[Rt-commit] rt branch, 4.4/remove-user-info, created. rt-4.4.2-240-g5f0f72fe6

Craig Kaiser craig at bestpractical.com
Fri May 25 17:07:03 EDT 2018


The branch, 4.4/remove-user-info has been created
        at  5f0f72fe65dbfb980575383ba6d6c5bc538578f3 (commit)

- Log -----------------------------------------------------------------
commit 484bd6620f0576764f0ad29e85c48b9f4d596e8b
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date:   Thu May 3 09:34:38 2018 -0400

    Add option to disable escaping HTML in articles
    
    Fixes: I#32374

diff --git a/share/html/Admin/Articles/Classes/Modify.html b/share/html/Admin/Articles/Classes/Modify.html
index ef3f50317..f69a1601d 100644
--- a/share/html/Admin/Articles/Classes/Modify.html
+++ b/share/html/Admin/Articles/Classes/Modify.html
@@ -92,6 +92,10 @@
     <input type="checkbox" id="Include-Summary" name="Include-Summary" value="1" <% $include{Summary} %>>
     <label for="Include-Summary"><&|/l&>Include article summary</&></label>
 </li>
+<li>
+     <input type="checkbox" id="Include-EscapeHTML" name="Include-EscapeHTML" value="1" <% $include{EscapeHTML} %>>
+     <label for="Include-EscapeHTML"><&|/l&>Escape HTML (Unchecking this box is potentially unsafe)</&></label>
+</li>
 % if ( $cfs ) {
 % while (my $cf = $cfs->Next) {
 <li><&|/l, $cf->Name &>Include custom field '[_1]'</&>
@@ -187,7 +191,7 @@ if ((defined $Enabled && $Enabled == 1) or (not defined $Enabled and $Create)) {
     $Disabled = 1;
 }
 
-my %include = (Name => 1, Summary => 1);
+my %include = (Name => 1, Summary => 1, EscapeHTML => 1);
 my $subject_cfs = [];
 my $subject_cf_labels = {};
 
diff --git a/share/html/Articles/Article/Elements/Preformatted b/share/html/Articles/Article/Elements/Preformatted
index 74e5af058..997c4cd29 100644
--- a/share/html/Articles/Article/Elements/Preformatted
+++ b/share/html/Articles/Article/Elements/Preformatted
@@ -84,7 +84,7 @@
 % }
 <%init>
 my $class = $Article->ClassObj;
-my %include = (Name => 1, Summary => 1);
+my %include = (Name => 1, Summary => 1, EscapeHTML => 1);
 my $cfs = $class->ArticleCustomFields;
 $include{"CF-Title-".$_->Id} = $include{"CF-Value-".$_->Id} = 1 while $_ = $cfs->Next;
 $include{$_} = not $class->FirstAttribute("Skip-$_") for keys %include;
@@ -102,7 +102,7 @@ my $get_content = sub {
         content => \$content,
     );
 
-    if ( $content =~ /<.{1,5}>/ ) {
+    if ( $include{'EscapeHTML'} && $content =~ /<.{1,5}>/ ) {
         $content = RT::Interface::Email::ConvertHTMLToText( $content );
     }
     return $content;

commit dab73f8fa6320c819fe397bf081239065da31792
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date:   Fri May 4 16:01:13 2018 -0400

    Updated Articles docs to include disabling escaped HTML

diff --git a/docs/customizing/articles_introduction.pod b/docs/customizing/articles_introduction.pod
index 363a3859d..09b42d531 100644
--- a/docs/customizing/articles_introduction.pod
+++ b/docs/customizing/articles_introduction.pod
@@ -111,6 +111,27 @@ Articles can be included by searching for them, knowing the Id of the
 article, using the Article Hotlist and using the Queue-specific
 dropdown.
 
