Re: [PR] feat(auth): implement password change API for AUTH_DB authentication [superset]

Wed, 17 Jun 2026 02:32:07 -0700 


codeant-ai-for-open-source[bot] commented on code in PR #39469:
URL: https://github.com/apache/superset/pull/39469#discussion_r3427047597


##########
superset-frontend/src/features/userInfo/UserInfoModal.tsx:
##########
@@ -36,10 +50,33 @@ function UserInfoModal({
   user,
 }: UserInfoModalProps) {
   const { addDangerToast, addSuccessToast } = useToasts();
+  const [passwordPolicy, setPasswordPolicy] = useState<AuthDbPasswordPolicy>(
+    AUTH_DB_DEFAULT_PASSWORD_POLICY,
+  );
+
+  useEffect(() => {
+    if (!show || isEditMode) {
+      return;
+    }
+    SupersetClient.get({
+      endpoint: '/api/v1/me/password/policy',
+    })
+      .then(({ json }) => {
+        if (json?.result) {
+          setPasswordPolicy(json.result as AuthDbPasswordPolicy);
+        }
+      })
+      .catch(() => {
+        // Keep default policy when endpoint is unavailable.
+      });
+  }, [show, isEditMode]);

Review Comment:
   **Suggestion:** The async password-policy fetch in `useEffect` has no 
cleanup/guard, so if the modal closes before the request resolves, 
`setPasswordPolicy` can run on an unmounted component (and older in-flight 
responses can overwrite newer state). Add a mounted/abort guard in the effect 
cleanup and ignore late responses. [stale reference]
   
   <details>
   <summary><b>Severity Level:</b> Major ⚠️</summary>
   
   ```mdx
   - ⚠️ User profile password-change modal may update state post-unmount.
   - ⚠️ Dev console emits warnings under slow password-policy responses.
   ```
   </details>
   <details>
   <summary><b>Steps of Reproduction ✅ </b></summary>
   
   ```mdx
   1. Open the user profile UI implemented in `src/pages/UserInfo/index.tsx`, 
which imports
   `ChangePasswordModal` at line 33 and conditionally renders it when
   `modalState.resetPassword` is true at lines 245-249 (`<ChangePasswordModal 
...
   show={modalState.resetPassword} />`).
   
   2. Trigger the reset-password modal (e.g., by calling the
   `openModal(ModalType.ResetPassword)` logic wired into `modalState` in
   `src/pages/UserInfo/index.tsx`), causing `ChangePasswordModal` to render and 
pass
   `show={true}` into `UserInfoModal` (aliased as `ChangePasswordModal`) at
   `src/features/userInfo/UserInfoModal.tsx:45-52` and `250-252`.
   
   3. With `show` true and `isEditMode` false, the `useEffect` at
   `src/features/userInfo/UserInfoModal.tsx:57-72` runs, issuing 
`SupersetClient.get({
   endpoint: '/api/v1/me/password/policy' })` to fetch the password policy and, 
on success,
   calling `setPasswordPolicy(json.result as AuthDbPasswordPolicy)` in the 
`.then` handler at
   lines 64-67.
   
   4. While that request is still in flight, close the modal via the
   `closeModal(ModalType.ResetPassword)` path in 
`src/pages/UserInfo/index.tsx:27-32`, which
   flips `modalState.resetPassword` to false, unmounting 
`<ChangePasswordModal>` entirely;
   when the pending `SupersetClient.get` resolves afterward, the `.then` 
callback still
   invokes `setPasswordPolicy` on this now-unmounted `UserInfoModal` instance, 
leading to a
   state update on an unmounted component (and associated React dev warnings / 
wasted work)
   because there is no cleanup or mounted-guard in the `useEffect`.
   ```
   </details>
   
   [![Fix in 
Cursor](https://new-codeant-butcket.s3.us-west-1.amazonaws.com/badges/fix-in-cursor-flat.svg)](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=0eb26e534a5842deabb8c2bc980661fd&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
 [![Fix in VSCode 
Claude](https://new-codeant-butcket.s3.us-west-1.amazonaws.com/badges/fix-in-vscode-claude-flat.svg)](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=0eb26e534a5842deabb8c2bc980661fd&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
   
   *(Use Cmd/Ctrl + Click for best experience)*
   <details>
   <summary><b>Prompt for AI Agent 🤖 </b></summary>
   
   ```mdx
   This is a comment left during a code review.
   
   **Path:** superset-frontend/src/features/userInfo/UserInfoModal.tsx
   **Line:** 57:72
   **Comment:**
        *Stale Reference: The async password-policy fetch in `useEffect` has no 
cleanup/guard, so if the modal closes before the request resolves, 
`setPasswordPolicy` can run on an unmounted component (and older in-flight 
responses can overwrite newer state). Add a mounted/abort guard in the effect 
cleanup and ignore late responses.
   
   Validate the correctness of the flagged issue. If correct, How can I resolve 
this? If you propose a fix, implement it and please make it concise.
   Once fix is implemented, also check other comments on the same PR, and ask 
user if the user wants to fix the rest of the comments as well. if said yes, 
then fetch all the comments validate the correctness and implement a minimal fix
   ```
   </details>
   <a 
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=ed36c4475634c3fae3caffa551a2a7e7cb81451fd33e5680e928744e72638e77&reaction=like'>👍</a>
 | <a 
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F39469&comment_hash=ed36c4475634c3fae3caffa551a2a7e7cb81451fd33e5680e928744e72638e77&reaction=dislike'>👎</a>



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to