From 90a5fcc541d43a167a667dfb6b498e855dfc3656 Mon Sep 17 00:00:00 2001
From: Alex Grozav <alex@grozav.com>
Date: Fri, 16 Aug 2024 10:45:12 +0300
Subject: [PATCH 1/8] feat(editor): Add `registerCustomAction` to new canvas
 (no-changelog) (#10359)

---
 packages/editor-ui/src/App.vue                |  2 +-
 .../src/composables/useGlobalLinkActions.ts   |  4 +-
 packages/editor-ui/src/views/NodeView.v2.vue  | 59 +++++++++++--------
 packages/editor-ui/src/views/NodeView.vue     |  2 +-
 4 files changed, 40 insertions(+), 27 deletions(-)

diff --git a/packages/editor-ui/src/App.vue b/packages/editor-ui/src/App.vue
index 835ddd11c052e..cc9c1415003eb 100644
--- a/packages/editor-ui/src/App.vue
+++ b/packages/editor-ui/src/App.vue
@@ -47,7 +47,7 @@ import AskAssistantFloatingButton from '@/components/AskAssistant/AskAssistantFl
 import { HIRING_BANNER, VIEWS } from '@/constants';
 
 import { loadLanguage } from '@/plugins/i18n';
-import useGlobalLinkActions from '@/composables/useGlobalLinkActions';
+import { useGlobalLinkActions } from '@/composables/useGlobalLinkActions';
 import { useExternalHooks } from '@/composables/useExternalHooks';
 import { useToast } from '@/composables/useToast';
 import { useCloudPlanStore } from '@/stores/cloudPlan.store';
diff --git a/packages/editor-ui/src/composables/useGlobalLinkActions.ts b/packages/editor-ui/src/composables/useGlobalLinkActions.ts
index 801fe1f71b6a7..8e493f0cb7ee1 100644
--- a/packages/editor-ui/src/composables/useGlobalLinkActions.ts
+++ b/packages/editor-ui/src/composables/useGlobalLinkActions.ts
@@ -10,7 +10,7 @@ const state = reactive({
 	delegatedClickHandler: null as null | ((e: MouseEvent) => void),
 });
 
-export default () => {
+export function useGlobalLinkActions() {
 	function registerCustomAction({ key, action }: { key: string; action: Function }) {
 		state.customActions[key] = action;
 	}
@@ -76,4 +76,4 @@ export default () => {
 		registerCustomAction,
 		unregisterCustomAction,
 	};
-};
+}
diff --git a/packages/editor-ui/src/views/NodeView.v2.vue b/packages/editor-ui/src/views/NodeView.v2.vue
index 465505cc438d3..3a8e2411cd985 100644
--- a/packages/editor-ui/src/views/NodeView.v2.vue
+++ b/packages/editor-ui/src/views/NodeView.v2.vue
@@ -18,6 +18,7 @@ import CanvasRunWorkflowButton from '@/components/canvas/elements/buttons/Canvas
 import { useI18n } from '@/composables/useI18n';
 import { useWorkflowsStore } from '@/stores/workflows.store';
 import { useRunWorkflow } from '@/composables/useRunWorkflow';
+import { useGlobalLinkActions } from '@/composables/useGlobalLinkActions';
 import type {
 	AddedNodesAndConnections,
 	IExecutionResponse,
@@ -135,6 +136,7 @@ const templatesStore = useTemplatesStore();
 
 const canvasEventBus = createEventBus();
 
+const { registerCustomAction } = useGlobalLinkActions();
 const { runWorkflow, stopCurrentExecution, stopWaitingForWebhook } = useRunWorkflow({ router });
 const {
 	updateNodePosition,
@@ -844,6 +846,10 @@ async function onOpenSelectiveNodeCreator(node: string, connectionType: NodeConn
 	nodeCreatorStore.openSelectiveNodeCreator({ node, connectionType });
 }
 
+async function onOpenNodeCreatorForTriggerNodes(source: NodeCreatorOpenSource) {
+	nodeCreatorStore.openNodeCreatorForTriggerNodes(source);
+}
+
 function onOpenNodeCreatorFromCanvas(source: NodeCreatorOpenSource) {
 	onOpenNodeCreator({ createNodeActive: true, source });
 }
@@ -1347,29 +1353,36 @@ function onClickPane(position: CanvasNode['position']) {
  */
 
 function registerCustomActions() {
-	// @TODO Implement these
-	// this.registerCustomAction({
-	// 	key: 'openNodeDetail',
-	// 	action: ({ node }: { node: string }) => {
-	// 		this.nodeSelectedByName(node, true);
-	// 	},
-	// });
-	//
-	// this.registerCustomAction({
-	// 	key: 'openSelectiveNodeCreator',
-	// 	action: this.openSelectiveNodeCreator,
-	// });
-	//
-	// this.registerCustomAction({
-	// 	key: 'showNodeCreator',
-	// 	action: () => {
-	// 		this.ndvStore.activeNodeName = null;
-	//
-	// 		void this.$nextTick(() => {
-	// 			this.showTriggerCreator(NODE_CREATOR_OPEN_SOURCES.TAB);
-	// 		});
-	// 	},
-	// });
+	registerCustomAction({
+		key: 'openNodeDetail',
+		action: ({ node }: { node: string }) => {
+			setNodeActiveByName(node);
+		},
+	});
+
+	registerCustomAction({
+		key: 'openSelectiveNodeCreator',
+		action: ({
+			connectiontype: connectionType,
+			node,
+		}: {
+			connectiontype: NodeConnectionType;
+			node: string;
+		}) => {
+			void onOpenSelectiveNodeCreator(node, connectionType);
+		},
+	});
+
+	registerCustomAction({
+		key: 'showNodeCreator',
+		action: () => {
+			ndvStore.activeNodeName = null;
+
+			void nextTick(() => {
+				void onOpenNodeCreatorForTriggerNodes(NODE_CREATOR_OPEN_SOURCES.TAB);
+			});
+		},
+	});
 }
 
 /**
diff --git a/packages/editor-ui/src/views/NodeView.vue b/packages/editor-ui/src/views/NodeView.vue
index 4ef91b2b1a875..23fb4e034653e 100644
--- a/packages/editor-ui/src/views/NodeView.vue
+++ b/packages/editor-ui/src/views/NodeView.vue
@@ -261,7 +261,7 @@ import {
 	VALID_WORKFLOW_IMPORT_URL_REGEX,
 } from '@/constants';
 
-import useGlobalLinkActions from '@/composables/useGlobalLinkActions';
+import { useGlobalLinkActions } from '@/composables/useGlobalLinkActions';
 import { useNodeHelpers } from '@/composables/useNodeHelpers';
 import useCanvasMouseSelect from '@/composables/useCanvasMouseSelect';
 import { useExecutionDebugging } from '@/composables/useExecutionDebugging';

