scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-10-29 10:12:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
38f16ba677bd5328ab9baaab562f8f536c94e760
chatwoot/app/models/channel/twilio_sms.rb
Sojan Jose 38f16ba677 feat: Secure external credentials with database encryption (#12648) 
## Changelog

- Added conditional Active Record encryption to every external
credential we store (SMTP/IMAP passwords, Twilio tokens,
Slack/OpenAI hook tokens, Facebook/Instagram tokens, LINE/Telegram keys,
Twitter secrets) so new writes are encrypted
whenever Chatwoot.encryption_configured? is true; legacy installs still
receive plaintext until their secrets are
    updated.
- Tuned encryption settings in config/application.rb to allow legacy
reads (support_unencrypted_data) and to extend
deterministic queries so lookups continue to match plaintext rows during
the rollout; added TODOs to retire the
    fallback once encryption becomes mandatory.
- Introduced an MFA-pipeline test suite
(spec/models/external_credentials_encryption_spec.rb) plus shared
examples to
verify each attribute encrypts at rest and that plaintext records
re-encrypt on update, with a dedicated Telegram case.
The existing MFA GitHub workflow now runs these tests using the
preconfigured encryption keys.

fixes:
https://linear.app/chatwoot/issue/CW-5453/encrypt-sensitive-credentials-stored-in-plain-text-in-database

## Testing Instructions

 1. Instance without encryption keys
- Unset ACTIVE_RECORD_ENCRYPTION_* vars (or run in an environment where
they’re absent).
      - Create at least one credentialed channel (e.g., Email SMTP).
- Confirm workflows still function (send/receive mail or a similar
sanity check).
- In the DB you should still see plaintext values—this confirms the
guard prevents encryption when keys are missing.
  2. Instance with encryption keys
      - Configure the three encryption env vars and restart.
- Pick a couple of representative integrations (e.g., Email SMTP +
Twilio SMS).
      - Legacy channel check:
- Use existing records created before enabling keys. Trigger their
workflow (send an email / SMS, or hit the
            webhook) to ensure they still authenticate.
- Inspect the raw column—value remains plaintext until changed.
      - Update legacy channel:
- Edit one legacy channel’s credential (e.g., change SMTP password).
- Verify the operation still works and the stored value is now encrypted
(raw column differs, accessor returns
            original).
      - New channel creation:
- Create a new channel of the same type; confirm functionality and that
the stored credential is encrypted from
            the start.

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
2025-10-13 18:05:12 +05:30

79 lines
2.6 KiB
Ruby
Raw Blame History

# == Schema Information
#
# Table name: channel_twilio_sms
#
# id :bigint not null, primary key
# account_sid :string not null
# api_key_sid :string
# auth_token :string not null
# content_templates :jsonb
# content_templates_last_updated :datetime
# medium :integer default("sms")
# messaging_service_sid :string
# phone_number :string
# created_at :datetime not null
# updated_at :datetime not null
# account_id :integer not null
#
# Indexes
#
# index_channel_twilio_sms_on_account_sid_and_phone_number (account_sid,phone_number) UNIQUE
# index_channel_twilio_sms_on_messaging_service_sid (messaging_service_sid) UNIQUE
# index_channel_twilio_sms_on_phone_number (phone_number) UNIQUE
#
class Channel::TwilioSms < ApplicationRecord
include Channelable
include Rails.application.routes.url_helpers
self.table_name = 'channel_twilio_sms'
# TODO: Remove guard once encryption keys become mandatory (target 3-4 releases out).
encrypts :auth_token if Chatwoot.encryption_configured?
validates :account_sid, presence: true
# The same parameter is used to store api_key_secret if api_key authentication is opted
validates :auth_token, presence: true
EDITABLE_ATTRS = [
:account_sid,
:auth_token
].freeze
# Must have _one_ of messaging_service_sid _or_ phone_number, and messaging_service_sid is preferred
validates :messaging_service_sid, uniqueness: true, presence: true, unless: :phone_number?
validates :phone_number, absence: true, if: :messaging_service_sid?
validates :phone_number, uniqueness: true, allow_nil: true
enum medium: { sms: 0, whatsapp: 1 }
def name
medium == 'sms' ? 'Twilio SMS' : 'Whatsapp'
end
def send_message(to:, body:, media_url: nil)
params = send_message_from.merge(to: to, body: body)
params[:media_url] = media_url if media_url.present?
params[:status_callback] = twilio_delivery_status_index_url
client.messages.create(**params)
end
private
def client
if api_key_sid.present?
Twilio::REST::Client.new(api_key_sid, auth_token, account_sid)
else
Twilio::REST::Client.new(account_sid, auth_token)
end
end
def send_message_from
if messaging_service_sid?
{ messaging_service_sid: messaging_service_sid }
else
{ from: phone_number }
end
end
end
Reference in New Issue View Git Blame Copy Permalink