+=head3 Disabling Escaped HTML
+
+By default, when an article is inserted into the ticket message box,
+as a security measure, HTML tags are escaped and only text is displayed.
+For example, RT will display "Me You Greeting Hello world!" from the
+following XML:
+
+  <?xml version="1.0" encoding="UTF-8"?>
+  <note>
+    <to>Me</to>
+    <from>You</from>
+    <heading>Greeting</heading>
+    <body>Hello world!</body>
+  </note>
+
+In cases as above, where the content is harmless and displaying it on the
+ticket might be necessary, there is an option to disable escaping these
+tags per article class. This can be done by unchecking the "Escape HTML"
+box on the Modify Class page. Please note this is potentially unsafe and
+its use should be limited to trusted administrators.
+
 =head2 Queue-Specific List of Articles 
 
 You can use Topics to organize a set of Queue-specific Articles.

commit 27238b8b27f42db756067924e6caa8f270ecbd41
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date:   Wed Apr 11 10:29:52 2018 -0400

    Update article postfix loops from using $_ to a named variable
    
    The previous use of $_ could potentially cause other code to try to
    claim $_ resulting in unusual errors. Using a named variable rather
    will prevent any confusion.

diff --git a/share/html/Articles/Article/Elements/Preformatted b/share/html/Articles/Article/Elements/Preformatted
index 997c4cd29..4d4f3ed21 100644
--- a/share/html/Articles/Article/Elements/Preformatted
+++ b/share/html/Articles/Article/Elements/Preformatted
@@ -86,8 +86,13 @@
 my $class = $Article->ClassObj;
 my %include = (Name => 1, Summary => 1, EscapeHTML => 1);
 my $cfs = $class->ArticleCustomFields;
-$include{"CF-Title-".$_->Id} = $include{"CF-Value-".$_->Id} = 1 while $_ = $cfs->Next;
-$include{$_} = not $class->FirstAttribute("Skip-$_") for keys %include;
+while ( my $cf = $cfs->Next ) {
+    $include{"CF-Title-" . $cf->Id} = 1;
+    $include{"CF-Value-" . $cf->Id} = 1;
+}
+foreach my $key ( keys %include ) {
+    $include{$key} = not $class->FirstAttribute("Skip-$key");
+}
 
 my $get_content = sub {
     my $value = shift;

commit 0b24dae3856f934cfc19431cf47a1ebf8240fccc
Author: craig Kaiser <craig at bestpractical.com>
Date:   Mon Apr 23 09:37:18 2018 -0400

    Add keyboard shortcuts for reply and comment
    
    If the user is on a ticket page where the action link for reply or
    comment is available, then they should be able to use the keyboard
    shortcuts 'r' and 'c'.

diff --git a/share/html/Elements/ShortcutHelp b/share/html/Elements/ShortcutHelp
index d3e18e0cd..12d60f934 100644
--- a/share/html/Elements/ShortcutHelp
+++ b/share/html/Elements/ShortcutHelp
@@ -46,8 +46,10 @@
 %#
 %# END BPS TAGGED BLOCK }}}
 <%args>
-$show_search      => 0
-$show_bulk_update => 0
+$show_bulk_update     => 0
+$show_search          => 0
+$show_ticket_reply    => 0
+$show_ticket_comment  => 0
 </%args>
 