From 9d6ad88c14a88fd0dfcb4f9981e38d19cf5f3067 Mon Sep 17 00:00:00 2001
From: Jon <jonathan.bennetts@gmail.com>
Date: Fri, 16 Aug 2024 08:57:21 +0100
Subject: [PATCH 2/8] fix(Respond to Webhook Node): Fix issue preventing the
 chat trigger from working (#9886)

Co-authored-by: Shireen Missi <shireen@n8n.io>
---
 .../nodes/RespondToWebhook/RespondToWebhook.node.ts         | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/nodes-base/nodes/RespondToWebhook/RespondToWebhook.node.ts b/packages/nodes-base/nodes/RespondToWebhook/RespondToWebhook.node.ts
index d9de41cc15ba8..fbb1a6af5622f 100644
--- a/packages/nodes-base/nodes/RespondToWebhook/RespondToWebhook.node.ts
+++ b/packages/nodes-base/nodes/RespondToWebhook/RespondToWebhook.node.ts
@@ -290,7 +290,11 @@ export class RespondToWebhook implements INodeType {
 		const items = this.getInputData();
 		const nodeVersion = this.getNode().typeVersion;
 
-		const WEBHOOK_NODE_TYPES = ['n8n-nodes-base.webhook', 'n8n-nodes-base.formTrigger'];
+		const WEBHOOK_NODE_TYPES = [
+			'n8n-nodes-base.webhook',
+			'n8n-nodes-base.formTrigger',
+			'@n8n/n8n-nodes-langchain.chatTrigger',
+		];
 
 		try {
 			if (nodeVersion >= 1.1) {

From 91467ab325e4c71c20c522f3143246d270101626 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= <ivov.src@gmail.com>
Date: Fri, 16 Aug 2024 10:49:08 +0200
Subject: [PATCH 3/8] fix(core): Fix XSS validation and separate URL validation
 (#10424)

---
 packages/cli/package.json                     |  1 +
 packages/cli/src/GenericHelpers.ts            |  2 +-
 packages/cli/src/databases/entities/User.ts   |  5 +-
 .../utils/__tests__/customValidators.test.ts  | 43 -----------
 .../src/databases/utils/customValidators.ts   | 18 -----
 packages/cli/src/requests.ts                  |  5 +-
 .../__tests__/no-url.validator.test.ts        | 26 +++++++
 .../__tests__/no-xss.validator.test.ts        | 72 +++++++++++++++++++
 .../cli/src/validators/no-url.validator.ts    | 27 +++++++
 .../cli/src/validators/no-xss.validator.ts    | 26 +++++++
 pnpm-lock.yaml                                |  5 +-
 11 files changed, 165 insertions(+), 65 deletions(-)
 delete mode 100644 packages/cli/src/databases/utils/__tests__/customValidators.test.ts
 delete mode 100644 packages/cli/src/databases/utils/customValidators.ts
 create mode 100644 packages/cli/src/validators/__tests__/no-url.validator.test.ts
 create mode 100644 packages/cli/src/validators/__tests__/no-xss.validator.test.ts
 create mode 100644 packages/cli/src/validators/no-url.validator.ts
 create mode 100644 packages/cli/src/validators/no-xss.validator.ts

diff --git a/packages/cli/package.json b/packages/cli/package.json
index 54ca084465300..80bf0c4e62ab5 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -155,6 +155,7 @@
     "reflect-metadata": "0.2.2",
     "replacestream": "4.0.3",
     "samlify": "2.8.9",
+    "sanitize-html": "2.12.1",
     "semver": "7.5.4",
     "shelljs": "0.8.5",
     "simple-git": "3.17.0",
diff --git a/packages/cli/src/GenericHelpers.ts b/packages/cli/src/GenericHelpers.ts
index 300f24f9f9355..57dcb60207f73 100644
--- a/packages/cli/src/GenericHelpers.ts
+++ b/packages/cli/src/GenericHelpers.ts
@@ -9,7 +9,7 @@ import type {
 	UserUpdatePayload,
 } from '@/requests';
 import { BadRequestError } from './errors/response-errors/bad-request.error';
-import { NoXss } from './databases/utils/customValidators';
+import { NoXss } from '@/validators/no-xss.validator';
 
 export async function validateEntity(
 	entity:
diff --git a/packages/cli/src/databases/entities/User.ts b/packages/cli/src/databases/entities/User.ts
index d24af19742e6a..dad8bbbe8000c 100644
--- a/packages/cli/src/databases/entities/User.ts
+++ b/packages/cli/src/databases/entities/User.ts
@@ -13,7 +13,7 @@ import { IsEmail, IsString, Length } from 'class-validator';
 import type { IUser, IUserSettings } from 'n8n-workflow';
 import type { SharedWorkflow } from './SharedWorkflow';
 import type { SharedCredentials } from './SharedCredentials';
-import { NoXss } from '../utils/customValidators';
+import { NoXss } from '@/validators/no-xss.validator';
 import { objectRetriever, lowerCaser } from '../utils/transformers';
 import { WithTimestamps, jsonColumnType } from './AbstractEntity';
 import type { IPersonalizationSurveyAnswers } from '@/Interfaces';
@@ -25,6 +25,7 @@ import {
 } from '@/permissions/global-roles';
 import { hasScope, type ScopeOptions, type Scope } from '@n8n/permissions';
 import type { ProjectRelation } from './ProjectRelation';
+import { NoUrl } from '@/validators/no-url.validator';
 
 export type GlobalRole = 'global:owner' | 'global:admin' | 'global:member';
 export type AssignableRole = Exclude<GlobalRole, 'global:owner'>;
@@ -51,12 +52,14 @@ export class User extends WithTimestamps implements IUser {
 
 	@Column({ length: 32, nullable: true })
 	@NoXss()
+	@NoUrl()
 	@IsString({ message: 'First name must be of type string.' })
 	@Length(1, 32, { message: 'First name must be $constraint1 to $constraint2 characters long.' })
 	firstName: string;
 
