Skip to content

fix(publisher): Fix endpoint security API key re-saving issue#1386

Merged
tharikaGitHub merged 1 commit into
wso2:mainfrom
ShavinAnjithaAlpha:fix/4983-endpoint-security-api-key-re-saving
Jul 15, 2026
Merged

fix(publisher): Fix endpoint security API key re-saving issue#1386
tharikaGitHub merged 1 commit into
wso2:mainfrom
ShavinAnjithaAlpha:fix/4983-endpoint-security-api-key-re-saving

Conversation

@ShavinAnjithaAlpha

Copy link
Copy Markdown
Contributor

Purpose

In the APIM publisher portal, when an API key is configured for endpoint security and then re-saved without making any changes, the system inadvertently updates the API key secret to match the UI text field's placeholder value (asterisks ******). This causes the literal asterisk string to be transmitted during API invocation.

This PR resolves the issue by ensuring the API key value remains unchanged and consistent upon re-saving.

Fixes #4983

Issue Link

Approach

File Modified: EndpointOverview.jsx

Change: Updated the conditional logic within the saveEndpointSecurityConfig function to appropriately check against the secretPlaceholder before assigning the API key value, preventing the masked string from overwriting the actual secret.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9fc8950e-54cf-43fa-8cdc-60d8e7f236de

📥 Commits

Reviewing files that changed from the base of the PR and between aa9aadc and d01f1c4.

📒 Files selected for processing (1)
  • portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/EndpointOverview.jsx
🚧 Files skipped from review as they are similar to previous changes (1)
  • portals/publisher/src/main/webapp/source/src/app/components/Apis/Details/Endpoints/EndpointOverview.jsx

📝 Walkthrough

Walkthrough

This change updates saveEndpointSecurityConfig in EndpointOverview.jsx to replace the apiKeyValue placeholder ****** with an empty string, matching existing handling for clientSecret and password.

Changes

Endpoint Security Config Sanitization

Layer / File(s) Summary
Sanitize apiKeyValue placeholder
.../Endpoints/EndpointOverview.jsx
Replaces ****** in apiKeyValue with an empty string, matching existing sanitization for clientSecret and password.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: ashera96, heshansudarshana, hisanhunais

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly describes the main fix: endpoint security API key re-saving behavior.
Description check ✅ Passed The description matches the change and explains the API key placeholder handling fix.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@dushaniw

Copy link
Copy Markdown
Contributor

@ShavinAnjithaAlpha shall we update the pr with rebase

Fixes an issue in the Publisher portal where the when the endpoint security API Key is saved without any changes, it was being re-saved and causing unnecessary updates. This commit ensures that the API Key in only gets updated when there are actual changes made to it, preventing redundant inconsistent updates.

Resolves: #4983
@ShavinAnjithaAlpha
ShavinAnjithaAlpha force-pushed the fix/4983-endpoint-security-api-key-re-saving branch from aa9aadc to d01f1c4 Compare July 15, 2026 04:10
@sonarqubecloud

Copy link
Copy Markdown

@ShavinAnjithaAlpha

Copy link
Copy Markdown
Contributor Author

@ShavinAnjithaAlpha shall we update the pr with rebase

I have updated the PR with rebase

@tharikaGitHub
tharikaGitHub merged commit 30026a5 into wso2:main Jul 15, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants