rasa-pro 3.13.0.dev1__py3-none-any.whl → 3.13.0.dev3__py3-none-any.whl

rasa/cli/run.py

@@ -64,12 +64,16 @@ def run_actions(args: argparse.Namespace) -> None:
 
 def _validate_model_path(model_path: Text, parameter: Text, default: Text) -> Text:
     if model_path is not None and not os.path.exists(model_path):
-        reason_str = f"'{model_path}' not found."
-        if model_path is None:
-            reason_str = f"Parameter '{parameter}' not set."
-
-        logger.debug(f"{reason_str} Using default location '{default}' instead.")
-
+        raise ModelNotFound(
+            f"The provided model path '{model_path}' could not be found. "
+            "Provide an existing model path."
+        )
+
+    if model_path is None:
+        logger.debug(
+            f"Parameter '{parameter}' not set. "
+            "Using default location '{default}' instead."
+        )
         os.makedirs(default, exist_ok=True)
         model_path = default
 

rasa/cli/utils.py

@@ -14,6 +14,7 @@ import structlog
 import rasa.shared.utils.cli
 import rasa.shared.utils.io
 from rasa import telemetry
+from rasa.exceptions import ModelNotFound
 from rasa.shared.constants import (
     ASSISTANT_ID_DEFAULT_VALUE,
     ASSISTANT_ID_KEY,
@@ -77,6 +78,12 @@ def get_validated_path(
     if current and os.path.exists(current):
         return current
 
+    if parameter == "model":
+        raise ModelNotFound(
+            f"The provided model path '{current}' could not be found. "
+            "Provide an existing model path."
+        )
+
     # try to find a valid option among the defaults
     if isinstance(default, str) or isinstance(default, Path):
         default_options = [str(default)]

rasa/core/actions/action.py

@@ -108,10 +108,6 @@ logger = logging.getLogger(__name__)
 def default_actions(action_endpoint: Optional[EndpointConfig] = None) -> List["Action"]:
     """List default actions."""
     from rasa.core.actions.action_clean_stack import ActionCleanStack
-    from rasa.core.actions.action_handle_digressions import (
-        ActionBlockDigressions,
-        ActionContinueDigression,
-    )
     from rasa.core.actions.action_hangup import ActionHangup
     from rasa.core.actions.action_repeat_bot_messages import ActionRepeatBotMessages
     from rasa.core.actions.action_run_slot_rejections import ActionRunSlotRejections
@@ -146,8 +142,6 @@ def default_actions(action_endpoint: Optional[EndpointConfig] = None) -> List["A
         ActionResetRouting(),
         ActionHangup(),
         ActionRepeatBotMessages(),
-        ActionBlockDigressions(),
-        ActionContinueDigression(),
     ]
 
 

rasa/core/channels/channel.py

@@ -1,6 +1,9 @@
+import hmac
 import json
 import logging
 import uuid
+from base64 import b64encode
+from functools import wraps
 from typing import (
     Any,
     Awaitable,
@@ -15,6 +18,7 @@ from typing import (
 
 import jwt
 from sanic import Blueprint, Sanic
+from sanic.exceptions import Unauthorized
 from sanic.request import Request
 
 from rasa.cli import utils as cli_utils
@@ -454,3 +458,29 @@ class CollectingOutputChannel(OutputChannel):
         self, recipient_id: Text, json_message: Dict[Text, Any], **kwargs: Any
     ) -> None:
         await self._persist_message(self._message(recipient_id, custom=json_message))
+
+
+def requires_basic_auth(username: Optional[Text], password: Optional[Text]) -> Callable:
+    """Decorator to require basic auth for a route."""
+
+    def decorator(func: Callable) -> Callable:
+        @wraps(func)
+        async def wrapper(request: Request, *args: Any, **kwargs: Any) -> Any:
+            if not username or not password:
+                return await func(request, *args, **kwargs)
+
+            auth = request.headers.get("Authorization")
+            if not auth or not auth.startswith("Basic "):
+                logger.error("Missing or invalid authorization header.")
+                raise Unauthorized("Missing or invalid authorization header.")  # type: ignore[no-untyped-call]
+
+            encoded = b64encode(f"{username}:{password}".encode()).decode()
+            if not hmac.compare_digest(auth[6:], encoded):
+                logger.error("Invalid username or password.")
+                raise Unauthorized("Invalid username or password.")  # type: ignore[no-untyped-call]
+
+            return await func(request, *args, **kwargs)
+
+        return wrapper
+
+    return decorator

