testing facebook

2022-08-12 19:18:01 +05:30
1650 changed files with 11629 additions and 73518 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -15,12 +15,8 @@ defaults: &defaults
    - image: cimg/postgres:14.1
    - image: cimg/redis:6.2.6
  environment:
+      - CC_TEST_REPORTER_ID: b1b5c4447bf93f6f0b06a64756e35afd0810ea83649f03971cbf303b4449456f
      - RAILS_LOG_TO_STDOUT: false
-      - COVERAGE: true
-      - LOG_LEVEL: warn
-  parallelism: 4
-  resource_class: large
-
 jobs:
  build:
    <<: *defaults
@ -92,7 +88,6 @@ jobs:
            fi
            curl -L https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/5.3.0/openapi-generator-cli-5.3.0.jar > ~/tmp/openapi-generator-cli-5.3.0.jar
            java -jar ~/tmp/openapi-generator-cli-5.3.0.jar validate -i swagger/swagger.json
-            
      # Database setup
      - run: yarn install --check-files
      - run: bundle exec rake db:create
@ -118,79 +113,34 @@ jobs:
      - run:
          name: Run backend tests
          command: |
-            mkdir -p ~/tmp/test-results/rspec
-            mkdir -p ~/tmp/test-artifacts
-            mkdir -p coverage
-            ~/tmp/cc-test-reporter before-build
-            TESTFILES=$(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings)
-            bundle exec rspec --format progress \
-                              --format RspecJunitFormatter \
-                              --out ~/tmp/test-results/rspec.xml \
-                              -- ${TESTFILES}
-          no_output_timeout: 30m
-      - run:
-          name: Code Climate Test Coverage
-          command: |
-            ~/tmp/cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.$CIRCLE_NODE_INDEX.json"
+            bundle exec rspec $(circleci tests glob "spec/**/*_spec.rb" | circleci tests split --split-by=timings) --profile=10 --format documentation
+            ~/tmp/cc-test-reporter format-coverage -t simplecov -o ~/tmp/codeclimate.backend.json coverage/backend/.resultset.json
+      - persist_to_workspace:
+          root: ~/tmp
+          paths:
+            - codeclimate.backend.json

      - run:
          name: Run frontend tests
          command: |
-            mkdir -p ~/tmp/test-results/frontend_specs
-            ~/tmp/cc-test-reporter before-build
-            TESTFILES=$(circleci tests glob **/specs/*.spec.js | circleci tests split --split-by=timings)
-            yarn test:coverage --profile 10 \
-                               --out ~/tmp/test-results/yarn.xml \
-                               -- ${TESTFILES}
-      - run:
-          name: Code Climate Test Coverage
-          command: |
-            ~/tmp/cc-test-reporter format-coverage -t lcov -o coverage/codeclimate.frontend_$CIRCLE_NODE_INDEX.json buildreports/lcov.info    
-            
+            yarn test:coverage
+            ~/tmp/cc-test-reporter format-coverage -t lcov -o ~/tmp/codeclimate.frontend.json buildreports/lcov.info
      - persist_to_workspace:
-          root: coverage
+          root: ~/tmp
          paths:
-            - codeclimate.*.json
+            - codeclimate.frontend.json
+
      # collect reports
      - store_test_results:
          path: ~/tmp/test-results
      - store_artifacts:
-          path: ~/tmp/test-artifacts
+          path: ~/tmp/test-results
+          destination: test-results
      - store_artifacts:
          path: log

-  upload-coverage:
-    working_directory: ~/build
-    docker:
-      # specify the version you desire here
-      - image: circleci/ruby:3.0.2-node-browsers
-    environment:
-      - CC_TEST_REPORTER_ID: caf26a895e937974a90860cfadfded20891cfd1373a5aaafb3f67406ab9d433f
-    steps:
-      - attach_workspace:
-          at: ~/build
-      - run:
-          name:  Download cc-test-reporter
-          command: |
-            mkdir -p ~/tmp
-            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ~/tmp/cc-test-reporter
-            chmod +x ~/tmp/cc-test-reporter
-      - persist_to_workspace:
-          root: ~/tmp
-          paths:
-            - cc-test-reporter
      - run:
          name: Upload coverage results to Code Climate
          command: |
-            ~/tmp/cc-test-reporter sum-coverage --output - codeclimate.*.json |  ~/tmp/cc-test-reporter upload-coverage --debug --input -
-
-workflows:
-  version: 2
-
-  commit:
-    jobs:
-      - build
-      - upload-coverage:
-          requires:
-             - build
-
+            ~/tmp/cc-test-reporter sum-coverage ~/tmp/codeclimate.*.json -p 2 -o ~/tmp/codeclimate.total.json
+            ~/tmp/cc-test-reporter upload-coverage -i ~/tmp/codeclimate.total.json
--- a/.codeclimate.yml
+++ b/.codeclimate.yml
@ -54,5 +54,3 @@ exclude_patterns:
  - 'app/javascript/widget/i18n/index.js'
  - 'app/javascript/survey/i18n/index.js'
  - 'app/javascript/shared/constants/locales.js'
-  - 'app/javascript/dashboard/helper/specs/macrosFixtures.js'
-  - 'app/javascript/dashboard/routes/dashboard/settings/macros/constants.js'
--- a/.editorconfig
+++ b/.editorconfig
@ -7,8 +7,8 @@ end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
-indent_style = space
+indent_style = spaces
 tab_width = 2

-[*.{rb,erb,js,coffee,json,yml,css,scss,sh,markdown,md,html}]
+[{*.{rb,erb,js,coffee,json,yml,css,scss,sh,markdown,md,html}]
 indent_size = 2
--- a/.env.example
+++ b/.env.example
@ -3,8 +3,6 @@ SECRET_KEY_BASE=replace_with_lengthy_secure_hex

 # Replace with the URL you are planning to use for your app
 FRONTEND_URL=http://0.0.0.0:3000
-# To use a dedicated URL for help center pages
-# HELPCENTER_URL=http://0.0.0.0:3000

 # If the variable is set, all non-authenticated pages would fallback to the default locale.
 # Whenever a new account is created, the default language will be DEFAULT_LOCALE instead of en
@ -34,11 +32,6 @@ REDIS_SENTINELS=
 # You can find list of master using "SENTINEL masters" command
 REDIS_SENTINEL_MASTER_NAME=

-# By default Chatwoot will pass REDIS_PASSWORD as the password value for sentinels
-# Use the following environment variable to customize passwords for sentinels. 
-# Use empty string if sentinels are configured with out passwords
-# REDIS_SENTINEL_PASSWORD=
-
 # Redis premium breakage in heroku fix
 # enable the following configuration
 # ref: https://github.com/chatwoot/chatwoot/issues/2420
@ -47,7 +40,7 @@ REDIS_SENTINEL_MASTER_NAME=
 # Postgres Database config variables
 # You can leave POSTGRES_DATABASE blank. The default name of 
 # the database in the production environment is chatwoot_production
-# POSTGRES_DATABASE=
+POSTGRES_DATABASE=
 POSTGRES_HOST=postgres
 POSTGRES_USERNAME=postgres
 POSTGRES_PASSWORD=
@ -56,14 +49,13 @@ RAILS_MAX_THREADS=5

 # The email from which all outgoing emails are sent
 # could user either  `email@yourdomain.com` or `BrandName <email@yourdomain.com>`
-MAILER_SENDER_EMAIL=Chatwoot <accounts@chatwoot.com>
+MAILER_SENDER_EMAIL="Chatwoot <accounts@chatwoot.com>"

 #SMTP domain key is set up for HELO checking
 SMTP_DOMAIN=chatwoot.com
-# Set the value to "mailhog" if using docker-compose for development environments,
+# the default value is set "mailhog" and is used by docker-compose for development environments,
 # Set the value as "localhost" or your SMTP address in other environments
-# If SMTP_ADDRESS is empty, Chatwoot would try to use sendmail(postfix)
-SMTP_ADDRESS=
+SMTP_ADDRESS=mailhog
 SMTP_PORT=1025
 SMTP_USERNAME=
 SMTP_PASSWORD=
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -6,7 +6,6 @@ labels: 'Bug'
 assignees: ''

 ---
-
 **Describe the bug**

 A clear and concise description of what the bug is.
@ -17,11 +16,11 @@ Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
-4. See the error
+4. See error

 **Expected behavior**

-Share a clear and concise description of what you expected to happen.
+A clear and concise description of what you expected to happen.

 **Screenshots**

@ -29,50 +28,27 @@ If applicable, add screenshots to help explain your problem.

 **Browser logs**

-Share the browser logs to debug the issue further.
+Share the browser logs to debug the issue further

 **Server logs**

-Share the server logs to debug the issue further.
+Share the server logs to debug the issue further

 **Environment**

-Describe whether you are using Chatwoot Cloud (app.chatwoot.com) or a self-hosted installation of Chatwoot. If you are using a self-hosted installation of Chatwoot, describe the type of deployment (Docker/Linux VM installation/Heroku/Kubernetes/Other).
+Describe whether you are using Chatwoot Cloud (app.chatwoot.com) or a self hosted installation of Chatwoot. If you are using a self hosted installation of Chatwoot describe the type of deployment (Docker/Linux VM installation/Heroku)

- [ ] app.chatwoot.com (Chatwoot Cloud)
- [ ] Self-hosted
- - [ ] Linux VM
- - [ ] Docker
- - [ ] Kubernetes
- - [ ] Heroku
- - [ ] Other (Please specify)
-
-
-**Desktop (please complete the following information)** (If applicable)
- - OS: [e.g. Linux, Windows, MacOS]
- - Browser [e.g. chrome, firefox, safari]
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
 - Version [e.g. 22]

-**Smartphone (please complete the following information)** (If applicable)
- - Device: [e.g. iPhone6, Pixel7]
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
 - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, firefox, safari]
+ - Browser [e.g. stock browser, safari]
 - Version [e.g. 22]

-**Docker** (If applicable)
-
-Please share the output of the following.
- `docker version`
- `docker info`
- `docker-compose version`
-
-**Cloud Provider** (If applicable)
- [ ] AWS
- [ ] GCP
- [ ] Azure
- [ ] DigitalOcean
- [ ] Others
-
 **Additional context**

 Add any other context about the problem here.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -2,7 +2,8 @@

 ## Description

-Please include a summary of the change and issue(s) fixed. Also, mention relevant motivation, context, and any dependencies that this change requires.
+Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
+
 Fixes # (issue)

 ## Type of change
@ -11,18 +12,18 @@ Please delete options that are not relevant.

 - [ ] Bug fix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality not to work as expected)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
 - [ ] This change requires a documentation update

 ## How Has This Been Tested?

-Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
+Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration


 ## Checklist:

 - [ ] My code follows the style guidelines of this project
- [ ] I have performed a self-review of my code
+- [ ] I have performed a self-review of my own code
 - [ ] I have commented on my code, particularly in hard-to-understand areas
 - [ ] I have made corresponding changes to the documentation
 - [ ] My changes generate no new warnings
--- a/.github/workflows/nightly_installer.yml
+++ b/.github/workflows/nightly_installer.yml
@ -1,46 +0,0 @@
-# #
-# #
-# # Linux nightly installer action
-# # This action will try to install and setup
-# # chatwoot on an Ubuntu 20.04 machine using
-# # the linux installer script.
-# # 
-# # This is set to run daily at midnight.
-# #
-
-name: Run Linux nightly installer
-on:
-  schedule:
-    - cron: "0 0 * * *"
-  workflow_dispatch:
-
-jobs:
-  nightly:
-    runs-on: ubuntu-20.04
-    steps:
-
-    - name: get installer
-      run: |
-        wget https://get.chatwoot.app/linux/install.sh
-        chmod +x install.sh
-        #fix for postgtres not starting automatically in gh action env
-        sed -i '/function configure_db() {/a sudo service postgresql start' install.sh
-
-    - name: create input file
-      run: |
-        echo "no" > input
-        echo "yes" >> input
-
-    - name: Run the installer
-      run: |
-        sudo ./install.sh --install < input
-
-        #  disabling http verify for now as http 
-        #  access to port 3000 fails in gh action env
-        #    - name: Verify
-        #      if: always()
-        #      run: |
-        #        sudo netstat -ntlp | grep 3000
-        #        sudo systemctl restart chatwoot.target
-        #        curl http://localhost:3000/api
-
--- a/.github/workflows/publish_foss_docker.yml
+++ b/.github/workflows/publish_foss_docker.yml
@ -58,6 +58,5 @@ jobs:
        with:
          context: .
          file: docker/Dockerfile
-          platforms: linux/amd64
          push: true
          tags: ${{ env.DOCKER_TAG }}
--- a/.gitignore
+++ b/.gitignore
@ -39,6 +39,9 @@ public/packs*
 *.un~
 .jest-cache

+#VS Code files
+.vscode
+
 # ignore jetbrains IDE files
 .idea

@ -60,5 +63,3 @@ test/cypress/videos/*

 /config/master.key
 /config/*.enc
-
-.vscode/settings.json
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -183,5 +183,3 @@ AllCops:
    - db/migrate/20200503151130_add_account_feature_flag.rb
    - db/migrate/20200927135222_add_last_activity_at_to_conversation.rb
    - db/migrate/20210306170117_add_last_activity_at_to_contacts.rb
-    - db/migrate/20220809104508_revert_cascading_indexes.rb
-    
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@ -1,32 +0,0 @@
-{
-  "recommendations": [
-    // Spell check
-    "streetsidesoftware.code-spell-checker",
-    // Better Comments
-    "aaron-bond.better-comments",
-    // Rails Test Runner
-    "davidpallinder.rails-test-runner",
-    // Eslint
-    "dbaeumer.vscode-eslint",
-    // Auto Close Tag
-    "formulahendry.auto-close-tag",
-    // Auto Rename Tag
-    "formulahendry.auto-rename-tag",
-    // Hight light colors
-    "naumovs.color-highlight",
-    // GitLens
-    "eamodio.gitlens",
-    // Ruby
-    "rebornix.ruby",
-    // Vue
-    "octref.vetur",
-    // Prettier
-    "esbenp.prettier-vscode",
-    // Dot Env
-    "mikestead.dotenv",
-    // HTML CSS Support
-    "ecmel.vscode-html-css",
-    // Tailwind CSS Intellisense
-    "bradlc.vscode-tailwindcss",
-  ]
-}
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -1 +0,0 @@
-{}
--- a/14
+++ b/14
@ -4,7 +4,7 @@ ruby '3.0.4'

 ##-- base gems for rails --##
 gem 'rack-cors', require: 'rack/cors'
-gem 'rails', '~> 6.1', '>= 6.1.6.1'
+gem 'rails', '~>6.1'
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false

@ -56,7 +56,7 @@ gem 'activerecord-import'
 gem 'dotenv-rails'
 gem 'foreman'
 gem 'puma'
-gem 'webpacker', '~> 5.4', '>= 5.4.3'
+gem 'webpacker', '~> 5.x'
 # metrics on heroku
 gem 'barnes'

@ -94,7 +94,7 @@ gem 'ddtrace'
 gem 'elastic-apm'
 gem 'newrelic_rpm'
 gem 'scout_apm'
-gem 'sentry-rails', '~> 5.3', '>= 5.3.1'
+gem 'sentry-rails', '~> 5.3'
 gem 'sentry-ruby', '~> 5.3'
 gem 'sentry-sidekiq', '~> 5.3'

@ -131,10 +131,6 @@ gem 'pg_search'
 # Subscriptions, Billing
 gem 'stripe'

-## - helper gems --##
-## to populate db with sample data
-gem 'faker'
-
 group :production, :staging do
  # we dont want request timing out in development while using byebug
  gem 'rack-timeout'
@ -171,11 +167,11 @@ group :development, :test do
  gem 'byebug', platform: :mri
  gem 'climate_control'
  gem 'factory_bot_rails'
+  gem 'faker'
  gem 'listen'
  gem 'mock_redis'
  gem 'pry-rails'
-  gem 'rspec_junit_formatter'
-  gem 'rspec-rails', '~> 5.0.3'
+  gem 'rspec-rails', '~> 5.0.0'
  gem 'rubocop', require: false
  gem 'rubocop-performance', require: false
  gem 'rubocop-rails', require: false
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -135,7 +135,7 @@ GEM
    byebug (11.1.3)
    climate_control (1.1.1)
    coderay (1.1.3)
-    commonmarker (0.23.6)
+    commonmarker (0.23.5)
    concurrent-ruby (1.1.10)
    connection_pool (2.2.5)
    crack (0.4.5)
@ -286,9 +286,9 @@ GEM
      google-cloud-core (~> 1.6)
      googleauth (>= 0.16.2, < 2.a)
      mini_mime (~> 1.0)
-    google-protobuf (3.21.7)
-    google-protobuf (3.21.7-x86_64-darwin)
-    google-protobuf (3.21.7-x86_64-linux)
+    google-protobuf (3.21.2)
+    google-protobuf (3.21.2-x86_64-darwin)
+    google-protobuf (3.21.2-x86_64-linux)
    googleapis-common-protos (1.3.12)
      google-protobuf (~> 3.14)
      googleapis-common-protos-types (~> 1.2)
@ -398,7 +398,7 @@ GEM
    llhttp-ffi (0.4.0)
      ffi-compiler (~> 1.0)
      rake (~> 13.0)
-    loofah (2.19.1)
+    loofah (2.18.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@ -427,14 +427,14 @@ GEM
    netrc (0.11.0)
    newrelic_rpm (8.9.0)
    nio4r (2.5.8)
-    nokogiri (1.13.10)
+    nokogiri (1.13.7)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
-    nokogiri (1.13.10-arm64-darwin)
+    nokogiri (1.13.7-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.13.10-x86_64-darwin)
+    nokogiri (1.13.7-x86_64-darwin)
      racc (~> 1.4)
-    nokogiri (1.13.10-x86_64-linux)
+    nokogiri (1.13.7-x86_64-linux)
      racc (~> 1.4)
    oauth (0.5.10)
    orm_adapter (0.5.0)
@ -459,7 +459,7 @@ GEM
    pundit (2.2.0)
      activesupport (>= 3.0.0)
    raabro (1.4.0)
-    racc (1.6.1)
+    racc (1.6.0)
    rack (2.2.4)
    rack-attack (6.6.1)
      rack (>= 1.0, < 3)
@ -488,8 +488,8 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
-      loofah (~> 2.19, >= 2.19.1)
+    rails-html-sanitizer (1.4.3)
+      loofah (~> 2.3)
    railties (6.1.6.1)
      actionpack (= 6.1.6.1)
      activesupport (= 6.1.6.1)
@ -536,8 +536,6 @@ GEM
      rspec-mocks (~> 3.10)
      rspec-support (~> 3.10)
    rspec-support (3.11.0)
-    rspec_junit_formatter (0.6.0)
-      rspec-core (>= 2, < 4, != 2.12.0)
    rubocop (1.31.2)
      json (~> 2.3)
      parallel (~> 1.10)
@ -765,20 +763,19 @@ DEPENDENCIES
  rack-attack
  rack-cors
  rack-timeout
-  rails (~> 6.1, >= 6.1.6.1)
+  rails (~> 6.1)
  redis
  redis-namespace
  responders
  rest-client
-  rspec-rails (~> 5.0.3)
-  rspec_junit_formatter
+  rspec-rails (~> 5.0.0)
  rubocop
  rubocop-performance
  rubocop-rails
  rubocop-rspec
  scout_apm
  seed_dump
-  sentry-rails (~> 5.3, >= 5.3.1)
+  sentry-rails (~> 5.3)
  sentry-ruby (~> 5.3)
  sentry-sidekiq (~> 5.3)
  shoulda-matchers
@ -799,7 +796,7 @@ DEPENDENCIES
  valid_email2
  web-console
  webmock
-  webpacker (~> 5.4, >= 5.4.3)
+  webpacker (~> 5.x)
  webpush
  wisper (= 2.0.0)
  working_hours
@ -808,4 +805,4 @@ RUBY VERSION
   ruby 3.0.4p208

 BUNDLED WITH
-   2.3.16
+   2.3.17
--- a/README.md
+++ b/README.md
@ -16,7 +16,7 @@
 ___

 <p align="center">
-  <a href="https://codeclimate.com/github/chatwoot/chatwoot/maintainability"><img src="https://api.codeclimate.com/v1/badges/e6e3f66332c91e5a4c0c/maintainability" alt="Maintainability"></a>
+  <a href="https://codeclimate.com/github/chatwoot/chatwoot/maintainability"><img src="https://api.codeclimate.com/v1/badges/80f9e1a7c72d186289ad/maintainability" alt="Maintainability"></a>
  <img src="https://img.shields.io/circleci/build/github/chatwoot/chatwoot" alt="CircleCI Badge">
    <a href="https://hub.docker.com/r/chatwoot/chatwoot/"><img src="https://img.shields.io/docker/pulls/chatwoot/chatwoot" alt="Docker Pull Badge"></a>
  <a href="https://hub.docker.com/r/chatwoot/chatwoot/"><img src="https://img.shields.io/docker/cloud/build/chatwoot/chatwoot" alt="Docker Build Badge"></a>
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,55 +1,30 @@
-Chatwoot is looking forward to working with security researchers worldwide to keep Chatwoot and our users safe. If you have found an issue in our systems/applications, please reach out to us.
+# Security Policy
+Chatwoot is looking forward to working with security researchers across the world to keep Chatwoot and our users safe. If you have found an issue in our systems/applications, please reach out to us.

 ## Reporting a Vulnerability

-We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via this [form](https://huntr.dev/bounties/disclose). This will enable us to review the vulnerability, fix it promptly, and reward you for your efforts.
+We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via this [form](https://huntr.dev/bounties/disclose). 

-If you have any questions about the process, contact security@chatwoot.com. 
+This will enable us to review the vulnerability, fix it promptly, and reward you for your efforts.

-Please try your best to describe a clear and realistic impact for your report, and please don't open any public issues on GitHub or social media; we're doing our best to respond through Huntr as quickly as possible.
-
-> Note: Please use the email for questions related to the process. Disclosures should be done via [huntr.dev](https://huntr.dev/)
-## Supported versions
-
-| Version | Supported        |
-| ------- | --------------   |
-| latest   | ️✅               |
-| <latest   | ❌               |
+If you have any questions about the process, feel free to reach out to security@chatwoot.com.


-## Vulnerabilities we care about 🫣
-> Note: Please do not perform testing against Chatwoot production services. Use a `self-hosted instance` to perform tests.
- Remote command execution
- SQL Injection
- Authentication bypass
- Privilege Escalation
- Cross-site scripting (XSS)
- Performing limited admin actions without authorization
- CSRF
+## Out of scope

-You can learn more about our triaging process [here](https://www.chatwoot.com/docs/contributing-guide/security-reports).
+Please do not perform testing against Chatwoot production services. Use a self hosted instance to perform tests.

-## Non-Qualifying Vulnerabilities
-
-We consider the following out of scope, though there may be exceptions.
+We consider the following to be out of scope, though there may be exceptions.

 - Missing HTTP security headers
- Incomplete/Missing SPF/DKIM
- Reports from automated tools or scanners
- Theoretical attacks without proof of exploitability
- Social engineering
- Reflected file download
- Physical attacks
- Weak SSL/TLS/SSH algorithms or protocols
- Attacks involving physical access to a user's device or a device or network that's already seriously compromised (e.g., man-in-the-middle).
- The user attacks themselves
+- Self XSS
+- HTTP Host Header XSS without working proof-of-concept
 - Incomplete/Missing SPF/DKIM
 - Denial of Service attacks
- Brute force attacks
 - DNSSEC
+- Social Engineering attacks

-If you are unsure about the scope, please create a [report](https://huntr.dev/repos/chatwoot/chatwoot/).
-
+If you are not sure about the scope, please create a report.

 ## Thanks

--- a/2
+++ b/2
@ -1 +1 @@
-2.2.0
+2.6.0
--- a/app.json
+++ b/app.json
@ -41,24 +41,15 @@
  "formation": {
    "web": {
      "quantity": 1,
-      "size": "basic"
+      "size": "FREE"
    },
    "worker": {
      "quantity": 1,
-      "size": "basic"
+      "size": "FREE"
    }
  },
-  "stack": "heroku-20",
  "image": "heroku/ruby",
-  "addons": [
-    {
-      "plan": "heroku-redis:mini"
-    },
-    {
-      "plan": "heroku-postgresql:mini"
-    }
-  ],
-  "stack": "heroku-20",
+  "addons": [ "heroku-redis", "heroku-postgresql"],
  "buildpacks": [
    {
      "url": "heroku/ruby"
--- a/app/builders/contact_inbox_with_contact_builder.rb
+++ b/app/builders/contact_inbox_with_contact_builder.rb
@ -1,47 +1,25 @@
-# This Builder will create a contact and contact inbox with specified attributes.
-# If an existing identified contact exisits, it will be returned.
-# for contact inbox logic it uses the contact inbox builder
-
-class ContactInboxWithContactBuilder
-  pattr_initialize [:inbox!, :contact_attributes!, :source_id, :hmac_verified]
+class ContactBuilder
+  pattr_initialize [:source_id!, :inbox!, :contact_attributes!, :hmac_verified]

  def perform
-    find_or_create_contact_and_contact_inbox
-  # in case of race conditions where contact is created by another thread
-  # we will try to find the contact and create a contact inbox
-  rescue ActiveRecord::RecordNotUnique
-    find_or_create_contact_and_contact_inbox
-  end
+    contact_inbox = inbox.contact_inboxes.find_by(source_id: source_id)
+    return contact_inbox if contact_inbox

-  def find_or_create_contact_and_contact_inbox
-    @contact_inbox = inbox.contact_inboxes.find_by(source_id: source_id) if source_id.present?
-    return @contact_inbox if @contact_inbox
-
-    ActiveRecord::Base.transaction(requires_new: true) do
-      build_contact_with_contact_inbox
-      update_contact_avatar(@contact) unless @contact.avatar.attached?
-      @contact_inbox
-    end
+    build_contact_inbox
  end

  private

-  def build_contact_with_contact_inbox
-    @contact = find_contact || create_contact
-    @contact_inbox = create_contact_inbox
-  end
-
  def account
    @account ||= inbox.account
  end

-  def create_contact_inbox
-    ContactInboxBuilder.new(
-      contact: @contact,
-      inbox: @inbox,
-      source_id: @source_id,
-      hmac_verified: hmac_verified
-    ).perform
+  def create_contact_inbox(contact)
+    ::ContactInbox.create_with(hmac_verified: hmac_verified || false).find_or_create_by!(
+      contact_id: contact.id,
+      inbox_id: inbox.id,
+      source_id: source_id
+    )
  end

  def update_contact_avatar(contact)
@ -83,4 +61,16 @@ class ContactInboxWithContactBuilder

    account.contacts.find_by(phone_number: phone_number)
  end
+
+  def build_contact_inbox
+    ActiveRecord::Base.transaction do
+      contact = find_contact || create_contact
+      contact_inbox = create_contact_inbox(contact)
+      update_contact_avatar(contact)
+      contact_inbox
+    rescue StandardError => e
+      Rails.logger.error e
+      raise e
+    end
+  end
 end
--- a/app/builders/contact_inbox_builder.rb
+++ b/app/builders/contact_inbox_builder.rb
@ -1,12 +1,13 @@
-# This Builder will create a contact inbox with specified attributes. If the contact inbox already exists, it will be returned.
-# For Specific Channels like whatsapp, email etc . it smartly generated appropriate the source id when none is provided.
-
 class ContactInboxBuilder
-  pattr_initialize [:contact, :inbox, :source_id, { hmac_verified: false }]
+  pattr_initialize [:contact_id!, :inbox_id!, :source_id]

  def perform
-    @source_id ||= generate_source_id
-    create_contact_inbox if source_id.present?
+    @contact = Contact.find(contact_id)
+    @inbox = @contact.account.inboxes.find(inbox_id)
+    return unless ['Channel::TwilioSms', 'Channel::Sms', 'Channel::Email', 'Channel::Api', 'Channel::Whatsapp'].include? @inbox.channel_type
+
+    source_id = @source_id || generate_source_id
+    create_contact_inbox(source_id) if source_id.present?
  end

  private
@ -18,37 +19,23 @@ class ContactInboxBuilder
    when 'Channel::Whatsapp'
      wa_source_id
    when 'Channel::Email'
-      email_source_id
+      @contact.email
    when 'Channel::Sms'
-      phone_source_id
-    when 'Channel::Api', 'Channel::WebWidget'
+      @contact.phone_number
+    when 'Channel::Api'
      SecureRandom.uuid
-    else
-      raise "Unsupported operation for this channel: #{@inbox.channel_type}"
    end
  end

-  def email_source_id
-    raise ActionController::ParameterMissing, 'contact email' unless @contact.email
-
-    @contact.email
-  end
-
-  def phone_source_id
-    raise ActionController::ParameterMissing, 'contact phone number' unless @contact.phone_number
-
-    @contact.phone_number
-  end
-
  def wa_source_id
-    raise ActionController::ParameterMissing, 'contact phone number' unless @contact.phone_number
+    return unless @contact.phone_number

    # whatsapp doesn't want the + in e164 format
-    @contact.phone_number.delete('+').to_s
+    "#{@contact.phone_number}.delete('+')"
  end

  def twilio_source_id
-    raise ActionController::ParameterMissing, 'contact phone number' unless @contact.phone_number
+    return unless @contact.phone_number

    case @inbox.channel.medium
    when 'sms'
@ -58,11 +45,11 @@ class ContactInboxBuilder
    end
  end

-  def create_contact_inbox
-    ::ContactInbox.create_with(hmac_verified: hmac_verified || false).find_or_create_by!(
+  def create_contact_inbox(source_id)
+    ::ContactInbox.find_or_create_by!(
      contact_id: @contact.id,
      inbox_id: @inbox.id,
-      source_id: @source_id
+      source_id: source_id
    )
  end
 end
--- a/app/builders/conversation_builder.rb
+++ b/app/builders/conversation_builder.rb
@ -1,40 +0,0 @@
-class ConversationBuilder
-  pattr_initialize [:params!, :contact_inbox!]
-
-  def perform
-    look_up_exising_conversation || create_new_conversation
-  end
-
-  private
-
-  def look_up_exising_conversation
-    return unless @contact_inbox.inbox.lock_to_single_conversation?
-
-    @contact_inbox.conversations.last
-  end
-
-  def create_new_conversation
-    ::Conversation.create!(conversation_params)
-  end
-
-  def conversation_params
-    additional_attributes = params[:additional_attributes]&.permit! || {}
-    custom_attributes = params[:custom_attributes]&.permit! || {}
-    status = params[:status].present? ? { status: params[:status] } : {}
-
-    # TODO: temporary fallback for the old bot status in conversation, we will remove after couple of releases
-    # commenting this out to see if there are any errors, if not we can remove this in subsequent releases
-    # status = { status: 'pending' } if status[:status] == 'bot'
-    {
-      account_id: @contact_inbox.inbox.account_id,
-      inbox_id: @contact_inbox.inbox_id,
-      contact_id: @contact_inbox.contact_id,
-      contact_inbox_id: @contact_inbox.id,
-      additional_attributes: additional_attributes,
-      custom_attributes: custom_attributes,
-      snoozed_until: params[:snoozed_until],
-      assignee_id: params[:assignee_id],
-      team_id: params[:team_id]
-    }.merge(status)
-  end
-end
--- a/app/builders/messages/facebook/message_builder.rb
+++ b/app/builders/messages/facebook/message_builder.rb
@ -22,9 +22,10 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder
    return if @inbox.channel.reauthorization_required?

    ActiveRecord::Base.transaction do
-      build_contact_inbox
+      build_contact
      build_message
    end
+    ensure_contact_avatar
  rescue Koala::Facebook::AuthenticationError
    @inbox.channel.authorization_error!
  rescue StandardError => e
@ -34,12 +35,15 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder

  private

-  def build_contact_inbox
-    @contact_inbox = ::ContactInboxWithContactBuilder.new(
-      source_id: @sender_id,
-      inbox: @inbox,
-      contact_attributes: contact_params
-    ).perform
+  def contact
+    @contact ||= @inbox.contact_inboxes.find_by(source_id: @sender_id)&.contact
+  end
+
+  def build_contact
+    return if contact.present?
+
+    @contact = Contact.create!(contact_params.except(:remote_avatar_url))
+    @contact_inbox = ContactInbox.find_or_create_by!(contact: contact, inbox: @inbox, source_id: @sender_id)
  end

  def build_message
@ -50,11 +54,19 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder
    end
  end

+  def ensure_contact_avatar
+    return if contact_params[:remote_avatar_url].blank?
+    return if @contact.avatar.attached?
+
+    Avatar::AvatarFromUrlJob.perform_later(@contact, contact_params[:remote_avatar_url])
+  end
+
  def conversation
    @conversation ||= Conversation.find_by(conversation_params) || build_conversation
  end

  def build_conversation
+    @contact_inbox ||= contact.contact_inboxes.find_by!(source_id: @sender_id)
    Conversation.create!(conversation_params.merge(
                           contact_inbox_id: @contact_inbox.id
                         ))
@ -82,7 +94,7 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder
    {
      account_id: @inbox.account_id,
      inbox_id: @inbox.id,
-      contact_id: @contact_inbox.contact_id
+      contact_id: contact.id
    }
  end

@ -93,7 +105,7 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder
      message_type: @message_type,
      content: response.content,
      source_id: response.identifier,
-      sender: @outgoing_echo ? nil : @contact_inbox.contact
+      sender: @outgoing_echo ? nil : contact
    }
  end

@ -101,7 +113,7 @@ class Messages::Facebook::MessageBuilder < Messages::Messenger::MessageBuilder
    {
      name: "#{result['first_name'] || 'John'} #{result['last_name'] || 'Doe'}",
      account_id: @inbox.account_id,
-      avatar_url: result['profile_pic']
+      remote_avatar_url: result['profile_pic'] || ''
    }
  end

--- a/app/builders/messages/instagram/message_builder.rb
+++ b/app/builders/messages/instagram/message_builder.rb
@ -72,7 +72,6 @@ class Messages::Instagram::MessageBuilder < Messages::Messenger::MessageBuilder

  def build_message
    return if @outgoing_echo && already_sent_from_chatwoot?
-    return if message_content.blank? && all_unsupported_files?

    @message = conversation.messages.create!(message_params)

@ -118,13 +117,6 @@ class Messages::Instagram::MessageBuilder < Messages::Messenger::MessageBuilder
    cw_message.present?
  end

-  def all_unsupported_files?
-    return if attachments.empty?
-
-    attachments_type = attachments.pluck(:type).uniq.first
-    unsupported_file_type?(attachments_type)
-  end
-
  ### Sample response
  # {
  #   "object": "instagram",
--- a/app/builders/messages/message_builder.rb
+++ b/app/builders/messages/message_builder.rb
@ -35,13 +35,7 @@ class Messages::MessageBuilder
        file: uploaded_attachment
      )

-      attachment.file_type = if uploaded_attachment.is_a?(String)
-                               file_type_by_signed_id(
-                                 uploaded_attachment
-                               )
-                             else
-                               file_type(uploaded_attachment&.content_type)
-                             end
+      attachment.file_type = file_type(uploaded_attachment&.content_type) if uploaded_attachment.is_a?(ActionDispatch::Http::UploadedFile)
    end
  end

--- a/app/builders/messages/messenger/message_builder.rb
+++ b/app/builders/messages/messenger/message_builder.rb
@ -2,8 +2,7 @@ class Messages::Messenger::MessageBuilder
  include ::FileTypeHelper

  def process_attachment(attachment)
-    # This check handles very rare case if there are multiple files to attach with only one usupported file
-    return if unsupported_file_type?(attachment['type'])
+    return if attachment['type'].to_sym == :template

    attachment_obj = @message.attachments.new(attachment_params(attachment).except(:remote_file_url))
    attachment_obj.save!
@ -46,7 +45,6 @@ class Messages::Messenger::MessageBuilder
  end

  def update_attachment_file_type(attachment)
-    return if @message.reload.attachments.blank?
    return unless attachment.file_type == 'share' || attachment.file_type == 'story_mention'

    attachment.file_type = file_type(attachment.file&.content_type)
@ -63,7 +61,6 @@ class Messages::Messenger::MessageBuilder
    story_sender = result['from']['username']
    message.content_attributes[:story_sender] = story_sender
    message.content_attributes[:story_id] = story_id
-    message.content_attributes[:image_type] = 'story_mention'
    message.content = I18n.t('conversations.messages.instagram_story_content', story_sender: story_sender)
    message.save!
  end
@ -76,7 +73,6 @@ class Messages::Messenger::MessageBuilder
    raise
  rescue Koala::Facebook::ClientError => e
    # The exception occurs when we are trying fetch the deleted story or blocked story.
-    @message.attachments.destroy_all
    @message.update(content: I18n.t('conversations.messages.instagram_deleted_story_content'))
    Rails.logger.error e
    {}
@ -84,10 +80,4 @@ class Messages::Messenger::MessageBuilder
    ChatwootExceptionTracker.new(e, account: @inbox.account).capture_exception
    {}
  end
-
-  private
-
-  def unsupported_file_type?(attachment_type)
-    [:template, :unsupported_type].include? attachment_type.to_sym
-  end
 end
--- a/app/builders/notification_subscription_builder.rb
+++ b/app/builders/notification_subscription_builder.rb
@ -25,7 +25,7 @@ class NotificationSubscriptionBuilder
  end

  def build_identifier_subscription
-    @identifier_subscription = user.notification_subscriptions.create!(params.merge(identifier: identifier))
+    @identifier_subscription = user.notification_subscriptions.create(params.merge(identifier: identifier))
  end

  def update_identifier_subscription
--- a/app/controllers/api/v1/accounts/agents_controller.rb
+++ b/app/controllers/api/v1/accounts/agents_controller.rb
@ -39,7 +39,7 @@ class Api::V1::Accounts::AgentsController < Api::V1::Accounts::BaseController
  # TODO: move this to a builder and combine the save account user method into a builder
  # ensure the account user association is also created in a single transaction
  def create_user
-    return @user.send_confirmation_instructions if @user
+    return if @user

    @user = User.create!(new_agent_params.slice(:email, :name, :password, :password_confirmation))
  end
--- a/app/controllers/api/v1/accounts/articles_controller.rb
+++ b/app/controllers/api/v1/accounts/articles_controller.rb
@ -5,10 +5,9 @@ class Api::V1::Accounts::ArticlesController < Api::V1::Accounts::BaseController
  before_action :set_current_page, only: [:index]

  def index
-    @portal_articles = @portal.articles
-    @all_articles = @portal_articles.search(list_params)
-    @articles_count = @all_articles.count
-    @articles = @all_articles.page(@current_page)
+    @articles_count = @portal.articles.count
+    @articles = @portal.articles
+    @articles = @articles.search(list_params) if list_params.present?
  end

  def create
@ -38,13 +37,12 @@ class Api::V1::Accounts::ArticlesController < Api::V1::Accounts::BaseController
  end

  def portal
-    @portal ||= Current.account.portals.find_by!(slug: params[:portal_id])
+    @portal ||= Current.account.portals.find_by(slug: params[:portal_id])
  end

  def article_params
    params.require(:article).permit(
-      :title, :slug, :content, :description, :position, :category_id, :author_id, :associated_article_id, :status, meta: [:title, :description,
-                                                                                                                          { tags: [] }]
+      :title, :content, :description, :position, :category_id, :author_id, :associated_article_id, :status
    )
  end

--- a/app/controllers/api/v1/accounts/automation_rules_controller.rb
+++ b/app/controllers/api/v1/accounts/automation_rules_controller.rb
@ -49,7 +49,7 @@ class Api::V1::Accounts::AutomationRulesController < Api::V1::Accounts::BaseCont
  def clone
    automation_rule = Current.account.automation_rules.find_by(id: params[:automation_rule_id])
    new_rule = automation_rule.dup
-    new_rule.save!
+    new_rule.save
    @automation_rule = new_rule
  end

--- a/app/controllers/api/v1/accounts/categories_controller.rb
+++ b/app/controllers/api/v1/accounts/categories_controller.rb
@ -5,7 +5,6 @@ class Api::V1::Accounts::CategoriesController < Api::V1::Accounts::BaseControlle
  before_action :set_current_page, only: [:index]

  def index
-    @current_locale = params[:locale]
    @categories = @portal.categories.search(params)
  end

--- a/app/controllers/api/v1/accounts/channels/twilio_channels_controller.rb
+++ b/app/controllers/api/v1/accounts/channels/twilio_channels_controller.rb
@ -44,7 +44,7 @@ class Api::V1::Accounts::Channels::TwilioChannelsController < Api::V1::Accounts:
      phone_number: phone_number,
      medium: medium
    )
-    @inbox = Current.account.inboxes.create!(
+    @inbox = Current.account.inboxes.create(
      name: permitted_params[:name],
      channel: @twilio_channel
    )
--- a/app/controllers/api/v1/accounts/contacts/contact_inboxes_controller.rb
+++ b/app/controllers/api/v1/accounts/contacts/contact_inboxes_controller.rb
@ -2,11 +2,8 @@ class Api::V1::Accounts::Contacts::ContactInboxesController < Api::V1::Accounts:
  before_action :ensure_inbox, only: [:create]

  def create
-    @contact_inbox = ContactInboxBuilder.new(
-      contact: @contact,
-      inbox: @inbox,
-      source_id: params[:source_id]
-    ).perform
+    source_id = params[:source_id] || SecureRandom.uuid
+    @contact_inbox = ContactInbox.create!(contact: @contact, inbox: @inbox, source_id: source_id)
  end

  private
--- a/app/controllers/api/v1/accounts/contacts/conversations_controller.rb
+++ b/app/controllers/api/v1/accounts/contacts/conversations_controller.rb
@ -2,7 +2,7 @@ class Api::V1::Accounts::Contacts::ConversationsController < Api::V1::Accounts::
  def index
    @conversations = Current.account.conversations.includes(
      :assignee, :contact, :inbox, :taggings
-    ).where(inbox_id: inbox_ids, contact_id: @contact.id).order(id: :desc).limit(20)
+    ).where(inbox_id: inbox_ids, contact_id: @contact.id)
  end

  private
--- a/app/controllers/api/v1/accounts/contacts_controller.rb
+++ b/app/controllers/api/v1/accounts/contacts_controller.rb
@ -134,11 +134,8 @@ class Api::V1::Accounts::ContactsController < Api::V1::Accounts::BaseController
    return if params[:inbox_id].blank?

