From 6cbe99704f198f3703404c16ed64664e80cbbcbd Mon Sep 17 00:00:00 2001
From: Dominik Klein <dk@zammad.com>
Date: Mon, 5 Jul 2021 12:19:06 +0200
Subject: [PATCH] Fixes #3611 - New location notification with X-On-Behalf.

---
 .../application_controller/handles_devices.rb |  2 ++
 spec/requests/api_auth_on_behalf_of_spec.rb   | 29 +++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/app/controllers/application_controller/handles_devices.rb b/app/controllers/application_controller/handles_devices.rb
index 2f6dc8608..a78164ddb 100644
--- a/app/controllers/application_controller/handles_devices.rb
+++ b/app/controllers/application_controller/handles_devices.rb
@@ -17,6 +17,7 @@ module ApplicationController::HandlesDevices
     switched_from_user_id = ENV['SWITCHED_FROM_USER_ID'] || session[:switched_from_user_id]
     return true if params[:controller] == 'init' # do no device logging on static initial page
     return true if switched_from_user_id
+    return true if current_user_on_behalf # do no device logging for the user on behalf feature
     return true if !user
     return true if !user.permissions?('user_preferences.device')
     return true if type == 'SSO'
@@ -42,6 +43,7 @@ module ApplicationController::HandlesDevices
 
     # if ip has not changed and ttl in still valid
     remote_ip = ENV['TEST_REMOTE_IP'] || request.remote_ip
+
     return true if time_to_check == false && session[:user_device_remote_ip] == remote_ip
 
     session[:user_device_remote_ip] = remote_ip
diff --git a/spec/requests/api_auth_on_behalf_of_spec.rb b/spec/requests/api_auth_on_behalf_of_spec.rb
index ea4c9b185..74f6f99c6 100644
--- a/spec/requests/api_auth_on_behalf_of_spec.rb
+++ b/spec/requests/api_auth_on_behalf_of_spec.rb
@@ -211,5 +211,34 @@ RSpec.describe 'Api Auth On Behalf Of', type: :request do
         expect(customer.id).to eq(json_response['created_by_id'])
       end
     end
+
+    context 'when customer account has device user permission' do
+      let(:customer_user_devices_role) do
+        create(:role).tap { |role| role.permission_grant('user_preferences.device') }
+      end
+
+      let(:customer) do
+        create(:customer, firstname: 'Behalf of', role_ids: Role.signup_role_ids.push(customer_user_devices_role.id))
+      end
+
+      it 'creates Ticket because of behalf of customer user, which should not trigger a new user device' do
+        params = {
+          title:       'a new ticket #3',
+          group:       'Users',
+          priority:    '2 normal',
+          state:       'new',
+          customer_id: customer.id,
+          article:     {
+            body: 'some test 123',
+          },
+        }
+        authenticated_as(admin, on_behalf_of: customer.email)
+        post '/api/v1/tickets', params: params, as: :json
+        expect(response).to have_http_status(:created)
+        expect(customer.id).to eq(json_response['created_by_id'])
+
+        expect { Scheduler.worker(true) }.to change(UserDevice, :count).by(0)
+      end
+    end
   end
 end