Flowise icon indicating copy to clipboard operation
Flowise copied to clipboard
Published 1 month ago verified publisher icon FlowiseAI

[BUG] Credentials set to nothing if editing any existing credential from a chatflow without changing anything

Open automaton82 opened this issue 1 year ago • 2 comments

Describe the bug If you edit credentials for a chatmodel, for example, on the chatflow screen and change nothing and then save, the API key will be erased.

To Reproduce Steps to reproduce the behavior:

  1. Create Azure Open AI credentials with an API key specified
  2. Create a new chatflow, add a conversational chain and use the Azure Chat Model to power it
  3. Select the credentials from (1) to use with Azure Open AI
  4. Select the 'edit' button to edit the credentials right there. Note the dots in the API key field indicating there is a key
  5. Without changing anything, press 'save'
  6. Try to use the chatflow

Expected behavior Your key is now gone. You can verify this by saving everything, reloading (F5) and re-opening the edit credentials dialog. The key will now be blank.

Additional context This will work with any setup.

automaton82 avatar Mar 04 '24 21:03 automaton82

ah good spot! have you figured out a fix yet?

HenryHengZJ avatar Mar 05 '24 07:03 HenryHengZJ

Not a fix, but I believe the issue is here:

if (body.plainDataObj) {
        const encryptedData = await encryptCredentialData(body.plainDataObj)
        credentialBody.encryptedData = encryptedData
}

Inside transformToCredentialEntity.

In this case, plainDataObj does not include azureOpenAIApiKey at all which is correct as you even remove it in AddEditCredentialDialog:

               if (credentialData[key] !== REDACTED_CREDENTIAL_VALUE) {
                    plainDataObj[key] = credentialData[key]
                }

But of course since it's not there the new encrypted data won't have it either and it just plows it away. I think the fix is to first get and unencrypt the original key, then merge the plainobj. The only downside is you'd never know if they actually wanted to set a blank string (clear the key) vs they just sent the same thing back (they didn't change the original encrypted placeholder one).

automaton82 avatar Mar 05 '24 16:03 automaton82

ah good spot! have you figured out a fix yet?

@HenryHengZJ my colleague submitted a PR with possible fix for this issue, see #2260

automaton82 avatar Apr 26 '24 13:04 automaton82

@automaton82 are you still able to replicate the issue?

I've tried:

1.) Creating OpenAI Credential 2.) Create a chatflow with Conv Chain + ChatOpenAI, then use the credential 3.) Chat with it - works fine 4.) On the chatflow, click edit the credential, do nothing, press save 5.) Save the chatflow again, still works 6.) Click edit credential again, change to invalid API key, press save 7.) Save the chatflow, its using the invalid API key correctly

HenryHengZJ avatar Apr 26 '24 14:04 HenryHengZJ

I am able to replicate in 1.6.2 by going to the credentials screen, editing any existing credentials and pressing save without changing anything. When I open the credentials again, the key is now blank.

If you just test the chatflow I think it may cache the credentials? I'm not sure, but the biggest giveaway of the failure is to open the credentials screen itself, then edit the creds and look at the textbox. It should be blank.

I did not test the latest version.

automaton82 avatar Apr 26 '24 14:04 automaton82