    inbox = Current.account.inboxes.find(params[:inbox_id])
-    ContactInboxBuilder.new(
-      contact: @contact,
-      inbox: inbox,
-      source_id: params[:source_id]
-    ).perform
+    source_id = params[:source_id] || SecureRandom.uuid
+    ContactInbox.create(contact: @contact, inbox: inbox, source_id: source_id)
  end

  def permitted_params
--- a/app/controllers/api/v1/accounts/conversations_controller.rb
+++ b/app/controllers/api/v1/accounts/conversations_controller.rb
@ -3,7 +3,7 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
  include DateRangeHelper

  before_action :conversation, except: [:index, :meta, :search, :create, :filter]
-  before_action :inbox, :contact, :contact_inbox, only: [:create]
+  before_action :contact_inbox, only: [:create]

  def index
    result = conversation_finder.perform
@ -24,7 +24,7 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro

  def create
    ActiveRecord::Base.transaction do
-      @conversation = ConversationBuilder.new(params: params, contact_inbox: @contact_inbox).perform
+      @conversation = ::Conversation.create!(conversation_params)
      Messages::MessageBuilder.new(Current.user, @conversation, params[:message]).perform if params[:message].present?
    end
  end
@ -75,13 +75,10 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
  end

  def update_last_seen
-    update_last_seen_on_conversation(DateTime.now.utc, assignee?)
-  end
-
-  def unread
-    last_incoming_message = @conversation.messages.incoming.last
-    last_seen_at = last_incoming_message.created_at - 1.second if last_incoming_message.present?
-    update_last_seen_on_conversation(last_seen_at, true)
+    # rubocop:disable Rails/SkipsModelValidations
+    @conversation.update_column(:agent_last_seen_at, DateTime.now.utc)
+    @conversation.update_column(:assignee_last_seen_at, DateTime.now.utc) if assignee?
+    # rubocop:enable Rails/SkipsModelValidations
  end

  def custom_attributes
@ -91,18 +88,9 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro

  private

-  def update_last_seen_on_conversation(last_seen_at, update_assignee)
-    # rubocop:disable Rails/SkipsModelValidations
-    @conversation.update_column(:agent_last_seen_at, last_seen_at)
-    @conversation.update_column(:assignee_last_seen_at, last_seen_at) if update_assignee.present?
-    # rubocop:enable Rails/SkipsModelValidations
-  end
-
  def set_conversation_status
-    # TODO: temporary fallback for the old bot status in conversation, we will remove after couple of releases
-    # commenting this out to see if there are any errors, if not we can remove this in subsequent releases
-    # status = params[:status] == 'bot' ? 'pending' : params[:status]
-    @conversation.status = params[:status]
+    status = params[:status] == 'bot' ? 'pending' : params[:status]
+    @conversation.status = status
    @conversation.snoozed_until = parse_date_time(params[:snoozed_until].to_s) if params[:snoozed_until]
  end

@ -121,44 +109,51 @@ class Api::V1::Accounts::ConversationsController < Api::V1::Accounts::BaseContro
    authorize @conversation.inbox, :show?
  end

-  def inbox
-    return if params[:inbox_id].blank?
-
-    @inbox = Current.account.inboxes.find(params[:inbox_id])
-    authorize @inbox, :show?
-  end
-
-  def contact
-    return if params[:contact_id].blank?
-
-    @contact = Current.account.contacts.find(params[:contact_id])
-  end
-
  def contact_inbox
    @contact_inbox = build_contact_inbox

-    # fallback for the old case where we do look up only using source id
-    # In future we need to change this and make sure we do look up on combination of inbox_id and source_id
-    # and deprecate the support of passing only source_id as the param
    @contact_inbox ||= ::ContactInbox.find_by!(source_id: params[:source_id])
    authorize @contact_inbox.inbox, :show?
  end

  def build_contact_inbox
-    return if @inbox.blank? || @contact.blank?
+    return if params[:contact_id].blank? || params[:inbox_id].blank?
+
+    inbox = Current.account.inboxes.find(params[:inbox_id])
+    authorize inbox, :show?

    ContactInboxBuilder.new(
-      contact: @contact,
-      inbox: @inbox,
+      contact_id: params[:contact_id],
+      inbox_id: inbox.id,
      source_id: params[:source_id]
    ).perform
  end

+  def conversation_params
+    additional_attributes = params[:additional_attributes]&.permit! || {}
+    custom_attributes = params[:custom_attributes]&.permit! || {}
+    status = params[:status].present? ? { status: params[:status] } : {}
+
+    # TODO: temporary fallback for the old bot status in conversation, we will remove after couple of releases
+    status = { status: 'pending' } if status[:status] == 'bot'
+    {
+      account_id: Current.account.id,
+      inbox_id: @contact_inbox.inbox_id,
+      contact_id: @contact_inbox.contact_id,
+      contact_inbox_id: @contact_inbox.id,
+      additional_attributes: additional_attributes,
+      custom_attributes: custom_attributes,
+      snoozed_until: params[:snoozed_until],
+      assignee_id: params[:assignee_id],
+      team_id: params[:team_id]
+    }.merge(status)
+  end
+
  def conversation_finder
-    @conversation_finder ||= ConversationFinder.new(Current.user, params)
+    @conversation_finder ||= ConversationFinder.new(current_user, params)
  end

  def assignee?
-    @conversation.assignee_id? && Current.user == @conversation.assignee
+    @conversation.assignee_id? && current_user == @conversation.assignee
  end
 end
--- a/app/controllers/api/v1/accounts/csat_survey_responses_controller.rb
+++ b/app/controllers/api/v1/accounts/csat_survey_responses_controller.rb
@ -22,7 +22,7 @@ class Api::V1::Accounts::CsatSurveyResponsesController < Api::V1::Accounts::Base
  def download
    response.headers['Content-Type'] = 'text/csv'
    response.headers['Content-Disposition'] = 'attachment; filename=csat_report.csv'
-    render layout: false, template: 'api/v1/accounts/csat_survey_responses/download', formats: [:csv]
+    render layout: false, template: 'api/v1/accounts/csat_survey_responses/download.csv.erb', format: 'csv'
  end

  private
--- a/app/controllers/api/v1/accounts/inboxes_controller.rb
+++ b/app/controllers/api/v1/accounts/inboxes_controller.rb
@ -113,8 +113,7 @@ class Api::V1::Accounts::InboxesController < Api::V1::Accounts::BaseController

  def inbox_attributes
    [:name, :avatar, :greeting_enabled, :greeting_message, :enable_email_collect, :csat_survey_enabled,
-     :enable_auto_assignment, :working_hours_enabled, :out_of_office_message, :timezone, :allow_messages_after_resolved,
-     :lock_to_single_conversation]
+     :enable_auto_assignment, :working_hours_enabled, :out_of_office_message, :timezone, :allow_messages_after_resolved]
  end

  def permitted_params(channel_attributes = [])
--- a/app/controllers/api/v1/accounts/macros_controller.rb
+++ b/app/controllers/api/v1/accounts/macros_controller.rb
@ -1,6 +1,6 @@
 class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
+  before_action :check_authorization
  before_action :fetch_macro, only: [:show, :update, :destroy, :execute]
-  before_action :check_authorization, only: [:show, :update, :destroy, :execute]

  def index
    @macros = Macro.with_visibility(current_user, params)
@ -14,34 +14,19 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
    render json: { error: @macro.errors.messages }, status: :unprocessable_entity and return unless @macro.valid?

    @macro.save!
-    process_attachments
-    @macro
  end

-  def show
-    head :not_found if @macro.nil?
-  end
+  def show; end

  def destroy
    @macro.destroy!
    head :ok
  end

-  def attach_file
-    file_blob = ActiveStorage::Blob.create_and_upload!(
-      key: nil,
-      io: params[:attachment].tempfile,
-      filename: params[:attachment].original_filename,
-      content_type: params[:attachment].content_type
-    )
-    render json: { blob_key: file_blob.key, blob_id: file_blob.id }
-  end
-
  def update
    ActiveRecord::Base.transaction do
      @macro.update!(macros_with_user)
      @macro.set_visibility(current_user, permitted_params)
-      process_attachments
      @macro.save!
    rescue StandardError => e
      Rails.logger.error e
@ -55,19 +40,6 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
    head :ok
  end

-  private
-
-  def process_attachments
-    actions = @macro.actions.filter_map { |k, _v| k if k['action_name'] == 'send_attachment' }
-    return if actions.blank?
-
-    actions.each do |action|
-      blob_id = action['action_params']
-      blob = ActiveStorage::Blob.find_by(id: blob_id)
-      @macro.files.attach(blob)
-    end
-  end
-
  def permitted_params
    params.permit(
      :name, :account_id, :visibility,
@ -82,8 +54,4 @@ class Api::V1::Accounts::MacrosController < Api::V1::Accounts::BaseController
  def fetch_macro
    @macro = Current.account.macros.find_by(id: params[:id])
  end
-
-  def check_authorization
-    authorize(@macro) if @macro.present?
-  end
 end
--- a/app/controllers/api/v1/accounts/portals_controller.rb
+++ b/app/controllers/api/v1/accounts/portals_controller.rb
@ -14,14 +14,10 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
    @portal.members << agents
  end

-  def show
-    @all_articles = @portal.articles
-    @articles = @all_articles.search(locale: params[:locale])
-  end
+  def show; end

  def create
    @portal = Current.account.portals.build(portal_params)
-    @portal.custom_domain = parsed_custom_domain
    @portal.save!
    process_attached_logo
  end
@ -29,7 +25,6 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
  def update
    ActiveRecord::Base.transaction do
      @portal.update!(portal_params) if params[:portal].present?
-      # @portal.custom_domain = parsed_custom_domain
      process_attached_logo
    rescue StandardError => e
      Rails.logger.error e
@ -63,8 +58,7 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController

  def portal_params
    params.require(:portal).permit(
-      :account_id, :color, :custom_domain, :header_text, :homepage_link, :name, :page_title, :slug, :archived, { config: [:default_locale,
-                                                                                                                          { allowed_locales: [] }] }
+      :account_id, :color, :custom_domain, :header_text, :homepage_link, :name, :page_title, :slug, :archived, config: { allowed_locales: [] }
    )
  end

@ -75,9 +69,4 @@ class Api::V1::Accounts::PortalsController < Api::V1::Accounts::BaseController
  def set_current_page
    @current_page = params[:page] || 1
  end
-
-  def parsed_custom_domain
-    domain = URI.parse(@portal.custom_domain)
-    domain.is_a?(URI::HTTP) ? domain.host : @portal.custom_domain
-  end
 end
--- a/app/controllers/api/v1/accounts/team_members_controller.rb
+++ b/app/controllers/api/v1/accounts/team_members_controller.rb
@ -1,7 +1,6 @@
 class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseController
  before_action :fetch_team
  before_action :check_authorization
-  before_action :validate_member_id_params, only: [:create, :update, :destroy]

  def index
    @team_members = @team.team_members.map(&:user)
@ -46,10 +45,4 @@ class Api::V1::Accounts::TeamMembersController < Api::V1::Accounts::BaseControll
  def fetch_team
    @team = Current.account.teams.find(params[:team_id])
  end
-
-  def validate_member_id_params
-    invalid_ids = params[:user_ids].map(&:to_i) - @team.account.user_ids
-
-    render json: { error: 'Invalid User IDs' }, status: :unauthorized and return if invalid_ids.present?
-  end
 end
--- a/app/controllers/api/v1/accounts_controller.rb
+++ b/app/controllers/api/v1/accounts_controller.rb
@ -24,7 +24,7 @@ class Api::V1::AccountsController < Api::BaseController
    ).perform
    if @user
      send_auth_headers(@user)
-      render 'api/v1/accounts/create', format: :json, locals: { resource: @user }
+      render 'api/v1/accounts/create.json', locals: { resource: @user }
    else
      render_error_response(CustomExceptions::Account::SignupFailed.new({}))
    end
@ -32,7 +32,7 @@ class Api::V1::AccountsController < Api::BaseController

  def show
    @latest_chatwoot_version = ::Redis::Alfred.get(::Redis::Alfred::LATEST_CHATWOOT_VERSION)
-    render 'api/v1/accounts/show', format: :json
+    render 'api/v1/accounts/show.json'
  end

  def update
--- a/app/controllers/api/v1/notification_subscriptions_controller.rb
+++ b/app/controllers/api/v1/notification_subscriptions_controller.rb
@ -9,7 +9,7 @@ class Api::V1::NotificationSubscriptionsController < Api::BaseController

  def destroy
    notification_subscription = NotificationSubscription.where(["subscription_attributes->>'push_token' = ?", params[:push_token]]).first
-    notification_subscription.destroy! if notification_subscription.present?
+    notification_subscription.destroy!
    head :ok
  end

--- a/app/controllers/api/v1/profiles_controller.rb
+++ b/app/controllers/api/v1/profiles_controller.rb
@ -18,19 +18,10 @@ class Api::V1::ProfilesController < Api::BaseController
    head :ok
  end

-  def auto_offline
-    @user.account_users.find_by!(account_id: auto_offline_params[:account_id]).update!(auto_offline: auto_offline_params[:auto_offline] || false)
-  end
-
  def availability
    @user.account_users.find_by!(account_id: availability_params[:account_id]).update!(availability: availability_params[:availability])
  end

-  def set_active_account
-    @user.account_users.find_by(account_id: profile_params[:account_id]).update(active_at: Time.now.utc)
-    head :ok
-  end
-
  private

  def set_user
@ -41,10 +32,6 @@ class Api::V1::ProfilesController < Api::BaseController
    params.require(:profile).permit(:account_id, :availability)
  end

