fix for backwards compat

Author: icecrasher321

apps/sim/app/api/webhooks/route.ts

@@ -329,8 +329,8 @@ export async function POST(request: NextRequest) {
       logger.info(`[${requestId}] Gmail provider detected. Setting up Gmail webhook configuration.`)
       try {
         const { configureGmailPolling } = await import('@/lib/webhooks/utils')
-        // Strict: utils will resolve credential ownership; do not fall back to workflow owner
-        const success = await configureGmailPolling('', savedWebhook, requestId)
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
+        const success = await configureGmailPolling(workflowRecord.userId, savedWebhook, requestId)
 
         if (!success) {
           logger.error(`[${requestId}] Failed to configure Gmail polling`)
@@ -364,8 +364,12 @@ export async function POST(request: NextRequest) {
       )
       try {
         const { configureOutlookPolling } = await import('@/lib/webhooks/utils')
-        // Strict: utils will resolve credential ownership; do not fall back to workflow owner
-        const success = await configureOutlookPolling('', savedWebhook, requestId)
+        // Pass workflow owner for backward-compat fallback (utils prefers credentialId if present)
+        const success = await configureOutlookPolling(
+          workflowRecord.userId,
+          savedWebhook,
+          requestId
+        )
 
         if (!success) {
           logger.error(`[${requestId}] Failed to configure Outlook polling`)

apps/sim/lib/webhooks/gmail-polling-service.ts

@@ -3,7 +3,7 @@ import { nanoid } from 'nanoid'
 import { Logger } from '@/lib/logs/console/logger'
 import { hasProcessedMessage, markMessageAsProcessed } from '@/lib/redis'
 import { getBaseUrl } from '@/lib/urls/utils'
-import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getOAuthToken, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account, webhook } from '@/db/schema'
 
@@ -84,26 +84,33 @@ export async function pollGmailWebhooks() {
         // Extract metadata
         const metadata = webhookData.providerConfig as any
         const credentialId: string | undefined = metadata?.credentialId
+        const userId: string | undefined = metadata?.userId
 
-        if (!credentialId) {
-          logger.error(`[${requestId}] Missing credentialId for webhook ${webhookId}`)
-          return { success: false, webhookId, error: 'Missing credentialId' }
+        if (!credentialId && !userId) {
+          logger.error(`[${requestId}] Missing credentialId and userId for webhook ${webhookId}`)
+          return { success: false, webhookId, error: 'Missing credentialId and userId' }
         }
 
-        // Resolve owner and token strictly via credentialId
-        const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-        if (rows.length === 0) {
-          logger.error(
-            `[${requestId}] Credential ${credentialId} not found for webhook ${webhookId}`
-          )
-          return { success: false, webhookId, error: 'Credential not found' }
+        // Resolve owner and token
+        let accessToken: string | null = null
+        if (credentialId) {
+          const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
+          if (rows.length === 0) {
+            logger.error(
+              `[${requestId}] Credential ${credentialId} not found for webhook ${webhookId}`
+            )
+            return { success: false, webhookId, error: 'Credential not found' }
+          }
+          const ownerUserId = rows[0].userId
+          accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
+        } else if (userId) {
+          // Backward-compat fallback to workflow owner token
+          accessToken = await getOAuthToken(userId, 'google-email')
         }
-        const ownerUserId = rows[0].userId
 
-        const accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
         if (!accessToken) {
           logger.error(
-            `[${requestId}] Failed to get Gmail access token for webhook ${webhookId} via credential ${credentialId}`
+            `[${requestId}] Failed to get Gmail access token for webhook ${webhookId} (cred or fallback)`
           )
           return { success: false, webhookId, error: 'No access token' }
         }

apps/sim/lib/webhooks/outlook-polling-service.ts

@@ -3,7 +3,7 @@ import { nanoid } from 'nanoid'
 import { Logger } from '@/lib/logs/console/logger'
 import { hasProcessedMessage, markMessageAsProcessed } from '@/lib/redis'
 import { getBaseUrl } from '@/lib/urls/utils'
-import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getOAuthToken, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account, webhook } from '@/db/schema'
 
@@ -108,29 +108,36 @@ export async function pollOutlookWebhooks() {
       try {
         logger.info(`[${requestId}] Processing Outlook webhook: ${webhookId}`)
 
-        // Extract credentialId from providerConfig (strict)
+        // Extract credentialId and/or userId
         const metadata = webhookData.providerConfig as any
         const credentialId: string | undefined = metadata?.credentialId
+        const userId: string | undefined = metadata?.userId
 
-        if (!credentialId) {
-          logger.error(`[${requestId}] Missing credentialId for webhook ${webhookId}`)
-          return { success: false, webhookId, error: 'Missing credentialId' }
+        if (!credentialId && !userId) {
+          logger.error(`[${requestId}] Missing credentialId and userId for webhook ${webhookId}`)
+          return { success: false, webhookId, error: 'Missing credentialId and userId' }
         }
 
-        // Resolve owner and token via credentialId
-        const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-        if (!rows.length) {
-          logger.error(
-            `[${requestId}] Credential ${credentialId} not found for webhook ${webhookId}`
-          )
-          return { success: false, webhookId, error: 'Credential not found' }
+        // Resolve access token
+        let accessToken: string | null = null
+        if (credentialId) {
+          const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
+          if (!rows.length) {
+            logger.error(
+              `[${requestId}] Credential ${credentialId} not found for webhook ${webhookId}`
+            )
+            return { success: false, webhookId, error: 'Credential not found' }
+          }
+          const ownerUserId = rows[0].userId
+          accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
+        } else if (userId) {
+          // Backward-compat fallback to workflow owner token
+          accessToken = await getOAuthToken(userId, 'outlook')
         }
-        const ownerUserId = rows[0].userId
 
-        const accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
         if (!accessToken) {
           logger.error(
-            `[${requestId}] Failed to get Outlook access token for webhook ${webhookId} via credential ${credentialId}`
+            `[${requestId}] Failed to get Outlook access token for webhook ${webhookId} (cred or fallback)`
           )
           return { success: false, webhookId, error: 'No access token' }
         }

apps/sim/lib/webhooks/utils.ts

@@ -1,7 +1,7 @@
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { createLogger } from '@/lib/logs/console/logger'
-import { refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
+import { getOAuthToken, refreshAccessTokenIfNeeded } from '@/app/api/auth/oauth/utils'
 import { db } from '@/db'
 import { account, webhook } from '@/db/schema'
 
@@ -1284,29 +1284,42 @@ export async function configureGmailPolling(
     const providerConfig = (webhookData.providerConfig as Record<string, any>) || {}
 
     const credentialId: string | undefined = providerConfig.credentialId
-    if (!credentialId) {
-      logger.error(
-        `[${requestId}] Missing credentialId for Gmail webhook ${webhookData.id}. Refusing to proceed.`
-      )
-      return false
-    }
 
-    // Resolve owner user ID from the credential and refresh token if needed
-    const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-    if (rows.length === 0) {
-      logger.error(
-        `[${requestId}] Credential ${credentialId} not found for Gmail webhook ${webhookData.id}`
-      )
-      return false
-    }
-    const ownerUserId = rows[0].userId
+    let effectiveUserId: string | null = null
+    let accessToken: string | null = null
 
-    const accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
-    if (!accessToken) {
-      logger.error(
-        `[${requestId}] Failed to refresh/access Gmail token for credential ${credentialId}`
-      )
-      return false
+    if (credentialId) {
+      const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
+      if (rows.length === 0) {
+        logger.error(
+          `[${requestId}] Credential ${credentialId} not found for Gmail webhook ${webhookData.id}`
+        )
+        return false
+      }
+      effectiveUserId = rows[0].userId
+      accessToken = await refreshAccessTokenIfNeeded(credentialId, effectiveUserId, requestId)
+      if (!accessToken) {
+        logger.error(
+          `[${requestId}] Failed to refresh/access Gmail token for credential ${credentialId}`
+        )
+        return false
+      }
+    } else {
+      // Backward-compat: fall back to workflow owner
+      if (!userId) {
+        logger.error(
+          `[${requestId}] Missing credentialId and userId for Gmail webhook ${webhookData.id}`
+        )
+        return false
+      }
+      effectiveUserId = userId
+      accessToken = await getOAuthToken(effectiveUserId, 'google-email')
+      if (!accessToken) {
+        logger.error(
+          `[${requestId}] Failed to obtain Gmail token for user ${effectiveUserId} (fallback)`
+        )
+        return false
+      }
     }
 
     const maxEmailsPerPoll =
@@ -1326,8 +1339,8 @@ export async function configureGmailPolling(
       .set({
         providerConfig: {
           ...providerConfig,
-          userId: ownerUserId,
-          credentialId,
+          userId: effectiveUserId,
+          ...(credentialId ? { credentialId } : {}),
           maxEmailsPerPoll,
           pollingInterval,
           markAsRead: providerConfig.markAsRead || false,
@@ -1371,56 +1384,67 @@ export async function configureOutlookPolling(
     const providerConfig = (webhookData.providerConfig as Record<string, any>) || {}
 
     const credentialId: string | undefined = providerConfig.credentialId
-    if (!credentialId) {
-      logger.error(
-        `[${requestId}] Missing credentialId for Outlook webhook ${webhookData.id}. Refusing to proceed.`
-      )
-      return false
-    }
 
-    // Resolve owner user ID from the credential and refresh token if needed
-    const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
-    if (rows.length === 0) {
-      logger.error(
-        `[${requestId}] Credential ${credentialId} not found for Outlook webhook ${webhookData.id}`
-      )
-      return false
-    }
-    const ownerUserId = rows[0].userId
+    let effectiveUserId: string | null = null
+    let accessToken: string | null = null
 
-    const accessToken = await refreshAccessTokenIfNeeded(credentialId, ownerUserId, requestId)
-    if (!accessToken) {
-      logger.error(
-        `[${requestId}] Failed to refresh/access Outlook token for credential ${credentialId}`
-      )
-      return false
+    if (credentialId) {
+      const rows = await db.select().from(account).where(eq(account.id, credentialId)).limit(1)
+      if (rows.length === 0) {
+        logger.error(
+          `[${requestId}] Credential ${credentialId} not found for Outlook webhook ${webhookData.id}`
+        )
+        return false
+      }
+      effectiveUserId = rows[0].userId
+      accessToken = await refreshAccessTokenIfNeeded(credentialId, effectiveUserId, requestId)
+      if (!accessToken) {
+        logger.error(
+          `[${requestId}] Failed to refresh/access Outlook token for credential ${credentialId}`
+        )
+        return false
+      }
+    } else {
+      // Backward-compat: fall back to workflow owner
+      if (!userId) {
+        logger.error(
+          `[${requestId}] Missing credentialId and userId for Outlook webhook ${webhookData.id}`
+        )
+        return false
+      }
+      effectiveUserId = userId
+      accessToken = await getOAuthToken(effectiveUserId, 'outlook')
+      if (!accessToken) {
+        logger.error(
+          `[${requestId}] Failed to obtain Outlook token for user ${effectiveUserId} (fallback)`
+        )
+        return false
+      }
     }
 
-    const maxEmailsPerPoll =
-      typeof providerConfig.maxEmailsPerPoll === 'string'
-        ? Number.parseInt(providerConfig.maxEmailsPerPoll, 10) || 25
-        : providerConfig.maxEmailsPerPoll || 25
-
-    const pollingInterval =
-      typeof providerConfig.pollingInterval === 'string'
-        ? Number.parseInt(providerConfig.pollingInterval, 10) || 5
-        : providerConfig.pollingInterval || 5
+    const providerCfg = (webhookData.providerConfig as Record<string, any>) || {}
 
     const now = new Date()
 
     await db
       .update(webhook)
       .set({
         providerConfig: {
-          ...providerConfig,
-          userId: ownerUserId,
-          credentialId,
-          maxEmailsPerPoll,
-          pollingInterval,
-          markAsRead: providerConfig.markAsRead || false,
-          includeRawEmail: providerConfig.includeRawEmail || false,
-          folderIds: providerConfig.folderIds || ['inbox'],
-          folderFilterBehavior: providerConfig.folderFilterBehavior || 'INCLUDE',
+          ...providerCfg,
+          userId: effectiveUserId,
+          ...(credentialId ? { credentialId } : {}),
+          maxEmailsPerPoll:
+            typeof providerCfg.maxEmailsPerPoll === 'string'
+              ? Number.parseInt(providerCfg.maxEmailsPerPoll, 10) || 25
+              : providerCfg.maxEmailsPerPoll || 25,
+          pollingInterval:
+            typeof providerCfg.pollingInterval === 'string'
+              ? Number.parseInt(providerCfg.pollingInterval, 10) || 5
+              : providerCfg.pollingInterval || 5,
+          markAsRead: providerCfg.markAsRead || false,
+          includeRawEmail: providerCfg.includeRawEmail || false,
+          folderIds: providerCfg.folderIds || ['inbox'],
+          folderFilterBehavior: providerCfg.folderFilterBehavior || 'INCLUDE',
           lastCheckedTimestamp: now.toISOString(),
           setupCompleted: true,
         },