');
- $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
+ $ticketNumber = Controller::request('ticketNumber');
+ $ticket = Ticket::getByTicketNumber($ticketNumber);
if($ticket->authorEmail === $email) {
$session = Session::getInstance();
- $session->createTicketSession($ticket->ticketNumber);
+ $user = User::getUser($email, 'email');
+ $session->createSession($user->id, false, $ticketNumber);
Response::respondSuccess([
'token' => $session->getToken(),
- 'ticketNumber' => $ticket->ticketNumber
+ 'userId' => $session->getUserId(),
+ 'ticketNumber' => $session->getTicketNumber()
]);
} else {
throw new RequestException(ERRORS::NO_PERMISSION);
diff --git a/server/controllers/ticket/close.php b/server/controllers/ticket/close.php
index f585db25..ac8b4a03 100755
--- a/server/controllers/ticket/close.php
+++ b/server/controllers/ticket/close.php
@@ -32,43 +32,22 @@ class CloseController extends Controller {
public function validations() {
$session = Session::getInstance();
- if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
return [
- 'permission' => 'user',
- 'requestData' => [
- 'ticketNumber' => [
- 'validation' => DataValidator::validTicketNumber(),
- 'error' => ERRORS::INVALID_TICKET
+ 'permission' => 'user',
+ 'requestData' => [
+ 'ticketNumber' => [
+ 'validation' => DataValidator::validTicketNumber(),
+ 'error' => ERRORS::INVALID_TICKET
+ ]
]
- ]
];
- } else {
- return [
- 'permission' => 'any',
- 'requestData' => [
- 'ticketNumber' => [
- 'validation' => DataValidator::equals($session->getTicketNumber()),
- 'error' => ERRORS::INVALID_TICKET
- ],
- 'csrf_token' => [
- 'validation' => DataValidator::equals($session->getToken()),
- 'error' => ERRORS::INVALID_TOKEN
- ]
- ]
- ];
- }
}
public function handler() {
$this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
$user = Controller::getLoggedUser();
- if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() &&
- !$user->canManageTicket($this->ticket)){
- throw new RequestException(ERRORS::NO_PERMISSION);
- }
-
- if(Controller::isStaffLogged() && (!$user->canManageTicket($this->ticket))){
+ if(!$user->canManageTicket($this->ticket)){
throw new RequestException(ERRORS::NO_PERMISSION);
}
diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php
index 277d153b..63fe0a1d 100755
--- a/server/controllers/ticket/comment.php
+++ b/server/controllers/ticket/comment.php
@@ -42,53 +42,33 @@ class CommentController extends Controller {
public function validations() {
$this->session = Session::getInstance();
-
- if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
- return [
- 'permission' => 'user',
- 'requestData' => [
- 'content' => [
- 'validation' => DataValidator::content(),
- 'error' => ERRORS::INVALID_CONTENT
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::validTicketNumber(),
- 'error' => ERRORS::INVALID_TICKET
- ]
+ return [
+ 'permission' => 'user',
+ 'requestData' => [
+ 'content' => [
+ 'validation' => DataValidator::content(),
+ 'error' => ERRORS::INVALID_CONTENT
+ ],
+ 'ticketNumber' => [
+ 'validation' => DataValidator::validTicketNumber(),
+ 'error' => ERRORS::INVALID_TICKET
]
- ];
- } else {
- return [
- 'permission' => 'any',
- 'requestData' => [
- 'content' => [
- 'validation' => DataValidator::content(),
- 'error' => ERRORS::INVALID_CONTENT
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::equals($this->session->getTicketNumber()),
- 'error' => ERRORS::INVALID_TICKET
- ],
- 'csrf_token' => [
- 'validation' => DataValidator::equals($this->session->getToken()),
- 'error' => ERRORS::INVALID_TOKEN
- ]
- ]
- ];
- }
+ ]
+ ];
}
public function handler() {
- $this->requestData();
+ $ticketNumber = Controller::request('ticketNumber');
+ $this->ticket = Ticket::getByTicketNumber($ticketNumber);
+ $this->content = Controller::request('content', true);
+ $this->user = Controller::getLoggedUser();
+
$ticketAuthor = $this->ticket->authorToArray();
- $isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user);
+ $isAuthor = $this->ticket->isAuthor($this->user);
$isOwner = $this->ticket->isOwner($this->user);
$private = Controller::request('private');
- if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){
- throw new RequestException(ERRORS::NO_PERMISSION);
- }
-
- if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) {
+
+ if(!$this->user->canManageTicket($this->ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
@@ -97,6 +77,7 @@ class CommentController extends Controller {
if(!$isAuthor && !$private) {
$this->sendMail($ticketAuthor);
}
+
if($this->ticket->owner && !$isOwner) {
$this->sendMail([
'email' => $this->ticket->owner->email,
@@ -110,13 +91,6 @@ class CommentController extends Controller {
Response::respondSuccess();
}
- private function requestData() {
- $ticketNumber = Controller::request('ticketNumber');
- $this->ticket = Ticket::getByTicketNumber($ticketNumber);
- $this->content = Controller::request('content', true);
- $this->user = Controller::getLoggedUser();
- }
-
private function storeComment() {
$fileUploader = FileUploader::getInstance();
$fileUploader->setPermission(FileManager::PERMISSION_TICKET, $this->ticket->ticketNumber);
@@ -134,11 +108,9 @@ class CommentController extends Controller {
$this->ticket->unread = !$this->ticket->isAuthor($this->user);
$this->ticket->unreadStaff = !$this->ticket->isOwner($this->user);
$comment->authorStaff = $this->user;
- } else if(Controller::isUserSystemEnabled()) {
- $this->ticket->unreadStaff = true;
- $comment->authorUser = $this->user;
} else {
$this->ticket->unreadStaff = true;
+ $comment->authorUser = $this->user;
}
$this->ticket->addEvent($comment);
@@ -154,11 +126,10 @@ class CommentController extends Controller {
$url = Setting::getSetting('url')->getValue();
- if(!Controller::isUserSystemEnabled() && !$isStaff) {
- $url .= '/check-ticket/' . $this->ticket->ticketNumber;
- $url .= '/' . $email;
+ if(!Controller::isLoginMandatory() && !$isStaff){
+ $url .= '/check-ticket/' . $this->ticket->ticketNumber;
+ $url .= '/' . $email;
}
-
$mailSender->setTemplate(MailTemplate::TICKET_RESPONDED, [
'to' => $email,
'name' => $name,
diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php
index 6455a776..eef41a9f 100755
--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@@ -71,8 +71,7 @@ class CreateController extends Controller {
]
]
];
-
- if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
+ if (!Controller::isLoginMandatory() && !Controller::isStaffLogged() && !Controller::isUserLogged()) {
$validations['permission'] = 'any';
$validations['requestData']['captcha'] = [
'validation' => DataValidator::captcha(APIKey::TICKET_CREATE),
@@ -83,7 +82,7 @@ class CreateController extends Controller {
'error' => ERRORS::INVALID_EMAIL
];
$validations['requestData']['name'] = [
- 'validation' => DataValidator::notBlank()->length(2, 40),
+ 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
];
}
@@ -98,13 +97,22 @@ class CreateController extends Controller {
$this->language = Controller::request('language');
$this->email = Controller::request('email');
$this->name = Controller::request('name');
-
+
if(!Controller::isStaffLogged() && Department::getDataStore($this->departmentId)->private){
throw new Exception(ERRORS::INVALID_DEPARTMENT);
}
+
+ if(!Staff::getUser($this->email,'email')->isNull() || $this->isEmailInvalid()) {
+ throw new Exception(ERRORS::INVALID_EMAIL);
+ }
+
+ if(!Controller::isLoginMandatory() && !Controller::isStaffLogged() && !Controller::isUserLogged() && !User::getUser($this->email, 'email')->email){
+ $this->createNewUser();
+ }
+
$this->storeTicket();
- if(!Controller::isUserSystemEnabled()) {
+ if(!Controller::isLoginMandatory() && !Controller::isUserLogged()) {
$this->sendMail();
}
@@ -114,22 +122,46 @@ class CreateController extends Controller {
$this->sendMailStaff($staff->email);
}
}
+
+ Log::createLog('CREATE_TICKET', $this->ticketNumber);
Response::respondSuccess([
'ticketNumber' => $this->ticketNumber
]);
-
- if(!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
- $session = Session::getInstance();
- $session->createTicketSession($this->ticketNumber);
- }
-
- Log::createLog('CREATE_TICKET', $this->ticketNumber);
+
}
+ private function isEmailInvalid(){
+ $session = Session::getInstance();
+ $sessionUser = User::getUser($session->getUserId() ,'id');
+
+ return ($session->sessionExists() && $sessionUser && $this->email && !($sessionUser->email == $this->email));
+ }
+
+ private function createNewUser() {
+
+ $signupController = new SignUpController(true);
+
+ Controller::setDataRequester(function ($key) {
+ switch ($key) {
+ case 'email':
+ return $this->email;
+ case 'password':
+ return Hashing::generateRandomToken();
+ case 'name':
+ return $this->name;
+ case 'indirectSignUp' :
+ return true;
+ }
+
+ return null;
+ });
+ $signupController->validations();
+ $signupController->handler();
+ }
private function storeTicket() {
$department = Department::getDataStore($this->departmentId);
- $author = Controller::getLoggedUser();
+ $author = $this->getAuthor();
$ticket = new Ticket();
$fileUploader = FileUploader::getInstance();
@@ -153,12 +185,9 @@ class CreateController extends Controller {
));
$ticket->setAuthor($author);
+ $author->sharedTicketList->add($ticket);
- if(Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
- $author->sharedTicketList->add($ticket);
- }
-
- if(Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) {
+ if(!Controller::isStaffLogged()) {
$author->tickets++;
$this->email = $author->email;
@@ -171,6 +200,14 @@ class CreateController extends Controller {
$this->ticketNumber = $ticket->ticketNumber;
}
+ private function getAuthor() {
+ if(Controller::getLoggedUser()->email) {
+ return Controller::getLoggedUser();
+ }else{
+ return User::getUser($this->email, 'email');
+ }
+ }
+
private function sendMail() {
$mailSender = MailSender::getInstance();
diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php
index fefaefd9..f4e84b87 100644
--- a/server/controllers/ticket/edit-comment.php
+++ b/server/controllers/ticket/edit-comment.php
@@ -31,39 +31,19 @@ class EditCommentController extends Controller {
const METHOD = 'POST';
public function validations() {
- if(Controller::isUserSystemEnabled()){
- return [
- 'permission' => 'user',
- 'requestData' => [
- 'content' => [
- 'validation' => DataValidator::content(),
- 'error' => ERRORS::INVALID_CONTENT
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()),
- 'error' => ERRORS::INVALID_TICKET
- ]
+ return [
+ 'permission' => 'user',
+ 'requestData' => [
+ 'content' => [
+ 'validation' => DataValidator::content(),
+ 'error' => ERRORS::INVALID_CONTENT
+ ],
+ 'ticketNumber' => [
+ 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()),
+ 'error' => ERRORS::INVALID_TICKET
]
- ];
- } else {
- return [
- 'permission' => 'any',
- 'requestData' => [
- 'content' => [
- 'validation' => DataValidator::content(),
- 'error' => ERRORS::INVALID_CONTENT
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()),
- 'error' => ERRORS::INVALID_TICKET
- ],
- 'csrf_token' => [
- 'validation' => DataValidator::equals(Session::getInstance()->getToken()),
- 'error' => ERRORS::INVALID_TOKEN
- ]
- ]
- ];
- }
+ ]
+ ];
}
public function handler() {
@@ -74,7 +54,7 @@ class EditCommentController extends Controller {
$ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
- if(Controller::isUserSystemEnabled() && !Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){
+ if(!Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){
throw new RequestException(ERRORS::NO_PERMISSION);
}
diff --git a/server/controllers/ticket/edit-title.php b/server/controllers/ticket/edit-title.php
index 7adca12d..a115b4a7 100644
--- a/server/controllers/ticket/edit-title.php
+++ b/server/controllers/ticket/edit-title.php
@@ -30,39 +30,19 @@ class EditTitleController extends Controller {
const METHOD = 'POST';
public function validations() {
- if(Controller::isUserSystemEnabled()){
- return [
- 'permission' => 'user',
- 'requestData' => [
- 'title' => [
- 'validation' => DataValidator::notBlank()->length(1, 200),
- 'error' => ERRORS::INVALID_TITLE
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::validTicketNumber(),
- 'error' => ERRORS::INVALID_TICKET