-  def auto_offline_params
-    params.require(:profile).permit(:account_id, :auto_offline)
-  end
-
  def profile_params
    params.require(:profile).permit(
      :email,
@ -52,7 +39,6 @@ class Api::V1::ProfilesController < Api::BaseController
      :display_name,
      :avatar,
      :message_signature,
-      :account_id,
      ui_settings: {}
    )
  end
--- a/app/controllers/api/v1/widget/base_controller.rb
+++ b/app/controllers/api/v1/widget/base_controller.rb
@ -50,9 +50,7 @@ class Api::V1::Widget::BaseController < ApplicationController
  end

  def contact_name
-    return if @contact.email.present? || @contact.phone_number.present? || @contact.identifier.present?
-
-    permitted_params.dig(:contact, :name) || (contact_email.split('@')[0] if contact_email.present?)
+    params[:contact][:name] || contact_email.split('@')[0] if contact_email.present?
  end

  def contact_phone_number
--- a/app/controllers/api/v1/widget/conversations_controller.rb
+++ b/app/controllers/api/v1/widget/conversations_controller.rb
@ -9,7 +9,7 @@ class Api::V1::Widget::ConversationsController < Api::V1::Widget::BaseController
    ActiveRecord::Base.transaction do
      process_update_contact
      @conversation = create_conversation
-      conversation.messages.create!(message_params)
+      conversation.messages.create(message_params)
    end
  end

@ -17,8 +17,7 @@ class Api::V1::Widget::ConversationsController < Api::V1::Widget::BaseController
    @contact = ContactIdentifyAction.new(
      contact: @contact,
      params: { email: contact_email, phone_number: contact_phone_number, name: contact_name },
-      retain_original_contact_name: true,
-      discard_invalid_attrs: true
+      retain_original_contact_name: true
    ).perform
  end

@ -60,7 +59,7 @@ class Api::V1::Widget::ConversationsController < Api::V1::Widget::BaseController

    unless conversation.resolved?
      conversation.status = :resolved
-      conversation.save!
+      conversation.save
    end
    head :ok
  end
--- a/app/controllers/api/v2/accounts/reports_controller.rb
+++ b/app/controllers/api/v2/accounts/reports_controller.rb
@ -14,22 +14,22 @@ class Api::V2::Accounts::ReportsController < Api::V1::Accounts::BaseController

  def agents
    @report_data = generate_agents_report
-    generate_csv('agents_report', 'api/v2/accounts/reports/agents')
+    generate_csv('agents_report', 'api/v2/accounts/reports/agents.csv.erb')
  end

  def inboxes
    @report_data = generate_inboxes_report
-    generate_csv('inboxes_report', 'api/v2/accounts/reports/inboxes')
+    generate_csv('inboxes_report', 'api/v2/accounts/reports/inboxes.csv.erb')
  end

  def labels
    @report_data = generate_labels_report
-    generate_csv('labels_report', 'api/v2/accounts/reports/labels')
+    generate_csv('labels_report', 'api/v2/accounts/reports/labels.csv.erb')
  end

  def teams
    @report_data = generate_teams_report
-    generate_csv('teams_report', 'api/v2/accounts/reports/teams')
+    generate_csv('teams_report', 'api/v2/accounts/reports/teams.csv.erb')
  end

  def conversations
@ -43,7 +43,7 @@ class Api::V2::Accounts::ReportsController < Api::V1::Accounts::BaseController
  def generate_csv(filename, template)
    response.headers['Content-Type'] = 'text/csv'
    response.headers['Content-Disposition'] = "attachment; filename=#{filename}.csv"
-    render layout: false, template: template, formats: [:csv]
+    render layout: false, template: template, format: 'csv'
  end

  def check_authorization
--- a/app/controllers/concerns/request_exception_handler.rb
+++ b/app/controllers/concerns/request_exception_handler.rb
@ -13,8 +13,6 @@ module RequestExceptionHandler
    render_not_found_error('Resource could not be found')
  rescue Pundit::NotAuthorizedError
    render_unauthorized('You are not authorized to do this action')
-  rescue ActionController::ParameterMissing => e
-    render_could_not_create_error(e.message)
  ensure
    # to address the thread variable leak issues in Puma/Thin webserver
    Current.reset
--- a/app/controllers/dashboard_controller.rb
+++ b/app/controllers/dashboard_controller.rb
@ -4,7 +4,6 @@ class DashboardController < ActionController::Base
  before_action :set_global_config
  around_action :switch_locale
  before_action :ensure_installation_onboarding, only: [:index]
-  before_action :render_hc_if_custom_domain, only: [:index]

  layout 'vueapp'

@ -16,7 +15,8 @@ class DashboardController < ActionController::Base
    @global_config = GlobalConfig.get(
      'LOGO', 'LOGO_THUMBNAIL',
      'INSTALLATION_NAME',
-      'WIDGET_BRAND_URL', 'TERMS_URL',
+      'WIDGET_BRAND_URL',
+      'TERMS_URL',
      'PRIVACY_URL',
      'DISPLAY_MANIFEST',
      'CREATE_NEW_ACCOUNT_FROM_DASHBOARD',
@ -24,12 +24,12 @@ class DashboardController < ActionController::Base
      'API_CHANNEL_NAME',
      'API_CHANNEL_THUMBNAIL',
      'ANALYTICS_TOKEN',
+      'ANALYTICS_HOST',
      'DIRECT_UPLOADS_ENABLED',
      'HCAPTCHA_SITE_KEY',
      'LOGOUT_REDIRECT_LINK',
      'DISABLE_USER_PROFILE_UPDATE',
-      'DEPLOYMENT_ENV',
-      'CSML_EDITOR_HOST'
+      'DEPLOYMENT_ENV'
    ).merge(app_config)
  end

@ -37,17 +37,6 @@ class DashboardController < ActionController::Base
    redirect_to '/installation/onboarding' if ::Redis::Alfred.get(::Redis::Alfred::CHATWOOT_INSTALLATION_ONBOARDING)
  end

-  def render_hc_if_custom_domain
-    domain = request.host
-    return if domain == URI.parse(ENV.fetch('FRONTEND_URL', '')).host
-
-    @portal = Portal.find_by(custom_domain: domain)
-    return unless @portal
-
-    @locale = @portal.default_locale
-    render 'public/api/v1/portals/show', layout: 'portal', portal: @portal and return
-  end
-
  def app_config
    {
      APP_VERSION: Chatwoot.config[:version],
--- a/app/controllers/devise_overrides/confirmations_controller.rb
+++ b/app/controllers/devise_overrides/confirmations_controller.rb
@ -14,7 +14,7 @@ class DeviseOverrides::ConfirmationsController < Devise::ConfirmationsController

  def render_confirmation_success
    send_auth_headers(@confirmable)
-    render partial: 'devise/auth', formats: [:json], locals: { resource: @confirmable }
+    render partial: 'devise/auth.json', locals: { resource: @confirmable }
  end

  def render_confirmation_error
--- a/app/controllers/devise_overrides/passwords_controller.rb
+++ b/app/controllers/devise_overrides/passwords_controller.rb
@ -11,7 +11,7 @@ class DeviseOverrides::PasswordsController < Devise::PasswordsController
    @recoverable = User.find_by(reset_password_token: reset_password_token)
    if @recoverable && reset_password_and_confirmation(@recoverable)
      send_auth_headers(@recoverable)
-      render partial: 'devise/auth', formats: [:json], locals: { resource: @recoverable }
+      render partial: 'devise/auth.json', locals: { resource: @recoverable }
    else
      render json: { message: 'Invalid token', redirect_url: '/' }, status: :unprocessable_entity
    end
--- a/app/controllers/devise_overrides/sessions_controller.rb
+++ b/app/controllers/devise_overrides/sessions_controller.rb
@ -16,14 +16,14 @@ class DeviseOverrides::SessionsController < ::DeviseTokenAuth::SessionsControlle
  end

  def render_create_success
-    render partial: 'devise/auth', formats: [:json], locals: { resource: @resource }
+    render partial: 'devise/auth.json', locals: { resource: @resource }
  end

  private

  def authenticate_resource_with_sso_token
    @token = @resource.create_token
-    @resource.save!
+    @resource.save

    sign_in(:user, @resource, store: false, bypass: false)
    # invalidate the token after the user is signed in
--- a/app/controllers/devise_overrides/token_validations_controller.rb
+++ b/app/controllers/devise_overrides/token_validations_controller.rb
@ -2,7 +2,7 @@ class DeviseOverrides::TokenValidationsController < ::DeviseTokenAuth::TokenVali
  def validate_token
    # @resource will have been set by set_user_by_token concern
    if @resource
-      render 'devise/token', formats: [:json]
+      render 'devise/token.json'
    else
      render_validate_token_error
    end
--- a/app/controllers/platform/api/v1/accounts_controller.rb
+++ b/app/controllers/platform/api/v1/accounts_controller.rb
@ -1,16 +1,18 @@
 class Platform::Api::V1::AccountsController < PlatformController
  def create
-    @resource = Account.create!(account_params)
-    update_resource_features
+    @resource = Account.new(account_params)
+    @resource.save!
    @platform_app.platform_app_permissibles.find_or_create_by(permissible: @resource)
+    render json: @resource
  end

-  def show; end
+  def show
+    render json: @resource
+  end

  def update
-    @resource.assign_attributes(account_params)
-    update_resource_features
-    @resource.save!
+    @resource.update!(account_params)
+    render json: @resource
  end

  def destroy
@ -25,18 +27,6 @@ class Platform::Api::V1::AccountsController < PlatformController
  end

  def account_params
-    permitted_params.except(:features)
-  end
-
-  def update_resource_features
-    return if permitted_params[:features].blank?
-
-    permitted_params[:features].each do |key, value|
-      value.present? ? @resource.enable_features(key) : @resource.disable_features(key)
-    end
-  end
-
-  def permitted_params
-    params.permit(:name, :locale, :domain, :support_email, :status, features: {}, limits: {}, custom_attributes: {})
+    params.permit(:name, :locale)
  end
 end
--- a/app/controllers/platform/api/v1/users_controller.rb
+++ b/app/controllers/platform/api/v1/users_controller.rb
@ -51,6 +51,6 @@ class Platform::Api::V1::UsersController < PlatformController
  end

  def user_params
-    params.permit(:name, :display_name, :email, :password, custom_attributes: {})
+    params.permit(:name, :email, :password, custom_attributes: {})
  end
 end
--- a/app/controllers/public/api/v1/inboxes/contacts_controller.rb
+++ b/app/controllers/public/api/v1/inboxes/contacts_controller.rb
@ -4,10 +4,10 @@ class Public::Api::V1::Inboxes::ContactsController < Public::Api::V1::InboxesCon

  def create
    source_id = params[:source_id] || SecureRandom.uuid
-    @contact_inbox = ::ContactInboxWithContactBuilder.new(
+    @contact_inbox = ::ContactBuilder.new(
      source_id: source_id,
      inbox: @inbox_channel.inbox,
-      contact_attributes: permitted_params.except(:identifier_hash)
+      contact_attributes: permitted_params.except(:identifier, :identifier_hash)
    ).perform
  end

--- a/app/controllers/public/api/v1/inboxes_controller.rb
+++ b/app/controllers/public/api/v1/inboxes_controller.rb
@ -3,15 +3,9 @@ class Public::Api::V1::InboxesController < PublicController
  before_action :set_contact_inbox
  before_action :set_conversation

-  def show
-    @inbox_channel = ::Channel::Api.find_by!(identifier: params[:id])
-  end
-
  private

  def set_inbox_channel
-    return if params[:inbox_id].blank?
-
    @inbox_channel = ::Channel::Api.find_by!(identifier: params[:inbox_id])
  end

--- a/app/controllers/public/api/v1/portals/articles_controller.rb
+++ b/app/controllers/public/api/v1/portals/articles_controller.rb
@ -1,9 +1,6 @@
-class Public::Api::V1::Portals::ArticlesController < PublicController
-  before_action :ensure_custom_domain_request, only: [:show, :index]
-  before_action :portal
-  before_action :set_category, except: [:index]
+class Public::Api::V1::Portals::ArticlesController < ApplicationController
+  before_action :set_portal
  before_action :set_article, only: [:show]
-  layout 'portal'

  def index
    @articles = @portal.articles
@ -15,25 +12,14 @@ class Public::Api::V1::Portals::ArticlesController < PublicController
  private

  def set_article
-    @article = @category.articles.find(params[:id])
-    @parsed_content = render_article_content(@article.content)
+    @article = @portal.articles.find(params[:id])
  end

-  def set_category
-    @category = @portal.categories.find_by!(slug: params[:category_slug]) if params[:category_slug].present?
-  end
-
-  def portal
-    @portal ||= Portal.find_by!(slug: params[:slug], archived: false)
+  def set_portal
+    @portal = ::Portal.find_by!(slug: params[:portal_slug], archived: false)
  end

  def list_params
    params.permit(:query)
  end
-
-  def render_article_content(content)
-    # rubocop:disable Rails/OutputSafety
-    CommonMarker.render_html(content).html_safe
-    # rubocop:enable Rails/OutputSafety
-  end
 end
--- a/app/controllers/public/api/v1/portals/categories_controller.rb
+++ b/app/controllers/public/api/v1/portals/categories_controller.rb
@ -1,8 +1,6 @@
 class Public::Api::V1::Portals::CategoriesController < PublicController
-  before_action :ensure_custom_domain_request, only: [:show, :index]
-  before_action :portal
+  before_action :set_portal
  before_action :set_category, only: [:show]
-  layout 'portal'

  def index
    @categories = @portal.categories
@ -13,10 +11,10 @@ class Public::Api::V1::Portals::CategoriesController < PublicController
  private

  def set_category
-    @category = @portal.categories.find_by!(locale: params[:locale], slug: params[:category_slug])
+    @category = @portal.categories.find_by!(slug: params[:slug])
  end

