Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Programmatically managing user accounts and organisations

Hello everyone.

I'm part of a team that's building a SaaS product and one of requirements is to have a support system that integrates with our own system. osTicket looks perfect however I can't really understand if it's possible (and how) to programmatically manage the users/organizations.

The operations that need to be preformed are the following:
  • Create an organization
  • Set a variable/property/field for an organization
  • Create user/account and assign to organization
  • Update account password
  • Delete account (more on that later)
  • Set a variable/property/field for a user

One of features of our product is that the user accounts are kinda ephemeral - the organization admins can create them and delete as they please. From what I understood osTicket separates between users and accounts in sense that a user can exist without an account. However I haven't found a way to remove an account from a user - is it possible (for account deletion purposes)?

Does osTicket have some kind of management API? The only API I managed to find is to create tickets - which doesn't suit us. If osTicket doesn't have this kind of functionality - where is possible to hook and add this functionality ourselves? The documentation about internals is extremely scarce...

Thanks in advance

EDIT: I'm OK with doing this by modifying the database directly, however I don't want to do this with poor knowledge of internals (to avoid breaking something)

Tagged:

Comments

  • Hey,

    We've made a small program that hooks up straight to the database where it creates all the organizations and put the users that are present into the correct organization based on a coworker database we use for a different system.

    So yea it would definitly be possible, the question is only at what level you want to do it, do you want to create an api that you call on or would you prefer to interact with the database directly?
  • Q: However I haven't found a way to remove an account from a user - is it possible (for account deletion purposes)?
    A: I have no idea if this would have the desired affect... but if you delete the user from ost_user_account but left them in ost_user it might do what your trying to do.   they wouldn't be able to log in anymore but their old data (and name) would still exist..


    Q: Does osTicket have some kind of management API?
    A: No.  But you could write one.

    I'll ask a dev to take a peek at this thread.  Maybe one of them can give you a better reply. :)
  • @Micke1101

    I'll go with whatever works better and takes less time to make :) That's probably the database but I don't want to risk breaking stuff since I've got no clue on the internal workings of osTicket (especially how it handles password hashing)

    @ntozier

    they wouldn't be able to log in anymore but their old data (and name) would still exist. That's exactly what I need, I just wasn't sure it would work. And thanks!
  • Future proofing wise i would say, make the api, if you want full control on what goes in and out then the database.

    Below is some suggestions to code that you can call in your api in order to do the tasks that you list, some might requiring some additional modifications.

    Basecode for making an api

    To create a organization

    Set organization field

    To create a user

    Assign user to organization

    Set user password

    Delete user

    Update user field
  • edited April 20
    @Micke1101 Thanks, this would definitely help if I go the API route! But I think you pasted the wrong link for 'Delete user'
  • @Micke1101 Thanks! Even I go the DB way your links will help me understand how osTicket works. Also, small question: when you built your synchronization by modifying directly the DB, where there many problems? Or did osTicket gracefully understand the changes without any weird behavior?
  • There's not been any problems for us so far.
    If the organization is missing we simply add it using INSERT INTO ost_organization (name) VALUES('New organization name')

    And to set the users organization we use the following command
    UPDATE ost_user SET org_id=3 WHERE default_email_id=6

    To get the existing organizations
    SELECT id, name FROM `ost_organization`

    To get the email_ids
    SELECT id, address FROM `ost_user_email`

    We're not doing this today, but to update the password you would do something like this
    UPDATE ost_user_account SET passwd=md5('NewSecretPassword') WHERE `user_id`=2
  • > passwd=md5('NewSecretPassword')

    That unfortunately won't work as osTicket uses some non-standard password encoding technique (and it's one of things I'm looking for). But I'm glad to hear that direct DB manipulation doesn't cause any problems
  • That's weird because i've used that method to reset passwords before :)
  • @xymanek  yes it will work.  Try it and see.
  • Also decided to fiddle around with the api and they seem to work :)
    Should probably add some more checks.

    Create user
    <?php
    @chdir(dirname(__FILE__).'/'); //Change dir.
    require('api.inc.php');

    if (!osTicket::is_cli())
        die(__('cron.php only supports local cron calls - use http -> api/tasks/cron'));

    require_once(INCLUDE_DIR.'class.user.php');
    $vars = array();
    foreach ($_GET as $key => $value)
    $vars[$key] = $value;
    if($user = User::fromVars($vars))
    UserAccount::createForUser($user, true);
    ?>

    Create organization
    <?php
    @chdir(dirname(__FILE__).'/'); //Change dir.
    require('api.inc.php');

    if (!osTicket::is_cli())
        die(__('cron.php only supports local cron calls - use http -> api/tasks/cron'));

    require_once(INCLUDE_DIR.'class.organization.php');
    $vars = array();
    foreach ($_GET as $key => $value)
    $vars[$key] = $value;
    Organization::fromVars($vars);
    ?>

    1.png
    914 x 587 - 48K
    2.png
    910 x 594 - 48K
  • @Micke1101 I've decided to go the DB route, but thanks anyway!

    @ntozier And that's what I meant when I said that I don't know the internals :)

    I've done some digging around and managed to track down the sign-in implementation, including the md5 functionality (https://github.com/osTicket/osTicket/blob/develop/include/class.client.php#L360). My question: can I override the hashing functionality and use password_hash and password_verify? This will simplify everything as I can just use the hash from my main application (since I'm going the DB route)
  • Yea if you just replace the MD5 fallback with your hash method it should still work fine.
Sign In or Register to comment.