rasa/core/channels/voice_ready/audiocodes.py

@@ -1,5 +1,6 @@
 import asyncio
 import copy
+import hmac
 import json
 import uuid
 from collections import defaultdict
@@ -114,11 +115,21 @@ class Conversation:
     async def handle_activities(
         self,
         message: Dict[Text, Any],
+        input_channel_name: str,
         output_channel: OutputChannel,
         on_new_message: Callable[[UserMessage], Awaitable[Any]],
     ) -> None:
         """Handle activities sent by Audiocodes."""
         structlogger.debug("audiocodes.handle.activities")
+        if input_channel_name == "":
+            structlogger.warning(
+                "audiocodes.handle.activities.empty_input_channel_name",
+                event_info=(
+                    f"Audiocodes input channel name is empty "
+                    f"for conversation {self.conversation_id}"
+                ),
+            )
+
         for activity in message["activities"]:
             text = None
             if activity[ACTIVITY_ID_KEY] in self.activity_ids:
@@ -142,6 +153,7 @@ class Conversation:
             metadata = self.get_metadata(activity)
             user_msg = UserMessage(
                 text=text,
+                input_channel=input_channel_name,
                 output_channel=output_channel,
                 sender_id=self.conversation_id,
                 metadata=metadata,
@@ -245,8 +257,13 @@ class AudiocodesInput(InputChannel):
 
     def _check_token(self, token: Optional[Text]) -> None:
         if not token:
+            structlogger.error("audiocodes.token_not_provided")
             raise HttpUnauthorized("Authentication token required.")
 
+        if not hmac.compare_digest(str(token), str(self.token)):
+            structlogger.error("audiocodes.invalid_token", invalid_token=token)
+            raise HttpUnauthorized("Invalid authentication token.")
+
     def _get_conversation(
         self, token: Optional[Text], conversation_id: Text
     ) -> Conversation:
@@ -388,7 +405,12 @@ class AudiocodesInput(InputChannel):
             # start a background task to handle activities
             self._create_task(
                 conversation_id,
-                conversation.handle_activities(request.json, ac_output, on_new_message),
+                conversation.handle_activities(
+                    request.json,
+                    input_channel_name=self.name(),
+                    output_channel=ac_output,
+                    on_new_message=on_new_message,
+                ),
             )
             return response.json(response_json)
 
@@ -401,23 +423,9 @@ class AudiocodesInput(InputChannel):
             Example of payload:
             {"conversation": <conversation_id>, "reason": Optional[Text]}.
             """
-            self._get_conversation(request.token, conversation_id)
-            reason = {"reason": request.json.get("reason")}
-            await on_new_message(
-                UserMessage(
-                    text=f"{INTENT_MESSAGE_PREFIX}session_end",
-                    output_channel=None,
-                    sender_id=conversation_id,
-                    metadata=reason,
-                )
-            )
-            del self.conversations[conversation_id]
-            structlogger.debug(
-                "audiocodes.disconnect",
-                conversation=conversation_id,
-                request=request.json,
+            return await self._handle_disconnect(
+                request, conversation_id, on_new_message
             )
-            return response.json({})
 
         @ac_webhook.route("/conversation/<conversation_id>/keepalive", methods=["POST"])
         async def keepalive(request: Request, conversation_id: Text) -> HTTPResponse:
@@ -432,6 +440,32 @@ class AudiocodesInput(InputChannel):
 
         return ac_webhook
 
+    async def _handle_disconnect(
+        self,
+        request: Request,
+        conversation_id: Text,
+        on_new_message: Callable[[UserMessage], Awaitable[Any]],
+    ) -> HTTPResponse:
+        """Triggered when the call is disconnected."""
+        self._get_conversation(request.token, conversation_id)
+        reason = {"reason": request.json.get("reason")}
+        await on_new_message(
+            UserMessage(
+                text=f"{INTENT_MESSAGE_PREFIX}session_end",
+                output_channel=None,
+                input_channel=self.name(),
+                sender_id=conversation_id,
+                metadata=reason,
+            )
+        )
+        del self.conversations[conversation_id]
+        structlogger.debug(
+            "audiocodes.disconnect",
+            conversation=conversation_id,
+            request=request.json,
+        )
+        return response.json({})
+
 
 class AudiocodesOutput(OutputChannel):
     @classmethod
@@ -439,6 +473,7 @@ class AudiocodesOutput(OutputChannel):
         return CHANNEL_NAME
 
     def __init__(self) -> None:
+        super().__init__()
         self.messages: List[Dict] = []
 
     async def add_message(self, message: Dict) -> None:

rasa/core/channels/voice_ready/jambonz.py

@@ -5,8 +5,14 @@ from sanic import Blueprint, Websocket, response  # type: ignore[attr-defined]
 from sanic.request import Request
 from sanic.response import HTTPResponse
 
-from rasa.core.channels.channel import InputChannel, OutputChannel, UserMessage
+from rasa.core.channels.channel import (
+    InputChannel,
+    OutputChannel,
+    UserMessage,
+    requires_basic_auth,
+)
 from rasa.core.channels.voice_ready.jambonz_protocol import (
+    CHANNEL_NAME,
     send_ws_hangup_message,
     send_ws_text_message,
     websocket_message_handler,
@@ -18,8 +24,6 @@ from rasa.utils.io import remove_emojis
 
 structlogger = structlog.get_logger()
 
-CHANNEL_NAME = "jambonz"
-
 DEFAULT_HANGUP_DELAY_SECONDS = 1
 
 
@@ -32,12 +36,27 @@ class JambonzVoiceReadyInput(InputChannel):
 
     @classmethod
     def from_credentials(cls, credentials: Optional[Dict[Text, Any]]) -> InputChannel:
-        return cls()
+        if not credentials:
+            return cls()
+
+        username = credentials.get("username")
+        password = credentials.get("password")
+        if (username is None) != (password is None):
+            raise RasaException(
+                "In Jambonz channel, either both username and password "
+                "or neither should be provided. "
+            )
 
-    def __init__(self) -> None:
+        return cls(username, password)
+
+    def __init__(
+        self, username: Optional[Text] = None, password: Optional[Text] = None
+    ) -> None:
         """Initializes the JambonzVoiceReadyInput channel."""
         mark_as_beta_feature("Jambonz Channel")
         validate_voice_license_scope()
+        self.username = username
+        self.password = password
 
     def blueprint(
         self, on_new_message: Callable[[UserMessage], Awaitable[Any]]
@@ -50,6 +69,7 @@ class JambonzVoiceReadyInput(InputChannel):
             return response.json({"status": "ok"})
 
         @jambonz_webhook.websocket("/websocket", subprotocols=["ws.jambonz.org"])  # type: ignore
+        @requires_basic_auth(self.username, self.password)
         async def websocket(request: Request, ws: Websocket) -> None:
             """Triggered on new websocket connection."""
             async for message in ws:

rasa/core/channels/voice_ready/jambonz_protocol.py

@@ -10,6 +10,7 @@ from rasa.core.channels.channel import UserMessage
 from rasa.core.channels.voice_ready.utils import CallParameters
 
 structlogger = structlog.get_logger()
+CHANNEL_NAME = "jambonz"
 
