From 0d9c0b2ed2784b516d1769bcc7f4bffa7ecd8c3c Mon Sep 17 00:00:00 2001 From: Pranav Date: Wed, 28 Jan 2026 14:51:24 -0800 Subject: [PATCH] fix: Force account_id in the query (#13388) ### What Forces `account_id` to be applied consistently in queries and message creation paths. ### Why Some queries were missing `account_id`, leading to cross-account scans and slow performance in large datasets. ### Changes * Added `account_id` to the relevant query columns. * Ensured messages are always created within the correct account scope. * Updated `created_at` handling where required for consistency. ### Impact * Prevents cross-account queries. * Improves query performance. * Reduces risk of incorrect data access across accounts. ### Notes No functional behavior change for end users. This is a performance and safety fix. --- app/models/message.rb | 2 +- .../conversations/message_window_service.rb | 2 +- .../whatsapp/send_on_whatsapp_service_spec.rb | 18 +++++++++++------- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/app/models/message.rb b/app/models/message.rb index 3be04c54f..25a26afa9 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -114,7 +114,7 @@ class Message < ApplicationRecord scope :created_since, ->(datetime) { where('created_at > ?', datetime) } scope :chat, -> { where.not(message_type: :activity).where(private: false) } - scope :non_activity_messages, -> { where.not(message_type: :activity).reorder('id desc') } + scope :non_activity_messages, -> { where.not(message_type: :activity).reorder('created_at desc') } scope :today, -> { where("date_trunc('day', created_at) = ?", Date.current) } scope :voice_calls, -> { where(content_type: :voice_call) } diff --git a/app/services/conversations/message_window_service.rb b/app/services/conversations/message_window_service.rb index 97fd9413b..ee154125e 100644 --- a/app/services/conversations/message_window_service.rb +++ b/app/services/conversations/message_window_service.rb @@ -65,6 +65,6 @@ class Conversations::MessageWindowService end def last_incoming_message - @last_incoming_message ||= @conversation.messages&.incoming&.last + @last_incoming_message ||= @conversation.messages.where(account_id: @conversation.account_id).incoming&.last end end diff --git a/spec/services/whatsapp/send_on_whatsapp_service_spec.rb b/spec/services/whatsapp/send_on_whatsapp_service_spec.rb index 769b1f080..c27295b3e 100644 --- a/spec/services/whatsapp/send_on_whatsapp_service_spec.rb +++ b/spec/services/whatsapp/send_on_whatsapp_service_spec.rb @@ -57,9 +57,9 @@ describe Whatsapp::SendOnWhatsappService do it 'calls channel.send_message when with in 24 hour limit' do # to handle the case of 24 hour window limit. create(:message, message_type: :incoming, content: 'test', - conversation: conversation) + conversation: conversation, account: conversation.account) message = create(:message, message_type: :outgoing, content: 'test', - conversation: conversation) + conversation: conversation, account: conversation.account) stub_request(:post, 'https://waba.360dialog.io/v1/messages') .with( @@ -88,7 +88,8 @@ describe Whatsapp::SendOnWhatsappService do message = create(:message, additional_attributes: { template_params: invalid_template_params }, conversation: conversation, - message_type: :outgoing) + message_type: :outgoing, + account: conversation.account) described_class.new(message: message).perform @@ -98,7 +99,8 @@ describe Whatsapp::SendOnWhatsappService do it 'calls channel.send_template when after 24 hour limit' do message = create(:message, message_type: :outgoing, content: 'Your package has been shipped. It will be delivered in 3 business days.', - conversation: conversation, additional_attributes: { template_params: template_params }) + conversation: conversation, additional_attributes: { template_params: template_params }, + account: conversation.account) stub_request(:post, 'https://waba.360dialog.io/v1/messages') .with( @@ -112,7 +114,8 @@ describe Whatsapp::SendOnWhatsappService do it 'calls channel.send_template if template_params are present' do message = create(:message, additional_attributes: { template_params: template_params }, - content: 'Your package will be delivered in 3 business days.', conversation: conversation, message_type: :outgoing) + content: 'Your package will be delivered in 3 business days.', conversation: conversation, message_type: :outgoing, + account: conversation.account) stub_request(:post, 'https://waba.360dialog.io/v1/messages') .with( headers: headers, @@ -148,7 +151,8 @@ describe Whatsapp::SendOnWhatsappService do ).to_return(status: 200, body: success_response, headers: { 'content-type' => 'application/json' }) message = create(:message, additional_attributes: { template_params: named_template_params }, - content: 'Your package will be delivered in 3 business days.', conversation: cloud_conversation, message_type: :outgoing) + content: 'Your package will be delivered in 3 business days.', conversation: cloud_conversation, message_type: :outgoing, + account: cloud_conversation.account) described_class.new(message: message).perform expect(message.reload.source_id).to eq('123456789') @@ -192,7 +196,7 @@ describe Whatsapp::SendOnWhatsappService do } message = create(:message, additional_attributes: { template_params: empty_template_params }, - conversation: conversation, message_type: :outgoing) + conversation: conversation, message_type: :outgoing, account: conversation.account) stub_request(:post, 'https://waba.360dialog.io/v1/messages') .with(