Merge pull request #78 from Ilhasoft/update/v6.5.8

Update/v6.5.8

Author: jcbalmeida

Diff for: CHANGELOG.md

@@ -1,3 +1,30 @@
+v6.5.8
+----------
+ * Fix Facebook document attachment
+ * Update to latest gocommon and phonenumbers
+
+v6.5.7
+----------
+ * Fix to only set the quick replies keyboard for the last message
+ * Update to latest gocommon
+
+v6.5.6
+----------
+ * Fix FB signing checks by trimming prefix instead of stripping
+ * Improve layout of Telegram keyboards
+
+v6.5.5
+----------
+ * Send WhatsApp buttons and list buttons when supported (thanks Weni)
+
+v6.5.4
+----------
+ * trim prefix instead of strip when comparing FB sigs
+
+v6.5.3
+----------
+ * log body when calculating signatures, include expected and calculated
+
 v6.5.2
 ----------
  * Add ticket_count column to contact and set to zero when creating new contacts

Diff for: backends/rapidpro/contact.go

@@ -84,7 +84,8 @@ SELECT
 	c.modified_on, 
 	c.created_on, 
 	c.name, 
-	u.id as "urn_id"
+	u.id as "urn_id",
+	c.status
 FROM 
 	contacts_contact AS c, 
 	contacts_contacturn AS u 
@@ -232,7 +233,8 @@ type DBContact struct {
 	CreatedBy_  int `db:"created_by_id"`
 	ModifiedBy_ int `db:"modified_by_id"`
 
-	IsNew_ bool
+	IsNew_  bool
+	Status_ string `db:"status"`
 }
 
 // UUID returns the UUID for this contact

Diff for: go.mod

@@ -22,15 +22,16 @@ require (
 	github.com/lib/pq v1.0.0
 	github.com/mattn/go-sqlite3 v1.10.0 // indirect
 	github.com/nyaruka/ezconf v0.2.1
-	github.com/nyaruka/gocommon v1.13.0
+	github.com/nyaruka/gocommon v1.13.2
 	github.com/nyaruka/librato v1.0.0
 	github.com/nyaruka/null v1.1.1
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.4.2
 	github.com/stretchr/testify v1.7.0
+	golang.org/x/mod v0.4.2
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
-	gopkg.in/go-playground/assert.v1 v1.2.1
+	gopkg.in/go-playground/assert.v1 v1.2.1 // indirect
 	gopkg.in/go-playground/validator.v9 v9.11.0
 	gopkg.in/h2non/filetype.v1 v1.0.5
 )

Diff for: go.sum

@@ -62,14 +62,14 @@ github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8=
 github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E=
 github.com/nyaruka/ezconf v0.2.1 h1:TDXWoqjqYya1uhou1mAJZg7rgFYL98EB0Tb3+BWtUh0=
 github.com/nyaruka/ezconf v0.2.1/go.mod h1:ey182kYkw2MIi4XiWe1FR/mzI33WCmTWuceDYYxgnQw=
-github.com/nyaruka/gocommon v1.13.0 h1:WPL//ekajA30KinYRr6IrdP1igNZpcUAfABleHCuxPQ=
-github.com/nyaruka/gocommon v1.13.0/go.mod h1:Jn7UIE8zwIr4JaviDf4PZrrQlN8r6QGVhOuaF/JoKus=
+github.com/nyaruka/gocommon v1.13.2 h1:dNe8nGDSeECC7zL6H/0vmx9yp6UG8HJFxjKcIQmiccY=
+github.com/nyaruka/gocommon v1.13.2/go.mod h1:2DWgWcjsfdU/+29xEP75G9xnorxvrxxe1pSISzUcSgw=
 github.com/nyaruka/librato v1.0.0 h1:Vznj9WCeC1yZXbBYyYp40KnbmXLbEkjKmHesV/v2SR0=
 github.com/nyaruka/librato v1.0.0/go.mod h1:pkRNLFhFurOz0QqBz6/DuTFhHHxAubWxs4Jx+J7yUgg=
 github.com/nyaruka/null v1.1.1 h1:kRy1Luj7jUHWEFqc2J6VXrKYi/beLEZdS1C7rA6vqTE=
 github.com/nyaruka/null v1.1.1/go.mod h1:HSAFbLNOaEhHnoU0VCveCPz0GDtJ3GEtFWhvnBNkhPE=
-github.com/nyaruka/phonenumbers v1.0.58 h1:IAlGDA4wuGQXe2lwOQvkZfBvA1DlAik+MX5k9k5C2IU=
-github.com/nyaruka/phonenumbers v1.0.58/go.mod h1:sDaTZ/KPX5f8qyV9qN+hIm+4ZBARJrupC6LuhshJq1U=
+github.com/nyaruka/phonenumbers v1.0.71 h1:itkCGhxkQkHrJ6OyZSApdjQVlPmrWs88MF283pPvbFU=
+github.com/nyaruka/phonenumbers v1.0.71/go.mod h1:sDaTZ/KPX5f8qyV9qN+hIm+4ZBARJrupC6LuhshJq1U=
 github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -88,11 +88,16 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo=
+golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200925080053-05aa5d4ee321 h1:lleNcKRbcaC8MqgLwghIkzZ2JBQAb7QQ9MiwRt1BisA=
 golang.org/x/net v0.0.0-20200925080053-05aa5d4ee321/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -102,6 +107,9 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

