Fixes #38593 - Prevent unintentional password updates (#11451)

Author: sjha4

app/views/katello/api/v2/flatpak_remotes/base.json.rabl

@@ -3,3 +3,7 @@ extends 'katello/api/v2/common/org_reference'
 
 attributes :name
 attributes :url, :description, :username, :seeded, :registry_url
+
+node :upstream_password_exists do |fr|
+  fr.token.present?
+end

webpack/scenes/FlatpakRemotes/CreateEdit/FlatpakRemoteform.js

@@ -30,27 +30,27 @@ const FlatpakRemotesForm = ({ setModalOpen, remoteData }) => {
     name: editingName,
     url: editingUrl,
     username: editingUsername,
-    password: editingPassword,
+    upstream_password_exists: passwordExists,
   } = remoteData || {};
 
   const isEditing = !!editingName;
   const dispatch = useDispatch();
   const [name, setName] = useState(editingName || '');
-  const [url, seturl] = useState(editingUrl || '');
+  const [url, setUrl] = useState(editingUrl || '');
   const [username, setUsername] = useState(editingUsername || '');
-  const [password, setpassword] = useState(editingPassword || '');
+  const [password, setPassword] = useState(passwordExists ? '*****' : '');
   const [redirect, setRedirect] = useState(false);
   const [saving, setSaving] = useState(false);
 
-  const [urlValidated, seturlValidated] = useState('default');
+  const [urlValidated, setUrlValidated] = useState('default');
   const handleUrlChange = (newurl, _event) => {
-    seturl(newurl);
+    setUrl(newurl);
     if (newurl === '') {
-      seturlValidated('default');
+      setUrlValidated('default');
     } else if (/^(http(s):\/\/.)[-a-zA-Z0-9@:%._~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_.~#?&//=]*)$/g.test(newurl)) {
-      seturlValidated('success');
+      setUrlValidated('success');
     } else {
-      seturlValidated('error');
+      setUrlValidated('error');
     }
   };
 
@@ -70,14 +70,24 @@ const FlatpakRemotesForm = ({ setModalOpen, remoteData }) => {
 
   const onSave = () => {
     setSaving(true);
+    let editingParams = {};
+    if (isEditing && password === '*****') {
+      editingParams = {
+        name,
+        url,
+        username,
+      };
+    } else {
+      editingParams = {
+        name,
+        url,
+        username,
+        token: password,
+      };
+    }
     dispatch(isEditing ?
       updateFlatpakRemote(
-        editingId, {
-          name,
-          url,
-          username,
-          token: password,
-        }, () => window.location.assign(`/flatpak_remotes/${editingId}`),
+        editingId, editingParams, () => window.location.assign(`/flatpak_remotes/${editingId}`),
         () => setModalOpen(false),
       ) :
       createFlatpakRemote({
@@ -168,9 +178,9 @@ const FlatpakRemotesForm = ({ setModalOpen, remoteData }) => {
           id="password"
           ouiaId="input_password"
           name="password"
-          aria-label="password"
+          aria-label="input_password"
           value={password}
-          onChange={(_event, value) => setpassword(value)}
+          onChange={(_event, value) => setPassword(value)}
         />
       </FormGroup>
 

