Skip to content

Disable Save Changes when API credentials empty or invalid#322

Merged
TLabutis merged 1 commit into
SL-346/accessibility-eaa-compliancefrom
BUGFIX/disable-save-empty-credentials
May 15, 2026
Merged

Disable Save Changes when API credentials empty or invalid#322
TLabutis merged 1 commit into
SL-346/accessibility-eaa-compliancefrom
BUGFIX/disable-save-empty-credentials

Conversation

@TLabutis

@TLabutis TLabutis commented May 8, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Disables the Save Changes button on the API Credentials tab when the active environment's username or password is empty, when the debounced credential check is still in flight, or when an inline "Invalid credentials" error is shown.
  • Marks JSON API Username / JSON API Password as required (red asterisk + aria-required="true") so the requirement is clear before the user clicks Save.

Why

Surfaced during SL-351 testing (TC-351.5): submitting the form with an empty JSON API Username silently saved an empty string to SAFERPAY_USERNAME[_TEST] and a NULL SAFERPAY_CUSTOMER_ID[_TEST], with no validation message. The terminal-fetch endpoint already shows a single inline credential error for invalid formats, so disabling the Save action avoids a duplicate toast on top of that inline message.

Test plan

  • Open Settings → API Credentials, clear JSON API Username → Save Changes is disabled
  • Clear JSON API Password → Save Changes is disabled
  • Enter an invalid username (e.g. asdasasd) with any password → inline "Invalid credentials" error shown, Save Changes disabled, no duplicate toast
  • Enter valid username/password → after debounce check, Save Changes enabled, save succeeds
  • Repeat all four steps in Live environment

- Disable Save Changes button when username/password empty, credential
  check is in flight, or inline credential error is shown
- Mark JSON API Username and Password as required (visual asterisk +
  aria-required) to surface the requirement before user clicks Save

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request improves the API credentials configuration UI by adding required field indicators and accessibility attributes to the username and password inputs. It also updates the 'Save Changes' button logic to prevent submission when credentials are missing, invalid, or being validated. Feedback suggests closing a 1000ms debounce window where the button remains enabled after a field change but before validation starts, by updating the credential status to 'checking' immediately within the input change handlers.

<Button
className="sp-min-w-[120px]"
onClick={saveCredentials}
disabled={saving || !hasCredentials || credentialStatus === 'invalid' || credentialStatus === 'checking'}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The disabled logic correctly prevents saving when credentials are known to be invalid or are currently being checked. However, there is a 1000ms window (the debounce period defined in the useEffect) where the button remains enabled after a user modifies a previously valid field but before the validation status updates to checking.

This allows a user to click 'Save' with potentially invalid credentials if they are quick. While the backend likely handles validation, you might consider updating the credentialStatus to checking immediately within the onChange handlers of the username and password fields to close this gap and provide immediate visual feedback to the user.

@TLabutis TLabutis merged commit efbf236 into SL-346/accessibility-eaa-compliance May 15, 2026
1 of 3 checks passed
@TLabutis TLabutis deleted the BUGFIX/disable-save-empty-credentials branch May 15, 2026 08:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant