When retrieving and saving the API credentials in the Magento configuration for the first time, everything works as expected. However, after the credentials have been saved, a different value appears in the API secret input field. Although this masked or altered value is not immediately a problem, it becomes an issue when the configuration is edited and saved again. At that point, the module uses the modified value shown in the API secret field instead of the original secret, causing authentication to fail.
No relevant browser console errors were observed, but after resaving the configuration the login/authentication with the API no longer works.
To Reproduce
- Go to the module configuration in Magento admin.
- Enter the API credentials.
- Save the configuration for the first time.
- Confirm that the integration works correctly.
- Reopen the configuration page.
- Notice that the API secret field now contains a different value than the originally entered secret.
- Change any configuration value and save the configuration again.
- Observe that the module can no longer authenticate with the API.
Expected behaviour
The original API secret should remain intact after saving the configuration. If the secret field is masked or obfuscated in the admin UI, saving the configuration again should still preserve the original stored secret unless the user explicitly changes it. Updating unrelated configuration values should not overwrite the valid API secret with the displayed masked value.
Module version 3.7.1
Magento ver. 2.4.8-p4
When retrieving and saving the API credentials in the Magento configuration for the first time, everything works as expected. However, after the credentials have been saved, a different value appears in the API secret input field. Although this masked or altered value is not immediately a problem, it becomes an issue when the configuration is edited and saved again. At that point, the module uses the modified value shown in the API secret field instead of the original secret, causing authentication to fail.
No relevant browser console errors were observed, but after resaving the configuration the login/authentication with the API no longer works.
To Reproduce
Expected behaviour
The original API secret should remain intact after saving the configuration. If the secret field is masked or obfuscated in the admin UI, saving the configuration again should still preserve the original stored secret unless the user explicitly changes it. Updating unrelated configuration values should not overwrite the valid API secret with the displayed masked value.
Module version 3.7.1
Magento ver. 2.4.8-p4