- ]
+ return [
+ 'permission' => 'user',
+ 'requestData' => [
+ 'title' => [
+ 'validation' => DataValidator::notBlank()->length(1, 200),
+ 'error' => ERRORS::INVALID_TITLE
+ ],
+ 'ticketNumber' => [
+ 'validation' => DataValidator::validTicketNumber(),
+ 'error' => ERRORS::INVALID_TICKET
]
- ];
- } else {
- return [
- 'permission' => 'any',
- 'requestData' => [
- 'title' => [
- 'validation' => DataValidator::notBlank()->length(1, 200),
- 'error' => ERRORS::INVALID_TITLE
- ],
- 'ticketNumber' => [
- 'validation' => DataValidator::validTicketNumber(),
- 'error' => ERRORS::INVALID_TICKET
- ],
- 'csrf_token' => [
- 'validation' => DataValidator::equals(Session::getInstance()->getToken()),
- 'error' => ERRORS::INVALID_TOKEN
- ]
- ]
- ];
- }
+ ]
+ ];
}
public function handler() {
@@ -70,7 +50,7 @@ class EditTitleController extends Controller {
$newtitle = Controller::request('title');
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
- if(Controller::isUserSystemEnabled() && !$user->canManageTicket($ticket)) {
+ if(!$user->canManageTicket($ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
diff --git a/server/controllers/ticket/get.php b/server/controllers/ticket/get.php
index 05f8b37a..03f2814b 100755
--- a/server/controllers/ticket/get.php
+++ b/server/controllers/ticket/get.php
@@ -32,43 +32,22 @@ class TicketGetController extends Controller {
public function validations() {
$session = Session::getInstance();
-
- if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
- return [
- 'permission' => 'user',
- 'requestData' => [
- 'ticketNumber' => [
- 'validation' => DataValidator::validTicketNumber(),
- 'error' => ERRORS::INVALID_TICKET
- ]
+ return [
+ 'permission' => 'any',
+ 'requestData' => [
+ 'ticketNumber' => [
+ 'validation' => DataValidator::validTicketNumber(),
+ 'error' => ERRORS::INVALID_TICKET
]
- ];
- } else {
- return [
- 'permission' => 'any',
- 'requestData' => [
- 'ticketNumber' => [
- 'validation' => DataValidator::equals($session->getTicketNumber()),
- 'error' => ERRORS::INVALID_TICKET
- ],
- 'csrf_token' => [
- 'validation' => DataValidator::equals($session->getToken()),
- 'error' => ERRORS::INVALID_TOKEN
- ]
- ]
- ];
- }
+ ]
+ ];
}
public function handler() {
$this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
-
- if(Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
- if ($this->shouldDenyPermission()) {
- throw new RequestException(ERRORS::NO_PERMISSION);
- } else {
- Response::respondSuccess($this->ticket->toArray());
- }
+
+ if ($this->shouldDenyPermission()) {
+ throw new RequestException(ERRORS::NO_PERMISSION);
} else {
Response::respondSuccess($this->ticket->toArray());
}
@@ -76,8 +55,6 @@ class TicketGetController extends Controller {
private function shouldDenyPermission() {
$user = Controller::getLoggedUser();
-
- return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && !$user->canManageTicket($this->ticket))) ||
- (Controller::isStaffLogged() && !$user->canManageTicket($this->ticket));
+ return !$user->canManageTicket($this->ticket);
}
}
diff --git a/server/controllers/user/delete.php b/server/controllers/user/delete.php
index fa59a068..44df97ee 100755
--- a/server/controllers/user/delete.php
+++ b/server/controllers/user/delete.php
@@ -18,7 +18,6 @@ use RedBeanPHP\Facade as RedBean;
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_USER
- * @apiUse USER_SYSTEM_DISABLED
*
* @apiSuccess {Object} data Empty object
*
@@ -43,9 +42,6 @@ class DeleteUserController extends Controller {
}
public function handler() {
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
$userId = Controller::request('userId');
$user = User::getDataStore($userId);
@@ -56,7 +52,7 @@ class DeleteUserController extends Controller {
foreach($user->sharedTicketList as $ticket) {
$ticket->delete();
}
-
+
$user->delete();
Response::respondSuccess();
diff --git a/server/controllers/user/get-user.php b/server/controllers/user/get-user.php
index dfe175b5..f8187753 100755
--- a/server/controllers/user/get-user.php
+++ b/server/controllers/user/get-user.php
@@ -18,7 +18,6 @@ DataValidator::with('CustomValidations', true);
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_USER
- * @apiUse USER_SYSTEM_DISABLED
*
* @apiSuccess {Object} data Information about an user
* @apiSuccess {String} data.name Name of the user
@@ -46,10 +45,7 @@ class GetUserByIdController extends Controller {
}
public function handler() {
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
-
+
$userId = Controller::request('userId');
$user = User::getDataStore($userId);
$staff = Controller::getLoggedUser();
diff --git a/server/controllers/user/get-users.php b/server/controllers/user/get-users.php
index 33f3e4f1..a2df0418 100755
--- a/server/controllers/user/get-users.php
+++ b/server/controllers/user/get-users.php
@@ -21,7 +21,6 @@ use Respect\Validation\Validator as DataValidator;
* @apiUse NO_PERMISSION
* @apiUse INVALID_PAGE
* @apiUse INVALID_ORDER
- * @apiUse USER_SYSTEM_DISABLED
*
* @apiSuccess {Object} data
* @apiSuccess {[User](#api-Data_Structures-ObjectUser)[]} data.users Array of users found
@@ -53,9 +52,6 @@ class GetUsersController extends Controller {
}
public function handler() {
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
$userList = $this->getUserList();
$userListArray = [];
diff --git a/server/controllers/user/invite.php b/server/controllers/user/invite.php
index 1e412c63..899ceaf6 100755
--- a/server/controllers/user/invite.php
+++ b/server/controllers/user/invite.php
@@ -64,9 +64,6 @@ class InviteUserController extends Controller {
}
public function handler() {
- if (!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
$this->storeRequestData();
diff --git a/server/controllers/user/login.php b/server/controllers/user/login.php
index 9bda4c7d..77c50d93 100755
--- a/server/controllers/user/login.php
+++ b/server/controllers/user/login.php
@@ -20,8 +20,6 @@ use RedBeanPHP\Facade as RedBean;
* @apiParam {Number} userId The id of the user to login.
* @apiParam {String} rememberToken Token to login automatically. It replaces the password.