webpack/scenes/FlatpakRemotes/CreateEdit/__tests__/flatpakRemoteform.test.js

@@ -0,0 +1,117 @@
+import React from 'react';
+import { renderWithRedux, patientlyWaitFor, fireEvent } from 'react-testing-lib-wrapper';
+import { nockInstance, assertNockRequest } from '../../../../test-utils/nockWrapper';
+import FlatpakRemotesForm from '../FlatpakRemoteform';
+import api from '../../../../services/api';
+
+const mockFn = jest.fn();
+delete window.location;
+window.location = { assign: mockFn };
+
+afterEach(() => {
+  mockFn.mockClear();
+});
+
+const createFlatpakPath = api.getApiUrl('/flatpak_remotes');
+const updateFlatpakPath = id => api.getApiUrl(`/flatpak_remotes/${id}`);
+
+const mockRemoteData = {
+  id: 1,
+  name: 'Test Remote',
+  url: 'https://example.com',
+  username: 'testuser',
+  upstream_password_exists: true,
+};
+
+test('Renders FlatpakRemotesForm fields correctly', () => {
+  const { getByText } = renderWithRedux(<FlatpakRemotesForm setModalOpen={mockFn} />);
+  expect(getByText('Name')).toBeInTheDocument();
+  expect(getByText('URL')).toBeInTheDocument();
+  expect(getByText('Username')).toBeInTheDocument();
+  expect(getByText('Password')).toBeInTheDocument();
+});
+
+test('Can save Flatpak remote from form', async (done) => {
+  const createScope = nockInstance
+    .post(createFlatpakPath, {
+      organization_id: 1,
+      name: 'New Remote',
+      url: 'https://example.com',
+      username: 'testuser',
+      token: 'password123',
+    })
+    .reply(201, { id: 2 });
+
+  const { getByLabelText, getByText } = renderWithRedux(<FlatpakRemotesForm
+    setModalOpen={mockFn}
+  />);
+  fireEvent.change(getByLabelText('input_name'), { target: { value: 'New Remote' } });
+  fireEvent.change(getByLabelText('input_url'), { target: { value: 'https://example.com' } });
+  fireEvent.change(getByLabelText('input_username'), { target: { value: 'testuser' } });
+  fireEvent.change(getByLabelText('input_password'), { target: { value: 'password123' } });
+
+  getByText('Create').click();
+
+  await patientlyWaitFor(() => {
+    expect(window.location.assign).toHaveBeenCalledWith('/flatpak_remotes/2');
+  });
+
+  assertNockRequest(createScope);
+  done();
+});
+
+test('Can update Flatpak remote from form', async (done) => {
+  const updateScope = nockInstance
+    .put(updateFlatpakPath(mockRemoteData.id), {
+      name: 'Updated Remote',
+      url: 'https://updated.com',
+      username: 'updateduser',
+    })
+    .reply(200);
+
+  const { getByLabelText, getByText } = renderWithRedux(<FlatpakRemotesForm
+    setModalOpen={mockFn}
+    remoteData={mockRemoteData}
+  />);
+
+  fireEvent.change(getByLabelText('input_name'), { target: { value: 'Updated Remote' } });
+  fireEvent.change(getByLabelText('input_url'), { target: { value: 'https://updated.com' } });
+  fireEvent.change(getByLabelText('input_username'), { target: { value: 'updateduser' } });
+
+  getByText('Update').click();
+
+  await patientlyWaitFor(() => {
+    expect(window.location.assign).toHaveBeenCalledWith('/flatpak_remotes/1');
+  });
+
+  assertNockRequest(updateScope);
+  done();
+});
+
+test('Can update Flatpak remote password from placeholder', async (done) => {
+  const updateScope = nockInstance
+    .put(updateFlatpakPath(mockRemoteData.id), {
+      name: mockRemoteData.name,
+      url: mockRemoteData.url,
+      username: mockRemoteData.username,
+      token: 'newpassword123',
+    })
+    .reply(200);
+
+  const { getByLabelText, getByText } = renderWithRedux(<FlatpakRemotesForm
+    setModalOpen={mockFn}
+    remoteData={mockRemoteData}
+  />);
+
+  // Simulate changing the password from the placeholder to a new value
+  fireEvent.change(getByLabelText('input_password'), { target: { value: 'newpassword123' } });
+
+  getByText('Update').click();
+
+  await patientlyWaitFor(() => {
+    expect(window.location.assign).toHaveBeenCalledWith('/flatpak_remotes/1');
+  });
+
+  assertNockRequest(updateScope);
+  done();
+});

webpack/scenes/FlatpakRemotes/Details/FlatpakRemoteDetailActions.js

@@ -31,7 +31,7 @@ export const updateFlatpakRemote = (frId, params, handleSuccess, handleError) =>
   url: api.getApiUrl(`/flatpak_remotes/${frId}`),
   handleSuccess,
   handleError,
-  params: { include_permissions: true, ...params },
+  params,
   successToast: () => __('Flatpak remote updated'),
   errorToast: error => getResponseErrorMsgs(error.response),
   updateData: (_prevState, respState) => respState,

webpack/scenes/FlatpakRemotes/FlatpakRemotesPage.js

@@ -13,7 +13,7 @@ import Pagination from 'foremanReact/components/Pagination';
 import { urlBuilder } from 'foremanReact/common/urlHelpers';
 import { STATUS } from 'foremanReact/constants';
 import { selectFlatpakRemotes, selectFlatpakRemotesError, selectFlatpakRemotesStatus } from './FlatpakRemotesSelectors';
-import { truncate } from '../../utils/helpers';
+import { getResponseErrorMsgs, truncate } from '../../utils/helpers';
 import CreateFlatpakModal from './CreateEdit/CreateFlatpakRemoteModal';
 import EditFlatpakModal from './CreateEdit/EditFlatpakRemotesModal';
 import { deleteFlatpakRemote, scanFlatpakRemote } from './Details/FlatpakRemoteDetailActions';
@@ -126,7 +126,7 @@ const FlatpakRemotesPage = () => {
           <EmptyPage message={{ type: 'empty' }} />
         )}
         {error && (
-          <EmptyPage message={{ type: 'error', text: error }} />
+          <EmptyPage message={{ type: 'error', text: getResponseErrorMsgs(error?.response) }} />
         )}
         {results.length > 0 && (
           <Table variant="compact" ouiaId="flatpak-remotes-table" isStriped>