codeant-ai-for-open-source[bot] commented on code in PR #40292:
URL: https://github.com/apache/superset/pull/40292#discussion_r3284630109
##########
superset-frontend/src/components/ErrorMessage/OAuth2RedirectMessage.tsx:
##########
@@ -99,29 +99,61 @@ export function OAuth2RedirectMessage({
const dispatch = useDispatch();
+ // `chartList` is rebuilt from `Object.keys` on every store update; keeping
+ // the listener state in a ref avoids tearing down/recreating the
+ // BroadcastChannel on each render and the race window that comes with it.
+ const latestStateRef = useRef({
+ source,
+ query,
+ chartId,
+ chartList,
+ dashboardId,
+ });
+ latestStateRef.current = {
+ source,
+ query,
+ chartId,
+ chartList,
+ dashboardId,
+ };
+
useEffect(() => {
+ // Guard against duplicate dispatches if both the BroadcastChannel and the
+ // storage fallback ever deliver the same completion.
+ let handled = false;
const handleOAuthComplete = (tabId?: string) => {
- if (tabId !== extra.tab_id) {
+ if (tabId !== extra.tab_id || handled) {
return;
}
- if (source === 'sqllab' && query) {
- dispatch(reRunQuery(query));
- } else if (source === 'explore' && chartId) {
- dispatch(triggerQuery(true, chartId));
- } else if (source === 'dashboard') {
- dispatch(onRefresh(chartList.map(Number), true, 0, dashboardId));
+ handled = true;
+ const {
+ source: src,
+ query: q,
+ chartId: cId,
+ chartList: cList,
+ dashboardId: dId,
+ } = latestStateRef.current;
+ if (src === 'sqllab' && q) {
+ dispatch(reRunQuery(q));
+ } else if (src === 'explore' && cId) {
+ dispatch(triggerQuery(true, cId));
+ } else if (src === 'dashboard') {
+ dispatch(onRefresh(cList.map(Number), true, 0, dId));
Review Comment:
**Suggestion:** The deduplication flag is set before confirming any action
was actually dispatched. If the first matching signal arrives when the required
state is not ready (for example `source === 'sqllab'` but `query` is still
null), the handler marks the event as handled and drops later
duplicate/fallback signals that could have succeeded, causing the OAuth
completion to be missed. Set the handled flag only after a dispatch path runs
successfully. [incorrect condition logic]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ⚠️ SQL Lab queries may not auto re-run after OAuth.
- ⚠️ Explore chart reload can be skipped in rare timing windows.
- ⚠️ Dashboard auto-refresh after OAuth may silently fail.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. In an OAuth2-enabled database connection, a query path wrapped in
`check_for_oauth2()`
at `superset/utils/oauth2.py:311-320` raises an `OAuth2RedirectError`
(`superset/exceptions.py:341-367`), which is surfaced to the frontend as an
`OAUTH2_REDIRECT` error rendered by `OAuth2RedirectMessage` at
`superset-frontend/src/components/ErrorMessage/OAuth2RedirectMessage.tsx:64-98`.
2. When `OAuth2RedirectMessage` mounts with `source="sqllab"`, it derives
`query` from
Redux via `queries`, `queryEditors`, and `tabHistory` selectors at
`OAuth2RedirectMessage.tsx:71-86`, and stores that state in
`latestStateRef.current` at
`OAuth2RedirectMessage.tsx:105-118`; if for any reason `qe?.latestQueryId`
is unset or
`queries[qe.latestQueryId]` is missing, `query` is `null`.
3. After the user completes OAuth2 in the popup, the backend callback
`DatabasesRestApi.oauth2_authorized` at `superset/databases/api.py:10-21`
renders
`superset/templates/superset/oauth2.html`, whose inline script posts the `{
tabId }`
message on the `'oauth'` `BroadcastChannel` and emits a localStorage change
at
`superset/templates/superset/oauth2.html:27-44`.
4. On the original tab, the `useEffect` in `OAuth2RedirectMessage` registers
both a
`BroadcastChannel` listener and a `storage` listener (lines `145-172`) that
call
`handleOAuthComplete` (lines `123-143`); on the first matching event
`handleOAuthComplete`
sets `handled = true` at `128` before reading `latestStateRef.current`
(lines `129-135`,
where `q` may still be `null`), so the `if (src === 'sqllab' && q)` branch
at `136-137` is
skipped and no dispatch occurs, and because `handled` is already `true`, any
later
duplicate/fallback signal is ignored by the early guard `if (tabId !==
extra.tab_id ||
handled)` at `125-127`, causing the OAuth completion re-run to be
permanently dropped.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=25b01e26bbee4aeebdc0f7397d68ddc3&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=25b01e26bbee4aeebdc0f7397d68ddc3&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:**
superset-frontend/src/components/ErrorMessage/OAuth2RedirectMessage.tsx
**Line:** 128:141
**Comment:**
*Incorrect Condition Logic: The deduplication flag is set before
confirming any action was actually dispatched. If the first matching signal
arrives when the required state is not ready (for example `source === 'sqllab'`
but `query` is still null), the handler marks the event as handled and drops
later duplicate/fallback signals that could have succeeded, causing the OAuth
completion to be missed. Set the handled flag only after a dispatch path runs
successfully.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40292&comment_hash=56a2085dbae82feacc5dcce149222da72c6afefcb87e1b8a4e9998994c7d515d&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40292&comment_hash=56a2085dbae82feacc5dcce149222da72c6afefcb87e1b8a4e9998994c7d515d&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