 	@Column({ length: 32, nullable: true })
 	@NoXss()
+	@NoUrl()
 	@IsString({ message: 'Last name must be of type string.' })
 	@Length(1, 32, { message: 'Last name must be $constraint1 to $constraint2 characters long.' })
 	lastName: string;
diff --git a/packages/cli/src/databases/utils/__tests__/customValidators.test.ts b/packages/cli/src/databases/utils/__tests__/customValidators.test.ts
deleted file mode 100644
index df906b36d6a52..0000000000000
--- a/packages/cli/src/databases/utils/__tests__/customValidators.test.ts
+++ /dev/null
@@ -1,43 +0,0 @@
-import { NoXss } from '@db/utils/customValidators';
-import { validate } from 'class-validator';
-
-describe('customValidators', () => {
-	describe('NoXss', () => {
-		class Person {
-			@NoXss()
-			name: string;
-		}
-		const person = new Person();
-
-		const invalidNames = ['http://google.com', '<script src/>', 'www.domain.tld'];
-
-		const validNames = [
-			'Johann Strauß',
-			'Вагиф Сәмәдоғлу',
-			'René Magritte',
-			'সুকুমার রায়',
-			'མགོན་པོ་རྡོ་རྗེ།',
-			'عبدالحليم حافظ',
-		];
-
-		describe('Block XSS', () => {
-			for (const name of invalidNames) {
-				test(name, async () => {
-					person.name = name;
-					const validationErrors = await validate(person);
-					expect(validationErrors[0].property).toEqual('name');
-					expect(validationErrors[0].constraints).toEqual({ NoXss: 'Malicious name' });
-				});
-			}
-		});
-
-		describe('Allow Valid names', () => {
-			for (const name of validNames) {
-				test(name, async () => {
-					person.name = name;
-					expect(await validate(person)).toBeEmptyArray();
-				});
-			}
-		});
-	});
-});
diff --git a/packages/cli/src/databases/utils/customValidators.ts b/packages/cli/src/databases/utils/customValidators.ts
deleted file mode 100644
index e98c507e9267f..0000000000000
--- a/packages/cli/src/databases/utils/customValidators.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-import { registerDecorator } from 'class-validator';
-
-export function NoXss() {
-	return (object: object, propertyName: string): void => {
-		registerDecorator({
-			name: 'NoXss',
-			target: object.constructor,
-			propertyName,
-			constraints: [propertyName],
-			options: { message: `Malicious ${propertyName}` },
-			validator: {
-				validate(value: string) {
-					return !/(^http|^www)|<(\s*)?(script|a)|(\.[\p{L}\d-]+)/u.test(value);
-				},
-			},
-		});
-	};
-}
diff --git a/packages/cli/src/requests.ts b/packages/cli/src/requests.ts
index 581ad920ea82d..a847281d7d760 100644
--- a/packages/cli/src/requests.ts
+++ b/packages/cli/src/requests.ts
@@ -13,7 +13,7 @@ import type {
 
 import { Expose } from 'class-transformer';
 import { IsBoolean, IsEmail, IsIn, IsOptional, IsString, Length } from 'class-validator';
-import { NoXss } from '@db/utils/customValidators';
+import { NoXss } from '@/validators/no-xss.validator';
 import type { PublicUser, SecretsProvider, SecretsProviderState } from '@/Interfaces';
 import { AssignableRole } from '@db/entities/User';
 import type { GlobalRole, User } from '@db/entities/User';
@@ -26,6 +26,7 @@ import type { ProjectRole } from './databases/entities/ProjectRelation';
 import type { Scope } from '@n8n/permissions';
 import type { ScopesField } from './services/role.service';
 import type { AiAssistantSDK } from '@n8n_io/ai-assistant-sdk';
+import { NoUrl } from '@/validators/no-url.validator';
 
 export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'lastName'> {
 	@Expose()
@@ -34,12 +35,14 @@ export class UserUpdatePayload implements Pick<User, 'email' | 'firstName' | 'la
 
 	@Expose()
 	@NoXss()
+	@NoUrl()
 	@IsString({ message: 'First name must be of type string.' })
 	@Length(1, 32, { message: 'First name must be $constraint1 to $constraint2 characters long.' })
 	firstName: string;
 
 	@Expose()
 	@NoXss()
+	@NoUrl()
 	@IsString({ message: 'Last name must be of type string.' })
 	@Length(1, 32, { message: 'Last name must be $constraint1 to $constraint2 characters long.' })
 	lastName: string;
diff --git a/packages/cli/src/validators/__tests__/no-url.validator.test.ts b/packages/cli/src/validators/__tests__/no-url.validator.test.ts
new file mode 100644
index 0000000000000..ead34019889e3
--- /dev/null
+++ b/packages/cli/src/validators/__tests__/no-url.validator.test.ts
@@ -0,0 +1,26 @@
+import { NoUrl } from '../no-url.validator';
+import { validate } from 'class-validator';
+
+describe('NoUrl', () => {
+	class Entity {
+		@NoUrl()
+		name = '';
+	}
+
+	const entity = new Entity();
+
+	describe('URLs', () => {
+		const URLS = ['http://google.com', 'www.domain.tld'];
+
+		for (const str of URLS) {
+			test(`should block ${str}`, async () => {
+				entity.name = str;
+				const errors = await validate(entity);
+				expect(errors).toHaveLength(1);
+				const [error] = errors;
+				expect(error.property).toEqual('name');
+				expect(error.constraints).toEqual({ NoUrl: 'Potentially malicious string' });
+			});
+		}
+	});
+});
diff --git a/packages/cli/src/validators/__tests__/no-xss.validator.test.ts b/packages/cli/src/validators/__tests__/no-xss.validator.test.ts
new file mode 100644
index 0000000000000..9972c4c0de802
--- /dev/null
+++ b/packages/cli/src/validators/__tests__/no-xss.validator.test.ts
@@ -0,0 +1,72 @@
+import { NoXss } from '../no-xss.validator';
+import { validate } from 'class-validator';
+
+describe('NoXss', () => {
+	class Entity {
+		@NoXss()
+		name = '';
+
+		@NoXss()
+		timestamp = '';
+
+		@NoXss()
+		version = '';
+	}
+
+	const entity = new Entity();
+
+	describe('Scripts', () => {
+		const XSS_STRINGS = ['<script src/>', "<script>alert('xss')</script>"];
+
+		for (const str of XSS_STRINGS) {
+			test(`should block ${str}`, async () => {
+				entity.name = str;
+				const errors = await validate(entity);
+				expect(errors).toHaveLength(1);
+				const [error] = errors;
+				expect(error.property).toEqual('name');
+				expect(error.constraints).toEqual({ NoXss: 'Potentially malicious string' });
+			});
+		}
+	});
+
+	describe('Names', () => {
+		const VALID_NAMES = [
+			'Johann Strauß',
+			'Вагиф Сәмәдоғлу',
+			'René Magritte',
+			'সুকুমার রায়',
+			'མགོན་པོ་རྡོ་རྗེ།',
+			'عبدالحليم حافظ',
+		];
+
+		for (const name of VALID_NAMES) {
+			test(`should allow ${name}`, async () => {
+				entity.name = name;
+				expect(await validate(entity)).toBeEmptyArray();
+			});
+		}
+	});
+
+	describe('ISO-8601 timestamps', () => {
+		const VALID_TIMESTAMPS = ['2022-01-01T00:00:00.000Z', '2022-01-01T00:00:00.000+02:00'];
+
+		for (const timestamp of VALID_TIMESTAMPS) {
+			test(`should allow ${timestamp}`, async () => {
+				entity.timestamp = timestamp;
+				await expect(validate(entity)).resolves.toBeEmptyArray();
+			});
+		}
+	});
+
+	describe('Semver versions', () => {
+		const VALID_VERSIONS = ['1.0.0', '1.0.0-alpha.1'];
+
+		for (const version of VALID_VERSIONS) {
+			test(`should allow ${version}`, async () => {
+				entity.version = version;
+				await expect(validate(entity)).resolves.toBeEmptyArray();
+			});
+		}
+	});
+});
diff --git a/packages/cli/src/validators/no-url.validator.ts b/packages/cli/src/validators/no-url.validator.ts
new file mode 100644
index 0000000000000..1df05fed5fa0d
--- /dev/null
+++ b/packages/cli/src/validators/no-url.validator.ts
@@ -0,0 +1,27 @@
+import type { ValidationOptions, ValidatorConstraintInterface } from 'class-validator';
+import { registerDecorator, ValidatorConstraint } from 'class-validator';
+
+const URL_REGEX = /^(https?:\/\/|www\.)/i;
+
+@ValidatorConstraint({ name: 'NoUrl', async: false })
+class NoUrlConstraint implements ValidatorConstraintInterface {
+	validate(value: string) {
+		return !URL_REGEX.test(value);
+	}
+
+	defaultMessage() {
+		return 'Potentially malicious string';
+	}
+}
+
+export function NoUrl(options?: ValidationOptions) {
+	return function (object: object, propertyName: string) {
+		registerDecorator({
+			name: 'NoUrl',
+			target: object.constructor,
+			propertyName,
+			options,
+			validator: NoUrlConstraint,
+		});
+	};
+}
diff --git a/packages/cli/src/validators/no-xss.validator.ts b/packages/cli/src/validators/no-xss.validator.ts
new file mode 100644
index 0000000000000..8075309df9923
--- /dev/null
+++ b/packages/cli/src/validators/no-xss.validator.ts
@@ -0,0 +1,26 @@
+import type { ValidationOptions, ValidatorConstraintInterface } from 'class-validator';
+import { registerDecorator, ValidatorConstraint } from 'class-validator';
+import sanitizeHtml from 'sanitize-html';
+
+@ValidatorConstraint({ name: 'NoXss', async: false })
+class NoXssConstraint implements ValidatorConstraintInterface {
+	validate(value: string) {
+		return value === sanitizeHtml(value, { allowedTags: [], allowedAttributes: {} });
+	}
+
+	defaultMessage() {
+		return 'Potentially malicious string';
+	}
+}
+
+export function NoXss(options?: ValidationOptions) {
+	return function (object: object, propertyName: string) {
+		registerDecorator({
+			name: 'NoXss',
+			target: object.constructor,
+			propertyName,
+			options,
+			validator: NoXssConstraint,
+		});
+	};
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f62ed3f36a9b4..71b974f669c44 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -824,6 +824,9 @@ importers:
       samlify:
         specifier: 2.8.9
         version: 2.8.9
+      sanitize-html:
+        specifier: 2.12.1
+        version: 2.12.1
       semver:
         specifier: ^7.5.4
         version: 7.6.0
@@ -22445,7 +22448,7 @@ snapshots:
       domelementtype: 2.3.0
       domhandler: 5.0.3
       domutils: 3.0.1
-      entities: 4.4.0
+      entities: 4.5.0
 
