Creating a ticket and new user with API & request header X-On-Behalf-Of

inevitable · December 21, 2023, 10:54am

Infos:

Used Zammad version: 6.2.0
Used Zammad installation type: docker-compose
Operating system:
Browser + version:

Expected behavior:

When a non-existing user(customer) submits the custom form ticket via API with request header X-On-Behalf-Of, create the user & ticket.

Actual behavior:

Throws the exception “No such user” if the request header X-On-Behalf-Of was provided with a non-existing user on Zammad. Otherwise, it’s working with existing users.

Steps to reproduce the behavior:

Way to create a user if X-On-Behalf-Of is provided with mail and if the user doesn’t exist on Zammad.

inevitable · December 21, 2023, 11:57am

Just to be more precise. If you don’t use the X-On-Behalf-Of header and a non-existing user(“customer_id”: “guess:customer@example.com”) sends the API form data, it will create a ticket, and a new user(customer@example.com), but Ticked will be created by admin(API token - system@example.com) as you can see:

So, every time the agent needs to reply to the customer, he gets the system@example.com mail account, which has permission to create tickets with API. Then, you must remove that email address and copy/paste it from the customer to be able to answer.
Here’s the JSON:

{
   "title": "Non-existing user - API creating a ticket test",
   "group": "Administrator",
   "customer_id": "guess:customer@example.com",
   "article": {
      "subject": "Non-existing user - API creating a ticket test",
      "body": "this is the new or non-existing user on Zammad system",
      "type": "web",
      "internal": false
   }
}

If you use the header X-On-Behalf-Of with the existing account that was created in the previous step(system@example.com), it works as expected:

So, the point is, has_user.rb file checks for the request header X-On-Behalf-Of. If the value(customer - mail) doesn’t exist in the Zammad, it will throw the Exception “No such user”.
Is there any way to expand this file to create a new user?

fliebe92 · December 27, 2023, 11:46am

Hi @inevitable. In my opinion, you’re mixing up stuff here. On behalf of and customer are two different matters…

inevitable · December 27, 2023, 1:07pm

I know that’s not the same thing. I thought that on HTTP Request X-On-Behalf-Of(not empty) and function “guess”, Ruby can check the email and, if does not exist, create a new user. If the header is empty, it will work.

Now we can get on the ticket’s UI customer’s profile, and the reply button also gets the customer’s email - resolved by adding JSON sender: “Customer” to the file.

The only thing is, when a ticket is created by API, Zammad sends the info that the ticket is created by API user, not Customer, but that’s not an issue for us at all. If you provide an existing user/email to the X-On-Behalf-Of HTTP header, then Zammad will send the info the ticked is created by the provided user/email, not the API user.

system · December 21, 2024, 1:07pm

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.