Re: [PR] fix(databases): do not render existing encrypted field value in edit mode [superset]

Mon, 01 Jun 2026 16:35:49 -0700 


Copilot commented on code in PR #40628:
URL: https://github.com/apache/superset/pull/40628#discussion_r3337749488


##########
superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/EncryptedField.test.tsx:
##########
@@ -173,13 +194,18 @@ describe('EncryptedField', () => {
       },
     ];

Review Comment:
   The create-mode parameter processing cases dropped coverage for 
falsy-but-valid inputs (notably `false`). With the current implementation, a 
`false` value would be treated as empty due to the `!paramValue` check, so 
adding an explicit `false` case here would prevent regressions if non-string 
values ever reach `db.parameters` (e.g. via API responses or programmatic 
updates).



##########
superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/EncryptedField.tsx:
##########
@@ -63,10 +63,16 @@ export const EncryptedField = ({
     encryptedCredentialsMap[db.engine as keyof typeof encryptedCredentialsMap];
   const paramValue =
     db?.parameters?.[encryptedField as keyof DatabaseParameters];
+  // In edit mode the backend may return the existing (masked) credential in
+  // the parameters. Do not surface any pre-existing value in the field; the
+  // user must re-enter credentials to change them. This also matches the
+  // mount effect below, which resets the parameter to an empty string.
   const encryptedValue =
-    paramValue && typeof paramValue === 'object'
-      ? JSON.stringify(paramValue)
-      : paramValue;
+    isEditMode || !paramValue
+      ? ''
+      : typeof paramValue === 'object'
+        ? JSON.stringify(paramValue)
+        : paramValue;

Review Comment:
   `!paramValue` treats valid falsy values (e.g. `false` or `0`) as “no value”, 
so in non-edit flows those would be blanked out. This is a behavior change from 
the previous implementation and can hide legitimately provided values 
(including if the backend returns a boolean/number). Prefer a nullish check 
instead so only `null`/`undefined` are treated as empty; edit mode can still 
force `''` unconditionally.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to