Force users to reenter integration passwords instead of silently clearing them
Summary
Under certain conditions (usually when changing fields like URL), we clear fields with type: :password
to avoid accidental exposure.
Instead of silently clearing it (bypassing our validations, and breaking the configuration), we should force users to reenter passwords.
Steps to reproduce
- Create a new
Jenkins CI
integration, filling in the URL, project name, username, and password fields. - Save the form.
- Edit the URL, without changing any other fields.
- Save the form.
What is the current bug behavior?
The integration is saved without errors, but the password
field in the DB is now blank. The UI won't really show any indication of this, except that the form label now says Password
again instead of Enter new password
.
The same bug can be observed on other integrations with password fields, depending on which fields are changed:
BambooService
JenkinsService
JiraService
TeamcityService
What is the expected correct behavior?
Users should have to reenter passwords.
Output of checks
This bug happens on GitLab.com
Possible fixes
The problem is with the before_update :reset_password
callbacks in these integrations, this should be done in before_validation
instead.