 <div class="keyboard-shortcuts">
@@ -115,4 +117,29 @@ $show_bulk_update => 0
 
 % }
 
+% if ($show_ticket_reply || $show_ticket_comment) {
+    <div class="titlebox">
+        <div class="titlebox-title">
+            <span class="left"><&|/l&>Ticket</&></span>
+            <span class="right-empty"></span>
+        </div>
+        <div class="titlebox-content">
+            <hr class="clear">
+            <table>
+%   if ( $show_ticket_reply ) {
+                <tr>
+                    <td class="key-column"><span class="keyboard-shortcuts-key">r</span></td>
+                    <td><&|/l&>Reply to current ticket</&></td>
+                </tr>
+%   }
+%   if ( $show_ticket_comment ) {
+                <tr>
+                    <td class="key-column"><span class="keyboard-shortcuts-key">c</span></td>
+                    <td><&|/l&>Comment on current ticket</&></td>
+                </tr>
+%   }
+            </table>
+        </div>
+    </div>
+% }
 </div>
diff --git a/share/html/Helpers/ShortcutHelp b/share/html/Helpers/ShortcutHelp
index 45f4e3e77..1bfad2c78 100644
--- a/share/html/Helpers/ShortcutHelp
+++ b/share/html/Helpers/ShortcutHelp
@@ -46,8 +46,10 @@
 %#
 %# END BPS TAGGED BLOCK }}}
 <%args>
-$show_search      => 0
-$show_bulk_update => 0
+$show_search         => 0
+$show_bulk_update    => 0
+$show_ticket_reply   => 0
+$show_ticket_comment => 0
 </%args>
 <& /Elements/ShortcutHelp, %ARGS &>
 % $m->abort;
diff --git a/share/html/SelfService/Helpers/ShortcutHelp b/share/html/SelfService/Helpers/ShortcutHelp
index 45f4e3e77..167c141a2 100644
--- a/share/html/SelfService/Helpers/ShortcutHelp
+++ b/share/html/SelfService/Helpers/ShortcutHelp
@@ -48,6 +48,8 @@
 <%args>
 $show_search      => 0
 $show_bulk_update => 0
+$show_ticket_reply => 0
+$show_ticket_comment => 0
 </%args>
 <& /Elements/ShortcutHelp, %ARGS &>
 % $m->abort;
diff --git a/share/static/js/keyboard-shortcuts.js b/share/static/js/keyboard-shortcuts.js
index a7b4cf54f..22dc962bb 100644
--- a/share/static/js/keyboard-shortcuts.js
+++ b/share/static/js/keyboard-shortcuts.js
@@ -34,10 +34,14 @@ jQuery(function() {
 
         var is_search = jQuery('body#comp-Search-Results').length > 0;
         var is_bulk_update = jQuery('body#comp-Search-Bulk').length > 0;
+        var is_ticket_reply = jQuery('a#page-actions-reply').length > 0;
+        var is_ticket_comment = jQuery('a#page-actions-comment').length > 0;
 
         var url = RT.Config.WebHomePath + '/Helpers/ShortcutHelp' +
                   '?show_search=' + ( is_search || is_bulk_update ? '1' : '0' ) +
-                  '&show_bulk_update=' + ( is_bulk_update ? '1' : '0' );
+                  '&show_bulk_update=' + ( is_bulk_update ? '1' : '0' ) +
+                  '&show_ticket_reply=' + ( is_ticket_reply ? '1' : '0' ) +
+                  '&show_ticket_comment=' + ( is_ticket_comment ? '1' : '0' );
 
         jQuery.ajax({
             url: url,
@@ -151,3 +155,22 @@ jQuery(function() {
     Mousetrap.bind('x', toggleTicketCheckbox);
 });
 
+jQuery(function() {
+    // Only load these shortcuts if reply or comment action is on page
+    var ticket_reply = jQuery('a#page-actions-reply');
+    var ticket_comment = jQuery('a#page-actions-comment');
+    if (!ticket_reply.length && !ticket_comment.length) return;
+
+    var replyToTicket = function() {
+        if (!ticket_reply.length) return;
+        window.location.href = ticket_reply.attr('href');
+    };
+
+    var commentOnTicket = function() {
+        if (!ticket_comment.length) return;
+        window.location.href = ticket_comment.attr('href');
+    };
+
+    Mousetrap.bind('r', replyToTicket);
+    Mousetrap.bind('c', commentOnTicket);
+});

commit 843170cdbc79c6dd7fb36111bc480f8e0c018b29
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date:   Mon Apr 9 16:15:29 2018 -0400