 
 @dataclass
@@ -206,6 +207,7 @@ async def handle_new_session(
         output_channel=output_channel,
         sender_id=message.call_sid,
         metadata=asdict(message.call_params),
+        input_channel=CHANNEL_NAME,
     )
     await send_config_ack(message.message_id, ws)
     await on_new_message(user_msg)
@@ -238,6 +240,7 @@ async def handle_gather_completed(
         output_channel = JambonzWebsocketOutput(ws, transcript_result.call_sid)
         user_msg = UserMessage(
             text=most_likely_transcript.text,
+            input_channel=CHANNEL_NAME,
             output_channel=output_channel,
             sender_id=transcript_result.call_sid,
             metadata={},
@@ -288,6 +291,7 @@ async def handle_call_status(
         output_channel = JambonzWebsocketOutput(ws, call_status.call_sid)
         user_msg = UserMessage(
             text="/session_end",
+            input_channel=CHANNEL_NAME,
             output_channel=output_channel,
             sender_id=call_status.call_sid,
             metadata={},

rasa/core/channels/voice_stream/audiocodes.py

@@ -1,5 +1,6 @@
 import asyncio
 import base64
+import hmac
 import json
 from typing import Any, Awaitable, Callable, Dict, Optional, Text
 
@@ -103,6 +104,7 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
 
     def __init__(
         self,
+        token: Optional[Text],
         server_url: str,
         asr_config: Dict,
         tts_config: Dict,
@@ -110,6 +112,22 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
     ):
         mark_as_beta_feature("Audiocodes (audiocodes_stream) Channel")
         super().__init__(server_url, asr_config, tts_config, monitor_silence)
+        self.token = token
+
+    @classmethod
+    def from_credentials(
+        cls, credentials: Optional[Dict[str, Any]]
+    ) -> VoiceInputChannel:
+        if not credentials:
+            raise ValueError("No credentials given for Audiocodes voice channel.")
+
+        return cls(
+            token=credentials.get("token"),
+            server_url=credentials["server_url"],
+            asr_config=credentials["asr"],
+            tts_config=credentials["tts"],
+            monitor_silence=credentials.get("monitor_silence", False),
+        )
 
     def channel_bytes_to_rasa_audio_bytes(self, input_bytes: bytes) -> RasaAudioBytes:
         return RasaAudioBytes(base64.b64decode(input_bytes))
@@ -135,6 +153,13 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
                     )
                     if activity["name"] == "start":
                         return map_call_params(activity["parameters"])
+            elif data["type"] == "connection.validate":
+                # not part of call flow; only sent when integration is created
+                logger.info(
+                    "audiocodes_stream.collect_call_parameters.connection.validate",
+                    event_info="received request to validate integration",
+                )
+                self._send_validated(channel_websocket, data)
             else:
                 logger.warning("audiocodes_stream.unknown_message", data=data)
         return None
@@ -158,7 +183,7 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
                 elif activity["name"] == "playFinished":
                     logger.debug("audiocodes_stream.playFinished", data=activity)
                     if call_state.should_hangup:
-                        logger.info("audiocodes.hangup")
+                        logger.info("audiocodes_stream.hangup")
                         self._send_hangup(ws, data)
                         # the conversation should continue until
                         # we receive a end message from audiocodes
@@ -180,11 +205,10 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
         elif data["type"] == "session.end":
             logger.debug("audiocodes_stream.end", data=data)
             return EndConversationAction()
-        elif data["type"] == "connection.validate":
-            # not part of call flow; only sent when integration is created
-            self._send_validated(ws, data)
         else:
-            logger.warning("audiocodes_stream.unknown_message", data=data)
+            logger.warning(
+                "audiocodes_stream.map_input_message.unknown_message", data=data
+            )
 
         return ContinueConversationAction()
 
@@ -254,6 +278,17 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
             self.tts_cache,
         )
 
+    def _is_token_valid(self, token: Optional[Text]) -> bool:
+        # If no token is set, always return True
+        if not self.token:
+            return True
+
+        # Token is required, but not provided
+        if not token:
+            return False
+
+        return hmac.compare_digest(str(self.token), str(token))
+
     def blueprint(
         self, on_new_message: Callable[[UserMessage], Awaitable[Any]]
     ) -> Blueprint:
@@ -266,17 +301,26 @@ class AudiocodesVoiceInputChannel(VoiceInputChannel):
 
         @blueprint.websocket("/websocket")  # type: ignore
         async def receive(request: Request, ws: Websocket) -> None:
-            # TODO: validate API key header
-            logger.info("audiocodes.receive", message="Starting audio streaming")
+            if not self._is_token_valid(request.token):
+                logger.error(
+                    "audiocodes_stream.invalid_token",
+                    invalid_token=request.token,
+                )
+                await ws.close(code=1008, reason="Invalid token")
+                return
+
+            logger.info(
+                "audiocodes_stream.receive", event_info="Started websocket connection"
+            )
             try:
                 await self.run_audio_streaming(on_new_message, ws)
             except Exception as e:
                 logger.exception(
-                    "audiocodes.receive",
+                    "audiocodes_stream.receive",
                     message="Error during audio streaming",
                     error=e,
                 )
-                # return 500 error
+                await ws.close(code=1011, reason="Error during audio streaming")
                 raise
 
         return blueprint

rasa/core/channels/voice_stream/genesys.py

@@ -1,4 +1,7 @@
 import asyncio
+import base64
+import hashlib
+import hmac
 import json
 from typing import Any, Awaitable, Callable, Dict, Optional, Text
 
@@ -45,6 +48,7 @@ in the documentation but observed in their example app
 https://github.com/GenesysCloudBlueprints/audioconnector-server-reference-implementation
 """
 MAXIMUM_BINARY_MESSAGE_SIZE = 64000  # 64KB
+HEADER_API_KEY = "X-Api-Key"
 logger = structlog.get_logger(__name__)
 
 
@@ -86,8 +90,31 @@ class GenesysInputChannel(VoiceInputChannel):
     def name(cls) -> str:
         return "genesys"
 
-    def __init__(self, *args: Any, **kwargs: Any) -> None:
+    def __init__(
+        self, api_key: Text, client_secret: Optional[Text], *args: Any, **kwargs: Any
+    ) -> None:
         super().__init__(*args, **kwargs)
+        self.api_key = api_key
+        self.client_secret = client_secret
+
+    @classmethod
+    def from_credentials(
+        cls, credentials: Optional[Dict[str, Any]]
+    ) -> VoiceInputChannel:
+        if not credentials:
+            raise ValueError("No credentials given for Genesys voice channel.")
+
+        if not credentials.get("api_key"):
+            raise ValueError("No API key given for Genesys voice channel (api_key).")
+
+        return cls(
+            api_key=credentials["api_key"],
+            client_secret=credentials.get("client_secret"),
+            server_url=credentials["server_url"],
+            asr_config=credentials["asr"],
+            tts_config=credentials["tts"],
+            monitor_silence=credentials.get("monitor_silence", False),
+        )
 
     def _ensure_channel_data_initialized(self) -> None:
         """Initialize Genesys-specific channel data if not already present.
@@ -273,6 +300,93 @@ class GenesysInputChannel(VoiceInputChannel):
         logger.debug("genesys.disconnect", message=message)
         _schedule_ws_task(ws.send(json.dumps(message)))
 
+    def _calculate_signature(self, request: Request) -> str:
+        """Calculate the signature using request data."""
+        org_id = request.headers.get("Audiohook-Organization-Id")
+        session_id = request.headers.get("Audiohook-Session-Id")
+        correlation_id = request.headers.get("Audiohook-Correlation-Id")
+        api_key = request.headers.get(HEADER_API_KEY)
+
+        # order of components is important!
+        components = [
+            ("@request-target", "/webhooks/genesys/websocket"),
+            ("audiohook-session-id", session_id),
+            ("audiohook-organization-id", org_id),
+            ("audiohook-correlation-id", correlation_id),
+            (HEADER_API_KEY.lower(), api_key),
+            ("@authority", self.server_url),
+        ]
+
+        # Create signature base string
+        signing_string = ""
+        for name, value in components:
+            signing_string += f'"{name}": {value}\n'
+
+        # Add @signature-params
+        signature_input = request.headers["Signature-Input"]
+        _, params_str = signature_input.split("=", 1)
+        signing_string += f'"@signature-params": {params_str}'
+
+        # Calculate the HMAC signature
+        key_bytes = base64.b64decode(self.client_secret)
+        signature = hmac.new(
+            key_bytes, signing_string.encode("utf-8"), hashlib.sha256
+        ).digest()
+        return base64.b64encode(signature).decode("utf-8")
+
+    async def _verify_signature(self, request: Request) -> bool:
+        """Verify the HTTP message signature from Genesys."""
+        if not self.client_secret:
+            logger.info(
+                "genesys.verify_signature.no_client_secret",
+                event_info="Signature verification skipped",
+            )
+            return True  # Skip verification if no client secret
+
+        signature = request.headers.get("Signature")
+        signature_input = request.headers.get("Signature-Input")
+        if not signature or not signature_input:
+            logger.error("genesys.signature.missing_signature_header")
+            return False
+
+        try:
+            actual_signature = signature.split("=", 1)[1].strip(':"')
+            expected_signature = self._calculate_signature(request)
+            return hmac.compare_digest(
+                expected_signature.encode("utf-8"), actual_signature.encode("utf-8")
+            )
+        except Exception as e:
+            logger.exception("genesys.signature.verification_error", error=e)
+            return False
+
+    def _ensure_required_headers(self, request: Request) -> bool:
+        """Ensure required headers are present in the request."""
+        required_headers = [
+            "Audiohook-Organization-Id",
+            "Audiohook-Correlation-Id",
+            "Audiohook-Session-Id",
+            HEADER_API_KEY,
+        ]
+
+        missing_headers = [
+            header for header in required_headers if header not in request.headers
+        ]
+
+        if missing_headers:
+            logger.error(
+                "genesys.missing_required_headers",
+                missing_headers=missing_headers,
+            )
+            return False
+        return True
+
+    def _ensure_api_key(self, request: Request) -> bool:
+        """Ensure the API key is present in the request."""
+        api_key = request.headers.get(HEADER_API_KEY)
+        if not hmac.compare_digest(str(self.api_key), str(api_key)):
+            return False
+        return True
+
     def blueprint(
         self, on_new_message: Callable[[UserMessage], Awaitable[Any]]
     ) -> Blueprint:
@@ -289,23 +403,39 @@ class GenesysInputChannel(VoiceInputChannel):
                 "genesys.receive",
                 audiohook_session_id=request.headers.get("audiohook-session-id"),
             )
-            # validate required headers
-            required_headers = [
-                "audiohook-organization-id",
-                "audiohook-correlation-id",
-                "audiohook-session-id",
-                "x-api-key",
-            ]
-
-            for header in required_headers:
-                if header not in request.headers:
-                    await ws.close(1008, f"Missing required header: {header}")
-                    return
-
-            # TODO: validate API key header
+
+            # verify signature
+            if not await self._verify_signature(request):
+                logger.error("genesys.receive.invalid_signature")
+                await ws.close(code=1008, reason="Invalid signature")
+                return
+
+            # ensure required headers are present
+            if not self._ensure_required_headers(request):
+                await ws.close(code=1002, reason="Missing required headers")
+                return
+
+            # ensure API key is correct
+            if not self._ensure_api_key(request):
+                logger.error(
+                    "genesys.receive.invalid_api_key",
+                    invalid_api_key=request.headers.get(HEADER_API_KEY),
+                )
+                await ws.close(code=1008, reason="Invalid API key")
+                return
+
             # process audio streaming
             logger.info("genesys.receive", message="Starting audio streaming")
-            await self.run_audio_streaming(on_new_message, ws)
+            try:
+                await self.run_audio_streaming(on_new_message, ws)
+            except Exception as e:
+                logger.exception(
+                    "genesys.receive",
+                    message="Error during audio streaming",
+                    error=e,
+                )
+                await ws.close(code=1011, reason="Error during audio streaming")
+                raise
 
         return blueprint