Hi @MrGeneration and @thorsteneckel,
Thanks for the quick response!
Ok, let me give you a more detailed explanation.
In my case first user has:
id = 4
login = 500m***t@gmail.com
email = 500m***t@gmail.com
Second user has:
id = 500
login = li***8904@gmail.com
email = li***8904@gmail.com
(These are real emails with some symbols replaced with asterisks for privacy).
I do a request:
curl -H "Authorization: Token token=<token>" -H "X-On-Behalf-Of: 500m***t@gmail.com" -H "Content-Type: application/json" http://zammad.local/api/v1/users/me
The result is:
{
"id": 500,
"organization_id": null,
"login": "li***8904@gmail.com",
"firstname": "Lion",
"lastname": "***e",
"email": "li***8904@gmail.com",
"image": null,
"image_source": null,
"web": "",
"phone": "",
"fax": "",
"mobile": "",
"department": "",
"street": "",
"zip": "",
"city": "",
"country": "",
"address": "",
"vip": false,
"verified": false,
"active": true,
"note": "",
"last_login": null,
"source": null,
"login_failed": 0,
"out_of_office": false,
"out_of_office_start_at": null,
"out_of_office_end_at": null,
"out_of_office_replacement_id": null,
"preferences": {
"locale": "en-us",
"tickets_closed": 0,
"tickets_open": 1
},
"updated_by_id": 500,
"created_by_id": 3,
"created_at": "2019-12-01T05:29:02.820Z",
"updated_at": "2019-12-03T09:47:09.299Z",
"role_ids": [
3
],
"organization_ids": [],
"authorization_ids": [],
"group_ids": {}
}
This issue was not happening until the user with id 500 was created.
Then, to double check this, I’ve took other user who’s email starts from digits:
id = 3703
login = 12711@stu.***rich5.org
email = 12711@stu.***rich5.org
And created a user with the id 12711:
id = 12711
login = alex***skih@gmail.com
email = alex***skih@gmail.com
curl -H "Authorization: Token token=<token>" -H "12711@stu.***rich5.org" -H "Content-Type: application/json" http://zammad.local/api/v1/users/me
The result is:
{
"id": 12711,
"organization_id": 1,
"login": "alex***skih@gmail.com",
"firstname": "Alexander",
"lastname": "***skikh",
"email": "alex***skih@gmail.com",
"image": "cb478cb900c9d6a9e6506fee09519ed1",
"image_source": "",
"web": "",
"phone": "",
"fax": "",
"mobile": "",
"department": "",
"street": "",
"zip": "",
"city": "",
"country": "",
"address": "",
"vip": false,
"verified": false,
"active": true,
"note": "",
"last_login": "2019-07-10T10:23:06.108Z",
"source": "",
"login_failed": 0,
"out_of_office": false,
"out_of_office_start_at": "2019-07-10",
"out_of_office_end_at": "2019-07-10",
"out_of_office_replacement_id": 4,
"preferences": {},
"updated_by_id": 4,
"created_by_id": 4,
"created_at": "2019-07-10T10:23:06.108Z",
"updated_at": "2019-07-10T10:23:06.108Z",
"role_ids": [],
"organization_ids": [],
"authorization_ids": [],
"group_ids": {}
}
So, as you can see, in both cases these user pairs have completely different ids, logins and emails. The only connection between users in one pair is that the digits from which the email of the first user is started are the same as id of the second user.
It behaves like Zammad is throwing away everything which is going after @ in the email passed via header, thinking that this is a user id.
For me it’s looking more like a bug than like an intended behavior.