code · pull · Mar 24, 2026 · Mar 24, 2026 · Mar 24, 2026 · Mar 24, 2026
diff --git a/packages/agentflow/src/infrastructure/api/credentials.test.ts b/packages/agentflow/src/infrastructure/api/credentials.test.ts
@@ -33,5 +33,15 @@ describe('bindCredentialsApi', () => {
             expect(mockClient.get).toHaveBeenCalledWith('/credentials', { params: { credentialName: 'openAIApi' } })
             expect(result).toEqual(mockCredentials)
         })
+
+        it('should not expose encryptedData in the response', async () => {
+            const mockCredentials = [{ id: '1', name: 'My OpenAI Key', credentialName: 'openAIApi' }]
+            ;(mockClient.get as jest.Mock).mockResolvedValue({ data: mockCredentials })
+
+            const result = await api.getCredentialsByName('openAIApi')
+            for (const credential of result) {
+                expect(credential).not.toHaveProperty('encryptedData')
+            }
+        })
     })
 })
diff --git a/packages/server/src/controllers/tools/index.ts b/packages/server/src/controllers/tools/index.ts
@@ -18,9 +18,17 @@ const createTool = async (req: Request, res: Response, next: NextFunction) => {
             throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Error: toolsController.createTool - workspace ${workspaceId} not found!`)
         }
         const body = req.body
-        body.workspaceId = workspaceId
+        // Explicit allowlist — id/workspaceId/timestamps must not be overrideable by client
+        const toolBody: Record<string, unknown> = {}
+        if (body.name !== undefined) toolBody.name = body.name
+        if (body.description !== undefined) toolBody.description = body.description
+        if (body.color !== undefined) toolBody.color = body.color
+        if (body.iconSrc !== undefined) toolBody.iconSrc = body.iconSrc
+        if (body.schema !== undefined) toolBody.schema = body.schema
+        if (body.func !== undefined) toolBody.func = body.func
+        toolBody.workspaceId = workspaceId
 
-        const apiResponse = await toolsService.createTool(body, orgId)
+        const apiResponse = await toolsService.createTool(toolBody, orgId)
         return res.json(apiResponse)
     } catch (error) {
         next(error)
@@ -84,7 +92,16 @@ const updateTool = async (req: Request, res: Response, next: NextFunction) => {
         if (!workspaceId) {
             throw new InternalFlowiseError(StatusCodes.NOT_FOUND, `Error: toolsController.updateTool - workspace ${workspaceId} not found!`)
         }
-        const apiResponse = await toolsService.updateTool(req.params.id, req.body, workspaceId)
+        const body = req.body
+        // Explicit allowlist — id/workspaceId/timestamps must not be overrideable by client
+        const toolBody: Record<string, unknown> = {}
+        if (body.name !== undefined) toolBody.name = body.name
+        if (body.description !== undefined) toolBody.description = body.description
+        if (body.color !== undefined) toolBody.color = body.color
+        if (body.iconSrc !== undefined) toolBody.iconSrc = body.iconSrc
+        if (body.schema !== undefined) toolBody.schema = body.schema
+        if (body.func !== undefined) toolBody.func = body.func
+        const apiResponse = await toolsService.updateTool(req.params.id, toolBody, workspaceId)
         return res.json(apiResponse)
     } catch (error) {
         next(error)

diff --git a/packages/server/src/enterprise/middleware/passport/SessionPersistance.ts b/packages/server/src/enterprise/middleware/passport/SessionPersistance.ts
@@ -163,7 +163,7 @@ export const destroyAllSessionsForUser = async (userId: string): Promise<void> =
                     await repository
                         .createQueryBuilder()
                         .delete()
-                        .where(`JSON_EXTRACT(sess, '$.passport.user.id') = :userId`, { userId })
+                        .where(`JSON_EXTRACT(data, '$.passport.user.id') = :userId`, { userId }) // express-mysql-session uses column name 'data' for session payload, not 'sess'
                         .execute()
                     break
                 case 'postgres':

diff --git a/packages/server/src/services/credentials/index.ts b/packages/server/src/services/credentials/index.ts
@@ -60,15 +60,15 @@ const getAllCredentials = async (paramCredentialName: any, workspaceId: string)
                         ...getWorkspaceSearchOptions(workspaceId)
                     }
                     const credentials = await appServer.AppDataSource.getRepository(Credential).findBy(searchOptions)
-                    dbResponse.push(...credentials)
+                    dbResponse.push(...credentials.map((c) => omit(c, ['encryptedData'])))
                 }
             } else {
                 const searchOptions = {
                     credentialName: paramCredentialName,
                     ...getWorkspaceSearchOptions(workspaceId)
                 }
                 const credentials = await appServer.AppDataSource.getRepository(Credential).findBy(searchOptions)
-                dbResponse = [...credentials]
+                dbResponse = credentials.map((c) => omit(c, ['encryptedData']))
             }
             // get shared credentials
             if (workspaceId) {

diff --git a/packages/server/src/services/tools/index.ts b/packages/server/src/services/tools/index.ts
@@ -95,6 +95,7 @@ const updateTool = async (toolId: string, toolBody: any, workspaceId: string): P
         const updateTool = new Tool()
         Object.assign(updateTool, toolBody)
         appServer.AppDataSource.getRepository(Tool).merge(tool, updateTool)
+        tool.workspaceId = workspaceId // defense-in-depth: never trust client-supplied workspaceId
         const dbResponse = await appServer.AppDataSource.getRepository(Tool).save(tool)
         return dbResponse
     } catch (error) {