   http-cache-semantics@4.1.1:
     optional: true

From 1466ff75258892f4c35d4a670a56381add7d1066 Mon Sep 17 00:00:00 2001
From: Tomi Turtiainen <10324676+tomi@users.noreply.github.com>
Date: Fri, 16 Aug 2024 12:15:48 +0300
Subject: [PATCH 4/8] refactor(editor): Remove `id` param from PATCH /me calls
 (no-changelog) (#10449)

---
 packages/editor-ui/src/api/users.ts                   | 1 -
 packages/editor-ui/src/stores/sso.store.ts            | 1 -
 packages/editor-ui/src/views/SettingsPersonalView.vue | 1 -
 3 files changed, 3 deletions(-)

diff --git a/packages/editor-ui/src/api/users.ts b/packages/editor-ui/src/api/users.ts
index a27faea7b788a..aedbd0b594337 100644
--- a/packages/editor-ui/src/api/users.ts
+++ b/packages/editor-ui/src/api/users.ts
@@ -90,7 +90,6 @@ export async function changePassword(
 }
 
 export type UpdateCurrentUserParams = {
-	id?: string;
 	firstName?: string;
 	lastName?: string;
 	email: string;
diff --git a/packages/editor-ui/src/stores/sso.store.ts b/packages/editor-ui/src/stores/sso.store.ts
index 63c71c3899a92..d9d522274ce6f 100644
--- a/packages/editor-ui/src/stores/sso.store.ts
+++ b/packages/editor-ui/src/stores/sso.store.ts
@@ -70,7 +70,6 @@ export const useSSOStore = defineStore('sso', () => {
 
 	const updateUser = async (params: { firstName: string; lastName: string }) =>
 		await updateCurrentUser(rootStore.restApiContext, {
-			id: usersStore.currentUser!.id,
 			email: usersStore.currentUser!.email!,
 			...params,
 		});
diff --git a/packages/editor-ui/src/views/SettingsPersonalView.vue b/packages/editor-ui/src/views/SettingsPersonalView.vue
index 60b40fb6863ff..0ddbe6e5a5469 100644
--- a/packages/editor-ui/src/views/SettingsPersonalView.vue
+++ b/packages/editor-ui/src/views/SettingsPersonalView.vue
@@ -173,7 +173,6 @@ async function updateUserBasicInfo(userBasicInfo: UserBasicDetailsWithMfa) {
 	}
 
 	await usersStore.updateUser({
-		id: usersStore.currentUserId,
 		firstName: userBasicInfo.firstName,
 		lastName: userBasicInfo.lastName,
 		email: userBasicInfo.email,

From 37797f38d81b12d030ba85034baeb49192ea575c Mon Sep 17 00:00:00 2001
From: Mutasem Aldmour <4711238+mutdmour@users.noreply.github.com>
Date: Fri, 16 Aug 2024 12:27:55 +0200
Subject: [PATCH 5/8] fix(editor): Buffer json chunks in stream response
 (#10439)

---
 packages/editor-ui/src/api/assistant.ts       |   9 +-
 .../src/plugins/i18n/locales/en.json          |   4 +-
 .../src/utils/__tests__/apiUtils.spec.ts      | 112 ++++++++++++++++++
 packages/editor-ui/src/utils/apiUtils.ts      |  37 ++++--
 4 files changed, 147 insertions(+), 15 deletions(-)
 create mode 100644 packages/editor-ui/src/utils/__tests__/apiUtils.spec.ts

diff --git a/packages/editor-ui/src/api/assistant.ts b/packages/editor-ui/src/api/assistant.ts
index d9e9ec0cded21..4b1d127ef15c6 100644
--- a/packages/editor-ui/src/api/assistant.ts
+++ b/packages/editor-ui/src/api/assistant.ts
@@ -9,7 +9,14 @@ export function chatWithAssistant(
 	onDone: () => void,
 	onError: (e: Error) => void,
 ): void {
-	void streamRequest(ctx, '/ai-assistant/chat', payload, onMessageUpdated, onDone, onError);
+	void streamRequest<ChatRequest.ResponsePayload>(
+		ctx,
+		'/ai-assistant/chat',
+		payload,
+		onMessageUpdated,
+		onDone,
+		onError,
+	);
 }
 