-  def portal
-    @portal ||= Portal.find_by!(slug: params[:slug], archived: false)
+  def set_portal
+    @portal = ::Portal.find_by!(slug: params[:portal_slug], archived: false)
  end
 end
--- a/app/controllers/public/api/v1/portals_controller.rb
+++ b/app/controllers/public/api/v1/portals_controller.rb
@ -1,21 +1,11 @@
 class Public::Api::V1::PortalsController < PublicController
-  before_action :ensure_custom_domain_request, only: [:show]
-  before_action :portal
-  before_action :redirect_to_portal_with_locale, only: [:show]
-  layout 'portal'
+  before_action :set_portal

  def show; end

  private

-  def portal
-    @portal ||= Portal.find_by!(slug: params[:slug], archived: false)
-    @locale = params[:locale] || @portal.default_locale
-  end
-
-  def redirect_to_portal_with_locale
-    return if params[:locale].present?
-
-    redirect_to "/hc/#{@portal.slug}/#{@portal.default_locale}"
+  def set_portal
+    @portal = ::Portal.find_by!(slug: params[:slug], archived: false)
  end
 end
--- a/app/controllers/public_controller.rb
+++ b/app/controllers/public_controller.rb
@ -3,20 +3,4 @@
 class PublicController < ActionController::Base
  include RequestExceptionHandler
  skip_before_action :verify_authenticity_token
-
-  private
-
-  def ensure_custom_domain_request
-    domain = request.host
-
-    return if [URI.parse(ENV.fetch('FRONTEND_URL', '')).host, URI.parse(ENV.fetch('HELPCENTER_URL', '')).host].include?(domain)
-
-    @portal = ::Portal.find_by(custom_domain: domain)
-    return if @portal.present?
-
-    render json: {
-      error: "Domain: #{domain} is not registered with us. \
-      Please send us an email at support@chatwoot.com with the custom domain name and account API key"
-    }, status: :unauthorized and return
-  end
 end
--- a/app/controllers/super_admin/accounts_controller.rb
+++ b/app/controllers/super_admin/accounts_controller.rb
@ -36,15 +36,9 @@ class SuperAdmin::AccountsController < SuperAdmin::ApplicationController
  def resource_params
    permitted_params = super
    permitted_params[:limits] = permitted_params[:limits].to_h.compact
-    permitted_params[:selected_feature_flags] = params[:enabled_features].keys.map(&:to_sym) if params[:enabled_features].present?
    permitted_params
  end

  # See https://administrate-prototype.herokuapp.com/customizing_controller_actions
  # for more information
-
-  def seed
-    Internal::SeedAccountJob.perform_later(requested_resource)
-    redirect_back(fallback_location: [namespace, requested_resource], notice: 'Account seeding triggered')
-  end
 end
--- a/app/controllers/twitter/callbacks_controller.rb
+++ b/app/controllers/twitter/callbacks_controller.rb
@ -44,12 +44,12 @@ class Twitter::CallbacksController < Twitter::BaseController
  end

  def create_inbox
-    twitter_profile = account.twitter_profiles.create!(
+    twitter_profile = account.twitter_profiles.create(
      twitter_access_token: parsed_body['oauth_token'],
      twitter_access_token_secret: parsed_body['oauth_token_secret'],
      profile_id: parsed_body['user_id']
    )
-    account.inboxes.create!(
+    account.inboxes.create(
      name: parsed_body['screen_name'],
      channel: twitter_profile
    )
--- a/app/dashboards/account_dashboard.rb
+++ b/app/dashboards/account_dashboard.rb
@ -8,15 +8,7 @@ class AccountDashboard < Administrate::BaseDashboard
  # which determines how the attribute is displayed
  # on pages throughout the dashboard.

-  enterprise_attribute_types = if ChatwootApp.enterprise?
-                                 {
-                                   limits: Enterprise::AccountLimitsField,
-                                   all_features: Enterprise::AccountFeaturesField
-                                 }
-                               else
-                                 {}
-                               end
-
+  enterprise_attribute_types = ChatwootApp.enterprise? ? { limits: Enterprise::AccountLimitsField } : {}
  ATTRIBUTE_TYPES = {
    id: Field::Number,
    name: Field::String,
@ -45,7 +37,7 @@ class AccountDashboard < Administrate::BaseDashboard

  # SHOW_PAGE_ATTRIBUTES
  # an array of attributes that will be displayed on the model's show page.
-  enterprise_show_page_attributes = ChatwootApp.enterprise? ? %i[limits all_features] : []
+  enterprise_show_page_attributes = ChatwootApp.enterprise? ? %i[limits] : []
  SHOW_PAGE_ATTRIBUTES = (%i[
    id
    name
@ -60,7 +52,7 @@ class AccountDashboard < Administrate::BaseDashboard
  # FORM_ATTRIBUTES
  # an array of attributes that will be displayed
  # on the model's form (`new` and `edit`) pages.
-  enterprise_form_attributes = ChatwootApp.enterprise? ? %i[limits all_features] : []
+  enterprise_form_attributes = ChatwootApp.enterprise? ? %i[limits] : []
  FORM_ATTRIBUTES = (%i[
    name
    locale
--- a/app/fields/avatar_field.rb
+++ b/app/fields/avatar_field.rb
@ -2,8 +2,6 @@ require 'administrate/field/base'

 class AvatarField < Administrate::Field::Base
  def avatar_url
-    return data.presence if data.presence
-
-    resource.is_a?(User) ? '/assets/administrate/user/avatar.png' : '/assets/administrate/bot/avatar.png'
+    data.presence&.gsub('?d=404', '?d=mp')
  end
 end
--- a/app/fields/enterprise/account_features_field.rb
+++ b/app/fields/enterprise/account_features_field.rb
@ -1,7 +0,0 @@
-require 'administrate/field/base'
-
-class Enterprise::AccountFeaturesField < Administrate::Field::Base
-  def to_s
-    data
-  end
-end
--- a/app/finders/conversation_finder.rb
+++ b/app/finders/conversation_finder.rb
@ -56,6 +56,7 @@ class ConversationFinder
    filter_by_team if @team
    filter_by_labels if params[:labels]
    filter_by_query if params[:q]
+    filter_by_reply_status
  end

  def set_inboxes
@ -75,9 +76,12 @@ class ConversationFinder
  end

  def find_all_conversations
-    @conversations = current_account.conversations.where(inbox_id: @inbox_ids)
-    filter_by_conversation_type if params[:conversation_type]
-    @conversations
+    if params[:conversation_type] == 'mention'
+      conversation_ids = current_account.mentions.where(user: current_user).pluck(:conversation_id)
+      @conversations = current_account.conversations.where(id: conversation_ids)
+    else
+      @conversations = current_account.conversations.where(inbox_id: @inbox_ids)
+    end
  end

  def filter_by_assignee_type
@ -92,15 +96,8 @@ class ConversationFinder
    @conversations
  end

-  def filter_by_conversation_type
-    case @params[:conversation_type]
-    when 'mention'
-      conversation_ids = current_account.mentions.where(user: current_user).pluck(:conversation_id)
-      @conversations = @conversations.where(id: conversation_ids)
-    when 'unattended'
-      @conversations = @conversations.where(first_reply_created_at: nil)
-    end
-    @conversations
+  def filter_by_reply_status
+    @conversations = @conversations.where(first_reply_created_at: nil) if params[:reply_status] == 'unattended'
  end

  def filter_by_query
--- a/app/finders/message_finder.rb
+++ b/app/finders/message_finder.rb
@ -21,9 +21,7 @@ class MessageFinder
  end

  def current_messages
-    if @params[:after].present?
-      messages.reorder('created_at asc').where('id >= ?', @params[:before].to_i).limit(20)
-    elsif @params[:before].present?
+    if @params[:before].present?
      messages.reorder('created_at desc').where('id < ?', @params[:before].to_i).limit(20).reverse
    else
      messages.reorder('created_at desc').limit(20).reverse
--- a/app/helpers/api/v1/inboxes_helper.rb
+++ b/app/helpers/api/v1/inboxes_helper.rb
@ -53,7 +53,7 @@ module Api::V1::InboxesHelper
  rescue StandardError => e
    raise StandardError, e.message
  ensure
-    ChatwootExceptionTracker.new(e).capture_exception if e.present?
+    Rails.logger.error e if e.present?
  end

  def check_smtp_connection(channel_data, smtp)
--- a/app/helpers/file_type_helper.rb
+++ b/app/helpers/file_type_helper.rb
@ -8,12 +8,6 @@ module FileTypeHelper
    :file
  end

-  # Used in case of DIRECT_UPLOADS_ENABLED=true
-  def file_type_by_signed_id(signed_id)
-    blob = ActiveStorage::Blob.find_signed(signed_id)
-    file_type(blob&.content_type)
-  end
-
  def image_file?(content_type)
    [
      'image/jpeg',
--- a/app/javascript/dashboard/App.vue
+++ b/app/javascript/dashboard/App.vue
@ -87,9 +87,6 @@ export default {
    },
    async initializeAccount() {
      await this.$store.dispatch('accounts/get');
-      this.$store.dispatch('setActiveAccount', {
-        accountId: this.currentAccountId,
-      });
      const {
        locale,
        latest_chatwoot_version: latestChatwootVersion,
--- a/app/javascript/dashboard/api/agentBots.js
+++ b/app/javascript/dashboard/api/agentBots.js
@ -1,9 +0,0 @@
-import ApiClient from './ApiClient';
-
-class AgentBotsAPI extends ApiClient {
-  constructor() {
-    super('agent_bots', { accountScoped: true });
-  }
-}
-
-export default new AgentBotsAPI();
--- a/app/javascript/dashboard/api/auth.js
+++ b/app/javascript/dashboard/api/auth.js
@ -144,22 +144,7 @@ export default {
    });
  },

-  updateAutoOffline(accountId, autoOffline = false) {
-    return axios.post(endPoints('autoOffline').url, {
-      profile: { account_id: accountId, auto_offline: autoOffline },
-    });
-  },
-
  deleteAvatar() {
    return axios.delete(endPoints('deleteAvatar').url);
  },
-
-  setActiveAccount({ accountId }) {
-    const urlData = endPoints('setActiveAccount');
-    return axios.put(urlData.url, {
-      profile: {
-        account_id: accountId,
-      },
-    });
-  },
 };
--- a/app/javascript/dashboard/api/endPoints.js
+++ b/app/javascript/dashboard/api/endPoints.js
@ -16,9 +16,6 @@ const endPoints = {
  availabilityUpdate: {
    url: '/api/v1/profile/availability',
  },
-  autoOffline: {
-    url: '/api/v1/profile/auto_offline',
-  },
  logout: {
    url: 'auth/sign_out',
  },
@ -43,10 +40,6 @@ const endPoints = {
  deleteAvatar: {
    url: '/api/v1/profile/avatar',
  },
-
-  setActiveAccount: {
-    url: '/api/v1/profile/set_active_account',
-  },
 };

 export default page => {
--- a/app/javascript/dashboard/api/helpCenter/articles.js
+++ b/app/javascript/dashboard/api/helpCenter/articles.js
@ -21,31 +21,6 @@ class ArticlesAPI extends PortalsAPI {
    if (category_slug) baseUrl += `&category_slug=${category_slug}`;
    return axios.get(baseUrl);
  }
-
-  getArticle({ id, portalSlug }) {
-    return axios.get(`${this.url}/${portalSlug}/articles/${id}`);
-  }
-
-  updateArticle({ portalSlug, articleId, articleObj }) {
-    return axios.patch(
-      `${this.url}/${portalSlug}/articles/${articleId}`,
-      articleObj
-    );
-  }
-
-  createArticle({ portalSlug, articleObj }) {
-    const { content, title, author_id, category_id } = articleObj;
-    return axios.post(`${this.url}/${portalSlug}/articles`, {
-      content,
-      title,
-      author_id,
-      category_id,
-    });
-  }
-
-  deleteArticle({ articleId, portalSlug }) {
-    return axios.delete(`${this.url}/${portalSlug}/articles/${articleId}`);
-  }
 }

 export default new ArticlesAPI();
--- a/app/javascript/dashboard/api/helpCenter/categories.js
+++ b/app/javascript/dashboard/api/helpCenter/categories.js
@ -7,19 +7,16 @@ class CategoriesAPI extends PortalsAPI {
    super('categories', { accountScoped: true });
  }

-  get({ portalSlug, locale }) {
-    return axios.get(`${this.url}/${portalSlug}/categories?locale=${locale}`);
+  get({ portalSlug }) {
+    return axios.get(`${this.url}/${portalSlug}/categories`);
  }

  create({ portalSlug, categoryObj }) {
    return axios.post(`${this.url}/${portalSlug}/categories`, categoryObj);
  }

-  update({ portalSlug, categoryId, categoryObj }) {
-    return axios.patch(
-      `${this.url}/${portalSlug}/categories/${categoryId}`,
-      categoryObj
-    );
+  update({ portalSlug, categoryObj }) {
+    return axios.patch(`${this.url}/${portalSlug}/categories`, categoryObj);
  }

  delete({ portalSlug, categoryId }) {
--- a/app/javascript/dashboard/api/helpCenter/portals.js
+++ b/app/javascript/dashboard/api/helpCenter/portals.js
@ -1,22 +1,9 @@
-/* global axios */
 import ApiClient from '../ApiClient';

 class PortalsAPI extends ApiClient {
  constructor() {
    super('portals', { accountScoped: true });
  }
-
-  getPortal({ portalSlug, locale }) {
-    return axios.get(`${this.url}/${portalSlug}?locale=${locale}`);
-  }
-
-  updatePortal({ portalSlug, portalObj }) {
-    return axios.patch(`${this.url}/${portalSlug}`, portalObj);
-  }
-
-  deletePortal(portalSlug) {
-    return axios.delete(`${this.url}/${portalSlug}`);
-  }
 }

 export default PortalsAPI;
--- a/app/javascript/dashboard/api/inbox/conversation.js
+++ b/app/javascript/dashboard/api/inbox/conversation.js
@ -68,10 +68,6 @@ class ConversationApi extends ApiClient {
    return axios.post(`${this.url}/${id}/update_last_seen`);
  }

