Skip to content

[Fix-17813][ApiServer] Correct the password processing logic during data source modification#18386

Closed
njnu-seafish wants to merge 2 commits into
apache:devfrom
njnu-seafish:Fix-17813
Closed

[Fix-17813][ApiServer] Correct the password processing logic during data source modification#18386
njnu-seafish wants to merge 2 commits into
apache:devfrom
njnu-seafish:Fix-17813

Conversation

@njnu-seafish

@njnu-seafish njnu-seafish commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Was this PR generated or assisted by AI?

NO

Purpose of the pull request

close #17813

Brief change log

Based on the feedback in issues like #17813 and #18004, users are currently prone to accidentally overwriting the correct password due to the mask. This misoperation is highly likely to cause data source password anomalies in scheduled SQL tasks, compromising the stability of the production environment.

As previously discussed, One effective approach I can think of is to return an empty password field each time, meaning the interface never returns the password. Whenever the data source is updated, the password must be re-entered.

When the user clicks edit, the backend returns an empty password (password: ""). This leaves the frontend password field blank. If the user saves directly, the frontend sends password: "", and the backend detects the empty value and retains the existing password in the database.

dynamically set password placeholder based on edit/create mode, add clearer and more user-friendly password placeholder for edit mode:

screenshot_1782465870797

Verify this pull request

This pull request is code cleanup without any test coverage.

(or)

This pull request is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(or)

Pull Request Notice

Pull Request Notice

If your pull request contains incompatible change, you should also add it to docs/docs/en/guide/upgrade/incompatible.md

@github-actions github-actions Bot added the UI ui and front end related label Jun 26, 2026
@SbloodyS SbloodyS changed the title [Fix-17813][ApiServer]Correct the password processing logic during data source modification [Fix-17813][ApiServer] Correct the password processing logic during data source modification Jun 29, 2026

@SbloodyS SbloodyS left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is unnessnary since we've already return hiddened password. There is no essential difference between your implementation and the current one.

@SbloodyS SbloodyS closed this Jun 29, 2026
@njnu-seafish

Copy link
Copy Markdown
Contributor Author

I think this is unnessnary since we've already return hiddened password. There is no essential difference between your implementation and the current one.

In the current implementation, saving without changing the password can easily lead to mistakenly treating the hidden password returned by the backend as the actual password in the data source.

Based on the feedback in issues like #17813 and #18004, users are currently prone to accidentally overwriting the correct password due to the mask.

This PR implements the solution discussed previously by the senior team: the backend no longer returns the password, and the frontend prompts the user to 'Enter a new password (leave blank to keep the current one)'.

@njnu-seafish

Copy link
Copy Markdown
Contributor Author

I think this is unnessnary since we've already return hiddened password. There is no essential difference between your implementation and the current one.

Current backend logic: If the frontend passes an empty value, the backend will not update the password. Otherwise, it will use the new password provided by the frontend (including the masked value ******) to update the password.

0f27f111aaa0d2d16af429a3d869559a

Therefore, based on the solution discussed previously by the senior team, a more user-friendly prompt has been added to the frontend when updating a data source: 'Enter a new password (leave blank to keep the current one)'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend UI ui and front end related

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[DSIP-101][ApiServer] How should the password be handled more elegantly when editing a data source?

2 participants