*
- * @apiUse USER_SYSTEM_DISABLED
- * @apiUse SESSION_EXISTS
* @apiUse UNVERIFIED_USER
* @apiUse INVALID_CREDENTIALS
*
@@ -50,16 +48,8 @@ class LoginController extends Controller {
}
public function handler() {
- if(!Controller::isUserSystemEnabled() && !Controller::request('staff')) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
-
- if ($this->isAlreadyLoggedIn()) {
- throw new RequestException(ERRORS::SESSION_EXISTS);
- }
-
$this->clearOldRememberTokens();
-
+
if ($this->checkInputCredentials() || $this->checkRememberToken()) {
if($this->userInstance->verificationToken !== null) {
throw new RequestException(ERRORS::UNVERIFIED_USER);
@@ -82,10 +72,6 @@ class LoginController extends Controller {
}
}
- private function isAlreadyLoggedIn() {
- return Session::getInstance()->sessionExists();
- }
-
private function checkInputCredentials() {
$this->userInstance = $this->getUserByInputCredentials();
diff --git a/server/controllers/user/recover-password.php b/server/controllers/user/recover-password.php
index 45a51726..55c99433 100755
--- a/server/controllers/user/recover-password.php
+++ b/server/controllers/user/recover-password.php
@@ -20,7 +20,6 @@ DataValidator::with('CustomValidations', true);
*
* @apiUse INVALID_EMAIL
* @apiUse INVALID_PASSWORD
- * @apiUse USER_SYSTEM_DISABLED
* @apiUse NO_PERMISSION
*
* @apiSuccess {Object} data Empty object
@@ -73,10 +72,6 @@ class RecoverPasswordController extends Controller {
throw new RequestException(ERRORS::NO_PERMISSION);
}
- if(!Controller::isUserSystemEnabled() && !$recoverPassword->staff) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
-
if($recoverPassword->staff) {
$this->user = Staff::getDataStore($this->email, 'email');
} else {
@@ -88,7 +83,8 @@ class RecoverPasswordController extends Controller {
$recoverPassword->delete();
$this->user->setProperties([
- 'password' => Hashing::hashPassword($this->password)
+ 'password' => Hashing::hashPassword($this->password),
+ 'notRegistered' => null
]);
$this->user->store();
diff --git a/server/controllers/user/send-recover-password.php b/server/controllers/user/send-recover-password.php
index 12b27f80..bce17dea 100755
--- a/server/controllers/user/send-recover-password.php
+++ b/server/controllers/user/send-recover-password.php
@@ -51,10 +51,6 @@ class SendRecoverPasswordController extends Controller {
public function handler() {
$this->staff = Controller::request('staff');
- if(!Controller::isUserSystemEnabled() && !$this->staff) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
-
$email = Controller::request('email');
if($this->staff){
diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php
index 46758175..69cd493b 100755
--- a/server/controllers/user/signup.php
+++ b/server/controllers/user/signup.php
@@ -20,12 +20,12 @@ DataValidator::with('CustomValidations', true);
* @apiParam {String} password The password of the new user.
* @apiParam {String} apiKey APIKey to sign up an user if the registration system is disabled.
* @apiParam {String} customfield_ Custom field values for this user.
+ * @apiParam {Boolean} indirectSignUp Indicates if the new User has been created by ticket/create
*
* @apiUse INVALID_NAME
* @apiUse INVALID_EMAIL
* @apiUse INVALID_PASSWORD
* @apiUse INVALID_CAPTCHA
- * @apiUse USER_SYSTEM_DISABLED
* @apiUse USER_EXISTS
* @apiUse ALREADY_BANNED
* @apiUse NO_PERMISSION
@@ -81,16 +81,13 @@ class SignUpController extends Controller {
}
public function handler() {
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
$this->storeRequestData();
$apiKey = APIKey::getDataStore(Controller::request('apiKey'), 'token');
- $existentUser = User::getUser($this->userEmail, 'email');
-
- if (!$existentUser->isNull()) {
+ $user = User::getUser($this->userEmail, 'email');
+
+ if (!$user->isNull() && !$user->notRegistered) {
throw new RequestException(ERRORS::USER_EXISTS);
}
$banRow = Ban::getDataStore($this->userEmail,'email');
@@ -106,7 +103,7 @@ class SignUpController extends Controller {
if(!$apiKey->isNull() && $apiKey->type !== APIKey::REGISTRATION) {
throw new RequestException(ERRORS::INVALID_API_KEY_TYPE);
}
-
+
$userId = $this->createNewUserAndRetrieveId();
if(MailSender::getInstance()->isConnected()) {
@@ -129,15 +126,19 @@ class SignUpController extends Controller {
}
public function createNewUserAndRetrieveId() {
- $userInstance = new User();
+ $user = User::getUser($this->userEmail,'email');
+
+ $userInstance = ($user->isNull() ? new User() : $user );
+ $UserTickets = ($user->isNull() ? 0 : $user->tickets);
$userInstance->setProperties([
'name' => $this->userName,
'signupDate' => Date::getCurrentDate(),
- 'tickets' => 0,
+ 'tickets' => $UserTickets,
'email' => $this->userEmail,
'password' => Hashing::hashPassword($this->userPassword),
'verificationToken' => (MailSender::getInstance()->isConnected()) ? $this->verificationToken : null,
+ 'notRegistered' => Controller::request('indirectSignUp') ? true : null,
'xownCustomfieldvalueList' => $this->getCustomFieldValues()
]);
@@ -154,6 +155,6 @@ class SignUpController extends Controller {
'verificationToken' => $this->verificationToken
]);
- $mailSender->send();
+ if(!Controller::request('indirectSignUp')) $mailSender->send();
}
}
diff --git a/server/controllers/user/verify.php b/server/controllers/user/verify.php
index dc66e8c2..40072b6b 100755
--- a/server/controllers/user/verify.php
+++ b/server/controllers/user/verify.php
@@ -17,7 +17,6 @@ use Respect\Validation\Validator as DataValidator;
* @apiParam {String} token The validation token sent by email to the user.
*
* @apiUse INVALID_EMAIL
- * @apiUse USER_SYSTEM_DISABLED
* @apiUse INVALID_TOKEN
*
* @apiSuccess {Object} data Empty object
@@ -41,15 +40,11 @@ class VerifyController extends Controller{
}
public function handler() {
- if(!Controller::isUserSystemEnabled()) {
- throw new RequestException(ERRORS::USER_SYSTEM_DISABLED);
- }
$email = Controller::request('email');
$token = Controller::request('token');
$userRow = User::getDataStore($email, 'email');
-
if(!$userRow) {
throw new RequestException(ERRORS::INVALID_EMAIL);
}
diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php
index a1c35504..11971fd5 100755
--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@@ -199,14 +199,6 @@
* @apiDefine INVALID_BODY
* @apiError {String} INVALID_BODY The body is invalid.
*/
-/**
- * @apiDefine USER_SYSTEM_ENABLED
- * @apiError {String} USER_SYSTEM_ENABLED The user system is enabled.
- */
-/**
- * @apiDefine USER_SYSTEM_DISABLED
- * @apiError {String} USER_SYSTEM_DISABLED The user system is disabled.
- */
/**
* @apiDefine SYSTEM_USER_IS_ALREADY_DISABLED
* @apiError {String} SYSTEM_USER_IS_ALREADY_DISABLED The system user is already disabled.
@@ -307,6 +299,14 @@
* @apiDefine INVALID_API_KEY_TYPE
* @apiError {String} INVALID_API_KEY_TYPE Api key type is not one of the availables
*/
+/**
+ * @apiDefine MANDATORY_LOGIN_IS_DESACTIVATED
+ * @apiError {String} MANDATORY_LOGIN_IS_DESACTIVATED Mandatory login is disactivated
+ */
+/**
+ * @apiDefine REGISTRATION_IS_DESACTIVATED
+ * @apiError {String} REGISTRATION_IS_DESACTIVATED Registration is disactivated
+ */
class ERRORS {
const INVALID_CREDENTIALS = 'INVALID_CREDENTIALS';
@@ -360,8 +360,6 @@ class ERRORS {
const INVALID_TEMPLATE = 'INVALID_TEMPLATE';
const INVALID_SUBJECT = 'INVALID_SUBJECT';
const INVALID_BODY = 'INVALID_BODY';
- const USER_SYSTEM_ENABLED = 'USER_SYSTEM_ENABLED';
- const USER_SYSTEM_DISABLED = 'USER_SYSTEM_DISABLED';
const SYSTEM_USER_IS_ALREADY_DISABLED = 'SYSTEM_USER_IS_ALREADY_DISABLED';
const SYSTEM_USER_IS_ALREADY_ENABLED = 'SYSTEM_USER_IS_ALREADY_ENABLED';
const INVALID_PERIOD = 'INVALID_PERIOD';
@@ -387,4 +385,6 @@ class ERRORS {
const UNAVAILABLE_STATS = 'UNAVAILABLE_STATS';
const INVALID_COLOR = 'INVALID_COLOR';
const INVALID_API_KEY_TYPE = 'INVALID_API_KEY_TYPE';
+ const MANDATORY_LOGIN_IS_DESACTIVATED = 'MANDATORY_LOGIN_IS_DESACTIVATED';
+ const REGISTRATION_IS_DESACTIVATED = 'REGISTRATION_IS_DESACTIVATED';
}
diff --git a/server/libs/Controller.php b/server/libs/Controller.php
index 04711b5f..8bd566a8 100755
--- a/server/libs/Controller.php
+++ b/server/libs/Controller.php
@@ -71,7 +71,10 @@ abstract class Controller {
if ($session->isStaffLogged()) {
return Staff::getUser($session->getUserId());
} else {
- return User::getUser($session->getUserId());
+ $user = User::getUser($session->getUserId());
+ if($session->getTicketNumber()) $user->ticketNumber = $session->getTicketNumber();
+
+ return $user;
}
}
@@ -145,8 +148,8 @@ abstract class Controller {
return str_replace(array_map(function($index) { return "IMAGE_PATH_$index"; }, array_keys($imagePaths)), $imagePaths, $content);
}
- public static function isUserSystemEnabled() {
- return Setting::getSetting('user-system-enabled')->getValue();
+ public static function isLoginMandatory() {
+ return Setting::getSetting('mandatory-login')->getValue();
}
public static function getCustomFieldValues() {
diff --git a/server/models/DataStore.php b/server/models/DataStore.php
index 888a3ca4..9e56df92 100755
--- a/server/models/DataStore.php
+++ b/server/models/DataStore.php
@@ -96,6 +96,8 @@ abstract class DataStore {
public function __set($prop, $value) {
if (in_array($prop, static::getProps())) {
$this->properties[$prop] = $value;
+ } else if(property_exists($this, $prop)){
+ $this->{$prop} = $value;
} else {
throw new Exception("Invalid prop: $prop");
}
diff --git a/server/models/MailTemplate.php b/server/models/MailTemplate.php
index 008ba9b2..68a3979a 100755
--- a/server/models/MailTemplate.php
+++ b/server/models/MailTemplate.php
@@ -34,8 +34,6 @@ class MailTemplate extends DataStore {
'USER_EMAIL' => 'data/mail-templates/user-edit-email.html',
'PASSWORD_FORGOT' => 'data/mail-templates/user-password-forgot.html',
'USER_INVITE' => 'data/mail-templates/user-invite.html',
- 'USER_SYSTEM_DISABLED' => 'data/mail-templates/user-system-disabled.html',
- 'USER_SYSTEM_ENABLED' => 'data/mail-templates/user-system-enabled.html',
'TICKET_CREATED' => 'data/mail-templates/ticket-created.html',
'TICKET_RESPONDED' => 'data/mail-templates/ticket-responded.html',
'TICKET_CLOSED' => 'data/mail-templates/ticket-closed.html',
diff --git a/server/models/Session.php b/server/models/Session.php
index a193e88a..ab3de6db 100755
--- a/server/models/Session.php
+++ b/server/models/Session.php
@@ -30,13 +30,9 @@ class Session {
$this->store($key, $value);
}
- public function createSession($userId, $staff = false) {
+ public function createSession($userId, $staff = false, $ticketNumber = null) {
$this->store('userId', $userId);
$this->store('staff', $staff);
- $this->store('token', Hashing::generateRandomToken());
- }
-
- public function createTicketSession($ticketNumber) {
$this->store('ticketNumber', $ticketNumber);
$this->store('token', Hashing::generateRandomToken());
}
diff --git a/server/models/User.php b/server/models/User.php
index 4140459c..7c033461 100755
--- a/server/models/User.php
+++ b/server/models/User.php
@@ -9,16 +9,17 @@ use RedBeanPHP\Facade as RedBean;
* @apiParam {Number} id The id of the user.
* @apiParam {String} name The name of the user.
* @apiParam {Boolean} verified Indicates if the user has verified the email.
+ * @apiParam {Boolean} notRegistered Indicates if the user had logged at least one time.
* @apiParam {[CustomField](#api-Data_Structures-ObjectCustomfield)[]} customfields Indicates the values for custom fields.
*/
class User extends DataStore {
const TABLE = 'user';
-
+ public $ticketNumber = null;
public static function authenticate($userEmail, $userPassword) {
$user = User::getUser($userEmail, 'email');
- return ($user && Hashing::verifyPassword($userPassword, $user->password)) ? $user : new NullDataStore();
+ return ($user && Hashing::verifyPassword($userPassword, $user->password) && !$user->notRegistered) ? $user : new NullDataStore();
}
public static function getProps() {
@@ -31,7 +32,8 @@ class User extends DataStore {
'sharedTicketList',
'verificationToken',
'disabled',
- 'xownCustomfieldvalueList'
+ 'xownCustomfieldvalueList',
+ 'notRegistered'
];
}
@@ -44,7 +46,13 @@ class User extends DataStore {
}
public function canManageTicket(Ticket $ticket){
- return $ticket->isAuthor($this);
+ $ticketNumberInstanceValidation = true;
+
+ if($this->ticketNumber) {
+ $ticketNumberInstanceValidation = $this->ticketNumber == $ticket->ticketNumber;
+ }
+
+ return ($ticket->isAuthor($this) && $ticketNumberInstanceValidation);
}
public function toArray() {
@@ -55,6 +63,7 @@ class User extends DataStore {
'verified' => !$this->verificationToken,
'disabled' => $this->disabled,
'customfields' => $this->xownCustomfieldvalueList->toArray(),
+ 'notRegistered' => $this->notRegistered
];
}
}
diff --git a/tests/init.rb b/tests/init.rb
index a0d9f4b7..548150e0 100644
--- a/tests/init.rb
+++ b/tests/init.rb
@@ -23,6 +23,7 @@ require './user/recover-password.rb'
require './user/edit-password.rb'
require './user/edit-email.rb'
require './user/get.rb'
+
require './user/enable-disable.rb'
require './ticket/create.rb'
require './ticket/seen.rb'
@@ -73,6 +74,6 @@ require './ticket/edit-comment.rb'
require './ticket/edit-title.rb'
require './system/custom-fields.rb'
require './ticket/get-authors.rb'
-require './system/disable-user-system.rb'
require './ticket/search.rb'
+require './system/mandatory-login.rb'
# require './system/get-stats.rb'
diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb
deleted file mode 100644
index f0dd5f21..00000000
--- a/tests/system/disable-user-system.rb
+++ /dev/null
@@ -1,236 +0,0 @@
-describe'system/disable-user-system' do
- request('/user/logout')
- Scripts.login($staff[:email], $staff[:password], true)
-
- it 'should disable the user system' do
- result = request('/system/disable-user-system', {
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- password:$staff[:password]
- })
-
- (result['status']).should.equal('success')
-
- row = $database.getRow('setting', 'user-system-enabled', 'name')
-
- (row['value']).should.equal('0')
- row = $database.getRow('user', 1, 'id')
- (row).should.equal(nil)
-
- numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
-
- (numberOftickets.num_rows).should.equal(53)
-
- request('/user/logout')
-
- result = request('/user/signup', {
- :name => 'test name',
- :email => 'steve@mail.com',
- :password => 'customm'
- })
-
- (result['status']).should.equal('fail')
- (result['message']).should.equal('USER_SYSTEM_DISABLED')
-
- result = request('/user/login', {
- email: @loginEmail,
- password: @loginPass
- })
-
- (result['status']).should.equal('fail')
- (result['message']).should.equal('USER_SYSTEM_DISABLED')
- end
-
- it 'should create a ticket without user' do
- request('/user/logout')
- result = request('/ticket/create', {
- title: 'test ticket without user',
- content: 'The north remembers',
- departmentId: 1,
- language: 'en',
- })
-
- (result['status']).should.equal('fail')
- (result['message']).should.equal('INVALID_EMAIL')
-
- result = request('/ticket/create', {
- title: 'test ticket without user',
- content: 'The north remembers',
- departmentId: 1,
- language: 'en',
- name: 'Test Subject',
- email: 'emailtest@opensupports.com'
- })
-
- (result['status']).should.equal('success')
- end
-
- it 'should be able to comment on ticket as a non-logged user' do
- result = request('/ticket/create', {
- title: 'Doubt about Russian language',
- content: 'Stariy means old in Russian?',
- departmentId: 1,
- language: 'en',
- name: 'Abraham Einstein',
- email: 'abrahameinstein@opensupports.com'
- })
- (result['status']).should.equal('success')
-
- ticketNumber = result['data']['ticketNumber']
-
- result = request('/ticket/check', {
- ticketNumber: ticketNumber,
- email: 'abrahameinstein@opensupports.com',
- captcha: 'valid'
- })
- token = result['data']['token']
- (result['status']).should.equal('success');
-
- result = request('/ticket/comment', {
- content: 'I actually think it is not like that, but anyways, thanks',
- ticketNumber: ticketNumber,
- csrf_token: token
- })
- (result['status']).should.equal('success')
- end
-
- it 'should be able to assign and respond tickets' do
- Scripts.login($staff[:email], $staff[:password], true);
- ticket = $database.getLastRow('ticket');
- result = request('/staff/assign-ticket', {
- ticketNumber: ticket['ticket_number'],
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- })
- (result['status']).should.equal('success')
-
- result = request('/ticket/comment', {
- ticketNumber: ticket['ticket_number'],
- content: 'This is a staff response for a ticket without an user',
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- })
- (result['status']).should.equal('success')
- end
-
- it 'should be able to get the latest events as admin' do
- result = request('/staff/last-events', {
- page: 1,
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token
- })
- (result['status']).should.equal('success')
- (result['data'].size).should.equal(10)
- end
-
- it 'should be able to get system logs as admin' do
- result = request('/system/get-logs', {
- page: 1,
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token
- })
- (result['status']).should.equal('success')
- (result['data'].size).should.equal(10)
- end
-
- it 'should be be able to create a ticket as an admin' do
- result = request('/ticket/create', {
- title: 'created by staff with user system disabled',
- content: 'an staff created this ticket while user system disabled',
- departmentId: 1,
- language: 'en',
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token
- })
- (result['status']).should.equal('success')
- ticket = $database.getRow('ticket', result['data']['ticketNumber'], 'ticket_number')
- (ticket['author_id']).should.equal(nil)
- (ticket['author_staff_id']).should.equal('1')
- end
-
- it 'should be able to create a ticket using api' do
- api_key = Scripts.createAPIKey('ticketCreateKey', 'TICKET_CREATE')['data']
- request('/user/logout')
- result = request('/ticket/create', {
- email: 'fromapi@testemail.com',
- name: 'Random user',
- title: 'created by api',
- content: 'this ticket was created using anapi key while user system is disabled',
- departmentId: 1,
- language: 'en',
- apiKey: api_key
- })
- (result['status']).should.equal('success')
- end
-
- it 'should not disable the user system if it is already disabled 'do
- request('/user/logout')
- Scripts.login($staff[:email], $staff[:password], true)
-
- result = request('/system/disable-user-system', {
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- password:$staff[:password]
- })
-
- (result['status']).should.equal('fail')
- (result['message']).should.equal('SYSTEM_USER_IS_ALREADY_DISABLED')
- end
-
- it 'should allow staff members to recover their passwords' do
- request('/user/logout')
