Skip to content

fix(credentials): resolve case-mismatched credential lookups returning 500#1063

Merged
ct3685 merged 3 commits into
stagingfrom
ct/jira-api-credential-fixes
May 4, 2026
Merged

fix(credentials): resolve case-mismatched credential lookups returning 500#1063
ct3685 merged 3 commits into
stagingfrom
ct/jira-api-credential-fixes

Conversation

@ct3685
Copy link
Copy Markdown

@ct3685 ct3685 commented May 4, 2026

Summary

Fixes the 500 error users hit when clicking Add new credential inline on a Jira node in an existing chatflow. Root cause was a case mismatch between the legacy JiraApi baked into saved chatflow JSON and the live credential pool key jiraApi, compounded by an over-broad catch in the components-credentials service that masked NOT_FOUND as 500.

Three layers of defense, plus a code review:

  • Server: componentsCredentialsService.getComponentByName / getSingleComponentsCredentialIcon now do a case-insensitive fallback against the in-memory pool, and the catch re-throws InternalFlowiseError as-is so 404 stays 404.
  • Frontend: canvas CredentialInputHandler.addAsyncOption resolves stale credentialNames to the current canonical key before issuing the lookup, and surfaces unresolved names as a persistent error toast instead of silently console.error-ing.
  • Data: one-shot AAI migration (1770000000001-NormalizeLegacyCredentialNames) rewrites JiraApi -> jiraApi inside chat_flow.flowData JSON (in any credentialNames array or credentialName field) and inside the credential.credentialName column. Idempotent, narrow LIKE pre-filter, no-op down().
  • Docs: JIRA_ATLASSIAN_REVIEW.md walks every Jira / Atlassian touchpoint with prioritized findings (6 Critical / 6 High / 6 Medium / 6 Low) for follow-up tickets.

Why no node version bumps

No node interface or init() behavior changed. The migration is reconciling stored data with credential code that already says name: 'jiraApi'. Version bumps would only be needed if/when we act on review findings H2 (host validation) or M3 (move host onto the credential).

Test plan

  • `pnpm --filter flowise-server build` compiles cleanly
  • `pnpm --filter flowise-ui build` compiles cleanly
  • `GET /api/v1/components-credentials/jiraApi` returns 200 with the credential object (canonical case still works)
  • `GET /api/v1/components-credentials/JiraApi` returns 200 with the same `jiraApi` object (regression for the user-reported case)
  • `GET /api/v1/components-credentials/totallyMadeUp` returns a clean 404 (not 500) with a single-prefixed message
  • Snapshot DB, run `pnpm migration:run`, inspect `[NormalizeLegacyCredentialNames]` log output - confirm only expected rows touched
  • Re-running the migration is a no-op (idempotency check)
  • In the UI, open the affected chatflow with the Jira node, click Add new credential - dialog opens with the live `jiraApi` template
  • Smoke test on a non-Jira node (e.g. OpenAI) - Add new credential still works (canonical-case path unaffected)
  • Editing an existing Jira credential row whose stored `credentialName` was `JiraApi` opens the dialog without a 500

Out of scope (called out in the review doc)

  • Renaming the 5 PascalCase credentials (`PostgresApi`, `PostgresUrl`, `MySQLApi`, `AlibabaApi`, `E2BApi`)
  • The 6 Critical security findings in the Atlassian OAuth flow (origin checks, `state` reuse, in-process pending-registration map, `JSON.stringify(Error)`, `mcp_client_secret` round-tripping, `updateAndRefreshAtlassianToken` 500-wrapping) - flagged for separate tickets
  • MySQL / MariaDB / SQLite migration parity (no `aai/` subfolder for those dialects in this repo; case-insensitive server lookup still covers them at runtime)

ct3685 added 2 commits May 4, 2026 16:04
@ct3685
fix(credentials): resolve case-mismatched credential lookups returnin…
88c005f 
…g 500

The canvas's "Add new credential" inline button on saved chatflows was
hitting `GET /components-credentials/JiraApi` (legacy PascalCase) while
the live credential pool only registers `jiraApi` (camelCase). The
strict-case lookup raised NOT_FOUND, then the outer catch in
componentsCredentialsService re-wrapped every error as 500, masking the
real status with a doubled "Error: ... - Error: ..." message.

- Add case-insensitive fallback in getComponentByName /
  getSingleComponentsCredentialIcon that resolves to the canonical pool
  key when an exact match fails.
- Stop re-wrapping InternalFlowiseError in the service catch so 404
  stays 404 instead of becoming 500.
- Update stale getSingleComponentsCredential strings to match the
  actual function name (getComponentByName) so future grepping works.
- In the canvas CredentialInputHandler, normalize credentialNames
  against the live components list before issuing the lookup, and
  surface unresolved names via a persistent error toast instead of
  silently console.erroring.
- Add a one-shot AAI migration that rewrites legacy strings inside
  chat_flow.flowData (any element of credentialNames arrays or value
  of a credentialName key) and inside credential.credentialName rows.
  Driven by a small legacy -> canonical map (currently just
  JiraApi -> jiraApi) so PascalCase credentials like PostgresApi /
  MySQLApi are intentionally untouched.
@ct3685
docs: add Jira/Atlassian deep review with prioritized findings
58a7552
@vercel
Copy link
Copy Markdown

vercel Bot commented May 4, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
answerai-docs Ready Ready Preview May 4, 2026 8:06pm
the-answerai Building Building Preview May 4, 2026 8:06pm

Request Review

@ct3685 ct3685 merged commit e2db107 into staging May 4, 2026
6 of 8 checks passed
@ct3685 ct3685 deleted the ct/jira-api-credential-fixes branch May 4, 2026 21:32
@github-actions github-actions Bot mentioned this pull request May 4, 2026
Merged
ct3685 added a commit that referenced this pull request May 5, 2026
@github-actions @ct3685
chore(release): staging to production - 2026.05.05 (#1064)
d5a5705 
## 🚀 Release: Staging to Production

**Release Date:** 2026-05-05

### Changes in this release

- feat(csv-transformer): API-sourced worker status, global theme fixes,
and CSV UI polish (#1066) (1a2dd33)
- chore(llmchain): drop noisy *****FINAL RESULT***** console output
(#1065) (1154e74)
- fix(credentials): resolve case-mismatched credential lookups returning
500 (#1063) (e2db107)

---
*This PR is automatically created/updated when commits are pushed to
staging.*
*Merging this PR will trigger the release workflow to create a new
GitHub release.*

---------

Co-authored-by: Cameron Taylor <50385537+ct3685@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ct3685