Skip to content

fix(google-forms): fail-closed auth, legacy formId key fallback, idempotency#5377

Merged
waleedlatif1 merged 1 commit into
stagingfrom
worktree-validate-trigger-google-forms
Jul 2, 2026
Merged

fix(google-forms): fail-closed auth, legacy formId key fallback, idempotency#5377
waleedlatif1 merged 1 commit into
stagingfrom
worktree-validate-trigger-google-forms

Conversation

@waleedlatif1

Copy link
Copy Markdown
Collaborator

Summary

  • verifyAuth now rejects with 401 when no token is configured instead of silently allowing unauthenticated requests through
  • formatInput's form-id fallback now checks triggerFormId (current subBlock id) then falls back to the legacy formId key — the subBlock was renamed in fix(inputs): canonical params + manual validations + params resolution cleanups #3141 but the handler was never updated, so ~8 webhooks deployed before that rename still store the old key in provider_config
  • Added extractIdempotencyId (keyed on formId:responseId) so retried Apps Script deliveries get deduped like other providers

Type of Change

  • Bug fix

Testing

  • Verified against production webhook table: 0 of 14 Google Forms webhooks (active, inactive, archived) have a missing/empty token, so the fail-closed change can't break any existing deployment
  • Confirmed the legacy formId key is real prod data (8 of 14 active webhooks), not dead code, and added the fallback accordingly
  • bun run type-check and vitest run lib/webhooks/providers (151/151) pass

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel

vercel Bot commented Jul 2, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jul 2, 2026 6:50pm

Request Review

@cursor

cursor Bot commented Jul 2, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes webhook auth to fail-closed and alters form-id resolution for legacy deployments; impact is limited to Google Forms provider code and existing prod webhooks reportedly all have tokens configured.

Overview
Tightens Google Forms webhook handling in three ways.

Authentication now fails closed: if no webhook secret is in provider_config, the handler returns 401 instead of treating the request as authenticated.

Form ID resolution in formatInput now falls back to provider_config.triggerFormId, then the legacy formId key (pre-#3141 deployments), so stored config still populates formId when the body omits it.

Adds extractIdempotencyId (google_forms:{responseId}) so duplicate Apps Script deliveries are deduped like other providers; the key is scoped per webhook and does not use formId from the body alone.

Reviewed by Cursor Bugbot for commit 8b0c750. Configure here.

Comment thread apps/sim/lib/webhooks/providers/google-forms.ts Outdated
@greptile-apps

greptile-apps Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes three bugs in the Google Forms webhook provider: fail-closed auth (previously unauthenticated requests were silently allowed through), a legacy formId key fallback for ~8 pre-#3141 webhooks that store providerConfig.formId instead of providerConfig.triggerFormId, and adds extractIdempotencyId to deduplicate retried Apps Script deliveries using responseId alone (with formId deliberately excluded per the prior review discussion).

  • Fail-closed auth: verifyAuth now returns 401 when no token is configured instead of null, closing an unauthenticated path. The PR confirms all 14 production webhooks have tokens set, so no existing deployment is affected.
  • Legacy key fallback: formatInput now checks b?.formId → providerConfig.triggerFormId → providerConfig.formId in order, handling both current and pre-rename provider configs.
  • Idempotency: New extractIdempotencyId keyed on google_forms:${responseId}, returning null when responseId is absent to skip deduplication rather than risk a bogus key.

Confidence Score: 5/5

Safe to merge — all three changes are narrow, well-verified fixes to the Google Forms provider with no risk to other providers.

The auth fix is conservative (fail-closed, verified against all 14 prod webhooks), the formId fallback correctly preserves the pre-#3141 key for legacy configs, and the idempotency key drops the fragile formId component leaving a clean responseId-based key scoped by webhookId.

No files require special attention.

Important Files Changed

Filename Overview
apps/sim/lib/webhooks/providers/google-forms.ts Three targeted fixes: fail-closed auth, legacy formId key fallback, and new extractIdempotencyId — all well-commented and correctly implemented.

Sequence Diagram

%%{init: {'theme': 'neutral'}}%%
sequenceDiagram
    participant AS as Apps Script
    participant WH as Webhook Processor
    participant GF as GoogleForms Handler
    participant IQ as Idempotency Queue

    AS->>WH: "POST /webhook/{id} (with token header)"
    WH->>GF: verifyAuth(request, providerConfig)
    alt No token configured
        GF-->>WH: 401 Unauthorized (fail-closed)
        WH-->>AS: 401 response
    else Token present but invalid
        GF-->>WH: 401 Unauthorized
        WH-->>AS: 401 response
    else Token valid
        GF-->>WH: null (pass)
        WH->>GF: extractIdempotencyId(body)
        GF-->>WH: "google_forms:{responseId} or null"
        WH->>IQ: "dedup check (webhookId:google_forms:{responseId})"
        alt Duplicate
            IQ-->>WH: already processed
            WH-->>AS: 200 (deduplicated)
        else New
            WH->>GF: formatInput(body, providerConfig)
            Note over GF: formId = body.formId || providerConfig.triggerFormId || providerConfig.formId
            GF-->>WH: formatted input
            WH->>IQ: enqueue execution
            WH-->>AS: 200 Webhook processed
        end
    end
Loading
%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
sequenceDiagram
    participant AS as Apps Script
    participant WH as Webhook Processor
    participant GF as GoogleForms Handler
    participant IQ as Idempotency Queue

    AS->>WH: "POST /webhook/{id} (with token header)"
    WH->>GF: verifyAuth(request, providerConfig)
    alt No token configured
        GF-->>WH: 401 Unauthorized (fail-closed)
        WH-->>AS: 401 response
    else Token present but invalid
        GF-->>WH: 401 Unauthorized
        WH-->>AS: 401 response
    else Token valid
        GF-->>WH: null (pass)
        WH->>GF: extractIdempotencyId(body)
        GF-->>WH: "google_forms:{responseId} or null"
        WH->>IQ: "dedup check (webhookId:google_forms:{responseId})"
        alt Duplicate
            IQ-->>WH: already processed
            WH-->>AS: 200 (deduplicated)
        else New
            WH->>GF: formatInput(body, providerConfig)
            Note over GF: formId = body.formId || providerConfig.triggerFormId || providerConfig.formId
            GF-->>WH: formatted input
            WH->>IQ: enqueue execution
            WH-->>AS: 200 Webhook processed
        end
    end
Loading

Reviews (2): Last reviewed commit: "fix(google-forms): fail-closed auth, leg..." | Re-trigger Greptile

Comment thread apps/sim/lib/webhooks/providers/google-forms.ts
@waleedlatif1 waleedlatif1 force-pushed the worktree-validate-trigger-google-forms branch from 6a64062 to 30eb669 Compare July 2, 2026 18:47
…potency

- verifyAuth now rejects with 401 when no token is configured instead of
  silently allowing unauthenticated requests through
- formatInput falls back to the legacy formId providerConfig key (pre-#3141
  rename to triggerFormId) so old deployments keep working
- add extractIdempotencyId keyed on formId:responseId to dedupe retried
  Apps Script deliveries
@waleedlatif1 waleedlatif1 force-pushed the worktree-validate-trigger-google-forms branch from 30eb669 to 8b0c750 Compare July 2, 2026 18:50
@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

Copy link
Copy Markdown
Collaborator Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 8b0c750. Configure here.

@waleedlatif1 waleedlatif1 merged commit 06dd811 into staging Jul 2, 2026
18 checks passed
@waleedlatif1 waleedlatif1 deleted the worktree-validate-trigger-google-forms branch July 2, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant