feat: allow agent bots to toggle typing status (#13705)

Agent bot conversations now feel more natural because AgentBot tokens can toggle typing status, so end users see a live typing indicator in the widget while the bot is preparing a reply. This keeps the interaction responsive and human-like without weakening token authorization boundaries. ## Closes - https://github.com/chatwoot/chatwoot/issues/8928 - https://linear.app/chatwoot/issue/CW-5205 ## How to test 1. Open the widget and start a conversation as a customer. 2. Connect an AgentBot to the same inbox. 3. Trigger `toggle_typing_status` with the AgentBot token (`typing_status: on`). 4. Confirm the customer sees the typing indicator in the widget. 5. Trigger `toggle_typing_status` with `typing_status: off` and confirm the indicator disappears. ## What changed - Added `toggle_typing_status` to bot-accessible conversation endpoints. - Restricted bot-accessible endpoint usage to `AgentBot` token owners only (non-user tokens like `PlatformApp` remain unauthorized). - Updated typing status flow to preserve AgentBot identity in dispatch/broadcast paths. - Added request coverage for AgentBot success and PlatformApp unauthorized behavior. - Added Swagger documentation for `POST /api/v1/accounts/{account_id}/conversations/{conversation_id}/toggle_typing_status` and regenerated swagger artifacts.
2026-03-05 08:13:52 -08:00
parent fd69b4c8f2
commit 397b0bcc9d
11 changed files with 279 additions and 7 deletions
--- a/spec/controllers/api/v1/accounts/conversations_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/conversations_controller_spec.rb
@@ -647,6 +647,37 @@ RSpec.describe 'Conversations API', type: :request do
          .with(Conversation::CONVERSATION_TYPING_ON, kind_of(Time), { conversation: conversation, user: agent, is_private: true })
      end
    end
+
+    context 'when it is an authenticated bot' do
+      let(:agent_bot) { create(:agent_bot, account: account) }
+
+      it 'toggles the conversation typing status' do
+        create(:agent_bot_inbox, inbox: conversation.inbox, agent_bot: agent_bot)
+        allow(Rails.configuration.dispatcher).to receive(:dispatch)
+
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_typing_status",
+             headers: { api_access_token: agent_bot.access_token.token },
+             params: { typing_status: 'on', is_private: false },
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(Rails.configuration.dispatcher).to have_received(:dispatch)
+          .with(Conversation::CONVERSATION_TYPING_ON, kind_of(Time), { conversation: conversation, user: agent_bot, is_private: false })
+      end
+    end
+
+    context 'when it is an authenticated platform app token' do
+      let(:platform_app) { create(:platform_app) }
+
+      it 'returns unauthorized' do
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_typing_status",
+             headers: { api_access_token: platform_app.access_token.token },
+             params: { typing_status: 'on', is_private: false },
+             as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
  end

  describe 'POST /api/v1/accounts/{account.id}/conversations/:id/update_last_seen' do
--- a/spec/listeners/action_cable_listener_spec.rb
+++ b/spec/listeners/action_cable_listener_spec.rb
@@ -94,6 +94,26 @@ describe ActionCableListener do
    end
  end

+  describe '#typing_on with agent bot' do
+    let(:event_name) { :'conversation.typing_on' }
+    let!(:agent_bot) { create(:agent_bot, account: account) }
+    let!(:event) { Events::Base.new(event_name, Time.zone.now, conversation: conversation, user: agent_bot, is_private: false) }
+
+    it 'sends message to account admins, inbox agents and the contact' do
+      expect(conversation.inbox.reload.inbox_members.count).to eq(1)
+      expect(ActionCableBroadcastJob).to receive(:perform_later).with(
+        a_collection_containing_exactly(
+          admin.pubsub_token, agent.pubsub_token, conversation.contact_inbox.pubsub_token
+        ),
+        'conversation.typing_on', { conversation: conversation.push_event_data,
+                                    user: agent_bot.push_event_data,
+                                    account_id: account.id,
+                                    is_private: false }
+      )
+      listener.conversation_typing_on(event)
+    end
+  end
+
  describe '#typing_off' do
    let(:event_name) { :'conversation.typing_off' }
    let!(:event) { Events::Base.new(event_name, Time.zone.now, conversation: conversation, user: agent, is_private: false) }