codeant-ai-for-open-source[bot] commented on code in PR #40915:
URL: https://github.com/apache/superset/pull/40915#discussion_r3383290698
##########
superset-frontend/src/extensions/ExtensionsStartup.tsx:
##########
@@ -52,20 +52,12 @@ declare global {
const ExtensionsStartup: React.FC<{ children?: React.ReactNode }> = ({
children,
}) => {
- const [initialized, setInitialized] = useState(false);
-
const userId = useSelector<RootState, number | undefined>(
({ user }) => user.userId,
);
useEffect(() => {
- if (initialized) return;
-
- if (!userId) {
- // No user logged in — nothing to initialize
- setInitialized(true);
- return;
- }
+ if (!userId) return;
Review Comment:
**Suggestion:** The login guard uses a falsy check on a numeric identifier,
so a valid `userId` value of `0` will be treated as unauthenticated and skip
both global API setup and extension initialization. Use an explicit
null/undefined check instead of a generic falsy check. [falsy zero check]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ Extensions never initialize for Redux userId equal zero.
- ⚠️ window.superset APIs unavailable for zero-id user sessions.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Use the existing Jest testing harness in
`superset-frontend/src/extensions/ExtensionsStartup.test.tsx` (see
`render(<ExtensionsStartup />, { useRedux: true, initialState:
mockInitialState })` at
lines 72–76) and define an `initialState` object similar to
`mockInitialState` (lines
35–37) but with `user.userId` set to `0` instead of `1`.
2. Run the test so that `<ExtensionsStartup />` mounts with Redux state
containing `user:
{ userId: 0 }`, which is wired into the store via `setupStore` in
`superset-frontend/src/views/store.ts` (lines 161–185) and the `userReducer`
that takes
`bootstrapData.user` or the provided initial state (lines 84–92).
3. When `ExtensionsStartup` renders (component defined in
`superset-frontend/src/extensions/ExtensionsStartup.tsx` at lines 52–81),
the selector
`useSelector<RootState, number | undefined>(({ user }) => user.userId)`
(lines 55–57)
returns `0`, and the `useEffect` hook at lines 59–78 executes.
4. Inside the effect, the guard `if (!userId) return;` at line 60 treats `0`
as falsy and
returns early, so the code that sets `window.superset = { ...supersetCore,
authentication,
core, commands, editors, extensions, menus, sqlLab, views }` (lines 62–73)
and calls
`ExtensionsLoader.getInstance().initializeExtensions()` when
`FeatureFlag.EnableExtensions` is enabled (lines 75–76) is skipped;
asserting in the test
that `(window as any).superset` is defined or that `initializeExtensions`
was called (as
done in the existing tests at lines 82–107 and 121–139) will fail for this
zero-valued
user ID.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=62f0f23eb8404550a7b1ae0cd285edab&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=62f0f23eb8404550a7b1ae0cd285edab&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset-frontend/src/extensions/ExtensionsStartup.tsx
**Line:** 60:60
**Comment:**
*Falsy Zero Check: The login guard uses a falsy check on a numeric
identifier, so a valid `userId` value of `0` will be treated as unauthenticated
and skip both global API setup and extension initialization. Use an explicit
null/undefined check instead of a generic falsy check.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40915&comment_hash=56ef45e8ab2f962c50d59ee09cafad8c365d1801817308007733ec3b9720f88a&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40915&comment_hash=56ef45e8ab2f962c50d59ee09cafad8c365d1801817308007733ec3b9720f88a&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
