fix: Add validation for the inbox name to avoid special characters (#4920)

app/models/inbox.rb

@@ -33,7 +33,10 @@ class Inbox < ApplicationRecord
   include Avatarable
   include OutOfOffisable
 
+  # Not allowing characters:
   validates :name, presence: true
+  validates :name, if: :check_channel_type?, format: { with: %r{^^\b[^/\\<>@]*\b$}, multiline: true,
+                                                       message: I18n.t('errors.inboxes.validations.name') }
   validates :account_id, presence: true
   validates :timezone, inclusion: { in: TZInfo::Timezone.all_identifiers }
   validate :ensure_valid_max_assignment_limit
@@ -133,6 +136,10 @@ class Inbox < ApplicationRecord
   def delete_round_robin_agents
     ::RoundRobin::ManageService.new(inbox: self).clear_queue
   end
+
+  def check_channel_type?
+    ['Channel::Email', 'Channel::Api', 'Channel::WebWidget'].include?(channel_type)
+  end
 end
 
 Inbox.prepend_mod_with('Inbox')

config/locales/en.yml

@@ -53,6 +53,8 @@ en:
         host_unreachable_error: Host unreachable, Please check the IMAP address, IMAP port and try again.
         connection_timed_out_error: Connection timed out for %{address}:%{port}
         connection_closed_error: Connection closed.
+      validations:
+        name: should not start or end with symbols, and it should not have < > / \ @ characters.
 
   reports:
     period: Reporting period %{since} to %{until}

spec/models/inbox_spec.rb

@@ -6,6 +6,7 @@ require Rails.root.join 'spec/models/concerns/out_of_offisable_shared.rb'
 RSpec.describe Inbox do
   describe 'validations' do
     it { is_expected.to validate_presence_of(:account_id) }
+    it { is_expected.to validate_presence_of(:name) }
   end
 
   describe 'associations' do
@@ -135,4 +136,60 @@ RSpec.describe Inbox do
       end
     end
   end
+
+  describe '#validations' do
+    let(:inbox) { FactoryBot.create(:inbox) }
+
+    context 'when validating inbox name' do
+      it 'does not allow any special character at the end' do
+        inbox.name = 'this is my inbox name-'
+        expect(inbox).not_to be_valid
+        expect(inbox.errors.full_messages).to eq(
+          ['Name should not start or end with symbols, and it should not have < > / \\ @ characters.']
+        )
+      end
+
+      it 'does not allow any special character at the start' do
+        inbox.name = '-this is my inbox name'
+        expect(inbox).not_to be_valid
+        expect(inbox.errors.full_messages).to eq(
+          ['Name should not start or end with symbols, and it should not have < > / \\ @ characters.']
+        )
+      end
+
+      it 'does not allow chacters like /\@<> in the entire string' do
+        inbox.name = 'inbox@name'
+        expect(inbox).not_to be_valid
+        expect(inbox.errors.full_messages).to eq(
+          ['Name should not start or end with symbols, and it should not have < > / \\ @ characters.']
+        )
+      end
+
+      it 'does not empty string' do
+        inbox.name = ''
+        expect(inbox).not_to be_valid
+        expect(inbox.errors.full_messages[0]).to eq(
+          "Name can't be blank"
+        )
+      end
+
+      it 'does allow special characters except /\@<> in between' do
+        inbox.name = 'inbox-name'
+        expect(inbox).to be_valid
+
+        inbox.name = 'inbox_name.and_1'
+        expect(inbox).to be_valid
+      end
+
+      context 'when special characters allowed for some channel' do
+        let!(:tw_channel_val) { FactoryBot.create(:channel_twitter_profile) }
+        let(:inbox) { create(:inbox, channel: tw_channel_val) }
+
+        it 'does allow special chacters like /\@<> for Facebook Channel' do
+          inbox.name = 'inbox@name'
+          expect(inbox).to be_valid
+        end
+      end
+    end
+  end
 end