    Allow rt-setup-fulltext-index to prompt for dba password

diff --git a/sbin/rt-setup-fulltext-index.in b/sbin/rt-setup-fulltext-index.in
index 5cab8f632..76da05dcd 100644
--- a/sbin/rt-setup-fulltext-index.in
+++ b/sbin/rt-setup-fulltext-index.in
@@ -49,6 +49,7 @@
 use strict;
 use warnings;
 no warnings 'once';
+use Term::ReadKey;
 
 # fix lib paths, some may be relative
 BEGIN { # BEGIN RT CMD BOILERPLATE
@@ -650,6 +651,17 @@ sub dba_handle {
         $ENV{'NLS_NCHAR'} = "AL32UTF8";
     }
     my $dsn = do { my $h = new RT::Handle; $h->BuildDSN; $h->DSN };
+    my $password;
+    if ( defined $DB{'admin_password'} || defined $ENV{'RT_DBA_PASSWORD'} ) {
+        $password = $DB{'admin_password'} // $ENV{'RT_DBA_PASSWORD'};
+    } else {
+        print "Please enter $DB{'type'} admin password: ";
+        ReadMode('noecho');
+        chomp($password = ReadLine(0));
+        ReadMode('normal');
+        print "\n";
+    }
+    $DB{'admin_password'} = $password;
     my $dbh = DBI->connect(
         $dsn, $DB{admin}, $DB{admin_password},
         { RaiseError => 1, PrintError => 1 },

commit d5902aaed7e282cf5e619ba25379196e5b697457
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Mon May 21 11:01:48 2018 -0400

    Fix typo in POD

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index a38b14718..e8a4545de 100644
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -928,7 +928,7 @@ sub GetWebURLFromRequest {
 
 =head2 Redirect URL
 
-This routine ells the current user's browser to redirect to URL.  
+This routine tells the current user's browser to redirect to URL.  
 Additionally, it unties the user's currently active session, helping to avoid 
 A bug in Apache::Session 1.81 and earlier which clobbers sessions if we try to use 
 a cached DBI statement handle twice at the same time.

commit 3c98ed63ec03f92e7e35afd073d1d5168805fd2a
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Wed May 23 15:02:07 2018 -0400

    Add AnonymizeEmail method for RT::Attachments
    
    The AnonymizeEmail method will take an email address as input and search
    through the attachments table for records that match the provided email.
    For any instances of the email found, the email will be replaced with an
    anonymous email address.

diff --git a/lib/RT/Attachments.pm b/lib/RT/Attachments.pm
index 8b0608867..6e77bad65 100644
--- a/lib/RT/Attachments.pm
+++ b/lib/RT/Attachments.pm
@@ -252,6 +252,53 @@ sub AddRecord {
     return $self->SUPER::AddRecord( $record );
 }
 
+=head2 AnonymizeEmail EMAILADDRESS
+
+Remove all refernces of provided email addess in the attachments table's content,
+header and Subject columns.
+
+=cut
+
+sub AnonymizeEmail {
+    my $self = shift;
+    my $email = shift;
+
+    my $attachments = RT::Attachments->new( RT->SystemUser );
+    $attachments->Limit(FIELD => 'Content', VALUE => $email, OPERATOR => 'LIKE', CASESENSITIVE => 0);
+
+    my $find = $email;
+    my $replace = "anon\@example.com";
+    $find = quotemeta $find;
+    while (my $attachment = $attachments->Next) {
+        my $str = $attachment->Content;
+
+        $str =~ s/$find/$replace/gim;
+        $attachment->_Set( Field => 'Content', Value => $str );
+    }
+
+    $attachments->CleanSlate;
+    $attachments->Limit(FIELD => 'Headers', VALUE => $email, OPERATOR => 'LIKE', CASESENSITIVE => 0);
+
+    while (my $attachment = $attachments->Next) {
+        my $str = $attachment->Headers;
+
+        $str =~ s/$find/$replace/gim;
+        $attachment->_Set( Field => 'Headers', Value => $str );
+    }
+
+    $attachments->CleanSlate;
+    $attachments->Limit(FIELD => 'Subject', VALUE => $email, OPERATOR => 'LIKE');
+
+    while (my $attachment = $attachments->Next) {
+        my $str = $attachment->Subject;
+
+        $str =~ s/$find/$replace/gim;
+        $attachment->_Set( Field => 'Subject', Value => $str );
+    }
+
+    return (1, 'Emailaddress ' . $email . ' Anonymized');
+}
+
 RT::Base->_ImportOverlays();
 
