This PR adds the following changes
1. Refactor `microsoft/callbacks_controller` to move common logic to
`oauth_callback_controller`, most of the logic is re-used for Google
2. Add UI components, `googleClient` and I18n entries for Google login
3. Add Google callback and inbox creation
4. Add a `joinUrl` utility along with specs (need to move it to utils)
5. Add `GoogleConcern`, `Google::AuthorizationsController` and
`Google::CallbacksController`
> Note: The UI is hidden for now, so we can merge this without any
hiccups, to enable it just revert the commit `05c18de`
### Preview
https://github.com/chatwoot/chatwoot/assets/18097732/1606d150-4561-49dc-838d-e0b00fe49ce3
### Linear Tickers
[CW-3370](https://linear.app/chatwoot/issue/CW-3370)
[CW-3371](https://linear.app/chatwoot/issue/CW-3371)
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
`conversation.assignee_id` was taken into consideration for first
response time calculation. There was one flaw in this approach. A lot of
customer support agents respond to the conversation first before
assigning it to themselves. This makes the analytics broken.
To fix this, we will take the message sender instead of assignee in
calculations, which should solve the issue with metric.
Fixes
https://linear.app/chatwoot/issue/CW-3375/first-response-reporting-events-use-assignee-id-instead-of-agent-who
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br
/>
### Snyk has created this PR to fix 2 vulnerabilities in the rubygems
dependencies of this project.
#### Snyk changed the following file(s):
- `Gemfile`
- `Gemfile.lock`
#### Vulnerabilities that will be fixed with an upgrade:
| | Issue | Score |
:-------------------------:|:-------------------------|:-------------------------
 | Improper Input Validation
<br/>[SNYK-RUBY-ACTIONPACK-7210237](https://snyk.io/vuln/SNYK-RUBY-ACTIONPACK-7210237)
| **496**
 | Missing Cryptographic Step
<br/>[SNYK-RUBY-OPENSSL-6036190](https://snyk.io/vuln/SNYK-RUBY-OPENSSL-6036190)
| **479**
---
> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - Max score is 1000. Note that the real score may have changed since
the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a
real user.
---
**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs._
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmMDU0MzI0Yy1kZjU0LTQ2OTMtYTY1NC1kY2MyZGRmODU1MTIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImYwNTQzMjRjLWRmNTQtNDY5My1hNjU0LWRjYzJkZGY4NTUxMiJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr)
📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project
settings](https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read about Snyk's upgrade
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Improper Input
Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"dotenv-rails","from":"2.8.1","to":"3.0.0"},{"name":"rails","from":"7.0.8.3","to":"7.0.8.4"},{"name":"rspec-rails","from":"6.0.2","to":"6.0.3"},{"name":"web-push","from":"3.0.0","to":"3.0.1"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No
Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-ACTIONPACK-7210237","priority_score":496,"priority_score_factors":[{"type":"freshness","label":true,"score":71},{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"4.2","score":210},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Improper
Input Validation"},{"exploit_maturity":"No Known
Exploit","id":"SNYK-RUBY-OPENSSL-6036190","priority_score":479,"priority_score_factors":[{"type":"fixability","label":true,"score":214},{"type":"cvssScore","label":"5.3","score":265},{"type":"scoreVersion","label":"v1","score":1}],"severity":"medium","title":"Missing
Cryptographic
Step"}],"prId":"f054324c-df54-4693-a654-dcc2ddf85512","prPublicId":"f054324c-df54-4693-a654-dcc2ddf85512","packageManager":"rubygems","priorityScoreList":[496,479],"projectPublicId":"b7197bbd-6200-4f23-931d-c39928584360","projectUrl":"https://app.snyk.io/org/chatwoot/project/b7197bbd-6200-4f23-931d-c39928584360?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"vulns":["SNYK-RUBY-ACTIONPACK-7210237","SNYK-RUBY-OPENSSL-6036190"],"patch":[],"isBreakingChange":true,"remediationStrategy":"vuln"}'
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
The `add user` utility was updated, and the `--disabled-login` behavior changed in Ubuntu 24.04. This set the login shell to `/sbin/nologin,` which broke the `cwctl` installation flow.
ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625758
Co-authored-by: Vishnu Narayanan <iamwishnu@gmail.com>
This PR upgrades the packages to the latest patch versions, no-breaking
changes. Can be merged once CI clears
Co-authored-by: Pranav <pranav@chatwoot.com>
# Pull Request Template
## Description
fixed getting browser data
In Vue, without computed properties, the data doesn't update, and
because of this, it doesn't display information about the browser.
## Type of change
Please delete options that are not relevant.