 export async function replaceCode(
diff --git a/packages/editor-ui/src/plugins/i18n/locales/en.json b/packages/editor-ui/src/plugins/i18n/locales/en.json
index b082675d2d077..49b331e4c1787 100644
--- a/packages/editor-ui/src/plugins/i18n/locales/en.json
+++ b/packages/editor-ui/src/plugins/i18n/locales/en.json
@@ -131,7 +131,7 @@
 	"auth.signup.setupYourAccount": "Set up your account",
 	"auth.signup.setupYourAccountError": "Problem setting up your account",
 	"auth.signup.tokenValidationError": "Issue validating invite token",
-	"aiAssistant.name": "Ava",
+	"aiAssistant.name": "Assistant",
 	"aiAssistant.assistant": "AI Assistant",
 	"aiAssistant.newSessionModal.title.part1": "Start new",
 	"aiAssistant.newSessionModal.title.part2": "session",
@@ -139,7 +139,7 @@
 	"aiAssistant.newSessionModal.question": "Are you sure you want to start a new session?",
 	"aiAssistant.newSessionModal.confirm": "Start new session",
 	"aiAssistant.serviceError.message": "Unable to connect to n8n's AI service",
-	"aiAssistant.codeUpdated.message.title": "Ava modified workflow",
+	"aiAssistant.codeUpdated.message.title": "Assistant modified workflow",
 	"aiAssistant.codeUpdated.message.body": "Open the <a data-action='openNodeDetail' data-action-parameter-node='{nodeName}'>{nodeName}</a> node to see the changes",
 	"banners.confirmEmail.message.1": "To secure your account and prevent future access issues, please confirm your",
 	"banners.confirmEmail.message.2": "email address.",
diff --git a/packages/editor-ui/src/utils/__tests__/apiUtils.spec.ts b/packages/editor-ui/src/utils/__tests__/apiUtils.spec.ts
new file mode 100644
index 0000000000000..cefb6f3389bb7
--- /dev/null
+++ b/packages/editor-ui/src/utils/__tests__/apiUtils.spec.ts
@@ -0,0 +1,112 @@
+import { STREAM_SEPERATOR, streamRequest } from '../apiUtils';
+
+describe('streamRequest', () => {
+	it('should stream data from the API endpoint', async () => {
+		const encoder = new TextEncoder();
+		const mockResponse = new ReadableStream({
+			start(controller) {
+				controller.enqueue(encoder.encode(`${JSON.stringify({ chunk: 1 })}${STREAM_SEPERATOR}`));
+				controller.enqueue(encoder.encode(`${JSON.stringify({ chunk: 2 })}${STREAM_SEPERATOR}`));
+				controller.enqueue(encoder.encode(`${JSON.stringify({ chunk: 3 })}${STREAM_SEPERATOR}`));
+				controller.close();
+			},
+		});
+
+		const mockFetch = vi.fn().mockResolvedValue({
+			ok: true,
+			body: mockResponse,
+		});
+
+		global.fetch = mockFetch;
+
+		const onChunkMock = vi.fn();
+		const onDoneMock = vi.fn();
+		const onErrorMock = vi.fn();
+
+		await streamRequest(
+			{
+				baseUrl: 'https://api.example.com',
+				pushRef: '',
+			},
+			'/data',
+			{ key: 'value' },
+			onChunkMock,
+			onDoneMock,
+			onErrorMock,
+		);
+
+		expect(mockFetch).toHaveBeenCalledWith('https://api.example.com/data', {
+			method: 'POST',
+			body: JSON.stringify({ key: 'value' }),
+			credentials: 'include',
+			headers: {
+				'Content-Type': 'application/json',
+				'browser-id': expect.stringContaining('-'),
+			},
+		});
+
+		expect(onChunkMock).toHaveBeenCalledTimes(3);
+		expect(onChunkMock).toHaveBeenNthCalledWith(1, { chunk: 1 });
+		expect(onChunkMock).toHaveBeenNthCalledWith(2, { chunk: 2 });
+		expect(onChunkMock).toHaveBeenNthCalledWith(3, { chunk: 3 });
+
+		expect(onDoneMock).toHaveBeenCalledTimes(1);
+		expect(onErrorMock).not.toHaveBeenCalled();
+	});
+
+	it('should handle broken stream data', async () => {
+		const encoder = new TextEncoder();
+		const mockResponse = new ReadableStream({
+			start(controller) {
+				controller.enqueue(
+					encoder.encode(`${JSON.stringify({ chunk: 1 })}${STREAM_SEPERATOR}{"chunk": `),
+				);
+				controller.enqueue(encoder.encode(`2}${STREAM_SEPERATOR}{"ch`));
+				controller.enqueue(encoder.encode('unk":'));
+				controller.enqueue(encoder.encode(`3}${STREAM_SEPERATOR}`));
+				controller.close();
+			},
+		});
+
+		const mockFetch = vi.fn().mockResolvedValue({
+			ok: true,
+			body: mockResponse,
+		});
+
+		global.fetch = mockFetch;
+
+		const onChunkMock = vi.fn();
+		const onDoneMock = vi.fn();
+		const onErrorMock = vi.fn();
+
+		await streamRequest(
+			{
+				baseUrl: 'https://api.example.com',
+				pushRef: '',
+			},
+			'/data',
+			{ key: 'value' },
+			onChunkMock,
+			onDoneMock,
+			onErrorMock,
+		);
+
+		expect(mockFetch).toHaveBeenCalledWith('https://api.example.com/data', {
+			method: 'POST',
+			body: JSON.stringify({ key: 'value' }),
+			credentials: 'include',
+			headers: {
+				'Content-Type': 'application/json',
+				'browser-id': expect.stringContaining('-'),
+			},
+		});
+
+		expect(onChunkMock).toHaveBeenCalledTimes(3);
+		expect(onChunkMock).toHaveBeenNthCalledWith(1, { chunk: 1 });
+		expect(onChunkMock).toHaveBeenNthCalledWith(2, { chunk: 2 });
+		expect(onChunkMock).toHaveBeenNthCalledWith(3, { chunk: 3 });
+
+		expect(onDoneMock).toHaveBeenCalledTimes(1);
+		expect(onErrorMock).not.toHaveBeenCalled();
+	});
+});
diff --git a/packages/editor-ui/src/utils/apiUtils.ts b/packages/editor-ui/src/utils/apiUtils.ts
index e9201b7c331ea..b07f8910b90c8 100644
--- a/packages/editor-ui/src/utils/apiUtils.ts
+++ b/packages/editor-ui/src/utils/apiUtils.ts
@@ -3,7 +3,6 @@ import axios from 'axios';
 import { ApplicationError, jsonParse, type GenericValue, type IDataObject } from 'n8n-workflow';
 import type { IExecutionFlattedResponse, IExecutionResponse, IRestApiContext } from '@/Interface';
 import { parse } from 'flatted';
-import type { ChatRequest } from '@/types/assistant.types';
 import { assert } from '@/utils/assert';
 
 const BROWSER_ID_STORAGE_KEY = 'n8n-browserId';
@@ -14,6 +13,7 @@ if (!browserId && 'randomUUID' in crypto) {
 }
 
 export const NO_NETWORK_ERROR_CODE = 999;
+export const STREAM_SEPERATOR = '⧉⇋⇋➽⌑⧉§§\n';
 
 export class ResponseError extends ApplicationError {
 	// The HTTP status code of response
@@ -194,15 +194,15 @@ export function unflattenExecutionData(fullExecutionData: IExecutionFlattedRespo
 	return returnData;
 }
 
