Skip to content

fix(hubspot): selector fetchOptions default + credentialId validation#4723

Merged
waleedlatif1 merged 3 commits into
stagingfrom
waleedlatif1/hubspot-trigger-followup-fixes
May 22, 2026
Merged

fix(hubspot): selector fetchOptions default + credentialId validation#4723
waleedlatif1 merged 3 commits into
stagingfrom
waleedlatif1/hubspot-trigger-followup-fixes

Conversation

@waleedlatif1
Copy link
Copy Markdown
Collaborator

@waleedlatif1 waleedlatif1 commented May 22, 2026

Summary

  • Fall back to the objectType default ('contact') in trigger selector fetchOptions so the properties/pipelines/stages/ownerId dropdowns populate on first paint instead of waiting for the user to re-pick the default.
  • Validate credentialId with validateAlphanumericId in the 4 HubSpot selector routes (properties, lists, pipelines, owners), matching the Gmail/Webflow/Jira security pattern.

Type of Change

  • Bug fix

Testing

Tested manually — properties dropdown now populates immediately after selecting a credential. Type-check, check:api-validation, and lint-staged biome all pass.

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

waleedlatif1 and others added 2 commits May 22, 2026 08:50
@waleedlatif1 @claude
fix(hubspot): fall back to objectType default in selector fetchOptions
84fe0e4 
useSubBlockStore.getValue returns null for default-valued dropdowns
until the user interacts with them. The properties, pipelines, stages,
and ownerId selectors were treating that as "no selection" and
short-circuiting, so the dropdowns appeared empty even though the
trigger uses 'contact' as the visible default.

Adds resolveSelectedObjectType to mirror the rendered default, so the
selectors fire on first paint with a valid objectType.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@waleedlatif1 @claude
fix(hubspot): validate credentialId in selector routes
f32b53b 
Mirrors the Gmail/Webflow/Jira selector route security pattern by
rejecting non-alphanumeric credentialId values before authorization
or token refresh.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 22, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped May 22, 2026 3:57pm

Request Review

@cursor
Copy link
Copy Markdown

cursor Bot commented May 22, 2026
edited
Loading

PR Summary

Low Risk
Low risk: adds early credentialId input validation to HubSpot selector routes and adjusts trigger dropdown option resolution to use the default objectType, which should only affect error handling and initial UI population.

Overview
Improves HubSpot selector API hardening by validating credentialId with validateAlphanumericId in the lists, owners, pipelines, and properties routes, returning 400 on invalid input.

Fixes HubSpot polling trigger dropdowns to resolve the effective objectType (defaulting to contact until the user interacts, and handling custom object IDs), so dependent fetchOptions populate correctly on first render; also makes missing-credential cases throw explicit errors instead of silently returning empty options in a few selectors.

Reviewed by Cursor Bugbot for commit 45cbd18. Configure here.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented May 22, 2026
edited
Loading

Greptile Summary

This PR fixes two related issues in the HubSpot trigger: (1) property/pipeline/owner dropdowns on first render were empty because getValue returns null for untouched fields, so objectType ?? 'contact' was not being applied; and (2) the four HubSpot selector API routes lacked credentialId input validation, which is now added consistently via validateAlphanumericId to match the Gmail/Webflow/Jira pattern.

  • poller.ts: Introduces resolveSelectedObjectType(blockId) helper that encapsulates the ?? 'contact' default and the customcustomObjectTypeId branch; all five fetchOptions callbacks now use it. Missing-credential guards in pipelineId, stageId, and ownerId are changed from return [] to throw new Error(...), consistent with how the properties selector signals an unresolvable state.
  • API routes (lists, owners, pipelines, properties): validateAlphanumericId(credentialId, 'credentialId', 255) is added before authorizeCredentialUse, rejecting clearly malformed values early with a 400 response.

Confidence Score: 5/5

Safe to merge — targeted bug fixes with no regressions identified.

The changes are well-scoped: the resolveSelectedObjectType helper correctly centralises the null→'contact' default and the custom-object branch, and the four API routes now validate credentialId early in a pattern already established by other integrations. UUIDs (the actual credential ID format) pass validateAlphanumericId without issue.

No files require special attention.

Important Files Changed

Filename Overview
apps/sim/triggers/hubspot/poller.ts Introduces resolveSelectedObjectType helper and applies it to all fetchOptions; also adds isCredentialSetValue guard to stageId which was missing before. Logic is sound and consistent.
apps/sim/app/api/tools/hubspot/properties/route.ts Adds validateAlphanumericId guard for credentialId before authorizeCredentialUse, matching the pattern used in other integrations.
apps/sim/app/api/tools/hubspot/pipelines/route.ts Same validateAlphanumericId addition as properties/route.ts — clean and consistent.
apps/sim/app/api/tools/hubspot/lists/route.ts Same validateAlphanumericId addition — clean and consistent.
apps/sim/app/api/tools/hubspot/owners/route.ts Same validateAlphanumericId addition — clean and consistent.

Reviews (2): Last reviewed commit: "fix(hubspot): use resolveSelectedObjectT..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps Bot reviewed May 22, 2026
View reviewed changes
Comment thread apps/sim/triggers/hubspot/poller.ts Outdated
cursor[bot]
cursor Bot reviewed May 22, 2026
View reviewed changes
Comment thread apps/sim/triggers/hubspot/poller.ts
@waleedlatif1 @claude
fix(hubspot): use resolveSelectedObjectType in pipelineId/stageId fet…
45cbd18 
…chOptions

Both selectors used inline `?? 'contact'` fallbacks while properties and
targetPropertyName already routed through the resolver. Switch to the
shared helper so custom-object handling stays consistent across every
cascading selector.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented May 22, 2026

@greptile

@waleedlatif1
Copy link
Copy Markdown
Collaborator Author

waleedlatif1 commented May 22, 2026

@cursor review

cursor[bot]
cursor Bot reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit 45cbd18. Configure here.

@waleedlatif1 waleedlatif1 merged commit 19b5099 into staging May 22, 2026
14 checks passed
@waleedlatif1 waleedlatif1 deleted the waleedlatif1/hubspot-trigger-followup-fixes branch May 22, 2026 16:07
@waleedlatif1 waleedlatif1 mentioned this pull request May 22, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1