-  markMessagesUnread({ id }) {
-    return axios.post(`${this.url}/${id}/unread`);
-  }
-
  toggleTyping({ conversationId, status, isPrivate }) {
    return axios.post(`${this.url}/${conversationId}/toggle_typing_status`, {
      typing_status: status,
@ -109,16 +105,6 @@ class ConversationApi extends ApiClient {
      custom_attributes: customAttributes,
    });
  }
-
-  fetchParticipants(conversationId) {
-    return axios.get(`${this.url}/${conversationId}/participants`);
-  }
-
-  updateParticipants({ conversationId, userIds }) {
-    return axios.patch(`${this.url}/${conversationId}/participants`, {
-      user_ids: userIds,
-    });
-  }
 }

 export default new ConversationApi();
--- a/app/javascript/dashboard/api/inboxes.js
+++ b/app/javascript/dashboard/api/inboxes.js
@ -13,16 +13,6 @@ class Inboxes extends ApiClient {
  deleteInboxAvatar(inboxId) {
    return axios.delete(`${this.url}/${inboxId}/avatar`);
  }
-
-  getAgentBot(inboxId) {
-    return axios.get(`${this.url}/${inboxId}/agent_bot`);
-  }
-
-  setAgentBot(inboxId, botId) {
-    return axios.post(`${this.url}/${inboxId}/set_agent_bot`, {
-      agent_bot: botId,
-    });
-  }
 }

 export default new Inboxes();
--- a/app/javascript/dashboard/api/macros.js
+++ b/app/javascript/dashboard/api/macros.js
@ -1,16 +0,0 @@
-/* global axios */
-import ApiClient from './ApiClient';
-
-class MacrosAPI extends ApiClient {
-  constructor() {
-    super('macros', { accountScoped: true });
-  }
-
-  executeMacro({ macroId, conversationIds }) {
-    return axios.post(`${this.url}/${macroId}/execute`, {
-      conversation_ids: conversationIds,
-    });
-  }
-}
-
-export default new MacrosAPI();
--- a/app/javascript/dashboard/api/specs/agentBots.spec.js
+++ b/app/javascript/dashboard/api/specs/agentBots.spec.js
@ -1,13 +0,0 @@
-import AgentBotsAPI from '../agentBots';
-import ApiClient from '../ApiClient';
-
-describe('#AgentBotsAPI', () => {
-  it('creates correct instance', () => {
-    expect(AgentBotsAPI).toBeInstanceOf(ApiClient);
-    expect(AgentBotsAPI).toHaveProperty('get');
-    expect(AgentBotsAPI).toHaveProperty('show');
-    expect(AgentBotsAPI).toHaveProperty('create');
-    expect(AgentBotsAPI).toHaveProperty('update');
-    expect(AgentBotsAPI).toHaveProperty('delete');
-  });
-});
--- a/app/javascript/dashboard/api/specs/article.spec.js
+++ b/app/javascript/dashboard/api/specs/article.spec.js
@ -26,41 +26,4 @@ describe('#PortalAPI', () => {
      );
    });
  });
-  describeWithAPIMock('API calls', context => {
-    it('#getArticle', () => {
-      articlesAPI.getArticle({
-        id: 1,
-        portalSlug: 'room-rental',
-      });
-      expect(context.axiosMock.get).toHaveBeenCalledWith(
-        '/api/v1/portals/room-rental/articles/1'
-      );
-    });
-  });
-  describeWithAPIMock('API calls', context => {
-    it('#updateArticle', () => {
-      articlesAPI.updateArticle({
-        articleId: 1,
-        portalSlug: 'room-rental',
-        articleObj: { title: 'Update shipping address' },
-      });
-      expect(context.axiosMock.patch).toHaveBeenCalledWith(
-        '/api/v1/portals/room-rental/articles/1',
-        {
-          title: 'Update shipping address',
-        }
-      );
-    });
-  });
-  describeWithAPIMock('API calls', context => {
-    it('#deleteArticle', () => {
-      articlesAPI.deleteArticle({
-        articleId: 1,
-        portalSlug: 'room-rental',
-      });
-      expect(context.axiosMock.delete).toHaveBeenCalledWith(
-        '/api/v1/portals/room-rental/articles/1'
-      );
-    });
-  });
 });
--- a/app/javascript/dashboard/api/specs/inboxes.spec.js
+++ b/app/javascript/dashboard/api/specs/inboxes.spec.js
@ -11,8 +11,6 @@ describe('#InboxesAPI', () => {
    expect(inboxesAPI).toHaveProperty('update');
    expect(inboxesAPI).toHaveProperty('delete');
    expect(inboxesAPI).toHaveProperty('getCampaigns');
-    expect(inboxesAPI).toHaveProperty('getAgentBot');
-    expect(inboxesAPI).toHaveProperty('setAgentBot');
  });
  describeWithAPIMock('API calls', context => {
    it('#getCampaigns', () => {
--- a/app/javascript/dashboard/api/specs/macros.spec.js
+++ b/app/javascript/dashboard/api/specs/macros.spec.js
@ -1,14 +0,0 @@
-import macros from '../macros';
-import ApiClient from '../ApiClient';
-
-describe('#macrosAPI', () => {
-  it('creates correct instance', () => {
-    expect(macros).toBeInstanceOf(ApiClient);
-    expect(macros).toHaveProperty('get');
-    expect(macros).toHaveProperty('create');
-    expect(macros).toHaveProperty('update');
-    expect(macros).toHaveProperty('delete');
-    expect(macros).toHaveProperty('show');
-    expect(macros.url).toBe('/api/v1/macros');
-  });
-});
--- a/app/javascript/dashboard/api/testimonials.js
+++ b/app/javascript/dashboard/api/testimonials.js
@ -1,6 +0,0 @@
-/* global axios */
-import wootConstants from 'dashboard/constants';
-
-export const getTestimonialContent = () => {
-  return axios.get(wootConstants.TESTIMONIAL_URL);
-};
--- a/app/javascript/dashboard/assets/scss/_foundation-settings.scss
+++ b/app/javascript/dashboard/assets/scss/_foundation-settings.scss
@ -74,8 +74,8 @@ Tahoma,
 Arial,
 sans-serif;
 $body-antialiased: true;
-$global-margin: $space-small;
-$global-padding: $space-micro;
+$global-margin: $space-one;
+$global-padding: $space-one;
 $global-weight-normal: normal;
 $global-weight-bold: bold;
 $global-radius: 0;
@ -370,7 +370,7 @@ $input-font-weight: $global-weight-normal;
 $input-background: $white;
 $input-background-focus: $white;
 $input-background-disabled: $light-gray;
-$input-border: 1px solid var(--s-200);
+$input-border: 1px solid $color-border;
 $input-border-focus: 1px solid lighten($primary-color, 15%);
 $input-shadow: 0;
 $input-shadow-focus: 0;
--- a/app/javascript/dashboard/assets/scss/_utility-helpers.scss
+++ b/app/javascript/dashboard/assets/scss/_utility-helpers.scss
@ -42,6 +42,7 @@
  overflow: hidden;
 }

+
 .border-right {
  border-right: 1px solid var(--color-border);
 }
@ -65,13 +66,3 @@
  display: flex;
  justify-content: space-between;
 }
-
-.flex-end {
-  display: flex;
-  justify-content: end;
-}
-
-.flex-align-center {
-  align-items: center;
-  display: flex;
-}
--- a/app/javascript/dashboard/assets/scss/_woot.scss
+++ b/app/javascript/dashboard/assets/scss/_woot.scss
@ -20,24 +20,6 @@

@include foundation-everything($flex: true);

-@include foundation-prototype-text-utilities;
-@include foundation-prototype-text-transformation;
-@include foundation-prototype-text-decoration;
-@include foundation-prototype-font-styling;
-@include foundation-prototype-list-style-type;
-@include foundation-prototype-rounded;
-@include foundation-prototype-bordered;
-@include foundation-prototype-shadow;
-@include foundation-prototype-separator;
-@include foundation-prototype-overflow;
-@include foundation-prototype-display;
-@include foundation-prototype-position;
-@include foundation-prototype-border-box;
-@include foundation-prototype-border-none;
-@include foundation-prototype-sizing;
-@include foundation-prototype-spacing;
-
-
@import 'typography';
@import 'layout';
@import 'animations';
--- a/app/javascript/dashboard/assets/scss/plugins/_multiselect.scss
+++ b/app/javascript/dashboard/assets/scss/plugins/_multiselect.scss
@ -20,7 +20,7 @@
  }

  .multiselect--active {
-    >.multiselect__tags {
+    > .multiselect__tags {
      border-color: $color-woot;
    }
  }
@ -96,8 +96,8 @@
  }

  .multiselect__tags {
-    border: 1px solid var(--s-200);
-    border-color: var(--s-200);
+    border: 1px solid $color-border;
+    border-color: $color-border;
    margin: 0;
    min-height: 4.4rem;
    padding-top: $zero;
@ -145,7 +145,6 @@
 }

 .sidebar-labels-wrap {
-
  &.has-edited,
  &:hover {
    .multiselect {
@ -154,15 +153,15 @@
  }

  .multiselect {
-    >.multiselect__select {
+    > .multiselect__select {
      visibility: hidden;
    }

-    >.multiselect__tags {
+    > .multiselect__tags {
      border-color: transparent;
    }

-    &.multiselect--active>.multiselect__tags {
+    &.multiselect--active > .multiselect__tags {
      border-color: $color-woot;
    }
  }
--- a/app/javascript/dashboard/assets/scss/views/settings/inbox.scss
+++ b/app/javascript/dashboard/assets/scss/views/settings/inbox.scss
@ -91,11 +91,10 @@
      font-size: $font-size-default;
      line-height: 1;
      padding-left: $space-medium;
-    }

-    .completed {
-      color: $success-color;
-      margin-left: $space-smaller;
+      .completed {
+        color: $success-color;
+      }
    }

    p {
--- a/app/javascript/dashboard/assets/scss/widgets/_buttons.scss
+++ b/app/javascript/dashboard/assets/scss/widgets/_buttons.scss
@ -44,52 +44,6 @@ $default-button-height: 4.0rem;
    padding-top: 0;
  }

-  &.hollow {
-    border-color: var(--s-200);
-    color: var(--w-700);
-
-    &.secondary {
-      border-color: var(--s-200);
-      color: var(--s-700)
-    }
-
-    &.success {
-      border-color: var(--s-200);
-      color: var(--g-700)
-    }
-
-    &.alert {
-      border-color: var(--s-200);
-      color: var(--r-700)
-    }
-
-    &.warning {
-      border-color: var(--s-200);
-      color: var(--y-700)
-    }
-
-    &:hover {
-      background: var(--s-75);
-      border-color: var(--s-100);
-
-      &.secondary {
-        border-color: var(--s-100);
-      }
-
-      &.success {
-        border-color: var(--s-100);
-      }
-
-      &.alert {
-        border-color: var(--s-100);
-      }
-
-      &.warning {
-        border-color: var(--s-100);
-      }
-    }
-  }
-
  // Smooth style
  &.smooth {
    @include button-style(var(--w-50), var(--w-100), var(--w-700));
@ -113,25 +67,11 @@ $default-button-height: 4.0rem;
  }

  &.clear {
-    color: var(--w-700);
-
-    &.secondary {
-      color: var(--s-700)
-    }
-
-    &.success {
-      color: var(--g-700)
-    }
-
-    &.alert {
-      color: var(--r-700)
-    }
-
    &.warning {
-      color: var(--y-700)
+      color: var(--y-600);
    }

-    &:hover {
+    &.button--only-icon:hover {
      background: var(--w-50);

      &.secondary {
@ -155,20 +95,10 @@ $default-button-height: 4.0rem;
  // Sizes
  &.tiny {
    height: var(--space-medium);
-
-    .icon+.button__content {
-      padding-left: var(--space-micro);
-    }
  }

  &.small {
    height: var(--space-large);
-    padding-bottom: var(--space-smaller);
-    padding-top: var(--space-smaller);
-
-    .icon+.button__content {
-      padding-left: var(--space-smaller);
-    }
  }

  &.large {
@ -198,10 +128,6 @@ $default-button-height: 4.0rem;
    height: auto;
    margin: 0;
    padding: 0;
-
-    &:hover {
-      text-decoration: underline;
-    }
  }

 }
--- a/app/javascript/dashboard/assets/scss/widgets/_modal.scss
+++ b/app/javascript/dashboard/assets/scss/widgets/_modal.scss
@ -14,9 +14,15 @@
 }

 .modal--close {
+  border-radius: 50%;
+  color: $color-heading;
+  cursor: pointer;
+  font-size: $font-size-big;
+  line-height: $space-normal;
+  padding: $space-normal;
  position: absolute;
-  right: $space-small;
-  top: $space-small;
+  right: $space-micro;
+  top: $space-micro;

  &:hover {
    background: $color-background;
@ -79,7 +85,7 @@

  .modal-footer {
    @include flex;
-    @include flex-align($x: flex-end, $y: middle);
+    @include flex-align($x: flex-start, $y: middle);
    padding: $space-small $zero;

    button {
--- a/app/javascript/dashboard/assets/scss/widgets/_sidemenu.scss
+++ b/app/javascript/dashboard/assets/scss/widgets/_sidemenu.scss
@ -59,8 +59,12 @@

 .hamburger--menu {
  cursor: pointer;
-  display: block;
+  display: none;
  margin-right: $space-normal;
+
+  @media screen and (max-width: 1200px) {
+    display: block;
+  }
 }

 .header--icon {
--- a/app/javascript/dashboard/components/ChatList.vue
+++ b/app/javascript/dashboard/components/ChatList.vue
@ -102,7 +102,6 @@
      @assign-agent="onAssignAgent"
      @update-conversations="onUpdateConversations"
      @assign-labels="onAssignLabels"
-      @assign-team="onAssignTeamsForBulk"
    />
    <div
      ref="activeConversation"
@ -126,7 +125,6 @@
        @assign-label="onAssignLabels"
        @update-conversation-status="toggleConversationStatus"
        @context-menu-toggle="onContextMenuToggle"
-        @mark-as-unread="markAsUnread"
      />

