fix: Disable enqueueing Avatar jobs if the URL is invalid (#12035)

- Add a new queue purgable
- Disable enqueuing the job if URL is invalid

app/actions/contact_identify_action.rb

@@ -6,6 +6,7 @@
 # We don't want to update the name of the identified original contact.
 
 class ContactIdentifyAction
+  include UrlHelper
   pattr_initialize [:contact!, :params!, { retain_original_contact_name: false, discard_invalid_attrs: false }]
 
   def perform
@@ -104,7 +105,14 @@ class ContactIdentifyAction
     # TODO: replace reject { |_k, v| v.blank? } with compact_blank when rails is upgraded
     @contact.discard_invalid_attrs if discard_invalid_attrs
     @contact.save!
-    Avatar::AvatarFromUrlJob.perform_later(@contact, params[:avatar_url]) if params[:avatar_url].present? && !@contact.avatar.attached?
+    enqueue_avatar_job
+  end
+
+  def enqueue_avatar_job
+    return unless params[:avatar_url].present? && !@contact.avatar.attached?
+    return unless url_valid?(params[:avatar_url])
+
+    Avatar::AvatarFromUrlJob.perform_later(@contact, params[:avatar_url])
   end
 
   def merge_contact(base_contact, merge_contact)

app/jobs/avatar/avatar_from_gravatar_job.rb

@@ -1,5 +1,5 @@
 class Avatar::AvatarFromGravatarJob < ApplicationJob
-  queue_as :low
+  queue_as :purgable
 
   def perform(avatarable, email)
     return if GlobalConfigService.load('DISABLE_GRAVATAR', '').present?

app/jobs/avatar/avatar_from_url_job.rb

@@ -1,5 +1,5 @@
 class Avatar::AvatarFromUrlJob < ApplicationJob
-  queue_as :low
+  queue_as :purgable
 
   def perform(avatarable, avatar_url)
     return unless avatarable.respond_to?(:avatar)

config/sidekiq.yml

@@ -24,6 +24,7 @@
   - low
   - scheduled_jobs
   - deferred
+  - purgable
   - housekeeping
   - async_database_migration
   - active_storage_analysis

spec/actions/contact_identify_action_spec.rb

@@ -36,12 +36,18 @@ describe ContactIdentifyAction do
       expect(result.additional_attributes['social_profiles']).to eq({ 'linkedin' => 'saras', 'twitter' => 'saras' })
     end
 
-    it 'enques avatar job when avatar url parameter is passed' do
+    it 'enqueues avatar job when valid avatar url parameter is passed' do
       params = { name: 'test', avatar_url: 'https://chatwoot-assets.local/sample.png' }
       expect(Avatar::AvatarFromUrlJob).to receive(:perform_later).with(contact, params[:avatar_url]).once
       described_class.new(contact: contact, params: params).perform
     end
 
+    it 'does not enqueue avatar job when invalid avatar url parameter is passed' do
+      params = { name: 'test', avatar_url: 'invalid-url' }
+      expect(Avatar::AvatarFromUrlJob).not_to receive(:perform_later)
+      described_class.new(contact: contact, params: params).perform
+    end
+
     context 'when contact with same identifier exists' do
       it 'merges the current contact to identified contact' do
         existing_identified_contact = create(:contact, account: account, identifier: 'test_id')

spec/jobs/avatar/avatar_from_gravatar_job_spec.rb

@@ -7,7 +7,7 @@ RSpec.describe Avatar::AvatarFromGravatarJob do
 
   it 'enqueues the job' do
     expect { described_class.perform_later(avatarable, email) }.to have_enqueued_job(described_class)
-      .on_queue('low')
+      .on_queue('purgable')
   end
 
   it 'will call AvatarFromUrlJob with gravatar url' do

spec/jobs/avatar/avatar_from_url_job_spec.rb

@@ -6,7 +6,7 @@ RSpec.describe Avatar::AvatarFromUrlJob do
 
   it 'enqueues the job' do
     expect { described_class.perform_later(avatarable, avatar_url) }.to have_enqueued_job(described_class)
-      .on_queue('low')
+      .on_queue('purgable')
   end
 
   it 'will attach avatar from url' do