fix(security): harden SSO domain registration, webhook path isolation, and CSV export (#4813)

* fix(security): harden KB file access, SSO domain registration, webhook path isolation, env secrets, and CSV export

* fix(sso): scope domain conflict query with indexed lower(domain) filter

Address PR review: avoid a full-table scan on every SSO provider
registration by filtering candidate rows in SQL with
lower(domain) = <normalized>, keeping the in-memory ownership check.
Also tighten the normalizeSSODomain TSDoc.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* chore: condense env route security comments

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* icons update

* chore(security): tighten inline comments in CSV export and KB file authorization

Condense verbose comment blocks to concise TSDoc/single-line form; no behavior change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(security): validate internal serve origin in KB file authorization

Replace the bypassable isInternalFileUrl substring check in resolveInternalKbKey
with an origin allow-list (base URL, internal API base URL, TRUSTED_ORIGINS).
A crafted external host whose path is /api/files/serve/<victim-key> no longer
resolves to the victim key. Relative same-origin URLs are unaffected.

* style(sso): use idiomatic sql lower() comparison for domain conflict query

Match the repo's prevailing `sql`lower(col) = value`` idiom for the
case-insensitive SSO domain conflict lookup.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(security): align workspace env admin gate with hasWorkspaceAdminAccess

Use the same admin check the secrets UI uses (owner, admin permission, or
org-admin) so owners and org-admins are not wrongly denied their own decrypted
workspace secrets, while read-only members remain restricted to names only.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(sso): rely on lower(domain) match for conflict detection, drop dead in-memory recheck

Address PR review: the SQL `lower(domain) = <normalized>` predicate already
excludes rows that the in-memory `normalizeSSODomain(...) === domain` recheck
claimed to catch, making that recheck dead/misleading code. Match on the
canonical lower-cased domain and filter purely by ownership. Malformed legacy
values (wildcards, schemes, ports) never match an email domain at sign-in, so
excluding them is not a gap. Test DB mock now applies the lower() predicate so
the casing-variant case is genuinely exercised.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(security): scope webhook deploy path conflict to active webhooks

findConflictingWebhookPathOwner omitted the isActive filter that the
runtime dispatcher (findAllWebhooksForPath) applies, so an inactive but
non-archived webhook from another workflow (e.g. after undeploy or
failure auto-disable) would permanently block any new deployment on that
path even though it never receives deliveries. Align the guard with the
runtime isActive + archivedAt filter; the earliest-owner runtime check
remains the authoritative cross-tenant protection. Also trims verbose
TSDoc on the webhook path-isolation helpers.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(security): exclude archived workflows from webhook deploy path conflict

findConflictingWebhookPathOwner now joins workflow and filters
isNull(workflow.archivedAt), matching the runtime dispatcher
(findAllWebhooksForPath). A webhook on an archived workflow can never
receive deliveries at runtime, so it must not block legitimate path reuse
with a 409.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(security): anchor KB file ownership to earliest document in any state

A KB file's owner is now the earliest document referencing its key regardless of
state (active/archived/deleted/excluded); access is granted only when that owning
document is still active. Closes the residual where an attacker could plant an
active document to claim a file whose original document was archived or deleted.

* updated greptile icon

* revert(security): drop KB file authorization changes

Reverts the knowledge-base file-access work (origin-pinning / owner-pinning /
origin allow-list in verifyKBFileAccess) and its test. The other hardening fixes
(SSO domain registration, webhook path isolation, workspace env secrets, CSV
export) are unchanged. apps/sim/app/api/files/authorization.ts is restored to its
origin/staging baseline.

* fix(sso): treat caller's own user-scoped provider as owned during conflict check

Self-hosters often register SSO user-scoped via the CLI script (no
SSO_ORGANIZATION_ID). If they later enable organizations and reconfigure the
same domain org-scoped through the UI, the conflict check previously treated
their own user-scoped row as another tenant's and returned a misleading 409.
Recognize the caller's own user-scoped provider as owned so that migration is
allowed, while still blocking another user's or another org's domain.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* revert(security): remove workspace-env admin gate

Defer to a credential-based access model (separate change). Restores
GET /api/workspaces/[id]/environment to main behavior and removes the test.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* refactor(security): consolidate webhook path-collision check into one helper

Extract findConflictingWebhookPathOwner to lib/webhooks/utils.server.ts as
the single source of truth for cross-tenant path-collision detection, used by
both webhook creation paths (deploy sync and the manual /api/webhooks route).