- result = request('/user/send-recover-password', {
- email: 'jorah@opensupports.com',
- staff: true
- })
- (result['status']).should.equal('success')
-
- token = $database.getLastRow('recoverpassword')['token'];
-
- result = request('/user/recover-password', {
- email: 'jorah@opensupports.com',
- password: 's3cur3p455w0rd',
- token: token
- })
- (result['status']).should.equal('success')
- (result['data']['staff']).should.equal('1')
-
- result = request('/user/login', {
- email: 'jorah@opensupports.com',
- password: 's3cur3p455w0rd',
- staff: true
- })
- (result['status']).should.equal('success')
- (result['data']['userEmail']).should.equal('jorah@opensupports.com')
- end
-
- it 'should enable the user system' do
- request('/user/logout')
- Scripts.login($staff[:email], $staff[:password], true)
- result = request('/system/enable-user-system', {
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- password:$staff[:password]
- })
-
- (result['status']).should.equal('success')
-
- row = $database.getRow('setting', 'user-system-enabled', 'name')
- (row['value']).should.equal('1')
-
- numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
-
- (numberOftickets.num_rows).should.equal(56)
- end
-
- it 'should not enable the user system' do
- result = request('/system/enable-user-system', {
- csrf_userid: $csrf_userid,
- csrf_token: $csrf_token,
- password:$staff[:password]
- })
-
- (result['status']).should.equal('fail')
- (result['message']).should.equal('SYSTEM_USER_IS_ALREADY_ENABLED')
- end
-end
diff --git a/tests/system/get-settings.rb b/tests/system/get-settings.rb
index 84ac35bd..9b25efe4 100644
--- a/tests/system/get-settings.rb
+++ b/tests/system/get-settings.rb
@@ -5,6 +5,7 @@ describe '/system/get-settings' do
(result['status']).should.equal('success')
(result['data']['language']).should.equal('en')
(result['data']['departments'][0]['name']).should.equal('Help and Support')
+ (result['data']['mandatory-login']).should.equal('1')
(result['data']['allowedLanguages'][0]).should.equal('en')
(result['data']['allowedLanguages'][1]).should.equal('es')
(result['data']['allowedLanguages'][2]).should.equal('de')
diff --git a/tests/system/init-settings.rb b/tests/system/init-settings.rb
index 36f909d9..4e0a7821 100755
--- a/tests/system/init-settings.rb
+++ b/tests/system/init-settings.rb
@@ -14,14 +14,14 @@ describe '/system/init-settings' do
it 'should initialize correctly' do
result = request('/system/init-settings', {
- 'user-system-enabled' => true,
'registration' => true,
'title' => 'Support Center',
'smtp-host' => 'localhost:7070',
'smtp-user' => 'testemail@opensupports.com',
'smtp-pass' => 'password',
'server-email' => 'testemail@opensupports.com',
- 'language' => 'en'
+ 'language' => 'en',
+ 'mandatory-login' => true
})
(result['status']).should.equal('success')
diff --git a/tests/system/mandatory-login.rb b/tests/system/mandatory-login.rb
new file mode 100644
index 00000000..44776a61
--- /dev/null
+++ b/tests/system/mandatory-login.rb
@@ -0,0 +1,386 @@
+describe'system/mandatory-login' do
+
+ it 'should fail if a creator tries to create a ticket without login' do
+
+ result = request('/ticket/create', {
+ email: 'nonuser@os4.com',
+ language: 'en',
+ name: 'nonuser',
+ title: 'ticket created without login',
+ content: 'THis is the first content created without login',
+ departmentId: 1
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('NO_PERMISSION')
+ end
+
+ request('/user/logout')
+ Scripts.login($staff[:email], $staff[:password], true)
+
+ it 'should fail trying to disable mandatory login when registration is off' do
+ request('/system/disable-registration', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+ result = request('/system/disable-mandatory-login', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('REGISTRATION_IS_DESACTIVATED')
+ row = $database.getRow('setting', 'mandatory-login', 'name')
+
+ (row['value']).should.equal('1')
+
+ request('/system/enable-registration', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+ end
+
+ it 'should disable the mandatory login' do
+ result = request('/system/disable-mandatory-login', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "invalidPassword"
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_PASSWORD')
+
+ row = $database.getRow('setting', 'mandatory-login', 'name')
+
+ (row['value']).should.equal('1')
+
+ result = request('/system/disable-mandatory-login', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+
+ (result['status']).should.equal('success')
+
+ row = $database.getRow('setting', 'mandatory-login', 'name')
+
+ (row['value']).should.equal('0')
+ end
+
+ it 'should fail trying to disable registration if mandatory login is false' do
+ result = request('/system/disable-registration', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('MANDATORY_LOGIN_IS_DESACTIVATED')
+ row = $database.getRow('setting', 'registration', 'name')
+
+ (row['value']).should.equal('1')
+ end
+ it 'should allow Staff invite Users when Mandatory-login is off' do
+ result = request('/user/invite', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ email: 'inviteduser@opensupports.com',
+ name: 'inviteduser'
+ })
+ (result['status']).should.equal('success')
+ (result['data']['userEmail']).should.equal('inviteduser@opensupports.com')
+
+ $row = $database.getRow('recoverpassword','inviteduser@opensupports.com','email')
+ ($row['email']).should.equal('inviteduser@opensupports.com')
+
+ end
+
+ it 'should allow a creator creates a ticket and create him a user' do
+ request('/user/logout')
+ result = request('/ticket/create', {
+ email: 'nonuser@os4.com',
+ language: 'en',
+ name: 'nonuser',
+ title: 'ticket created without login',
+ content: 'THis is a content created without login',
+ departmentId: 1
+ })
+ $ticketRow = $database.getRow('ticket','ticket created without login','title')
+ $userRow = $database.getRow('user','nonuser@os4.com','email')
+
+ (result['status']).should.equal('success')
+ (result['data']['ticketNumber']).should.equal($ticketRow['ticket_number'].to_i)
+ ($userRow['email']).should.equal('nonuser@os4.com')
+ ($userRow['not_registered']).should.equal('1')
+ ($userRow['tickets']).should.equal('1')
+ end
+
+ it 'should allow the creator creates another ticket and not create another user' do
+ result = request('/ticket/create', {
+ email: 'nonuser@os4.com',
+ language: 'en',
+ name: 'nonuser',
+ title: 'ticket2 created without login',
+ content: 'THis is the second content created without login',
+ departmentId: 1
+ })
+
+ $ticketRow = $database.getRow('ticket','ticket2 created without login','title')
+ $userRow = $database.getRow('user','nonuser@os4.com','email')
+
+ (result['status']).should.equal('success')
+ (result['data']['ticketNumber']).should.equal($ticketRow['ticket_number'].to_i)
+ ($userRow['email']).should.equal('nonuser@os4.com')
+ ($userRow['tickets']).should.equal('2')
+
+ end
+
+ it 'should fail if a creator check others ticket' do
+ $ticketRow = $database.getRow('ticket',1,'id')
+
+ result = request('/ticket/check', {
+ email: 'nonuser@os4.com',
+ ticketNumber: $ticketRow['ticket_number']
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('NO_PERMISSION')
+ end
+
+ it 'should fail if a creator tries to check an inexistant ticket' do
+
+ result = request('/ticket/check', {
+ email: 'nonuser@os4.com',
+ ticketNumber: 111111
