feat(credentials): multiple credentials per provider (#3211)

* feat(mult-credentials): progress

* checkpoint

* make it autoselect personal secret when create secret is clicked

* improve collaborative UX

* remove add member ui for workspace secrets

* bulk entry of .env

* promote to workspace secret

* more ux improvmeent

* share with workspace for oauth

* remove new badge

* share button

* copilot + oauth name comflict

* reconnect option to connect diff account

* remove credential no access marker

* canonical credential id entry

* remove migration to prep stagin migration

* migration readded

* backfill improvements

* run lint

* fix tests

* remove unused code

* autoselect provider when connecting from block

* address bugbot comments

* remove some dead code

* more permissions stuff

* remove more unused code

* address bugbot

* add filter

* remove migration to prep migration

* fix migration

* fix migration issues

* remove migration prep merge

* readd migration

* include user tables triggers

* extract shared code

* fix

* fix tx issue

* remove migration to prep merge

* readd migration

* fix agent tool input

* agent with tool input deletion case

* fix credential subblock saving

* remove dead code

* fix tests

* address bugbot comments

Author: icecrasher321

apps/sim/app/api/auth/accounts/route.ts

@@ -1,7 +1,7 @@
 import { db } from '@sim/db'
 import { account } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq } from 'drizzle-orm'
+import { and, desc, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { getSession } from '@/lib/auth'
 
@@ -31,15 +31,13 @@ export async function GET(request: NextRequest) {
       })
       .from(account)
       .where(and(...whereConditions))
-
-    // Use the user's email as the display name (consistent with credential selector)
-    const userEmail = session.user.email
+      .orderBy(desc(account.updatedAt))
 
     const accountsWithDisplayName = accounts.map((acc) => ({
       id: acc.id,
       accountId: acc.accountId,
       providerId: acc.providerId,
-      displayName: userEmail || acc.providerId,
+      displayName: acc.accountId || acc.providerId,
     }))
 
     return NextResponse.json({ accounts: accountsWithDisplayName })

apps/sim/app/api/auth/oauth/credentials/route.test.ts

@@ -57,10 +57,6 @@ describe('OAuth Credentials API Route', () => {
       eq: vi.fn((field, value) => ({ field, value, type: 'eq' })),
     }))
 
-    vi.doMock('jwt-decode', () => ({
-      jwtDecode: vi.fn(),
-    }))
-
     vi.doMock('@sim/logger', () => ({
       createLogger: vi.fn().mockReturnValue(mockLogger),
     }))
@@ -84,64 +80,6 @@ describe('OAuth Credentials API Route', () => {
     vi.clearAllMocks()
   })
 
-  it('should return credentials successfully', async () => {
-    mockGetSession.mockResolvedValueOnce({
-      user: { id: 'user-123' },
-    })
-
-    mockParseProvider.mockReturnValueOnce({
-      baseProvider: 'google',
-    })
-
-    const mockAccounts = [
-      {
-        id: 'credential-1',
-        userId: 'user-123',
-        providerId: 'google-email',
-        accountId: 'test@example.com',
-        updatedAt: new Date('2024-01-01'),
-        idToken: null,
-      },
-      {
-        id: 'credential-2',
-        userId: 'user-123',
-        providerId: 'google-default',
-        accountId: 'user-id',
-        updatedAt: new Date('2024-01-02'),
-        idToken: null,
-      },
-    ]
-
-    mockDb.select.mockReturnValueOnce(mockDb)
-    mockDb.from.mockReturnValueOnce(mockDb)
-    mockDb.where.mockResolvedValueOnce(mockAccounts)
-
-    mockDb.select.mockReturnValueOnce(mockDb)
-    mockDb.from.mockReturnValueOnce(mockDb)
-    mockDb.where.mockReturnValueOnce(mockDb)
-    mockDb.limit.mockResolvedValueOnce([{ email: 'user@example.com' }])
-
-    const req = createMockRequestWithQuery('GET', '?provider=google-email')
-
-    const { GET } = await import('@/app/api/auth/oauth/credentials/route')
-
-    const response = await GET(req)
-    const data = await response.json()
-
-    expect(response.status).toBe(200)
-    expect(data.credentials).toHaveLength(2)
-    expect(data.credentials[0]).toMatchObject({
-      id: 'credential-1',
-      provider: 'google-email',
-      isDefault: false,
-    })
-    expect(data.credentials[1]).toMatchObject({
-      id: 'credential-2',
-      provider: 'google-default',
-      isDefault: true,
-    })
-  })
-
   it('should handle unauthenticated user', async () => {
     mockGetSession.mockResolvedValueOnce(null)
 
@@ -198,71 +136,19 @@ describe('OAuth Credentials API Route', () => {
     expect(data.credentials).toHaveLength(0)
   })
 
-  it('should decode ID token for display name', async () => {
-    const { jwtDecode } = await import('jwt-decode')
-    const mockJwtDecode = jwtDecode as any
-
+  it('should return empty credentials when no workspace context', async () => {
     mockGetSession.mockResolvedValueOnce({
       user: { id: 'user-123' },
     })
 
-    mockParseProvider.mockReturnValueOnce({
-      baseProvider: 'google',
-    })
-
-    const mockAccounts = [
-      {
-        id: 'credential-1',
-        userId: 'user-123',
-        providerId: 'google-default',
-        accountId: 'google-user-id',
-        updatedAt: new Date('2024-01-01'),
-        idToken: 'mock-jwt-token',
-      },
-    ]
-
-    mockJwtDecode.mockReturnValueOnce({
-      email: 'decoded@example.com',
-      name: 'Decoded User',
-    })
-
-    mockDb.select.mockReturnValueOnce(mockDb)
-    mockDb.from.mockReturnValueOnce(mockDb)
-    mockDb.where.mockResolvedValueOnce(mockAccounts)
-
-    const req = createMockRequestWithQuery('GET', '?provider=google')
+    const req = createMockRequestWithQuery('GET', '?provider=google-email')
 
     const { GET } = await import('@/app/api/auth/oauth/credentials/route')
 
     const response = await GET(req)
     const data = await response.json()
 
     expect(response.status).toBe(200)
-    expect(data.credentials[0].name).toBe('decoded@example.com')
-  })
-
-  it('should handle database error', async () => {
-    mockGetSession.mockResolvedValueOnce({
-      user: { id: 'user-123' },
-    })
-
-    mockParseProvider.mockReturnValueOnce({
-      baseProvider: 'google',
-    })
-
-    mockDb.select.mockReturnValueOnce(mockDb)
-    mockDb.from.mockReturnValueOnce(mockDb)
-    mockDb.where.mockRejectedValueOnce(new Error('Database error'))
-
-    const req = createMockRequestWithQuery('GET', '?provider=google')
-
-    const { GET } = await import('@/app/api/auth/oauth/credentials/route')
-
-    const response = await GET(req)
-    const data = await response.json()
-
-    expect(response.status).toBe(500)
-    expect(data.error).toBe('Internal server error')
-    expect(mockLogger.error).toHaveBeenCalled()
+    expect(data.credentials).toHaveLength(0)
   })
 })