feat: API to create HMAC verified conversations (#7209)

Fixes: #6744

app/controllers/api/v1/accounts/contacts/contact_inboxes_controller.rb

@@ -1,11 +1,13 @@
 class Api::V1::Accounts::Contacts::ContactInboxesController < Api::V1::Accounts::Contacts::BaseController
+  include HmacConcern
   before_action :ensure_inbox, only: [:create]
 
   def create
     @contact_inbox = ContactInboxBuilder.new(
       contact: @contact,
       inbox: @inbox,
-      source_id: params[:source_id]
+      source_id: params[:source_id],
+      hmac_verified: hmac_verified?
     ).perform
   end
 

app/controllers/api/v1/accounts/conversations_controller.rb

@@ -1,6 +1,7 @@
 class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseController
   include Events::Types
   include DateRangeHelper
+  include HmacConcern
 
   before_action :conversation, except: [:index, :meta, :search, :create, :filter]
   before_action :inbox, :contact, :contact_inbox, only: [:create]
@@ -104,9 +105,6 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
   end
 
   def set_conversation_status
-    # TODO: temporary fallback for the old bot status in conversation, we will remove after couple of releases
-    # commenting this out to see if there are any errors, if not we can remove this in subsequent releases
-    # status = params[:status] == 'bot' ? 'pending' : params[:status]
     @conversation.status = params[:status]
     @conversation.snoozed_until = parse_date_time(params[:snoozed_until].to_s) if params[:snoozed_until]
   end
@@ -152,7 +150,8 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
     ContactInboxBuilder.new(
       contact: @contact,
       inbox: @inbox,
-      source_id: params[:source_id]
+      source_id: params[:source_id],
+      hmac_verified: hmac_verified?
     ).perform
   end
 

app/controllers/concerns/hmac_concern.rb

@@ -0,0 +1,5 @@
+module HmacConcern
+  def hmac_verified?
+    ActiveModel::Type::Boolean.new.cast(params[:hmac_verified]).present?
+  end
+end

spec/controllers/api/v1/accounts/contacts/contact_inboxes_controller_spec.rb

@@ -27,7 +27,9 @@ RSpec.describe '/api/v1/accounts/{account.id}/contacts/:id/contact_inboxes', typ
         end.to change(ContactInbox, :count).by(1)
 
         expect(response).to have_http_status(:success)
-        expect(contact.reload.contact_inboxes.map(&:inbox_id)).to include(channel_api.inbox.id)
+        contact_inbox = contact.reload.contact_inboxes.find_by(inbox_id: channel_api.inbox.id)
+        expect(contact_inbox).to be_present
+        expect(contact_inbox.hmac_verified).to be(false)
       end
 
       it 'creates a valid email contact inbox' do
@@ -43,6 +45,21 @@ RSpec.describe '/api/v1/accounts/{account.id}/contacts/:id/contact_inboxes', typ
         expect(contact.reload.contact_inboxes.map(&:inbox_id)).to include(channel_email.inbox.id)
       end
 
+      it 'creates an hmac verified contact inbox' do
+        create(:inbox_member, inbox: channel_api.inbox, user: agent)
+        expect do
+          post "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/contact_inboxes",
+               params: { inbox_id: channel_api.inbox.id, hmac_verified: true },
+               headers: agent.create_new_auth_token,
+               as: :json
+        end.to change(ContactInbox, :count).by(1)
+
+        expect(response).to have_http_status(:success)
+        contact_inbox = contact.reload.contact_inboxes.find_by(inbox_id: channel_api.inbox.id)
+        expect(contact_inbox).to be_present
+        expect(contact_inbox.hmac_verified).to be(true)
+      end
+
       it 'throws error for invalid source id' do
         create(:inbox_member, inbox: channel_twilio_sms.inbox, user: agent)
         expect do

spec/controllers/api/v1/accounts/conversations_controller_spec.rb

@@ -273,21 +273,6 @@ RSpec.describe 'Conversations API', type: :request do
           expect(response_data[:status]).to eq('pending')
         end
 
-        # TODO: remove this spec when we remove the condition check in controller
-        # Added for backwards compatibility for bot status
-        # remove this in subsequent release
-        # it 'creates a conversation as pending if status is specified as bot' do
-        #   allow(Rails.configuration.dispatcher).to receive(:dispatch)
-        #   post "/api/v1/accounts/#{account.id}/conversations",
-        #        headers: agent.create_new_auth_token,
-        #        params: { source_id: contact_inbox.source_id, status: 'bot' },
-        #        as: :json
-
-        #   expect(response).to have_http_status(:success)
-        #   response_data = JSON.parse(response.body, symbolize_names: true)
-        #   expect(response_data[:status]).to eq('pending')
-        # end
-
         it 'creates a new conversation with message when message is passed' do
           allow(Rails.configuration.dispatcher).to receive(:dispatch)
           post "/api/v1/accounts/#{account.id}/conversations",
@@ -304,13 +289,13 @@ RSpec.describe 'Conversations API', type: :request do
         it 'calls contact inbox builder if contact_id and inbox_id is present' do
           builder = double
           allow(Rails.configuration.dispatcher).to receive(:dispatch)
-          allow(ContactInboxBuilder).to receive(:new).and_return(builder)
+          allow(ContactInboxBuilder).to receive(:new).with(contact: contact, inbox: inbox, source_id: nil, hmac_verified: false).and_return(builder)
           allow(builder).to receive(:perform)
           expect(builder).to receive(:perform)
 
           post "/api/v1/accounts/#{account.id}/conversations",
                headers: agent.create_new_auth_token,
-               params: { contact_id: contact.id, inbox_id: inbox.id },
+               params: { contact_id: contact.id, inbox_id: inbox.id, hmac_verified: 'false' },
                as: :json
         end