Force users to reenter integration passwords instead of silently clearing them

Summary

Under certain conditions (usually when changing fields like URL), we clear fields with type: :password to avoid accidental exposure.

Instead of silently clearing it (bypassing our validations, and breaking the configuration), we should force users to reenter passwords.

Steps to reproduce

1. Create a new Jenkins CI integration, filling in the URL, project name, username, and password fields.
2. Save the form.
3. Edit the URL, without changing any other fields.
4. Save the form.

What is the current bug behavior?

The integration is saved without errors, but the password field in the DB is now blank. The UI won't really show any indication of this, except that the form label now says Password again instead of Enter new password.

The same bug can be observed on other integrations with password fields, depending on which fields are changed:

• BambooService
• JenkinsService
• JiraService
• TeamcityService

What is the expected correct behavior?

Users should have to reenter passwords.

Output of checks

This bug happens on GitLab.com

Possible fixes

The problem is with the before_update :reset_password callbacks in these integrations, this should be done in before_validation instead.