-export const streamRequest = async (
+export async function streamRequest<T>(
 	context: IRestApiContext,
 	apiEndpoint: string,
-	payload: ChatRequest.RequestPayload,
-	onChunk?: (chunk: ChatRequest.ResponsePayload) => void,
+	payload: object,
+	onChunk?: (chunk: T) => void,
 	onDone?: () => void,
 	onError?: (e: Error) => void,
-	separator = '⧉⇋⇋➽⌑⧉§§\n',
-): Promise<void> => {
+	separator = STREAM_SEPERATOR,
+): Promise<void> {
 	const headers: Record<string, string> = {
 		'Content-Type': 'application/json',
 	};
@@ -223,23 +223,36 @@ export const streamRequest = async (
 			const reader = response.body.getReader();
 			const decoder = new TextDecoder('utf-8');
 
+			let buffer = '';
+
 			async function readStream() {
 				const { done, value } = await reader.read();
 				if (done) {
 					onDone?.();
 					return;
 				}
-
 				const chunk = decoder.decode(value);
-				const splitChunks = chunk.split(separator);
+				buffer += chunk;
 
+				const splitChunks = buffer.split(separator);
+
+				buffer = '';
 				for (const splitChunk of splitChunks) {
-					if (splitChunk && onChunk) {
+					if (splitChunk) {
+						let data: T;
+						try {
+							data = jsonParse<T>(splitChunk, { errorMessage: 'Invalid json' });
+						} catch (e) {
+							// incomplete json. append to buffer to complete
+							buffer += splitChunk;
+
+							continue;
+						}
+
 						try {
-							onChunk(jsonParse(splitChunk, { errorMessage: 'Invalid json chunk in stream' }));
+							onChunk?.(data);
 						} catch (e: unknown) {
 							if (e instanceof Error) {
-								console.log(`${e.message}: ${splitChunk}`);
 								onError?.(e);
 							}
 						}
@@ -257,4 +270,4 @@ export const streamRequest = async (
 		assert(e instanceof Error);
 		onError?.(e);
 	}
-};
+}

From 334d11175ed91936e91c0386752922f12c0ab94d Mon Sep 17 00:00:00 2001
From: Alex Grozav <alex@grozav.com>
Date: Fri, 16 Aug 2024 13:29:32 +0300
Subject: [PATCH 6/8] fix(editor): Fix lazy loaded component not using suspense
 (no-changelog) (#10454)

---
 packages/editor-ui/src/components/RunData.vue | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/packages/editor-ui/src/components/RunData.vue b/packages/editor-ui/src/components/RunData.vue
index 2b1516aa514a9..ec26ef996402d 100644
--- a/packages/editor-ui/src/components/RunData.vue
+++ b/packages/editor-ui/src/components/RunData.vue
@@ -50,15 +50,17 @@
 				data-test-id="run-data-pane-header"
 				@click.stop
 			>
-				<LazyRunDataSearch
-					v-if="showIOSearch"
-					v-model="search"
-					:class="$style.search"
-					:pane-type="paneType"
-					:display-mode="displayMode"
-					:is-area-active="isPaneActive"
-					@focus="activatePane"
-				/>
+				<Suspense>
+					<LazyRunDataSearch
+						v-if="showIOSearch"
+						v-model="search"
+						:class="$style.search"
+						:pane-type="paneType"
+						:display-mode="displayMode"
+						:is-area-active="isPaneActive"
+						@focus="activatePane"
+					/>
+				</Suspense>
 
 				<n8n-radio-buttons
 					v-show="

From 556699ac3db51bbb186d3df2a110887412550562 Mon Sep 17 00:00:00 2001
From: Alex Grozav <alex@grozav.com>
Date: Fri, 16 Aug 2024 15:42:54 +0300
Subject: [PATCH 7/8] feat(editor): Improve node label readability in new
 canvas (no-changelog) (#10432)

---
 .../nodes/render-types/CanvasNodeDefault.vue      | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/packages/editor-ui/src/components/canvas/elements/nodes/render-types/CanvasNodeDefault.vue b/packages/editor-ui/src/components/canvas/elements/nodes/render-types/CanvasNodeDefault.vue
index 847c5bad2cc8c..33506a526b750 100644
--- a/packages/editor-ui/src/components/canvas/elements/nodes/render-types/CanvasNodeDefault.vue
+++ b/packages/editor-ui/src/components/canvas/elements/nodes/render-types/CanvasNodeDefault.vue
@@ -213,7 +213,7 @@ function openContextMenu(event: MouseEvent) {
 	top: 100%;
 	position: absolute;
 	width: 100%;
-	min-width: 200px;
+	min-width: calc(var(--canvas-node--width) * 2);
 	margin-top: var(--spacing-2xs);
 	display: flex;
 	flex-direction: column;
@@ -223,16 +223,27 @@ function openContextMenu(event: MouseEvent) {
 
 .label {
 	font-size: var(--font-size-m);
-	line-height: var(--font-line-height-compact);
 	text-align: center;
+	text-overflow: ellipsis;
+	display: -webkit-box;
+	-webkit-box-orient: vertical;
+	-webkit-line-clamp: 2;
+	overflow: hidden;
+	overflow-wrap: anywhere;
+	font-weight: var(--font-weight-bold);
+	line-height: var(--font-line-height-compact);
 }
 
 .subtitle {
+	width: 100%;
+	text-align: center;
 	color: var(--color-text-light);
 	font-size: var(--font-size-xs);
 	white-space: nowrap;
 	overflow: hidden;
 	text-overflow: ellipsis;
+	line-height: var(--font-line-height-compact);
+	font-weight: 400;
 }
 
 .statusIcons {

From b857c2cda0a9e4386a540d5e1e741570d9453588 Mon Sep 17 00:00:00 2001
From: Alex Grozav <alex@grozav.com>
Date: Fri, 16 Aug 2024 15:51:38 +0300
Subject: [PATCH 8/8] fix(editor): Add workflow scopes when initializing
 workflow  (#10455)