Diff for: handlers/facebook/facebook.go

@@ -517,6 +517,9 @@ func (h *handler) SendMsg(ctx context.Context, msg courier.Msg) (courier.MsgStat
 			payload.Message.Attachment = &mtAttachment{}
 			attType, attURL := handlers.SplitAttachment(msg.Attachments()[i])
 			attType = strings.Split(attType, "/")[0]
+			if attType == "application" {
+				attType = "file"
+			}
 			payload.Message.Attachment.Type = attType
 			payload.Message.Attachment.Payload.URL = attURL
 			payload.Message.Attachment.Payload.IsReusable = true

Diff for: handlers/facebook/facebook_test.go

@@ -607,6 +607,12 @@ var defaultSendTestCases = []ChannelSendTestCase{
 		ResponseBody: `{"message_id": "mid.133"}`, ResponseStatus: 200,
 		RequestBody: `{"messaging_type":"MESSAGE_TAG","tag":"CONFIRMED_EVENT_UPDATE","recipient":{"id":"12345"},"message":{"text":"This is some text.","quick_replies":[{"title":"Yes","payload":"Yes","content_type":"text"},{"title":"No","payload":"No","content_type":"text"}]}}`,
 		SendPrep:    setSendURL},
+	{Label: "Send Document",
+		URN: "facebook:12345", Attachments: []string{"application/pdf:https://foo.bar/document.pdf"},
+		Status: "W", ExternalID: "mid.133",
+		ResponseBody: `{"message_id": "mid.133"}`, ResponseStatus: 200,
+		RequestBody: `{"messaging_type":"NON_PROMOTIONAL_SUBSCRIPTION","recipient":{"id":"12345"},"message":{"attachment":{"type":"file","payload":{"url":"https://foo.bar/document.pdf","is_reusable":true}}}}`,
+		SendPrep:    setSendURL},
 	{Label: "ID Error",
 		Text: "ID Error", URN: "facebook:12345",
 		Status:       "E",

Diff for: handlers/facebookapp/facebookapp.go

@@ -524,6 +524,9 @@ func (h *handler) SendMsg(ctx context.Context, msg courier.Msg) (courier.MsgStat
 			payload.Message.Attachment = &mtAttachment{}
 			attType, attURL := handlers.SplitAttachment(msg.Attachments()[i])
 			attType = strings.Split(attType, "/")[0]
+			if attType == "application" {
+				attType = "file"
+			}
 			payload.Message.Attachment.Type = attType
 			payload.Message.Attachment.Payload.URL = attURL
 			payload.Message.Attachment.Payload.IsReusable = true
@@ -662,32 +665,32 @@ func (h *handler) validateSignature(r *http.Request) error {
 	}
 	appSecret := h.Server().Config().FacebookApplicationSecret
 
