fix(security): close cross-tenant IDOR gaps in OAuth credential and execution auth by waleedlatif1 · Pull Request #4549 · simstudioai/sim

waleedlatif1 · 2026-05-10T21:29:19Z

Summary

Several tool routes (gmail/label, onedrive/files, onedrive/folder, outlook/folders, wealthbox/item, auth/oauth/wealthbox/item) called resolveOAuthAccountId then only checked workspace permissions when workspaceId was set — the legacy account-ID fallback path returned no workspaceId, silently skipping all ownership validation. Any authenticated user could supply a raw account.id to access another tenant's OAuth credentials
Replace all instances with authorizeCredentialUse, which enforces ownership on every credential type including the legacy fallback path
Add authorizeCredentialUse ownership gate before resolveVertexCredential in providers/route.ts (Vertex AI credential path had the same gap)
Add verifyFileAccess check in wordpress/upload before downloadFileFromStorage — file key was user-supplied with no ownership verification
Add optional workflowId filter to all PauseResumeManager methods (enqueueOrStartResume, beginPausedCancellation, etc.) — previously looked up paused executions by executionId only, allowing any authenticated user to cancel or resume another tenant's paused workflow execution; update all call sites (cancel, resume, poll routes)

Type of Change

Bug fix

Testing

Tested manually. authorizeCredentialUse backwards-compatibility verified: legacy account-ID callers who own their credentials still work (ownership enforced); HITL manager workflowId param is optional so internal self-calls without it are unaffected; verifyFileAccess confirmed to exist and match usage.

Checklist

Code follows project style guidelines
Self-reviewed my changes
Tests added/updated and passing
No new warnings introduced
I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

…orization Routes that called resolveOAuthAccountId followed by a conditional workspace permission check (only run when workspaceId was set) silently skipped all ownership validation on the legacy account-ID fallback path. Any authenticated user could supply a raw account.id to access another tenant's OAuth credentials. - Replace resolveOAuthAccountId + conditional perm check with authorizeCredentialUse in: auth/oauth/wealthbox/item, tools/gmail/label, tools/onedrive/files, tools/onedrive/folder, tools/outlook/folders, tools/wealthbox/item (routes 1, 3-7) - Add authorizeCredentialUse ownership gate before resolveVertexCredential in providers/route.ts (route 2) - Add verifyFileAccess check on the user-supplied file key before downloadFileFromStorage in tools/wordpress/upload (route 8) - Add workflowId param to PauseResumeManager methods (enqueueOrStartResume, beginPausedCancellation, completePausedCancellation, blockQueuedResumesForCancellation, clearPausedCancellationIntent, getPausedCancellationStatus, processQueuedResumes) and filter all pausedExecutions lookups by workflowId so callers cannot act on another tenant's paused execution by supplying a foreign executionId (route 9) - Update all call sites (cancel, resume, poll routes) to pass workflowId

vercel · 2026-05-10T21:29:24Z

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 11, 2026 4:40pm

cursor · 2026-05-10T21:29:27Z

PR Summary

High Risk
Touches security-critical authorization paths for OAuth credentials, file downloads, and human-in-the-loop resume/cancel flows; mistakes could block legitimate access or leave residual IDOR exposure.

Overview
Closes multiple cross-tenant IDOR vectors by standardizing API routes on authorizeCredentialUse for OAuth credential usage (Gmail/OneDrive/Outlook/Wealthbox selectors, Wealthbox OAuth item route, and Vertex credential resolution in providers).

Hardens file transfer by verifying the caller owns the referenced storage key (verifyFileAccess) before WordPress uploads download from storage.

Scopes human-in-the-loop pause/resume/cancellation operations by requiring workflowId in PauseResumeManager lookups and propagating it through resume, poll, and cancel endpoints, plus more consistent error handling via toError.

^{Reviewed by Cursor Bugbot for commit 026405f. Configure here.}

greptile-apps · 2026-05-10T21:35:15Z

Greptile Summary

This PR closes a suite of cross-tenant IDOR vulnerabilities by replacing ad-hoc resolveOAuthAccountId + conditional workspace-permission checks with the unified authorizeCredentialUse gate, adding workflowId scoping to all PauseResumeManager methods (preventing unauthorized cancel/resume of another tenant's paused execution), and adding verifyFileAccess ownership verification to the WordPress upload route.

OAuth credential IDOR (6 routes): Routes for Gmail labels, OneDrive files/folders, Outlook folders, Wealthbox items (×2), and Vertex AI now call authorizeCredentialUse, which enforces ownership on every credential type including the legacy account-ID fallback path that previously silently skipped all ownership validation.
HITL IDOR: All PauseResumeManager cancellation/resume methods now require a workflowId and scope their database lookups with AND workflow_id = ?, closing the gap where any authenticated user could cancel or resume another tenant's paused workflow.
File ownership: The WordPress upload route now hard-fails with 404 when the acting user is not an owner of the supplied S3 key.

Confidence Score: 5/5

Safe to merge — all cross-tenant credential and execution-control gaps are consistently closed with no behavioral regressions found.

All three fix categories (OAuth credential IDOR, HITL cancel/resume IDOR, WordPress file ownership) are correctly and completely implemented. Previously flagged concerns about processQueuedResumes, getPausedCancellationStatus, and completePausedCancellation missing workflowId are fully addressed. The authorizeCredentialUse refactor removes dead actingUserId guards without changing observable behavior.

No files require special attention — the core security logic in credential-access.ts and human-in-the-loop-manager.ts was reviewed thoroughly and is correct.

Important Files Changed

Filename	Overview
apps/sim/lib/auth/credential-access.ts	Core authorization gate refactored to remove dead `if (actingUserId)` guards, making membership and workspace-permission checks unconditional and closing the IDOR gap on all credential paths.
apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts	All PauseResumeManager methods now enforce `workflowId` as a required parameter; all internal call sites correctly thread `workflowId` through, fixing the cross-tenant IDOR gaps flagged in previous review rounds.
apps/sim/app/api/tools/wordpress/upload/route.ts	Adds `verifyFileAccess` ownership check before `downloadFileFromStorage`; URL-based files fail earlier in `processSingleFileToUserFile`, so the new guard is belt-and-suspenders only.
apps/sim/app/api/providers/route.ts	Vertex AI credential path now gated by `authorizeCredentialUse` before `resolveVertexCredential`.
apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.ts	All PauseResumeManager cancellation calls now include `workflowId`, scoping DB queries to prevent cross-tenant cancellation.
apps/sim/app/api/resume/[workflowId]/[executionId]/[contextId]/route.ts	Threads `workflowId` into `enqueueOrStartResume` and the error-recovery `processQueuedResumes` call.
apps/sim/app/api/tools/gmail/label/route.ts	Replaces manual auth check with `authorizeCredentialUse`; service account case handled correctly inside `refreshAccessTokenIfNeeded`.
apps/sim/app/api/resume/poll/route.ts	Adds `workflowId: row.workflowId` to the scheduled `enqueueOrStartResume` call.
apps/sim/lib/copilot/generated/tool-schemas-v1.ts	Cosmetic: computed property names simplified; no behavioral change.

Sequence Diagram

sequenceDiagram
    participant Client
    participant ToolRoute as Tool Route (gmail, onedrive, etc.)
    participant ACA as authorizeCredentialUse
    participant DB as Database
    participant OAuthUtils as refreshAccessTokenIfNeeded

    Client->>ToolRoute: "GET /api/tools/... ?credentialId=X"
    ToolRoute->>ACA: "authorizeCredentialUse(request, {credentialId})"
    ACA->>DB: checkSessionOrInternalAuth
    ACA->>DB: "SELECT FROM credential WHERE id = credentialId"
    alt Platform credential (OAuth/SA)
        ACA->>DB: SELECT FROM credential_member WHERE credentialId AND userId
        ACA->>DB: getUserEntityPermissions(actingUser, workspace)
        ACA-->>ToolRoute: ok: true, credentialOwnerUserId
    else Legacy account ID
        ACA->>DB: "SELECT FROM account WHERE id = credentialId"
        ACA->>ACA: "auth.userId === account.userId?"
        ACA-->>ToolRoute: ok: true, credentialOwnerUserId
    end
    ToolRoute->>OAuthUtils: refreshAccessTokenIfNeeded(credentialId, ownerUserId)
    OAuthUtils-->>ToolRoute: accessToken
    ToolRoute-->>Client: 200 with data

_{Reviews (6): Last reviewed commit: "fix(security): harden workflowId scoping..." | Re-trigger Greptile}

…ocessQueuedResumes, fix log level - Fail closed in WordPress upload when userFile.key is present but authResult.userId is absent, preventing silent bypass of ownership check via JWT fallback path - Thread workflowId into processQueuedResumes in the async resume error-recovery path and in pause-persistence.ts to close residual cross-tenant gap - Change logger.error to logger.warn for credential access denial in OneDrive folder route to match all other routes in this PR

waleedlatif1 · 2026-05-11T01:24:13Z

@cursor review

waleedlatif1 · 2026-05-11T01:24:17Z

@greptile

cursor

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 94bc2e2. Configure here.}

…l sites Closes residual cross-tenant IDOR gap where processQueuedResumes was called without a workflowId scope in persistPauseResult, startResumeExecution (success and error paths), and clearPausedCancellationIntent. workflowId was already in scope at each site — this wires it through to the existing optional parameter.

waleedlatif1 · 2026-05-11T01:33:39Z

Follow-up fix (fd234ac): threaded workflowId through the remaining 4 processQueuedResumes call sites in human-in-the-loop-manager.ts that were still missing it — persistPauseResult (line 267), startResumeExecution success path (line 507), startResumeExecution error path (line 535), and clearPausedCancellationIntent (line 1692). In all cases workflowId was already in scope; this just wires it through to the existing optional parameter. All 4 call sites now pass tenant scope — no remaining gaps.

…caught errors - catch (error: any) → catch (error) + toError(error).message in resume and cancel routes - Remove what-not-why inline comments from wordpress upload and onedrive/files routes - Remove redundant debug-only item breakdown log and the file-IDs log in onedrive/files - Trim extraneous DAG-edge comments from updateSnapshotAfterResume in HITL manager

waleedlatif1 · 2026-05-11T01:47:47Z

Quality pass complete (0d4c9c6):

catch (error: any) → catch (error) + toError(error).message in both the resume route and cancel route — no more type escape hatch on caught errors
WordPress upload: removed 4 what-not-why inline comments (Process file, Use provided filename, Upload to WordPress using multipart, Add optional metadata)
OneDrive files: collapsed the debug item-breakdown reduce+log and the file-IDs log into a single structured info log; consolidated the URL-branch comments into one truthful line; simplified the .filter() call
HITL manager (updateSnapshotAfterResume): removed 3 redundant DAG-edge comments

All 4 original review threads were already resolved before this pass. Lint is clean.

waleedlatif1 · 2026-05-11T01:49:27Z

@cursor review

waleedlatif1 · 2026-05-11T01:49:28Z

@greptile

…route

waleedlatif1 · 2026-05-11T02:52:57Z

@cursor review

waleedlatif1 · 2026-05-11T02:52:59Z

@greptile

All 7 method signatures (processQueuedResumes, enqueueOrStartResume, beginPausedCancellation, completePausedCancellation, blockQueuedResumesForCancellation, clearPausedCancellationIntent, getPausedCancellationStatus) previously accepted workflowId as optional. Every call site already supplies it — making it required closes the vulnerability at the type level so future callers cannot accidentally omit tenant scoping and silently fall back to an unscoped DB query.

…alls and remove dead branches in credential-access

waleedlatif1 · 2026-05-11T03:44:48Z

@greptile

waleedlatif1 · 2026-05-11T03:44:52Z

@cursor review

Replace falsy workflowId checks in PauseResumeManager (all methods now unconditionally apply the workflowId WHERE clause, preventing empty-string bypass). Flip WordPress upload file guard from truthy key check to explicit non-empty validation so key:"" fails closed with a 404 instead of silently skipping access control.

waleedlatif1 · 2026-05-11T16:41:01Z

@greptile

waleedlatif1 · 2026-05-11T16:41:05Z

@cursor review

cursor

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 026405f. Configure here.}

cursor Bot reviewed May 10, 2026

View reviewed changes

Comment thread apps/sim/app/api/tools/wordpress/upload/route.ts

Comment thread apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts Outdated

greptile-apps Bot reviewed May 10, 2026

View reviewed changes

Comment thread apps/sim/app/api/tools/onedrive/folder/route.ts Outdated

Comment thread apps/sim/app/api/tools/wordpress/upload/route.ts Outdated

vercel Bot temporarily deployed to Preview May 11, 2026 01:19 Inactive