 1;

commit a37f0a44932e6bb89bb55f4be11106c4a46892c2
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Wed May 23 15:06:16 2018 -0400

    Add GenerateAnonymousName function for RT::User
    
    The GenerateAnonymousName function will return a random valid (unique)
    username with the format 'anon_1234abcd' where after 'anon_' is a random
    string.

diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index ca47377cf..73e91ab8f 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -281,6 +281,29 @@ sub ValidateName {
     }
 }
 
+=head2 GenerateAnonymousName
+
+Generate a random username proceeded by 'anon_' and then 8
+random string, Returns the AnonymousName string.
+
+=cut
+
+sub GenerateAnonymousName {
+    my $self = shift;
+
+    my $valid_name = 1;
+    my $number = '';
+
+    while ( $valid_name ) {
+        my @Chars = ('a'..'z', 'A'..'Z', '1'..'9');
+        for (1..9) {
+            $number .= $Chars[int rand @Chars];
+        }
+        $valid_name = !$self->ValidateName('anon_' . $number);
+    }
+    return 'anon_' . $number;
+}
+
 =head2 ValidatePassword STRING
 
 Returns either (0, "failure reason") or 1 depending on whether the given

commit 2489d931ad1205a018413e565521cb0d7b048063
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Mon May 21 13:49:33 2018 -0400

    Create portlet for removing user information
    
    Mason template that has three buttons for removing user information. The
    buttons are 'Anonymize user', 'Replace User' and 'Remove User'.

diff --git a/share/html/Elements/UserRelatedInfo b/share/html/Elements/UserRelatedInfo
new file mode 100644
index 000000000..f48584e87
--- /dev/null
+++ b/share/html/Elements/UserRelatedInfo
@@ -0,0 +1,89 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2017 Best Practical Solutions, LLC
+%#                                          <sales at bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<div class="modal" id="user-info-modal">
+% if ( $attachments->Count > 500 ) {
+    <p>
+    You will need to update <% $attachments->Count %> attachment records to remove <% $user->EmailAddress ? $user->EmailAddress : $user->Name %>.
+    please use the command line tool to avoid crashing the server.
+    </p>
+     <a href="#" rel="modal:close"><button>Ok</button></a>
+% } else {
+    <p>Are you sure you want to update <% $attachments->Count %> attachment records to remove <% $user->EmailAddress ? $user->EmailAddress : $user->Name %></p>
+    <a href="?id=<% $id %>&Anonymize=1"><button>Ok</button></a>
+    <a href="#" rel="modal:close"><button>Cancel</button></a>
+% }
+</div>
+<&|/Widgets/TitleBox,
+    class => 'user-related-info',
+    title => loc("User related info"),
+&>
+
+<div class="row">
+    <div class="col-md-12">
+        <a href="#user-info-modal" rel="modal:open"><button>Anonymize User</button></a>
+        <a href="/Admin/Tools/Shredder/index.html?Plugin=Users&Users%3Astatus=enabled&Users%3Aname=<% $user->Name %>&Users%3Areplace_relations=nobody&Search=Search"><button name="replace-user">Replace User Information</button></a>
+        <a href="/Admin/Tools/Shredder/index.html?Plugin=Users&Users%3Astatus=enabled&Users%3Aname=<% $user->Name %>&Search=Search&remove_user"><button name="remove-user">Remove User Information</button></a>
+    </div>
+</div>
+</&>
+<%init>
+my $user = RT::User->new($session{'CurrentUser'});
+my ($ret, $msg) = $user->Load($id);
+return ($ret, $msg) unless $ret;
+
+# Number of attachments that will be Anonymized
+my $attachments = RT::Attachments->new( $session{CurrentUser} );
+$attachments->Limit(FIELD => 'Content', VALUE => $user->EmailAddress, OPERATOR => 'LIKE', CASESENSITIVE => 0, ENTRYAGGREGATOR => 'OR', SUBCLAUSE => 'email');
+$attachments->Limit(FIELD => 'Headers', VALUE => $user->EmailAddress, OPERATOR => 'LIKE', CASESENSITIVE => 0, ENTRYAGGREGATOR => 'OR', SUBCLAUSE => 'email');
+$attachments->Limit(FIELD => 'Subject', VALUE => $user->EmailAddress, OPERATOR => 'LIKE', CASESENSITIVE => 0, ENTRYAGGREGATOR => 'OR', SUBCLAUSE => 'email');
+</%init>
+
+<%ARGS>
+$Anonymize => undef
+$id        => undef
+</%ARGS>

commit 447698efc0fdbdd4c2f93994b7d4fe17f126da40
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Mon May 21 13:49:54 2018 -0400

    Add portlet for removing user info to modify page
    
    Call the mason component for the options to remove user information.
    Also handle if the Anonymize user option is selected in the INIT
    section.

diff --git a/share/html/Admin/Users/Modify.html b/share/html/Admin/Users/Modify.html
index 3b8bc42fc..7402b0f73 100644
--- a/share/html/Admin/Users/Modify.html
+++ b/share/html/Admin/Users/Modify.html
@@ -232,6 +232,8 @@
 % }
 </form>
 
+<& /Elements/UserRelatedInfo, id => $id, Anonymize => $ARGS{Anonymize} &>
+
 <%INIT>
 
 my $UserObj = RT::User->new($session{'CurrentUser'});
@@ -308,6 +310,24 @@ if ( $UserObj->Id ) {
     }
 }
 
+if ( $ARGS{Anonymize} ) {
+    my @attrs = keys %{ $UserObj->_CoreAccessible };
+
+    my $attachments = RT::Attachments->new( $session{CurrentUser} );
+    my ($ret, $msg) = $attachments->AnonymizeEmail($UserObj->EmailAddress);
+    return ($ret, $msg) unless $ret;
+
+    # Remove identifying user information from record
+    foreach my $attr (@attrs) {
+        my $method = 'Set' . $attr;
+            $UserObj->$method('');
+    }
+
+    my $anon_name = $UserObj->GenerateAnonymousName();
+    ($ret, $msg) = $UserObj->SetName($anon_name);
+    return ($ret, $msg) unless $ret;
+}
+
 # This code does automatic redirection if any updates happen.
 MaybeRedirectForResults(
     Actions   => \@results,

commit beb905a26e94c6928106c88406edf36372ec1c8c
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Mon May 21 16:49:28 2018 -0400

    Check that user information is anonymized

diff --git a/t/remove_user_info.t b/t/remove_user_info.t
new file mode 100644
index 000000000..6fc27e8aa
--- /dev/null
+++ b/t/remove_user_info.t
@@ -0,0 +1,61 @@
+
+use strict;
+use warnings;
+use RT;
+use RT::Test tests => undef;
+
+{
+ok(require RT::User);
+}
+
+my ($baseurl, $agent) = RT::Test->started_ok;
+my $url = $agent->rt_base_url;
+
+# test a login
+{
+    $agent->login('root' => 'password');
+    # the field isn't named, so we have to click link 0
+    is( $agent->status, 200, "Fetched the page ok");
+    $agent->content_contains("Logout", "Found a logout link");
+}
+
+# GDPR
+{
+    my $TestUser = RT::Test->load_or_create_user( Name => 'TestUser', EmailAddress => 'test at example.com' );
+    ok $TestUser && $TestUser->id;
+
+    my $root = RT::Test->load_or_create_user( Name => 'root');
+    ok $root && $root->id;
+
+    my $queue = RT::Test->load_or_create_queue( Name => 'General' );
+    ok $queue && $queue->id;
+
+    # Create transaction on ticket by TestUser user
+    my $ticket = RT::Ticket->new( $root );
+    my ($id) = $ticket->Create( Subject => 'test', Requestor => 'TestUser', Queue => $queue );
+    ok $id;
+
+    $agent->get($url . "Admin/Users/Modify.html?&Anonymize=1&id=" . $TestUser->id);
+    ok $agent;
+
+    my $user = RT::User->new(RT->SystemUser);
+    ok !$user->Load('TestUser'), 'Username removed';
+
+    # UserId is still the same, but all other records should be anonimyzed for TestUser
+    $user->Load( $TestUser->id );
+
+    ok $user->Name =~ /anon_/, 'Username replaced with anon name';
+
+    # Ensure that all other user fields are blank
+    my @attrs = keys %{ $user->_CoreAccessible };
+    foreach my $attr (@attrs) {
+        if ( $attr eq 'Password' || $attr eq 'Name' || $attr eq 'id'
+            || $attr eq 'LastUpdatedBy' || $attr eq 'AuthToken' || $attr eq 'Created' || $attr eq 'Creator' || $attr eq 'LastUpdated') {
+            # Do nothing
+        } else {
+            ok $user->$attr eq '', 'Attribute ' . $attr . ' is blank';
+        }
+    }
+}
+
+done_testing();

commit 5f0f72fe65dbfb980575383ba6d6c5bc538578f3
Author: Craig Kaiser <craig at bestpractical.com>
Date:   Thu May 24 13:41:00 2018 -0400

    Add test for replace user information

diff --git a/t/remove_user_info.t b/t/remove_user_info.t
index 6fc27e8aa..f0ab64628 100644
--- a/t/remove_user_info.t
+++ b/t/remove_user_info.t
@@ -58,4 +58,48 @@ my $url = $agent->rt_base_url;
     }
 }
 
+{
+    # Test replace user
+    my $TestUser = RT::Test->load_or_create_user( Name => 'TestUser' );
+    ok $TestUser && $TestUser->id;
+
+    $agent->get($url ."Admin/Users/Modify.html?id=" . $TestUser->id);
+    ok $agent;
+
+    $agent->follow_link( url_regex => qr/replace_relations/i );
+
+    $agent->form_id('shredder-search-form');
+    $agent->current_form->find_input('WipeoutObject')->check;
+    $agent->click_button(name => 'Wipeout');
+
+    ok $agent;
+
+    # TestUser should not exist
+    my $user = RT::User->new(RT->SystemUser);
+    is $user->Load($TestUser->id), 0, 'User successfully deleted';
+
+    # Need to check that user was replaced
+}
+
+{
+    # Test Remove user
+    my $TestUser = RT::Test->load_or_create_user( Name => 'TestUser' );
+    ok $TestUser && $TestUser->id;
+
+    $agent->get($url ."Admin/Users/Modify.html?id=" . $TestUser->id);
+    ok $agent;
+
+    $agent->follow_link( url_regex => qr/remove_user/i );
+
+    $agent->form_id('shredder-search-form');
+    $agent->current_form->find_input('WipeoutObject')->check;
+    $agent->click_button(name => 'Wipeout');
+
+    ok $agent;
+
+    # TestUser should not exist
+    my $user = RT::User->new(RT->SystemUser);
+    is $user->Load($TestUser->id), 0, 'User successfully deleted';
+}
+
 done_testing();

-----------------------------------------------------------------------


More information about the rt-commit mailing list