fix: Manage Twilio SMS channel via inbox API (#11457)

- Currently Chatwoot manages Twilio Inbox creation in a separate controller , We want to move this to inboxes api so that we have a unified API for inbox related changes --------- Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-10-30 10:42:38 +00:00 · 2025-05-14 23:58:54 -07:00
parent ac884f58f5
commit a4c7b73888
4 changed files with 54 additions and 0 deletions
--- a/app/controllers/api/v1/accounts/channels/twilio_channels_controller.rb
+++ b/app/controllers/api/v1/accounts/channels/twilio_channels_controller.rb
@@ -1,3 +1,6 @@
+# TODO : Move this to inboxes controller and deprecate this controller
+# No need to retain this controller as we could handle everything centrally in inboxes controller
+
 class Api::V1::Accounts::Channels::TwilioChannelsController < Api::V1::Accounts::BaseController
  before_action :authorize_request

--- a/app/models/channel/twilio_sms.rb
+++ b/app/models/channel/twilio_sms.rb
@@ -30,6 +30,11 @@ class Channel::TwilioSms < ApplicationRecord
  # The same parameter is used to store api_key_secret if api_key authentication is opted
  validates :auth_token, presence: true

+  EDITABLE_ATTRS = [
+    :account_sid,
+    :auth_token
+  ].freeze
+
  # Must have _one_ of messaging_service_sid _or_ phone_number, and messaging_service_sid is preferred
  validates :messaging_service_sid, uniqueness: true, presence: true, unless: :phone_number?
  validates :phone_number, absence: true, if: :messaging_service_sid?
--- a/app/views/api/v1/models/_inbox.json.jbuilder
+++ b/app/views/api/v1/models/_inbox.json.jbuilder
@@ -62,6 +62,10 @@ json.instagram_id resource.channel.try(:instagram_id) if resource.instagram?
 json.messaging_service_sid resource.channel.try(:messaging_service_sid)
 json.phone_number resource.channel.try(:phone_number)
 json.medium resource.channel.try(:medium) if resource.twilio?
+if resource.twilio? && Current.account_user&.administrator?
+  json.auth_token resource.channel.try(:auth_token)
+  json.account_sid resource.channel.try(:account_sid)
+end

 if resource.email?
  ## Email Channel Attributes
--- a/spec/controllers/api/v1/accounts/inboxes_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/inboxes_controller_spec.rb
@@ -147,6 +147,32 @@ RSpec.describe 'Inboxes API', type: :request do
        expect(data[:imap_login]).to eq('test@test.com')
      end

+      context 'when it is a Twilio inbox' do
+        let(:twilio_channel) { create(:channel_twilio_sms, account: account, account_sid: 'AC123', auth_token: 'secrettoken') }
+        let(:twilio_inbox) { create(:inbox, channel: twilio_channel, account: account) }
+
+        it 'returns auth_token and account_sid for admin' do
+          get "/api/v1/accounts/#{account.id}/inboxes/#{twilio_inbox.id}",
+              headers: admin.create_new_auth_token,
+              as: :json
+          expect(response).to have_http_status(:success)
+          data = JSON.parse(response.body, symbolize_names: true)
+          expect(data[:auth_token]).to eq('secrettoken')
+          expect(data[:account_sid]).to eq('AC123')
+        end
+
+        it "doesn't return auth_token and account_sid for agent" do
+          create(:inbox_member, user: agent, inbox: twilio_inbox)
+          get "/api/v1/accounts/#{account.id}/inboxes/#{twilio_inbox.id}",
+              headers: agent.create_new_auth_token,
+              as: :json
+          expect(response).to have_http_status(:success)
+          data = JSON.parse(response.body, symbolize_names: true)
+          expect(data[:auth_token]).to be_nil
+          expect(data[:account_sid]).to be_nil
+        end
+      end
+
      it 'fetch API inbox without hmac token when agent' do
        api_channel = create(:channel_api, account: account)
        api_inbox = create(:inbox, channel: api_channel, account: account)
@@ -518,6 +544,22 @@ RSpec.describe 'Inboxes API', type: :request do
        expect(email_channel.reload.email).to eq('emailtest@email.test')
      end

+      it 'updates twilio sms inbox when administrator' do
+        twilio_sms_channel = create(:channel_twilio_sms, account: account)
+        twilio_sms_inbox = create(:inbox, channel: twilio_sms_channel, account: account)
+        expect(twilio_sms_inbox.reload.channel.account_sid).not_to eq('account_sid')
+        expect(twilio_sms_inbox.reload.channel.auth_token).not_to eq('new_auth_token')
+
+        patch "/api/v1/accounts/#{account.id}/inboxes/#{twilio_sms_inbox.id}",
+              headers: admin.create_new_auth_token,
+              params: { channel: { account_sid: 'account_sid', auth_token: 'new_auth_token' } },
+              as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(twilio_sms_inbox.reload.channel.account_sid).to eq('account_sid')
+        expect(twilio_sms_inbox.reload.channel.auth_token).to eq('new_auth_token')
+      end
+
      it 'updates email inbox with imap when administrator' do
        email_channel = create(:channel_email, account: account)
        email_inbox = create(:inbox, channel: email_channel, account: account)