-	expectedSignature, err := fbCalculateSignature(appSecret, r)
+	body, err := handlers.ReadBody(r, 100000)
+	if err != nil {
+		return fmt.Errorf("unable to read request body: %s", err)
+	}
+
+	expectedSignature, err := fbCalculateSignature(appSecret, body)
 	if err != nil {
 		return err
 	}
 
 	signature := ""
 	if len(headerSignature) == 45 && strings.HasPrefix(headerSignature, "sha1=") {
-		signature = strings.TrimLeft(headerSignature, "sha1=")
+		signature = strings.TrimPrefix(headerSignature, "sha1=")
 	}
 
 	// compare signatures in way that isn't sensitive to a timing attack
 	if !hmac.Equal([]byte(expectedSignature), []byte(signature)) {
-		return fmt.Errorf("invalid request signature")
+		return fmt.Errorf("invalid request signature, expected: %s got: %s for body: '%s'", expectedSignature, signature, string(body))
 	}
 
 	return nil
 }
 
-func fbCalculateSignature(appSecret string, r *http.Request) (string, error) {
-	rawPostData, err := handlers.ReadBody(r, 100000)
-	if err != nil {
-		return "", fmt.Errorf("unable to read request body: %s", err)
-	}
-
+func fbCalculateSignature(appSecret string, body []byte) (string, error) {
 	var buffer bytes.Buffer
-	buffer.Write(rawPostData)
+	buffer.Write(body)
 
 	// hash with SHA1
 	mac := hmac.New(sha1.New, []byte(appSecret))

Diff for: handlers/facebookapp/facebookapp_test.go

@@ -10,9 +10,10 @@ import (
 	"time"
 
 	"github.com/nyaruka/courier"
+	"github.com/nyaruka/courier/handlers"
 	. "github.com/nyaruka/courier/handlers"
 	"github.com/nyaruka/gocommon/urns"
-	"gopkg.in/go-playground/assert.v1"
+	"github.com/stretchr/testify/assert"
 )
 
 var testChannels = []courier.Channel{
@@ -479,7 +480,8 @@ var testCases = []ChannelHandleTestCase{
 }
 
 func addValidSignature(r *http.Request) {
-	sig, _ := fbCalculateSignature("fb_app_secret", r)
+	body, _ := handlers.ReadBody(r, 100000)
+	sig, _ := fbCalculateSignature("fb_app_secret", body)
 	r.Header.Set(signatureHeader, fmt.Sprintf("sha1=%s", string(sig)))
 }
 
@@ -606,6 +608,12 @@ var defaultSendTestCases = []ChannelSendTestCase{
 		ResponseBody: `{"message_id": "mid.133"}`, ResponseStatus: 200,
 		RequestBody: `{"messaging_type":"MESSAGE_TAG","tag":"CONFIRMED_EVENT_UPDATE","recipient":{"id":"12345"},"message":{"text":"This is some text.","quick_replies":[{"title":"Yes","payload":"Yes","content_type":"text"},{"title":"No","payload":"No","content_type":"text"}]}}`,
 		SendPrep:    setSendURL},
+	{Label: "Send Document",
+		URN: "facebook:12345", Attachments: []string{"application/pdf:https://foo.bar/document.pdf"},
+		Status: "W", ExternalID: "mid.133",
+		ResponseBody: `{"message_id": "mid.133"}`, ResponseStatus: 200,
+		RequestBody: `{"messaging_type":"NON_PROMOTIONAL_SUBSCRIPTION","recipient":{"id":"12345"},"message":{"attachment":{"type":"file","payload":{"url":"https://foo.bar/document.pdf","is_reusable":true}}}}`,
+		SendPrep:    setSendURL},
 	{Label: "ID Error",
 		Text: "ID Error", URN: "facebook:12345",
 		Status:       "E",
@@ -624,3 +632,25 @@ func TestSending(t *testing.T) {
 	var defaultChannel = courier.NewMockChannel("8eb23e93-5ecb-45ba-b726-3b064e0c56ab", "FBA", "2020", "US", map[string]interface{}{courier.ConfigAuthToken: "access_token"})
 	RunChannelSendTestCases(t, defaultChannel, newHandler(), defaultSendTestCases, nil)
 }
+
+func TestSigning(t *testing.T) {
+	tcs := []struct {
+		Body      string
+		Signature string
+	}{
+		{
+			"hello world",
+			"308de7627fe19e92294c4572a7f831bc1002809d",
+		},
+		{
+			"hello world2",
+			"ab6f902b58b9944032d4a960f470d7a8ebfd12b7",
+		},
+	}
+
+	for i, tc := range tcs {
+		sig, err := fbCalculateSignature("sesame", []byte(tc.Body))
+		assert.NoError(t, err)
+		assert.Equal(t, tc.Signature, sig, "%d: mismatched signature", i)
+	}
+}