      <div v-if="chatListLoading" class="text-center">
@ -186,11 +184,6 @@ import {
  hasPressedAltAndJKey,
  hasPressedAltAndKKey,
 } from 'shared/helpers/KeyboardHelpers';
-import { conversationListPageURL } from '../helper/URLHelper';
-import {
-  isOnMentionsView,
-  isOnUnattendedView,
-} from '../store/modules/conversations/helpers/actionHelpers';

 export default {
  components: {
@ -339,15 +332,14 @@ export default {
        status: this.activeStatus,
        page: this.currentPage + 1,
        labels: this.label ? [this.label] : undefined,
-        teamId: this.teamId || undefined,
-        conversationType: this.conversationType || undefined,
+        teamId: this.teamId ? this.teamId : undefined,
+        conversationType: this.conversationType
+          ? this.conversationType
+          : undefined,
        folders: this.hasActiveFolders ? this.savedFoldersValue : undefined,
      };
    },
    pageTitle() {
-      if (this.hasAppliedFilters) {
-        return this.$t('CHAT_LIST.TAB_HEADING');
-      }
      if (this.inbox.name) {
        return this.inbox.name;
      }
@ -360,9 +352,6 @@ export default {
      if (this.conversationType === 'mention') {
        return this.$t('CHAT_LIST.MENTION_HEADING');
      }
-      if (this.conversationType === 'unattended') {
-        return this.$t('CHAT_LIST.UNATTENDED_HEADING');
-      }
      if (this.hasActiveFolders) {
        return this.activeFolder.name;
      }
@ -442,6 +431,9 @@ export default {
  },
  methods: {
    onApplyFilter(payload) {
+      if (this.$route.name !== 'home') {
+        this.$router.push({ name: 'home' });
+      }
      this.resetBulkActions();
      this.foldersQuery = filterQueryGenerator(payload);
      this.$store.dispatch('conversationPage/reset');
@ -644,35 +636,6 @@ export default {
        this.showAlert(this.$t('BULK_ACTION.ASSIGN_FAILED'));
      }
    },
-    async markAsUnread(conversationId) {
-      try {
-        await this.$store.dispatch('markMessagesUnread', {
-          id: conversationId,
-        });
-        const {
-          params: { accountId, inbox_id: inboxId, label, teamId },
-          name,
-        } = this.$route;
-        let conversationType = '';
-        if (isOnMentionsView({ route: { name } })) {
-          conversationType = 'mention';
-        } else if (isOnUnattendedView({ route: { name } })) {
-          conversationType = 'unattended';
-        }
-        this.$router.push(
-          conversationListPageURL({
-            accountId,
-            conversationType: conversationType,
-            customViewId: this.foldersId,
-            inboxId,
-            label,
-            teamId,
-          })
-        );
-      } catch (error) {
-        // Ignore error
-      }
-    },
    async onAssignTeam(team, conversationId = null) {
      try {
        await this.$store.dispatch('assignTeam', {
@ -722,21 +685,6 @@ export default {
        this.showAlert(this.$t('BULK_ACTION.LABELS.ASSIGN_FAILED'));
      }
    },
-    async onAssignTeamsForBulk(team) {
-      try {
-        await this.$store.dispatch('bulkActions/process', {
-          type: 'Conversation',
-          ids: this.selectedConversations,
-          fields: {
-            team_id: team.id,
-          },
-        });
-        this.selectedConversations = [];
-        this.showAlert(this.$t('BULK_ACTION.TEAMS.ASSIGN_SUCCESFUL'));
-      } catch (err) {
-        this.showAlert(this.$t('BULK_ACTION.TEAMS.ASSIGN_FAILED'));
-      }
-    },
    async onUpdateConversations(status) {
      try {
        await this.$store.dispatch('bulkActions/process', {
--- a/app/javascript/dashboard/components/Modal.vue
+++ b/app/javascript/dashboard/components/Modal.vue
@ -7,13 +7,9 @@
      @click="onBackDropClick"
    >
      <div :class="modalContainerClassName" @click.stop>
-        <woot-button
-          color-scheme="secondary"
-          icon="dismiss"
-          variant="clear"
-          class="modal--close"
-          @click="close"
-        />
+        <button class="modal--close" @click="close">
+          <fluent-icon icon="dismiss" />
+        </button>
        <slot />
      </div>
    </div>
--- a/app/javascript/dashboard/components/ModalHeader.vue
+++ b/app/javascript/dashboard/components/ModalHeader.vue
@ -6,9 +6,6 @@
    </h2>
    <p v-if="headerContent" class="small-12 column wrap-content">
      {{ headerContent }}
-      <span v-if="headerContentValue" class="content-value">
-        {{ headerContentValue }}
-      </span>
    </p>
    <slot />
  </div>
@ -25,10 +22,6 @@ export default {
      type: String,
      default: '',
    },
-    headerContentValue: {
-      type: String,
-      default: '',
-    },
    headerImage: {
      type: String,
      default: '',
@ -39,8 +32,5 @@ export default {
 <style scoped lang="scss">
 .wrap-content {
  word-wrap: break-word;
-  .content-value {
-    font-weight: var(--font-weight-bold);
-  }
 }
 </style>
--- a/app/javascript/dashboard/components/SidemenuIcon.vue
+++ b/app/javascript/dashboard/components/SidemenuIcon.vue
@ -1,12 +1,7 @@
 <template>
-  <woot-button
-    size="small"
-    variant="clear"
-    color-scheme="secondary"
-    icon="list"
-    class="toggle-sidebar"
-    @click="onMenuItemClick"
-  />
+  <button @click="onMenuItemClick">
+    <fluent-icon class="hamburger--menu" icon="list" />
+  </button>
 </template>

 <script>
@ -21,8 +16,13 @@ export default {
 };
 </script>
 <style scoped lang="scss">
-.toggle-sidebar {
-  margin-right: var(--space-small);
-  margin-left: var(--space-minus-small);
+.hamburger--menu {
+  cursor: pointer;
+  display: none;
+  margin-right: var(--space-normal);
+
+  @media screen and (max-width: 1200px) {
+    display: block;
+  }
 }
 </style>
--- a/app/javascript/dashboard/routes/dashboard/helpcenter/components/stories/ArticleEditor.stories.js
+++ b/app/javascript/dashboard/routes/dashboard/helpcenter/components/stories/ArticleEditor.stories.js
@ -1,9 +1,9 @@
 import { action } from '@storybook/addon-actions';
-import ArticleEditor from '../../components/ArticleEditor.vue';
+import EditArticle from './EditArticle.vue';

 export default {
  title: 'Components/Help Center',
-  component: ArticleEditor,
+  component: EditArticle,
  argTypes: {
    article: {
      defaultValue: {},
@ -16,9 +16,9 @@ export default {

 const Template = (args, { argTypes }) => ({
  props: Object.keys(argTypes),
-  components: { ArticleEditor },
+  components: { EditArticle },
  template:
-    '<article-editor v-bind="$props" @focus="onFocus" @blur="onBlur"></-article>',
+    '<edit-article v-bind="$props" @focus="onFocus" @blur="onBlur"></edit-article>',
 });

 export const EditArticleView = Template.bind({});
--- a/app/javascript/dashboard/routes/dashboard/helpcenter/components/ArticleEditor.vue
+++ b/app/javascript/dashboard/routes/dashboard/helpcenter/components/ArticleEditor.vue
@ -1,9 +1,8 @@
 <template>
  <div class="edit-article--container">
-    <resizable-text-area
+    <input
      v-model="articleTitle"
      type="text"
-      rows="1"
      class="article-heading"
      :placeholder="$t('HELP_CENTER.EDIT_ARTICLE.TITLE_PLACEHOLDER')"
      @focus="onFocus"
@ -15,7 +14,6 @@
      class="article-content"
      :placeholder="$t('HELP_CENTER.EDIT_ARTICLE.CONTENT_PLACEHOLDER')"
      :is-format-mode="true"
-      :override-line-breaks="true"
      @focus="onFocus"
      @blur="onBlur"
      @input="onContentInput"
@ -24,42 +22,26 @@
 </template>

 <script>
-import { debounce } from '@chatwoot/utils';
-import ResizableTextArea from 'shared/components/ResizableTextArea';
 import WootMessageEditor from 'dashboard/components/widgets/WootWriter/Editor.vue';
-
 export default {
  components: {
    WootMessageEditor,
-    ResizableTextArea,
  },
  props: {
    article: {
      type: Object,
      default: () => ({}),
    },
-    isSettingsSidebarOpen: {
-      type: Boolean,
-      default: false,
-    },
  },
  data() {
    return {
      articleTitle: '',
      articleContent: '',
-      saveArticle: () => {},
    };
  },
  mounted() {
    this.articleTitle = this.article.title;
    this.articleContent = this.article.content;
-    this.saveArticle = debounce(
-      values => {
-        this.$emit('save-article', values);
-      },
-      300,
-      false
-    );
  },
  methods: {
    onFocus() {
@ -69,10 +51,10 @@ export default {
      this.$emit('blur');
    },
    onTitleInput() {
-      this.saveArticle({ title: this.articleTitle });
+      this.$emit('titleInput', this.articleTitle);
    },
    onContentInput() {
-      this.saveArticle({ content: this.articleContent });
+      this.$emit('contentInput', this.articleContent);
    },
  },
 };
@ -80,19 +62,17 @@ export default {

 <style lang="scss" scoped>
 .edit-article--container {
-  margin: var(--space-large) auto;
-  width: 640px;
+  margin: var(--space-medium) var(--space-giga);
+  min-width: 640px;
 }

 .article-heading {
  font-size: var(--font-size-giga);
  font-weight: var(--font-weight-bold);
  min-height: var(--space-jumbo);
-  max-height: 64rem;
-  height: auto;
+  max-height: var(--space-jumbo);
  border: 0px solid transparent;
  padding: 0;
-  color: var(--s-900);
 }

 ::v-deep {
--- a/app/javascript/dashboard/components/index.js
+++ b/app/javascript/dashboard/components/index.js
@ -5,12 +5,9 @@ import Button from './ui/WootButton';
 import Code from './Code';
 import ColorPicker from './widgets/ColorPicker';
 import ConfirmDeleteModal from './widgets/modal/ConfirmDeleteModal.vue';
-import ConfirmModal from './widgets/modal/ConfirmationModal.vue';
-import ContextMenu from './ui/ContextMenu.vue';
 import DeleteModal from './widgets/modal/DeleteModal.vue';
 import DropdownItem from 'shared/components/ui/dropdown/DropdownItem';
 import DropdownMenu from 'shared/components/ui/dropdown/DropdownMenu';
-import FeatureToggle from './widgets/FeatureToggle';
 import HorizontalBar from './widgets/chart/HorizontalBarChart';
 import Input from './widgets/forms/Input.vue';
 import Label from './ui/Label';
@ -24,6 +21,8 @@ import SubmitButton from './buttons/FormSubmitButton';
 import Tabs from './ui/Tabs/Tabs';
 import TabsItem from './ui/Tabs/TabsItem';
 import Thumbnail from './widgets/Thumbnail.vue';
+import ConfirmModal from './widgets/modal/ConfirmationModal.vue';
+import ContextMenu from './ui/ContextMenu.vue';

 const WootUIKit = {
  AvatarUploader,
@ -32,12 +31,9 @@ const WootUIKit = {
  Code,
  ColorPicker,
  ConfirmDeleteModal,
-  ConfirmModal,
-  ContextMenu,
  DeleteModal,
  DropdownItem,
  DropdownMenu,
-  FeatureToggle,
  HorizontalBar,
  Input,
  Label,
@ -51,6 +47,8 @@ const WootUIKit = {
  Tabs,
  TabsItem,
  Thumbnail,
+  ConfirmModal,
+  ContextMenu,
  install(Vue) {
    const keys = Object.keys(this);
    keys.pop(); // remove 'install' from keys
--- a/app/javascript/dashboard/components/layout/AvailabilityStatus.vue
+++ b/app/javascript/dashboard/components/layout/AvailabilityStatus.vue
@ -18,35 +18,12 @@
      </woot-button>
    </woot-dropdown-item>
    <woot-dropdown-divider />
-    <woot-dropdown-item class="auto-offline--toggle">
-      <div class="info-wrap">
-        <fluent-icon
-          v-tooltip.right-start="$t('SIDEBAR.SET_AUTO_OFFLINE.INFO_TEXT')"
-          icon="info"
-          size="14"
-          class="info-icon"
-        />
-
-        <span class="auto-offline--text">
-          {{ $t('SIDEBAR.SET_AUTO_OFFLINE.TEXT') }}
-        </span>
-      </div>
-
-      <woot-switch
-        size="small"
-        class="auto-offline--switch"
-        :value="currentUserAutoOffline"
-        @input="updateAutoOffline"
-      />
-    </woot-dropdown-item>
-    <woot-dropdown-divider />
  </woot-dropdown-menu>
 </template>

 <script>
 import { mapGetters } from 'vuex';
 import { mixin as clickaway } from 'vue-clickaway';
-import alertMixin from 'shared/mixins/alertMixin';
 import WootDropdownItem from 'shared/components/ui/dropdown/DropdownItem';
 import WootDropdownMenu from 'shared/components/ui/dropdown/DropdownMenu';
 import WootDropdownHeader from 'shared/components/ui/dropdown/DropdownHeader';
@ -64,7 +41,7 @@ export default {
    AvailabilityStatusBadge,
  },

-  mixins: [clickaway, alertMixin],
+  mixins: [clickaway],

  data() {
    return {
@ -77,7 +54,6 @@ export default {
    ...mapGetters({
      getCurrentUserAvailability: 'getCurrentUserAvailability',
      currentAccountId: 'getCurrentAccountId',
-      currentUserAutoOffline: 'getCurrentUserAutoOffline',
    }),
    availabilityDisplayLabel() {
      const availabilityIndex = AVAILABILITY_STATUS_KEYS.findIndex(
@ -109,30 +85,21 @@ export default {
    closeStatusMenu() {
      this.isStatusMenuOpened = false;
    },
-    updateAutoOffline(autoOffline) {
-      this.$store.dispatch('updateAutoOffline', {
-        accountId: this.currentAccountId,
-        autoOffline,
-      });
-    },
    changeAvailabilityStatus(availability) {
+      const accountId = this.currentAccountId;
      if (this.isUpdating) {
        return;
      }

      this.isUpdating = true;
-      try {
-        this.$store.dispatch('updateAvailability', {
-          availability,
-          account_id: this.currentAccountId,
+      this.$store
+        .dispatch('updateAvailability', {
+          availability: availability,
+          account_id: accountId,
+        })
+        .finally(() => {
+          this.isUpdating = false;
        });
-      } catch (error) {
-        this.showAlert(
-          this.$t('PROFILE_SETTINGS.FORM.AVAILABILITY.SET_AVAILABILITY_ERROR')
-        );
-      } finally {
-        this.isUpdating = false;
-      }
    },
  },
 };
@ -176,32 +143,4 @@ export default {
    align-items: baseline;
  }
 }
-
-.auto-offline--toggle {
-  align-items: center;
-  display: flex;
-  justify-content: space-between;
-  padding: var(--space-smaller) 0 var(--space-smaller) var(--space-small);
-  margin: 0;
-
-  .info-wrap {
-    display: flex;
-    align-items: center;
-  }
-
-  .info-icon {
-    margin-top: -1px;
-  }
-
-  .auto-offline--switch {
-    margin: -1px var(--space-micro) 0;
-  }
-
-  .auto-offline--text {
-    margin: 0 var(--space-smaller);
-    font-size: var(--font-size-mini);
-    font-weight: var(--font-weight-medium);
-    color: var(--s-700);
-  }
-}
 </style>
--- a/Show more
+++ b/Show more
 @ -1 +1 @@
 .2.0
 .6.0