chore: Enhance contact merge action for identified users (#4886)

- Discard conflicting keys 
- Do not merge if there is already an identified contact

Co-authored-by: Pranav Raj S <pranav@chatwoot.com>

spec/controllers/api/v1/widget/contacts_controller_spec.rb

@@ -82,12 +82,34 @@ RSpec.describe '/api/v1/widget/contacts', type: :request do
         expect(response).to have_http_status(:success)
       end
     end
+  end
+
+  describe 'PATCH /api/v1/widget/contact/set_user' do
+    let(:params) { { website_token: web_widget.website_token, identifier: 'test' } }
+    let(:web_widget) { create(:channel_widget, account: account, hmac_mandatory: true) }
+    let(:correct_identifier_hash) { OpenSSL::HMAC.hexdigest('sha256', web_widget.hmac_token, params[:identifier].to_s) }
+    let(:incorrect_identifier_hash) { 'test' }
+
+    context 'when the current contact identifier is different from param identifier' do
+      before do
+        contact.update(identifier: 'random')
+      end
+
+      it 'return a new contact for the provided identifier' do
+        patch '/api/v1/widget/contact/set_user',
+              params: params.merge(identifier_hash: correct_identifier_hash),
+              headers: { 'X-Auth-Token' => token },
+              as: :json
+
+        body = JSON.parse(response.body)
+        expect(body['id']).not_to eq(contact.id)
+        expect(body['widget_auth_token']).not_to eq(nil)
+        expect(Contact.find(body['id']).contact_inboxes.first.hmac_verified?).to eq(true)
+      end
+    end
 
     context 'with mandatory hmac' do
       let(:identify_action) { double }
-      let(:web_widget) { create(:channel_widget, account: account, hmac_mandatory: true) }
-      let(:correct_identifier_hash) { OpenSSL::HMAC.hexdigest('sha256', web_widget.hmac_token, params[:identifier].to_s) }
-      let(:incorrect_identifier_hash) { 'test' }
 
       before do
         allow(ContactIdentifyAction).to receive(:new).and_return(identify_action)
@@ -95,7 +117,7 @@ RSpec.describe '/api/v1/widget/contacts', type: :request do
       end
 
       it 'returns success when correct identifier hash is provided' do
-        patch '/api/v1/widget/contact',
+        patch '/api/v1/widget/contact/set_user',
               params: params.merge(identifier_hash: correct_identifier_hash),
               headers: { 'X-Auth-Token' => token },
               as: :json
@@ -104,7 +126,7 @@ RSpec.describe '/api/v1/widget/contacts', type: :request do
       end
 
       it 'returns error when incorrect identifier hash is provided' do
-        patch '/api/v1/widget/contact',
+        patch '/api/v1/widget/contact/set_user',
               params: params.merge(identifier_hash: incorrect_identifier_hash),
               headers: { 'X-Auth-Token' => token },
               as: :json
@@ -113,7 +135,7 @@ RSpec.describe '/api/v1/widget/contacts', type: :request do
       end
 
       it 'returns error when identifier hash is blank' do
-        patch '/api/v1/widget/contact',
+        patch '/api/v1/widget/contact/set_user',
               params: params.merge(identifier_hash: ''),
               headers: { 'X-Auth-Token' => token },
               as: :json
@@ -122,7 +144,7 @@ RSpec.describe '/api/v1/widget/contacts', type: :request do
       end
 
       it 'returns error when identifier hash is not provided' do
-        patch '/api/v1/widget/contact',
+        patch '/api/v1/widget/contact/set_user',
               params: params,
               headers: { 'X-Auth-Token' => token },
               as: :json