This also repairs two latent issues in the manual route's previous inline
check, which queried with limit(1) and only webhook.archivedAt:
- limit(1) inspected one arbitrary row, so a same-workflow row could mask a
  foreign collision (false negative). The shared helper scans all matching
  rows.
- It omitted isActive/workflow.archivedAt, so inactive or archived-workflow
  webhooks (which never receive deliveries) permanently blocked path reuse.
  The helper mirrors the runtime dispatcher's filter.

Same-workflow webhook reuse for upsert is now a separate, explicit lookup.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

Author: waleedlatif1

apps/docs/components/icons.tsx

@@ -0,0 +1,196 @@
+/**
+ * @vitest-environment node
+ */
+import { createEnvMock, createMockRequest } from '@sim/testing'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const {
+  mockGetSession,
+  mockRegisterSSOProvider,
+  mockHasSSOAccess,
+  mockValidateUrlWithDNS,
+  dbState,
+  memberTable,
+  ssoProviderTable,
+} = vi.hoisted(() => ({
+  mockGetSession: vi.fn(),
+  mockRegisterSSOProvider: vi.fn(),
+  mockHasSSOAccess: vi.fn(),
+  mockValidateUrlWithDNS: vi.fn(),
+  dbState: { members: [] as any[], providers: [] as any[] },
+  memberTable: {
+    userId: 'member.userId',
+    organizationId: 'member.organizationId',
+    role: 'member.role',
+  },
+  ssoProviderTable: {
+    id: 'sso.id',
+    providerId: 'sso.providerId',
+    domain: 'sso.domain',
+    issuer: 'sso.issuer',
+    userId: 'sso.userId',
+    organizationId: 'sso.organizationId',
+    oidcConfig: 'sso.oidcConfig',
+    samlConfig: 'sso.samlConfig',
+  },
+}))
+
+function makeBuilder(rows: any[]): any {
+  const thenable: any = Promise.resolve(rows)
+  thenable.where = (condition: any) => {
+    const values = condition?.values
+    if (Array.isArray(values) && values.length > 0) {
+      const target = String(values[values.length - 1]).toLowerCase()
+      return makeBuilder(rows.filter((r) => String(r.domain ?? '').toLowerCase() === target))
+    }
+    return makeBuilder(rows)
+  }
+  thenable.limit = () => Promise.resolve(rows)
+  thenable.orderBy = () => Promise.resolve(rows)
+  return thenable
+}
+
+vi.mock('@sim/db', () => ({
+  db: {
+    select: () => ({
+      from: (table: unknown) =>
+        makeBuilder(table === memberTable ? dbState.members : dbState.providers),
+    }),
+  },
+  member: memberTable,
+  ssoProvider: ssoProviderTable,
+}))
+
+vi.mock('@/lib/auth', () => ({
+  getSession: mockGetSession,
+  auth: { api: { registerSSOProvider: mockRegisterSSOProvider } },
+}))
+
+vi.mock('@/lib/billing', () => ({
+  hasSSOAccess: mockHasSSOAccess,
+}))
+
+vi.mock('@/lib/auth/sso/domain', () => ({
+  normalizeSSODomain: (input: unknown): string | null => {
+    if (typeof input !== 'string') return null
+    const value = input.trim().toLowerCase()
+    return /^[a-z0-9-]+(\.[a-z0-9-]+)+$/.test(value) ? value : null
+  },
+}))
+
+vi.mock('@/lib/core/security/input-validation.server', () => ({
+  validateUrlWithDNS: mockValidateUrlWithDNS,
+  secureFetchWithPinnedIP: vi.fn(),
+}))
+
+vi.mock('@/lib/core/config/env', () => createEnvMock({ SSO_ENABLED: 'true' }))
+
+import { POST } from '@/app/api/auth/sso/register/route'
+
+const OIDC_BODY = {
+  providerType: 'oidc' as const,
+  providerId: 'acme-oidc',
+  issuer: 'https://idp.acme.com',
+  domain: 'acme.com',
+  clientId: 'client-id',
+  clientSecret: 'client-secret',
+  authorizationEndpoint: 'https://idp.acme.com/authorize',
+  tokenEndpoint: 'https://idp.acme.com/token',
+  userInfoEndpoint: 'https://idp.acme.com/userinfo',
+  jwksEndpoint: 'https://idp.acme.com/jwks',
+}
+
+function request(body: Record<string, unknown>) {
+  return createMockRequest('POST', body)
+}
+
