chore: Enhance contact merge action for identified users (#4886)

- Discard conflicting keys 
- Do not merge if there is already an identified contact

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>

app/controllers/api/v1/widget/base_controller.rb

@@ -44,38 +44,6 @@ class Api::V1::Widget::BaseController < ApplicationController
     }
   end
 
-  def update_contact(email)
-    contact_with_email = @current_account.contacts.find_by(email: email)
-    if contact_with_email
-      @contact = ::ContactMergeAction.new(
-        account: @current_account,
-        base_contact: contact_with_email,
-        mergee_contact: @contact
-      ).perform
-    else
-      @contact.update!(email: email)
-      update_contact_name
-    end
-  end
-
-  def update_contact_phone_number(phone_number)
-    contact_with_phone_number = @current_account.contacts.find_by(phone_number: phone_number)
-    if contact_with_phone_number
-      @contact = ::ContactMergeAction.new(
-        account: @current_account,
-        base_contact: contact_with_phone_number,
-        mergee_contact: @contact
-      ).perform
-    else
-      @contact.update!(phone_number: phone_number)
-      update_contact_name
-    end
-  end
-
-  def update_contact_name
-    @contact.update!(name: contact_name) if contact_name.present?
-  end
-
   def contact_email
     permitted_params.dig(:contact, :email)&.downcase
   end

app/controllers/api/v1/widget/contacts_controller.rb

@@ -1,14 +1,27 @@
 class Api::V1::Widget::ContactsController < Api::V1::Widget::BaseController
-  before_action :process_hmac, only: [:update]
+  include WidgetHelper
+
+  before_action :validate_hmac, only: [:set_user]
 
   def show; end
 
   def update
-    contact_identify_action = ContactIdentifyAction.new(
-      contact: @contact,
-      params: permitted_params.to_h.deep_symbolize_keys
-    )
-    @contact = contact_identify_action.perform
+    identify_contact(@contact)
+  end
+
+  def set_user
+    contact = nil
+
+    if a_different_contact?
+      @contact_inbox, @widget_auth_token = build_contact_inbox_with_token(@web_widget)
+      contact = @contact_inbox.contact
+    else
+      contact = @contact
+    end
+
+    @contact_inbox.update(hmac_verified: true) if should_verify_hmac? && valid_hmac?
+
+    identify_contact(contact)
   end
 
   # TODO : clean up this with proper routes delete contacts/custom_attributes
@@ -20,12 +33,22 @@ class Api::V1::Widget::ContactsController < Api::V1::Widget::BaseController
 
   private
 
-  def process_hmac
+  def identify_contact(contact)
+    contact_identify_action = ContactIdentifyAction.new(
+      contact: contact,
+      params: permitted_params.to_h.deep_symbolize_keys
+    )
+    @contact = contact_identify_action.perform
+  end
+
+  def a_different_contact?
+    @contact.identifier.present? && @contact.identifier != permitted_params[:identifier]
+  end
+
+  def validate_hmac
     return unless should_verify_hmac?
 
     render json: { error: 'HMAC failed: Invalid Identifier Hash Provided' }, status: :unauthorized unless valid_hmac?
-
-    @contact_inbox.update(hmac_verified: true)
   end
 
   def should_verify_hmac?

app/controllers/api/v1/widget/conversations_controller.rb

@@ -14,8 +14,11 @@ class Api::V1::Widget::ConversationsController < Api::V1::Widget::BaseController
   end
 
   def process_update_contact
-    update_contact(contact_email) if @contact.email.blank? && contact_email.present?
-    update_contact_phone_number(contact_phone_number) if @contact.phone_number.blank? && contact_phone_number.present?
+    @contact = ContactIdentifyAction.new(
+      contact: @contact,
+      params: { email: contact_email, phone_number: contact_phone_number, name: contact_name },
+      retain_original_contact_name: true
+    ).perform
   end
 
   def update_last_seen

app/controllers/api/v1/widget/messages_controller.rb

@@ -15,7 +15,10 @@ class Api::V1::Widget::MessagesController < Api::V1::Widget::BaseController
   def update
     if @message.content_type == 'input_email'
       @message.update!(submitted_email: contact_email)
-      update_contact(contact_email)
+      ContactIdentifyAction.new(
+        contact: @contact,
+        params: { email: contact_email }
+      ).perform
     else
       @message.update!(message_update_params[:message])
     end