fix: restore saved credentials when switching back to original auth mode

[pooja-bruno]

Description

JIRA

Contribution Checklist:

• I've used AI significantly to create this pull request
• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.

Publishing to New Package Managers

Please see here for more information.

Summary by CodeRabbit

Bug Fixes

• Improved authentication mode switching to preserve previously saved credentials when returning to a previously used authentication mode, eliminating data loss during mode transitions.

[coderabbitai]

Walkthrough

Auth-mode reducers for requests, collections, and folders now conditionally restore saved auth payloads when switching to a mode matching the underlying saved data. Three reducers (updateRequestAuthMode, updateCollectionAuthMode, updateFolderAuthMode) implement this preservation logic, with corresponding tests validating the behavior.

Changes

Auth Mode Preservation

Layer / File(s)	Summary
Core Logic packages/bruno-app/src/providers/ReduxStore/slices/collections/index.js	updateRequestAuthMode, updateCollectionAuthMode, and updateFolderAuthMode now initialize auth to { mode: newMode } and conditionally deep-clone and restore the saved auth payload when newMode matches the saved mode.
Tests tests/request/auth-mode-switch.spec.ts	Three Playwright test cases (Request, Collection, Folder) verify auth data is restored when switching back to a previously-saved mode and remains empty when switching to unsaved modes. Includes helper utilities for auth-mode selection and CodeMirror field interaction.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Suggested labels

size/S

Suggested reviewers

• lohit-bruno
• bijin-bruno
• helloanoop

Poem

🔐 A mode switch finds its way back home,
Restoring tokens like memory foam,
No more loss when modes align—
Draft and saved now dance in time! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: restoring saved credentials when switching back to the original auth mode, which matches the core functionality implemented in the reducer updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (3)

tests/request/auth-mode-switch.spec.ts (3)

33-37: ⚖️ Poor tradeoff

readField is coupled to the CodeMirror v5 DOM API — worth a data-testid fallback.

return editor.evaluate((el: any) => (el as any).CodeMirror?.getValue() ?? '');

el.CodeMirror is a CM5-specific instance property. If Bruno ever upgrades to CodeMirror 6 (which attaches its state differently), this evaluates to '' for every assertion, silently turning all readField assertions into vacuous passes. Wiring a data-testid attribute to the underlying <textarea> that CM5 maintains in sync, or an aria-label, would make readField CM-version-agnostic.

As per coding guidelines: "Add data-testid to testable elements for Playwright."

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/request/auth-mode-switch.spec.ts` around lines 33 - 37, readField
currently relies solely on the CodeMirror v5 DOM API (reading
el.CodeMirror.getValue()), which will silently break if the editor is upgraded;
update readField to first try the existing CodeMirror path and then fall back to
reading the underlying <textarea> value via a test id or accessible label (e.g.
query for textarea[data-testid="${labelText}"] or
textarea[aria-label="${labelText}"] and return its .value) so assertions remain
valid across CM versions; also ensure the component under test includes a stable
data-testid on the editor textarea so fieldEditor/readField can locate it.

---

84-124: ⚡ Quick win

Collection and Folder tests only cover the happy path — consider adding parity steps with the Request test.

The Request test (lines 44–82) includes 5 well-structured steps:

1. Save Bearer credentials
2. Bearer → Basic → Bearer restores token ✓ (the main fix)
3. Switching to a non-saved mode shows empty fields
4. Switching to a third unrelated mode also leaves fields empty
5. Multiple round-trips to the saved mode still restore correctly

