Skip to content

fix(integrations): stop browser autofilling the service account API token field#4973

Merged
waleedlatif1 merged 1 commit into
stagingfrom
fix/service-account-token-autofill
Jun 11, 2026
Merged

fix(integrations): stop browser autofilling the service account API token field#4973
waleedlatif1 merged 1 commit into
stagingfrom
fix/service-account-token-autofill

Conversation

@waleedlatif1

@waleedlatif1 waleedlatif1 commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

  • Chrome's password manager was autofilling saved credentials into the API token field on the Atlassian service account modal — Chrome deliberately ignores autocomplete='off' on type='password' inputs
  • Replaced the raw password input with the canonical SecretInput (via ChipModalField type='custom'), matching the existing MCP Client Secret field: plain type='text' with blur-masking so password managers have nothing to target, plus it discards synthetic autofill change events while blurred
  • Carries the same autofill opt-out attributes as the canonical usage (autoComplete='new-password', data-lpignore, data-form-type)

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel

vercel Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Jun 11, 2026 6:40pm

Request Review

@cursor

cursor Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown

PR Summary

Low Risk
Small UI-only change to how the token is entered; credential submission and server validation are unchanged.

Overview
Fixes Chrome autofilling saved passwords into the Atlassian service account API token field, where type='password' and autocomplete='off' are often ignored.

The token field now uses SecretInput inside ChipModalField type='custom', aligned with the MCP Client Secret pattern: text input with blur masking, autofill opt-out (autoComplete='new-password', data-lpignore, data-form-type), and handling that avoids bogus autofill updates while blurred. Submit behavior and validation are unchanged.

Reviewed by Cursor Bugbot for commit c948ba4. Configure here.

@greptile-apps

greptile-apps Bot commented Jun 11, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Greptile Summary

This PR fixes Chrome's password-manager autofill on the Atlassian service-account API token field by replacing the raw type='password' ChipModalField with a ChipModalField type='custom' wrapper around the canonical SecretInput component.

Confidence Score: 5/5

Single-field UI fix with no logic changes; safe to merge.

The change is a direct swap of one input variant for the canonical SecretInput component already used elsewhere in the codebase. The submit-path validation is unchanged, state management is unchanged, and the autofill-blocking attributes are applied correctly. No new risk is introduced.

No files require special attention.

Important Files Changed

Filename Overview
apps/sim/app/workspace/[workspaceId]/integrations/components/connect-service-account-modal/connect-service-account-modal.tsx Replaces ChipModalField type='input' inputType='password' with ChipModalField type='custom' wrapping SecretInput to prevent browser autofill; change is minimal, correctly follows the EMCN custom-field pattern, and carries the full suite of autofill-blocking attributes.

Sequence Diagram

sequenceDiagram
    participant Browser as Browser / Password Manager
    participant Input as SecretInput (type=text)
    participant State as React State (apiToken)

    Note over Browser,Input: Before fix: type=password triggered autofill
    Browser--xInput: "autoComplete='off' ignored on type=password"

    Note over Browser,Input: After fix: type=text + blur-masking
    Browser->>Input: Page load (input not focused)
    Input->>Input: "displayValue = bullets (value.length)"
    Note over Browser: No password field detected, no autofill

    Browser->>Input: User focuses input
    Input->>Input: "isFocused = true, displayValue = real value"

    Browser->>Input: User types / pastes token
    Input->>State: onChange(e.target.value) only when focused

    Browser->>Input: User blurs
    Input->>Input: "isFocused = false, displayValue = bullets"
    Note over Browser: Synthetic autofill event while blurred is discarded
Loading

Reviews (2): Last reviewed commit: "fix(integrations): stop browser autofill..." | Re-trigger Greptile

@waleedlatif1 waleedlatif1 force-pushed the fix/service-account-token-autofill branch from a2d41f5 to c948ba4 Compare June 11, 2026 18:40
@waleedlatif1

waleedlatif1 commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator Author

@greptile

@waleedlatif1

waleedlatif1 commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator Author

@cursor review

cursor[bot]
cursor Bot reviewed Jun 11, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit c948ba4. Configure here.

@waleedlatif1 waleedlatif1 merged commit d2cc13d into staging Jun 11, 2026
10 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/service-account-token-autofill branch June 11, 2026 18:45
@waleedlatif1 waleedlatif1 mentioned this pull request Jun 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1