+describe('POST /api/auth/sso/register', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    dbState.members = []
+    dbState.providers = []
+    mockGetSession.mockResolvedValue({ user: { id: 'u1' } })
+    mockHasSSOAccess.mockResolvedValue(true)
+    mockValidateUrlWithDNS.mockResolvedValue({ isValid: true, resolvedIP: '1.2.3.4' })
+    mockRegisterSSOProvider.mockResolvedValue({ providerId: 'acme-oidc' })
+  })
+
+  it('rejects callers without an Enterprise plan', async () => {
+    mockHasSSOAccess.mockResolvedValue(false)
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(403)
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('rejects callers who are not an admin/owner of the target org', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'member' }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(403)
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('rejects an invalid domain', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    const res = await POST(request({ ...OIDC_BODY, domain: 'not-a-domain', orgId: 'org1' }))
+    expect(res.status).toBe(400)
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('rejects a domain already registered by another organization', async () => {
+    dbState.members = [{ organizationId: 'org-attacker', role: 'owner' }]
+    dbState.providers = [{ domain: 'acme.com', userId: 'u-victim', organizationId: 'org-victim' }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org-attacker' }))
+    const json = await res.json()
+    expect(res.status).toBe(409)
+    expect(json.code).toBe('SSO_DOMAIN_ALREADY_REGISTERED')
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('matches conflicts across casing variants', async () => {
+    dbState.members = [{ organizationId: 'org-attacker', role: 'owner' }]
+    dbState.providers = [{ domain: 'ACME.com', userId: 'u-victim', organizationId: 'org-victim' }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org-attacker' }))
+    expect(res.status).toBe(409)
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('registers when the domain is unclaimed', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(200)
+    expect(mockRegisterSSOProvider).toHaveBeenCalledTimes(1)
+  })
+
+  it('allows the owning tenant to update its own provider for the same domain', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    dbState.providers = [{ domain: 'acme.com', userId: 'u1', organizationId: 'org1' }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(200)
+    expect(mockRegisterSSOProvider).toHaveBeenCalledTimes(1)
+  })
+
+  it('lets an org admin adopt their own user-scoped provider for the same domain', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    dbState.providers = [{ domain: 'acme.com', userId: 'u1', organizationId: null }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(200)
+    expect(mockRegisterSSOProvider).toHaveBeenCalledTimes(1)
+  })
+
+  it("still blocks an org admin from claiming another user's user-scoped domain", async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    dbState.providers = [{ domain: 'acme.com', userId: 'someone-else', organizationId: null }]
+    const res = await POST(request({ ...OIDC_BODY, orgId: 'org1' }))
+    expect(res.status).toBe(409)
+    expect(mockRegisterSSOProvider).not.toHaveBeenCalled()
+  })
+
+  it('normalizes the domain before persisting it', async () => {
+    dbState.members = [{ organizationId: 'org1', role: 'owner' }]
+    const res = await POST(request({ ...OIDC_BODY, domain: 'ACME.com', orgId: 'org1' }))
+    expect(res.status).toBe(200)
+    expect(mockRegisterSSOProvider).toHaveBeenCalledTimes(1)
+    const config = mockRegisterSSOProvider.mock.calls[0][0].body
+    expect(config.domain).toBe('acme.com')
+  })
+})

apps/sim/app/api/auth/sso/register/route.test.ts

@@ -1,11 +1,12 @@
 import { db, member, ssoProvider } from '@sim/db'
 import { createLogger } from '@sim/logger'
 import { getErrorMessage } from '@sim/utils/errors'
-import { and, eq } from 'drizzle-orm'
+import { and, eq, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { ssoRegistrationContract } from '@/lib/api/contracts/auth'
 import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
 import { auth, getSession } from '@/lib/auth'
+import { normalizeSSODomain } from '@/lib/auth/sso/domain'
 import { hasSSOAccess } from '@/lib/billing'
 import { env } from '@/lib/core/config/env'
 import {
@@ -51,7 +52,7 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
     if (!parsed.success) return parsed.response
 
     const body = parsed.data.body
-    const { providerId, issuer, domain, providerType, mapping, orgId } = body
+    const { providerId, issuer, providerType, mapping, orgId } = body
 
     if (orgId) {
       const [membership] = await db
@@ -67,6 +68,43 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       }
     }
 
+    const domain = normalizeSSODomain(body.domain)
+    if (!domain) {
+      return NextResponse.json({ error: 'Enter a valid domain like company.com' }, { status: 400 })
+    }
+
+    const isOwnedByCaller = (provider: {
+      userId: string | null
+      organizationId: string | null
+    }): boolean => {
+      if (provider.userId === session.user.id && !provider.organizationId) return true
+      return orgId ? provider.organizationId === orgId : false
+    }
+
+    const existingProviders = await db
+      .select({
+        userId: ssoProvider.userId,
+        organizationId: ssoProvider.organizationId,
+      })
+      .from(ssoProvider)
+      .where(sql`lower(${ssoProvider.domain}) = ${domain}`)
+    const conflictingProvider = existingProviders.find((provider) => !isOwnedByCaller(provider))
+
+    if (conflictingProvider) {
+      logger.warn('Rejected SSO registration for domain owned by another tenant', {
+        domain,
+        orgId,
+        userId: session.user.id,
+      })
+      return NextResponse.json(
+        {
+          error: 'This domain is already registered for SSO by another organization.',
+          code: 'SSO_DOMAIN_ALREADY_REGISTERED',
+        },
+        { status: 409 }
+      )
+    }
+
     const headers: Record<string, string> = {}
     request.headers.forEach((value, key) => {
       headers[key] = value

apps/sim/app/api/auth/sso/register/route.ts

@@ -53,7 +53,9 @@ export const GET = withRouteHandler(async (request: NextRequest, { params }: Rou
       const encoder = new TextEncoder()
       try {
         if (format === 'csv') {
-          controller.enqueue(encoder.encode(`${toCsvRow(columns.map((c) => c.name))}\n`))
+          controller.enqueue(
+            encoder.encode(`${toCsvRow(columns.map((c) => neutralizeCsvFormula(c.name)))}\n`)
+          )
         } else {
           controller.enqueue(encoder.encode('['))
         }
@@ -111,10 +113,23 @@ function sanitizeFilename(name: string): string {
   return cleaned || 'table'
 }
 
+/**
+ * Prefixes a single quote to values starting with a spreadsheet formula trigger
+ * (`=`, `+`, `-`, `@`, tab, CR), neutralizing CSV injection in Excel/Sheets.
+ */
+function neutralizeCsvFormula(value: string): string {
+  return /^[=+\-@\t\r]/.test(value) ? `'${value}` : value
+}
+
+/**
+ * Serializes a cell for CSV. Only string cells are formula-neutralized; numbers,
+ * booleans, dates, and JSON objects can never form a trigger and pass through verbatim.
+ */
 function formatCsvValue(value: unknown): string {
   if (value === null || value === undefined) return ''
   if (value instanceof Date) return value.toISOString()
   if (typeof value === 'object') return JSON.stringify(value)
+  if (typeof value === 'string') return neutralizeCsvFormula(value)
   return String(value)
 }
 

apps/sim/app/api/table/[tableId]/export/route.ts

@@ -27,7 +27,10 @@ import {
 } from '@/lib/webhooks/provider-subscriptions'
 import { getProviderHandler } from '@/lib/webhooks/providers'
 import { mergeNonUserFields } from '@/lib/webhooks/utils'
-import { syncWebhooksForCredentialSet } from '@/lib/webhooks/utils.server'
+import {
+  findConflictingWebhookPathOwner,
+  syncWebhooksForCredentialSet,
+} from '@/lib/webhooks/utils.server'
 import { extractCredentialSetId, isCredentialSetValue } from '@/executor/constants'
 
 const logger = createLogger('WebhooksAPI')
@@ -330,21 +333,31 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
       }
     }
     if (!targetWebhookId) {
-      const existingByPath = await db
-        .select({ id: webhook.id, workflowId: webhook.workflowId })
+      const conflictingOwner = await findConflictingWebhookPathOwner({
+        path: finalPath,
+        workflowId,
+      })
+      if (conflictingOwner) {
+        logger.warn(`[${requestId}] Webhook path conflict: ${finalPath}`)
+        return NextResponse.json(
+          { error: 'Webhook path already exists.', code: 'PATH_EXISTS' },
+          { status: 409 }
+        )
+      }
+
+      const ownExisting = await db
+        .select({ id: webhook.id })
         .from(webhook)
-        .where(and(eq(webhook.path, finalPath), isNull(webhook.archivedAt)))
-        .limit(1)
-      if (existingByPath.length > 0) {
-        // If a webhook with the same path exists but belongs to a different workflow, return an error
-        if (existingByPath[0].workflowId !== workflowId) {
-          logger.warn(`[${requestId}] Webhook path conflict: ${finalPath}`)
-          return NextResponse.json(
-            { error: 'Webhook path already exists.', code: 'PATH_EXISTS' },
-            { status: 409 }
+        .where(
+          and(
+            eq(webhook.path, finalPath),
+            eq(webhook.workflowId, workflowId),
+            isNull(webhook.archivedAt)
           )
-        }
-        targetWebhookId = existingByPath[0].id
+        )
+        .limit(1)
+      if (ownExisting.length > 0) {
+        targetWebhookId = ownExisting[0].id
       }
     }