chore: Fix contact model silently discarding invalid attributes (#4994)

fixes: #4775

app/actions/contact_identify_action.rb

@@ -6,7 +6,7 @@
 # We don't want to update the name of the identified original contact.
 
 class ContactIdentifyAction
-  pattr_initialize [:contact!, :params!, { retain_original_contact_name: false }]
+  pattr_initialize [:contact!, :params!, { retain_original_contact_name: false, discard_invalid_attrs: false }]
 
   def perform
     @attributes_to_update = [:identifier, :name, :email, :phone_number]
@@ -97,12 +97,13 @@ class ContactIdentifyAction
   end
 
   def update_contact
-    params_to_update = params.slice(*@attributes_to_update).reject do |_k, v|
+    @contact.attributes = params.slice(*@attributes_to_update).reject do |_k, v|
       v.blank?
     end.merge({ custom_attributes: custom_attributes, additional_attributes: additional_attributes })
     # blank identifier or email will throw unique index error
     # TODO: replace reject { |_k, v| v.blank? } with compact_blank when rails is upgraded
-    @contact.update!(params_to_update)
+    @contact.discard_invalid_attrs if discard_invalid_attrs
+    @contact.save!
     ContactAvatarJob.perform_later(@contact, params[:avatar_url]) if params[:avatar_url].present?
   end
 

app/controllers/api/v1/widget/contacts_controller.rb

@@ -36,7 +36,8 @@ class Api::V1::Widget::ContactsController < Api::V1::Widget::BaseController
   def identify_contact(contact)
     contact_identify_action = ContactIdentifyAction.new(
       contact: contact,
-      params: permitted_params.to_h.deep_symbolize_keys
+      params: permitted_params.to_h.deep_symbolize_keys,
+      discard_invalid_attrs: true
     )
     @contact = contact_identify_action.perform
   end

app/models/contact.rb

@@ -28,10 +28,12 @@ class Contact < ApplicationRecord
   include Labelable
 
   validates :account_id, presence: true
-  validates :email, allow_blank: true, uniqueness: { scope: [:account_id], case_sensitive: false }
+  validates :email, allow_blank: true, uniqueness: { scope: [:account_id], case_sensitive: false },
+                    format: { with: Devise.email_regexp, message: 'Invalid email' }
   validates :identifier, allow_blank: true, uniqueness: { scope: [:account_id] }
   validates :phone_number,
-            allow_blank: true, uniqueness: { scope: [:account_id] }
+            allow_blank: true, uniqueness: { scope: [:account_id] },
+            format: { with: /\+[1-9]\d{1,14}\z/, message: 'Should be in e164 format' }
   validates :name, length: { maximum: 255 }
 
   belongs_to :account
@@ -42,7 +44,6 @@ class Contact < ApplicationRecord
   has_many :messages, as: :sender, dependent: :destroy_async
   has_many :notes, dependent: :destroy_async
   before_validation :prepare_contact_attributes
-  before_save :phone_number_format, :email_format
   after_create_commit :dispatch_create_event, :ip_lookup
   after_update_commit :dispatch_update_event
   after_destroy_commit :dispatch_destroy_event
@@ -134,6 +135,11 @@ class Contact < ApplicationRecord
     ).or(Current.account.contacts.where.not(identifier: [nil, '']))
   end
 
+  def discard_invalid_attrs
+    phone_number_format
+    email_format
+  end
+
   private
 
   def ip_lookup