remove faulty auth checks:

icecrasher321 · icecrasher321 · commit 16d64125ccaa · 2026-02-23T03:40:48.000-08:00
diff --git a/apps/sim/app/api/tools/microsoft_planner/tasks/route.ts b/apps/sim/app/api/tools/microsoft_planner/tasks/route.ts
@@ -58,19 +58,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
 
diff --git a/apps/sim/app/api/tools/onedrive/files/route.ts b/apps/sim/app/api/tools/onedrive/files/route.ts
@@ -60,18 +60,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
     if (!accessToken) {
diff --git a/apps/sim/app/api/tools/onedrive/folder/route.ts b/apps/sim/app/api/tools/onedrive/folder/route.ts
@@ -48,14 +48,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-    if (credential.userId !== session.user.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
     if (!accessToken) {
diff --git a/apps/sim/app/api/tools/onedrive/folders/route.ts b/apps/sim/app/api/tools/onedrive/folders/route.ts
@@ -54,14 +54,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-    if (credential.userId !== session.user.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
     if (!accessToken) {
diff --git a/apps/sim/app/api/tools/sharepoint/site/route.ts b/apps/sim/app/api/tools/sharepoint/site/route.ts
@@ -48,14 +48,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-    if (credential.userId !== session.user.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
     if (!accessToken) {
diff --git a/apps/sim/app/api/tools/sharepoint/sites/route.ts b/apps/sim/app/api/tools/sharepoint/sites/route.ts
@@ -53,14 +53,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-    if (credential.userId !== session.user.id) {
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
     if (!accessToken) {
diff --git a/apps/sim/app/api/tools/wealthbox/item/route.ts b/apps/sim/app/api/tools/wealthbox/item/route.ts
@@ -80,19 +80,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
 
diff --git a/apps/sim/app/api/tools/wealthbox/items/route.ts b/apps/sim/app/api/tools/wealthbox/items/route.ts
@@ -80,19 +80,11 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Credential not found' }, { status: 404 })
     }
 
-    const credential = credentials[0]
-
-    if (credential.userId !== session.user.id) {
-      logger.warn(`[${requestId}] Unauthorized credential access attempt`, {
-        credentialUserId: credential.userId,
-        requestUserId: session.user.id,
-      })
-      return NextResponse.json({ error: 'Unauthorized' }, { status: 403 })
-    }
+    const accountRow = credentials[0]
 
     const accessToken = await refreshAccessTokenIfNeeded(
       resolved.accountId,
-      session.user.id,
+      accountRow.userId,
       requestId
     )
 