Co-authored-by: Mutasem Aldmour <mutasem@n8n.io>
---
 cypress/e2e/1858-PAY-can-use-context-menu.ts  |  21 +++
 cypress/e2e/33-settings-personal.cy.ts        |   3 +-
 packages/editor-ui/src/__tests__/mocks.ts     |  31 +++-
 .../__tests__/useWorkflowHelpers.spec.ts      | 138 +++++++++++++++---
 .../src/composables/useWorkflowHelpers.ts     |   1 +
 .../editor-ui/src/stores/workflows.store.ts   |   5 +
 6 files changed, 174 insertions(+), 25 deletions(-)
 create mode 100644 cypress/e2e/1858-PAY-can-use-context-menu.ts

diff --git a/cypress/e2e/1858-PAY-can-use-context-menu.ts b/cypress/e2e/1858-PAY-can-use-context-menu.ts
new file mode 100644
index 0000000000000..6727df41667e1
--- /dev/null
+++ b/cypress/e2e/1858-PAY-can-use-context-menu.ts
@@ -0,0 +1,21 @@
+import { WorkflowPage as WorkflowPageClass } from '../pages/workflow';
+
+const WorkflowPage = new WorkflowPageClass();
+
+describe('PAY-1858 context menu', () => {
+	it('can use context menu on saved workflow', () => {
+		WorkflowPage.actions.visit();
+		cy.createFixtureWorkflow('Test_workflow_filter.json', 'test');
+
+		WorkflowPage.getters.canvasNodes().should('have.length', 5);
+		WorkflowPage.actions.deleteNodeFromContextMenu('Then');
+		WorkflowPage.getters.canvasNodes().should('have.length', 4);
+
+		WorkflowPage.actions.hitSaveWorkflow();
+
+		cy.reload();
+		WorkflowPage.getters.canvasNodes().should('have.length', 4);
+		WorkflowPage.actions.deleteNodeFromContextMenu('Code');
+		WorkflowPage.getters.canvasNodes().should('have.length', 3);
+	});
+});
diff --git a/cypress/e2e/33-settings-personal.cy.ts b/cypress/e2e/33-settings-personal.cy.ts
index 73dc7476b8ae0..372f14d231cd4 100644
--- a/cypress/e2e/33-settings-personal.cy.ts
+++ b/cypress/e2e/33-settings-personal.cy.ts
@@ -35,7 +35,8 @@ describe('Personal Settings', () => {
 			successToast().find('.el-notification__closeBtn').click();
 		});
 	});
-	it('not allow malicious values for personal data', () => {
+	// eslint-disable-next-line n8n-local-rules/no-skipped-tests
+	it.skip('not allow malicious values for personal data', () => {
 		cy.visit('/settings/personal');
 		INVALID_NAMES.forEach((name) => {
 			cy.getByTestId('personal-data-form').find('input[name="firstName"]').clear().type(name);
diff --git a/packages/editor-ui/src/__tests__/mocks.ts b/packages/editor-ui/src/__tests__/mocks.ts
index dad814f6eb533..dac9c9c4789d5 100644
--- a/packages/editor-ui/src/__tests__/mocks.ts
+++ b/packages/editor-ui/src/__tests__/mocks.ts
@@ -25,7 +25,7 @@ import {
 	SET_NODE_TYPE,
 	STICKY_NODE_TYPE,
 } from '@/constants';
-import type { INodeUi } from '@/Interface';
+import type { INodeUi, IWorkflowDb } from '@/Interface';
 
 export const mockNode = ({
 	id = uuid(),
@@ -147,6 +147,35 @@ export function createTestWorkflowObject({
 	});
 }
 
+export function createTestWorkflow({
+	id = uuid(),
+	name = 'Test Workflow',
+	nodes = [],
+	connections = {},
+	active = false,
+	settings = {
+		timezone: 'DEFAULT',
+		executionOrder: 'v1',
+	},
+	pinData = {},
+	...rest
+}: Partial<IWorkflowDb> = {}): IWorkflowDb {
+	return {
+		createdAt: '',
+		updatedAt: '',
+		id,
+		name,
+		nodes,
+		connections,
+		active,
+		settings,
+		versionId: '1',
+		meta: {},
+		pinData,
+		...rest,
+	};
+}
+
 export function createTestNode(node: Partial<INode> = {}): INode {
 	return {
 		id: uuid(),
diff --git a/packages/editor-ui/src/composables/__tests__/useWorkflowHelpers.spec.ts b/packages/editor-ui/src/composables/__tests__/useWorkflowHelpers.spec.ts
index 81643f52aac84..f50261a1aa654 100644
--- a/packages/editor-ui/src/composables/__tests__/useWorkflowHelpers.spec.ts
+++ b/packages/editor-ui/src/composables/__tests__/useWorkflowHelpers.spec.ts
@@ -3,6 +3,10 @@ import { useWorkflowHelpers } from '@/composables/useWorkflowHelpers';
 import router from '@/router';
 import { createTestingPinia } from '@pinia/testing';
 import { setActivePinia } from 'pinia';
+import { useWorkflowsStore } from '@/stores/workflows.store';
+import { useWorkflowsEEStore } from '@/stores/workflows.ee.store';
+import { useTagsStore } from '@/stores/tags.store';
+import { createTestWorkflow } from '@/__tests__/mocks';
 
 const getDuplicateTestWorkflow = (): IWorkflowDataUpdate => ({
 	name: 'Duplicate webhook test',
@@ -50,32 +54,23 @@ const getDuplicateTestWorkflow = (): IWorkflowDataUpdate => ({
 	connections: {},
 });
 
-vi.mock('@/stores/workflows.store', () => ({
-	useWorkflowsStore: vi.fn(() => ({
-		workflowsById: {},
-		createNewWorkflow: vi.fn(() => {}),
-		addWorkflow: vi.fn(() => {}),
-		setActive: vi.fn(() => {}),
-		setWorkflowId: vi.fn(() => {}),
-		setWorkflowVersionId: vi.fn(() => {}),
-		setWorkflowName: vi.fn(() => {}),
-		setWorkflowSettings: vi.fn(() => {}),
-		setNodeValue: vi.fn(() => {}),
-		setWorkflowTagIds: vi.fn(() => {}),
-		getCurrentWorkflow: vi.fn(() => ({})),
-	})),
-}));
-
 describe('useWorkflowHelpers', () => {
-	describe('saveAsNewWorkflow', () => {
-		beforeAll(() => {
-			setActivePinia(createTestingPinia());
-		});
+	let workflowsStore: ReturnType<typeof useWorkflowsStore>;
+	let workflowsEEStore: ReturnType<typeof useWorkflowsEEStore>;
+	let tagsStore: ReturnType<typeof useTagsStore>;
 
-		afterEach(() => {
-			vi.clearAllMocks();
-		});
+	beforeAll(() => {
+		setActivePinia(createTestingPinia());
+		workflowsStore = useWorkflowsStore();
+		workflowsEEStore = useWorkflowsEEStore();
+		tagsStore = useTagsStore();
+	});
+
+	afterEach(() => {
+		vi.clearAllMocks();
+	});
 
+	describe('saveAsNewWorkflow', () => {
 		it('should respect `resetWebhookUrls: false` when duplicating workflows', async () => {
 			const workflow = getDuplicateTestWorkflow();
 			if (!workflow.nodes) {
@@ -120,4 +115,101 @@ describe('useWorkflowHelpers', () => {
 			expect(pathsPreSave).not.toEqual(pathsPostSave);
 		});
 	});
+
+	describe('initState', () => {
+		it('should initialize workflow state with provided data', () => {
+			const { initState } = useWorkflowHelpers({ router });
+
+			const workflowData = createTestWorkflow({
+				id: '1',
+				name: 'Test Workflow',
+				active: true,
+				pinData: {},
+				meta: {},
+				scopes: ['workflow:create'],
+				usedCredentials: [],
+				sharedWithProjects: [],
+				tags: [],
+			});
+			const addWorkflowSpy = vi.spyOn(workflowsStore, 'addWorkflow');
+			const setActiveSpy = vi.spyOn(workflowsStore, 'setActive');
+			const setWorkflowIdSpy = vi.spyOn(workflowsStore, 'setWorkflowId');
+			const setWorkflowNameSpy = vi.spyOn(workflowsStore, 'setWorkflowName');
+			const setWorkflowSettingsSpy = vi.spyOn(workflowsStore, 'setWorkflowSettings');
+			const setWorkflowPinDataSpy = vi.spyOn(workflowsStore, 'setWorkflowPinData');
+			const setWorkflowVersionIdSpy = vi.spyOn(workflowsStore, 'setWorkflowVersionId');
+			const setWorkflowMetadataSpy = vi.spyOn(workflowsStore, 'setWorkflowMetadata');
+			const setWorkflowScopesSpy = vi.spyOn(workflowsStore, 'setWorkflowScopes');
+			const setUsedCredentialsSpy = vi.spyOn(workflowsStore, 'setUsedCredentials');
+			const setWorkflowSharedWithSpy = vi.spyOn(workflowsEEStore, 'setWorkflowSharedWith');
+			const setWorkflowTagIdsSpy = vi.spyOn(workflowsStore, 'setWorkflowTagIds');
+			const upsertTagsSpy = vi.spyOn(tagsStore, 'upsertTags');
+
+			initState(workflowData);
+
+			expect(addWorkflowSpy).toHaveBeenCalledWith(workflowData);
+			expect(setActiveSpy).toHaveBeenCalledWith(true);
+			expect(setWorkflowIdSpy).toHaveBeenCalledWith('1');
+			expect(setWorkflowNameSpy).toHaveBeenCalledWith({
+				newName: 'Test Workflow',
+				setStateDirty: false,
+			});
+			expect(setWorkflowSettingsSpy).toHaveBeenCalledWith({
+				executionOrder: 'v1',
+				timezone: 'DEFAULT',
+			});
+			expect(setWorkflowPinDataSpy).toHaveBeenCalledWith({});
+			expect(setWorkflowVersionIdSpy).toHaveBeenCalledWith('1');
+			expect(setWorkflowMetadataSpy).toHaveBeenCalledWith({});
+			expect(setWorkflowScopesSpy).toHaveBeenCalledWith(['workflow:create']);
+			expect(setUsedCredentialsSpy).toHaveBeenCalledWith([]);
+			expect(setWorkflowSharedWithSpy).toHaveBeenCalledWith({
+				workflowId: '1',
+				sharedWithProjects: [],
+			});
+			expect(setWorkflowTagIdsSpy).toHaveBeenCalledWith([]);
+			expect(upsertTagsSpy).toHaveBeenCalledWith([]);
+		});
+
+		it('should handle missing `usedCredentials` and `sharedWithProjects` gracefully', () => {
+			const { initState } = useWorkflowHelpers({ router });
+
+			const workflowData = createTestWorkflow({
+				id: '1',
+				name: 'Test Workflow',
+				active: true,
+				pinData: {},
+				meta: {},
+				scopes: [],
+				tags: [],
+			});
+			const setUsedCredentialsSpy = vi.spyOn(workflowsStore, 'setUsedCredentials');
+			const setWorkflowSharedWithSpy = vi.spyOn(workflowsEEStore, 'setWorkflowSharedWith');
+
+			initState(workflowData);
+
+			expect(setUsedCredentialsSpy).not.toHaveBeenCalled();
+			expect(setWorkflowSharedWithSpy).not.toHaveBeenCalled();
+		});
+
+		it('should handle missing `tags` gracefully', () => {
+			const { initState } = useWorkflowHelpers({ router });
+
+			const workflowData = createTestWorkflow({
+				id: '1',
+				name: 'Test Workflow',
+				active: true,
+				pinData: {},
+				meta: {},
+				scopes: [],
+			});
+			const setWorkflowTagIdsSpy = vi.spyOn(workflowsStore, 'setWorkflowTagIds');
+			const upsertTagsSpy = vi.spyOn(tagsStore, 'upsertTags');
+
+			initState(workflowData);
+
+			expect(setWorkflowTagIdsSpy).toHaveBeenCalledWith([]);
+			expect(upsertTagsSpy).toHaveBeenCalledWith([]);
+		});
+	});
 });
diff --git a/packages/editor-ui/src/composables/useWorkflowHelpers.ts b/packages/editor-ui/src/composables/useWorkflowHelpers.ts
index 178b480ae57d4..fd203a9ecc22d 100644
--- a/packages/editor-ui/src/composables/useWorkflowHelpers.ts
+++ b/packages/editor-ui/src/composables/useWorkflowHelpers.ts
@@ -1116,6 +1116,7 @@ export function useWorkflowHelpers(options: { router: ReturnType<typeof useRoute
 		workflowsStore.setWorkflowPinData(workflowData.pinData ?? {});
 		workflowsStore.setWorkflowVersionId(workflowData.versionId);
 		workflowsStore.setWorkflowMetadata(workflowData.meta);
+		workflowsStore.setWorkflowScopes(workflowData.scopes);
 
 		if (workflowData.usedCredentials) {
 			workflowsStore.setUsedCredentials(workflowData.usedCredentials);
diff --git a/packages/editor-ui/src/stores/workflows.store.ts b/packages/editor-ui/src/stores/workflows.store.ts
index 18fc0261bfa36..d60e7db763728 100644
--- a/packages/editor-ui/src/stores/workflows.store.ts
+++ b/packages/editor-ui/src/stores/workflows.store.ts
@@ -699,6 +699,10 @@ export const useWorkflowsStore = defineStore(STORES.WORKFLOWS, () => {
 		};
 	}
 
+	function setWorkflowScopes(scopes: IWorkflowDb['scopes']): void {
+		workflow.value.scopes = scopes;
+	}
+
 	function setWorkflowMetadata(metadata: WorkflowMetadata | undefined): void {
 		workflow.value.meta = metadata;
 	}
@@ -1634,6 +1638,7 @@ export const useWorkflowsStore = defineStore(STORES.WORKFLOWS, () => {
 		setWorkflowTagIds,
 		addWorkflowTagIds,
 		removeWorkflowTagId,
+		setWorkflowScopes,
 		setWorkflowMetadata,
 		addToWorkflowMetadata,
 		setWorkflow,