The Collection (lines 84–101) and Folder (lines 104–124) tests only cover step 2. If a bug were introduced that only affects Collection- or Folder-level auth mode switching (e.g., the updateCollectionAuth / updateFolderAuth reducers that clear auth), steps 3–5 would silently pass in the Collection/Folder paths. Adding at least step 3 (non-saved mode shows empty fields) would give meaningful regression coverage for the collection/folder reducers independently.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/request/auth-mode-switch.spec.ts` around lines 84 - 124, Add the
missing parity check that switching to a non-saved auth mode clears fields:
after the "Save Bearer" step in both the Collection and Folder tests (identify
blocks that call createCollection/createFolder, selectAuthMode, typeIntoField,
and click Save) add a step that selects a different mode that was never saved
(e.g., selectAuthMode(page, 'API Key') or 'Basic Auth' as appropriate) and
assert using readField(...) that the relevant fields are empty; then switch back
to 'Bearer Token' and assert the saved token is restored with expect.poll(() =>
readField(page, 'Token')).toBe('collection-bearer-token' /
'folder-bearer-token') to mirror the Request test's non-saved-mode coverage.

---

16-21: 💤 Low value

Static analysis flag on new RegExp(...) is a false positive here.

labelText is always passed as a static string literal ('Token', 'Username', 'Password') with no regex metacharacters, so the ReDoS warning is inapplicable. The exact-boundary regex (^...$) is the right approach to avoid partial-text false matches on labels like "Token" vs "Bearer Token."

If you want to silence the linter cleanly:

✨ Suggested fix

-    .filter({ hasText: new RegExp(`^${labelText}$`) })
+    .filter({ hasText: labelText, exact: true })

Playwright's filter({ hasText: ..., exact: true }) does case-sensitive exact string matching, removing the regex entirely.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/request/auth-mode-switch.spec.ts` around lines 16 - 21, The linter
flags the use of new RegExp in the fieldEditor helper; replace the regex-based
match with Playwright's exact string match to silence the false positive and
keep exact-boundary behavior: update the fieldEditor function (named
fieldEditor) to use filter({ hasText: labelText, exact: true }) instead of
filter({ hasText: new RegExp(`^${labelText}$`) }) so it performs case-sensitive
exact matching for labels like "Token" vs "Bearer Token".

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@tests/request/auth-mode-switch.spec.ts`:
- Around line 33-37: readField currently relies solely on the CodeMirror v5 DOM
API (reading el.CodeMirror.getValue()), which will silently break if the editor
is upgraded; update readField to first try the existing CodeMirror path and then
fall back to reading the underlying <textarea> value via a test id or accessible
label (e.g. query for textarea[data-testid="${labelText}"] or
textarea[aria-label="${labelText}"] and return its .value) so assertions remain
valid across CM versions; also ensure the component under test includes a stable
data-testid on the editor textarea so fieldEditor/readField can locate it.
- Around line 84-124: Add the missing parity check that switching to a non-saved
auth mode clears fields: after the "Save Bearer" step in both the Collection and
Folder tests (identify blocks that call createCollection/createFolder,
selectAuthMode, typeIntoField, and click Save) add a step that selects a
different mode that was never saved (e.g., selectAuthMode(page, 'API Key') or
'Basic Auth' as appropriate) and assert using readField(...) that the relevant
fields are empty; then switch back to 'Bearer Token' and assert the saved token
is restored with expect.poll(() => readField(page,
'Token')).toBe('collection-bearer-token' / 'folder-bearer-token') to mirror the
Request test's non-saved-mode coverage.
- Around line 16-21: The linter flags the use of new RegExp in the fieldEditor
helper; replace the regex-based match with Playwright's exact string match to
silence the false positive and keep exact-boundary behavior: update the
fieldEditor function (named fieldEditor) to use filter({ hasText: labelText,
exact: true }) instead of filter({ hasText: new RegExp(`^${labelText}$`) }) so
it performs case-sensitive exact matching for labels like "Token" vs "Bearer
Token".

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 29932aca-edfd-42f5-868b-6a6d426a9699

📥 Commits

Reviewing files that changed from the base of the PR and between d332d8e and fe37f54.

📒 Files selected for processing (2)

• packages/bruno-app/src/providers/ReduxStore/slices/collections/index.js
• tests/request/auth-mode-switch.spec.ts