Diff for: handlers/telegram/keyboard.go

@@ -0,0 +1,32 @@
+package telegram
+
+import "github.com/nyaruka/courier/utils"
+
+// KeyboardButton is button on a keyboard, see https://core.telegram.org/bots/api/#keyboardbutton
+type KeyboardButton struct {
+	Text            string `json:"text"`
+	RequestContact  bool   `json:"request_contact,omitempty"`
+	RequestLocation bool   `json:"request_location,omitempty"`
+}
+
+// ReplyKeyboardMarkup models a keyboard, see https://core.telegram.org/bots/api/#replykeyboardmarkup
+type ReplyKeyboardMarkup struct {
+	Keyboard        [][]KeyboardButton `json:"keyboard"`
+	ResizeKeyboard  bool               `json:"resize_keyboard"`
+	OneTimeKeyboard bool               `json:"one_time_keyboard"`
+}
+
+// NewKeyboardFromReplies creates a keyboard from the given quick replies
+func NewKeyboardFromReplies(replies []string) *ReplyKeyboardMarkup {
+	rows := utils.StringsToRows(replies, 5, 30, 2)
+	keyboard := make([][]KeyboardButton, len(rows))
+
+	for i := range rows {
+		keyboard[i] = make([]KeyboardButton, len(rows[i]))
+		for j := range rows[i] {
+			keyboard[i][j].Text = rows[i][j]
+		}
+	}
+
+	return &ReplyKeyboardMarkup{Keyboard: keyboard, ResizeKeyboard: true, OneTimeKeyboard: true}
+}

Diff for: handlers/telegram/keyboard_test.go

@@ -0,0 +1,62 @@
+package telegram_test
+
+import (
+	"testing"
+
+	"github.com/nyaruka/courier/handlers/telegram"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestKeyboardFromReplies(t *testing.T) {
+	tcs := []struct {
+		replies  []string
+		expected *telegram.ReplyKeyboardMarkup
+	}{
+		{
+
+			[]string{"OK"},
+			&telegram.ReplyKeyboardMarkup{
+				[][]telegram.KeyboardButton{
+					{{Text: "OK"}},
+				},
+				true, true,
+			},
+		},
+		{
+			[]string{"Yes", "No", "Maybe"},
+			&telegram.ReplyKeyboardMarkup{
+				[][]telegram.KeyboardButton{
+					{{Text: "Yes"}, {Text: "No"}, {Text: "Maybe"}},
+				},
+				true, true,
+			},
+		},
+		{
+			[]string{"Vanilla", "Chocolate", "Mint", "Lemon Sorbet", "Papaya", "Strawberry"},
+			&telegram.ReplyKeyboardMarkup{
+				[][]telegram.KeyboardButton{
+					{{Text: "Vanilla"}, {Text: "Chocolate"}},
+					{{Text: "Mint"}, {Text: "Lemon Sorbet"}},
+					{{Text: "Papaya"}, {Text: "Strawberry"}},
+				},
+				true, true,
+			},
+		},
+		{
+			[]string{"A", "B", "C", "D", "Chicken", "Fish", "Peanut Butter Pickle"},
+			&telegram.ReplyKeyboardMarkup{
+				[][]telegram.KeyboardButton{
+					{{Text: "A"}, {Text: "B"}, {Text: "C"}, {Text: "D"}},
+					{{Text: "Chicken"}, {Text: "Fish"}},
+					{{Text: "Peanut Butter Pickle"}},
+				},
+				true, true,
+			},
+		},
+	}
+
+	for _, tc := range tcs {
+		kb := telegram.NewKeyboardFromReplies(tc.replies)
+		assert.Equal(t, tc.expected, kb, "keyboard mismatch for replies %v", tc.replies)
+	}
+}