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality not to work as expected)
- [ ] This change requires a documentation update
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [ ] I have commented on my code, particularly in hard-to-understand
areas
- [ ] I have made corresponding changes to the documentation
- [ ] My changes generate no new warnings
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] New and existing unit tests pass locally with my changes
- [ ] Any dependent changes have been merged and published in downstream
modules
Bumps [pug](https://github.com/pugjs/pug) from 3.0.2 to 3.0.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pugjs/pug/releases">pug's
releases</a>.</em></p>
<blockquote>
<h2>pug-code-gen@3.0.3</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Validate <code>templateName</code> and <code>globals</code> are
valid JavaScript identifiers to prevent possible remote code execution
if un-trusted user input is passed to the compilation options (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</li>
</ul>
<h2>pug@3.0.3</h2>
<h2>Bug Fixes</h2>
<ul>
<li>
<p>Update pug-code-gen with the following fix: (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</p>
<p>Validate <code>templateName</code> and <code>globals</code> are valid
JavaScript identifiers to prevent possible remote code execution if
un-trusted user input is passed to the compilation options</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="32acfe8f19"><code>32acfe8</code></a>
fix: ensure template names are valid identifiers (<a
href="https://redirect.github.com/pugjs/pug/issues/3438">#3438</a>)</li>
<li><a
href="4767cafea0"><code>4767caf</code></a>
refactor: convert pug-error to TypeScript (<a
href="https://redirect.github.com/pugjs/pug/issues/3355">#3355</a>)</li>
<li><a
href="a724446abb"><code>a724446</code></a>
chore: update character-parser (<a
href="https://redirect.github.com/pugjs/pug/issues/3354">#3354</a>)</li>
<li><a
href="6cca8f76be"><code>6cca8f7</code></a>
docs: fix GitHub format in README (<a
href="https://redirect.github.com/pugjs/pug/issues/3335">#3335</a>)</li>
<li>See full diff in <a
href="https://github.com/pugjs/pug/compare/pug@3.0.2...pug@3.0.3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/chatwoot/chatwoot/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
# Replace the deprecated `eventBus` with mitt.js
## Description
Since eventBus and it's respective methods are deprecated and removed
from all future releases of vue, this was blocking us from migrating.
This PR replaces eventBus with
[mitt](https://github.com/developit/mitt). I have created a wrapper
mitt.js to simulate the same old event names so it's backwards
compatible, without making a lot of changes.
Fixes # (issue)
## Type of change
Please delete options that are not relevant.
- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality not to work as expected)
- [ ] This change requires a documentation update
## How Has This Been Tested?
1. Made sure all the places we're listening to bus events are working as
expected.
2. Respective specsf or the events from mitt.
## Checklist:
- [x] My code follows the style guidelines of this project
- [x] I have performed a self-review of my code
- [x] I have commented on my code, particularly in hard-to-understand
areas
- [x] I have made corresponding changes to the documentation
- [x] My changes generate no new warnings
- [x] I have added tests that prove my fix is effective or that my
feature works
- [x] New and existing unit tests pass locally with my changes
- [x] Any dependent changes have been merged and published in downstream
modules
This PR adds a cleaner re-authorization flow to Microsoft. This PR has
the following changes
1. Use `reauthorization_required` value for Microsoft Channel
2. Refactor `InboxReconnectionRequired` to reuse the `banner` component
3. Refactor `microsoft/Reauthorize.vue` to reuse
`InboxReconnectionRequired` component
4. Update `reauthorizable.rb` to update cache keys if the model has an
inbox
5. Update `microsoft/callbacks_controller.rb` to handle the
reauthorization case with a redirect to the inbox settings page if the
inbox already exists at the time of authorization.
## How Has This Been Tested?
- [x] Local Instance
- [ ] Staging Instance
- [x] Unit tests
## Pending Tasks
- [ ] ~Success Toast~ will do this in a follow-up PR with the screen
## Demo
The following video shows the whole process of creation and
re-authorization of the Microsoft channel
https://www.loom.com/share/e5cd9bd4439c4741b0dcfe66d67f88b3?sid=100f3642-43e4-46b3-8123-88a5dd9d8509
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
This PR allows setting scripts for `vueapp.html.erb` via super admin
config. This PR has the following changes
1. Allow `DASHBOARD_SCRIPTS` in internal config
2. Remove existing scripts from `vueapp.html.erb`
3. Add scripts from `GlobalConfig` to `vueapp.html.erb`
---------
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Tried to replicate the issue, but Sentry didn't have enough information.
`toggleMessageSignature` is a user triggered action in
`ReplyBottomPanel.vue`, the value for `channelType` is provided from
`inboxMixin`. The error will occur if either `inbox` is an empty object
`{}` or `channel_type` in `inbox` object is undefined.
I couldn't find any instance where this could be the case. The PR has a
stop gap solution that ensures that no action is triggered