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_TICKET')
+ end
+
+ it 'should allow a creator check a own ticket' do
+ $ticketRow = $database.getRow('ticket','ticket created without login','title')
+ $userRow = $database.getRow('user','nonuser@os4.com','email')
+
+ result = request('/ticket/check', {
+ email: 'nonuser@os4.com',
+ ticketNumber: $ticketRow['ticket_number']
+ })
+
+ (result['status']).should.equal('success')
+ (result['data']['userId']).should.equal($userRow['id'])
+ (result['data']['ticketNumber']).should.equal($ticketRow['ticket_number'])
+
+ $sessionToken = result['data']['token']
+ $sessionId = result['data']['userId']
+ $sessionTicketNumber = result['data']['ticketNumber']
+ end
+
+ it 'should fail if the creator creates a ticket using a diferent email of the session' do
+ result = request('/ticket/create', {
+ email: 'nonuser2@os4.com',
+ language: 'en',
+ name: 'nonuser2',
+ title: 'ticket3 created without login',
+ content: 'THis is the third content created without login',
+ departmentId: 1
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_EMAIL')
+ end
+
+ it 'should allow the creator get the ticket checked' do
+ result = request('/ticket/get', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber
+ })
+ (result['status']).should.equal('success')
+ (result['data']['title']).should.equal($ticketRow['title'])
+ (result['data']['content']).should.equal($ticketRow['content'])
+ end
+
+ it 'should allow the creator handle the ticket checked' do
+
+ result = request('/ticket/edit-title', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ title: 'new title of ticket created without login'
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/edit-comment', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ content: 'this is the new content of the ticket created without login'
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/comment', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ content: 'this is the first comment without login'
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/comment', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ content: 'this is the second comment without login'
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/edit-comment', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ ticketEventId: 0,
+ content: 'this is the first edited-comment without login'
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/close', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ })
+ (result['status']).should.equal('success')
+
+ $ticketRow = $database.getRow('ticket','new title of ticket created without login','title')
+
+ ($ticketRow['title']).should.equal('new title of ticket created without login')
+ ($ticketRow['content']).should.equal('this is the first edited-comment without login')
+ ($ticketRow['closed']).should.equal('1')
+
+ result = request('/ticket/delete', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $sessionTicketNumber,
+ })
+ (result['status']).should.equal('success')
+
+ end
+
+ it 'should fail if the creator tries to get a own ticket not checked' do
+ $ticketRow = $database.getRow('ticket','ticket2 created without login','title')
+
+ result = request('/ticket/get', {
+ csrf_token: $sessionToken,
+ csrf_userid: $sessionId,
+ ticketNumber: $ticketRow['ticket_number'],
+ })
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('NO_PERMISSION')
+ end
+
+ it 'should re-login if the creator tries to check another ticket with a existent session' do
+ $ticketRow = $database.getRow('ticket','ticket2 created without login','title')
+
+ result = request('/ticket/check', {
+ email: 'nonuser@os4.com',
+ ticketNumber: $ticketRow['ticket_number']
+ })
+
+ (result['status']).should.equal('success')
+ end
+
+ it 'should fail if the creator tries to login with email used to create tickets' do
+ result = request('/user/login', {
+ email: 'nonuser@os4.com'
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_CREDENTIALS')
+
+ request('/user/logout')
+
+ result = request('/user/login', {
+ email: 'nonuser@os4.com'
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_CREDENTIALS')
+ end
+
+ it 'should allow the creator sign up' do
+ request('/user/logout')
+ Scripts.createUser('nonuser@os4.com', 'customPassword', 'nonuser')
+ $userRow = $database.getRow('user','nonuser@os4.com','email')
+ ($userRow['never_logged']).should.equal(nil)
+ ($userRow['verification_token']).should.equal(nil)
+ end
+
+ it 'should allow the creator login and get more than 1 own ticket' do
+ request('/user/logout')
+ result = request('/user/login', {
+ email: 'nonuser@os4.com',
+ password: 'customPassword'
+ })
+ (result['status']).should.equal('success')
+
+ $sessionToken = result['data']['token']
+ $sessionUserId = result['data']['userId']
+
+ result = request('/ticket/create', {
+ title: 'Valid titlee',
+ content: 'ticket created to see ifcreator can handle 2 tickets',
+ departmentId: 1,
+ language: 'en',
+ csrf_userid: $sessionUserId,
+ csrf_token: $sessionToken
+ })
+ $ticket2 = $database.getRow('ticket', 'ticket2 created without login', 'title')
+ $ticket3 = $database.getRow('ticket', 'ticket created to see ifcreator can handle 2 tickets', 'content')
+
+ result = request('/ticket/get', {
+ csrf_userid: $sessionUserId,
+ csrf_token: $sessionToken,
+ ticketNumber: $ticket3['ticket_number'],
+ })
+ (result['status']).should.equal('success')
+
+ result = request('/ticket/get', {
+ csrf_userid: $sessionUserId,
+ csrf_token: $sessionToken,
+ ticketNumber: $ticket2['ticket_number'],
+ })
+ (result['status']).should.equal('success')
+ end
+
+ request('/user/logout')
+ Scripts.login($staff[:email], $staff[:password], true)
+
+ it 'should allow staff enable the mandatory login' do
+ result = request('/system/enable-mandatory-login', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "invalidPassword"
+ })
+
+ (result['status']).should.equal('fail')
+ (result['message']).should.equal('INVALID_PASSWORD')
+
+ row = $database.getRow('setting', 'mandatory-login', 'name')
+
+ (row['value']).should.equal('0')
+
+ result = request('/system/enable-mandatory-login', {
+ "csrf_userid" => $csrf_userid,
+ "csrf_token" => $csrf_token,
+ "password" => "staff"
+ })
+
+ (result['status']).should.equal('success')
+
+ row = $database.getRow('setting', 'mandatory-login', 'name')
+
+ (row['value']).should.equal('1')
+ end
+end
diff --git a/tests/ticket/get-authors.rb b/tests/ticket/get-authors.rb
index 04982816..b5ba93a1 100644
--- a/tests/ticket/get-authors.rb
+++ b/tests/ticket/get-authors.rb
@@ -1,6 +1,6 @@
describe '/ticket/get-authors/' do
- it 'should fail if a user is loged' do
+ it 'should fail if a user is logged' do
request('/user/logout')
Scripts.login('tyrion@opensupports.com', 'tyrionl')
diff --git a/tests/user/login.rb b/tests/user/login.rb
index 373d7050..15d5e98b 100644
--- a/tests/user/login.rb
+++ b/tests/user/login.rb
@@ -22,14 +22,13 @@ describe '/user/login' do
(result['status']).should.equal('success')
end
- it 'should fail if already logged in' do
+ it 'should not fail if already logged in' do
result = request('/user/login', {
email: @loginEmail,
password: @loginPass
})
- (result['status']).should.equal('fail')
- (result['message']).should.equal('SESSION_EXISTS')
+ (result['status']).should.equal('success')
end
it 'should login staff member' do