ACM-33048 Sensitive fields shown by default in the Review step

[jeswanke]

📝 Summary

Ticket Summary (Title):
ACM-33048 Sensitive fields shown by default in the Review step

Ticket Link:
https://redhat.atlassian.net/browse/ACM-33048

Type of Change:

• 🐞 Bug Fix
• ✨ Feature
• 🔧 Refactor
• 💸 Tech Debt
• 🧪 Test-related
• 📄 Docs

---

✅ Checklist

General

• PR title follows the convention (e.g. ACM-12340 Fix bug with...)
• Code builds and runs locally without errors
• No console logs, commented-out code, or unnecessary files
• All commits are meaningful and well-labeled
• All new display strings are externalized for localization (English only)
• (Nice to have) JSDoc comments added for new functions and interfaces

If Feature

• UI/UX reviewed (if applicable)
• All acceptance criteria met
• Unit test coverage added or updated
• Relevant documentation or comments included

If Bugfix

• Root cause and fix summary are documented in the ticket (for future reference / errata)
• Fix tested thoroughly and resolves the issue
• Test(s) added to prevent regression

---

🗒️ Notes for Reviewers

Summary by CodeRabbit

• New Features
  • Secret inputs in review now show masked values by default with a clickable reveal toggle; reveal controls appear alongside edit/pen controls where editing is enabled.
• Style / Layout
  • Improved alignment and flex behavior so multi-line values, reveal controls, and edit buttons align to the typographic baseline and preserve line breaks.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds an optional per-input secret flag propagated into review metadata; secret, non-error review values are rendered masked by default with a reveal toggle integrated into the review hover/edit controls. Registry registration now carries secret and reacts to changes.

Changes

Cohort / File(s)	Summary
Input types & registry frontend/packages/react-form-wizard/src/inputs/Input.ts	Added secret?: boolean to InputCommonProps and include secret in stepInputsRegistry registration/unregistration effect (effect depends on props.secret).
Review metadata types frontend/packages/react-form-wizard/src/review/ReviewStepContexts.tsx	Extended exported InputReviewStepMeta (INPUT and ARRAY_INPUT) with optional secret?: boolean so review tree can distinguish secret inputs.
Review rendering & secret UI frontend/packages/react-form-wizard/src/review/ReviewStep.tsx, frontend/packages/react-form-wizard/src/review/ReviewStepFindList.tsx	Implemented masked default display for secret, non-error rows and per-row reveal state via a new hook; added ReviewSecretPenHoverInputRow path for editable secret rows; non-edit value cells get whiteSpace: 'pre-wrap'.
Hover / edit controls frontend/packages/react-form-wizard/src/review/ReviewStepNavigation.tsx	ReviewPenHoverZone props extended with beforePenControls?: ReactNode; edit buttons refactored to allow inserting the reveal control before pen/edit buttons; value content wrapped in .wizard-review-inline-value-body.
Styling frontend/packages/react-form-wizard/src/review/ReviewStep.css	Added .wizard-review-inline-value-body, adjusted .wizard-review-pen-controls alignment and DL-row alignment to baseline, and expanded match-segment selectors so inline-value-body participates in same flex behavior.
Input components type surface frontend/packages/react-form-wizard/src/inputs/WizTextInput.tsx, frontend/packages/react-form-wizard/src/inputs/WizTextArea.tsx	Removed secret?: boolean from exported WizTextInputProps and WizTextAreaProps type declarations, though implementations still reference props.secret. Review for API/typing consistency required.

Sequence Diagram(s)

sequenceDiagram
    participant User as User
    participant ReviewStep as ReviewStep
    participant Registry as Registry
    participant HoverZone as ReviewPenHoverZone
    participant RevealControl as RevealButton

    User->>ReviewStep: open review UI
    ReviewStep->>Registry: fetch step input metadata (includes secret)
    Registry-->>ReviewStep: return input nodes with secret flag
    ReviewStep->>HoverZone: render row (masked if secret && no error)
    HoverZone-->>RevealControl: render reveal control in controls cluster
    User->>RevealControl: click toggle
    RevealControl->>ReviewStep: update per-row showSecret state
    ReviewStep-->>HoverZone: re-render row (masked <-> unmasked)

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 12.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	The PR description follows the required template structure with summary, ticket link, type selection, and checklist completion. However, critical bug-fix checklist items remain unchecked.	Check or document: root cause/fix summary in ticket, thorough testing verification, and regression test additions per the bug-fix checklist requirements.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main change: adding secret field masking behavior to the Review step, which is the primary modification across multiple files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

frontend/packages/react-form-wizard/src/review/ReviewStep.tsx (1)

467-473: ⚠️ Potential issue | 🟠 Major

Mask secret values in collapsed review badges too.

When a section is collapsed, secret inputs still flow through renderReviewInputDescriptionContent(child), which renders the raw value in the collapsed badge. That bypasses the new expanded-row masking path.

Proposed fix

-      const collapsedInputContent = child.error ? (
+      const collapsedInputContent = child.error ? (
         child.label ?? child.path
+      ) : child.secret ? (
+        '****************'
       ) : child.value === true ? (
         <CheckIcon aria-hidden />
       ) : (

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx` around lines
467 - 473, The collapsed badge path (collapsedInputContent) currently uses
renderReviewInputDescriptionContent(child) which exposes raw values; change it
to apply the same secret-masking logic used by the expanded row: detect secret
inputs (e.g., child.secret or child.type === 'secret') inside the collapsed
branch and render a masked placeholder (or call the same mask helper used by the
expanded row) instead of renderReviewInputDescriptionContent, keeping the
existing child.error and boolean-true CheckIcon branches intact; update
collapsedInputContent to branch to the masked rendering when the input is
secret.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx`:
- Around line 716-726: The reveal toggle Button defined as revealButton lacks an
accessible name and state; update the Button (in ReviewStep.tsx where
revealButton is created) to include a dynamic aria-label (e.g., "Show secret"
when showSecrets is false and "Hide secret" when true) and expose its toggle
state via aria-pressed={showSecrets} (or aria-expanded if more appropriate for
your pattern), keeping the existing onClick handler and icon logic; ensure the
label text clearly reflects the action and updates when setShowSecrets toggles.

---

Outside diff comments:
In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx`:
- Around line 467-473: The collapsed badge path (collapsedInputContent)
currently uses renderReviewInputDescriptionContent(child) which exposes raw
values; change it to apply the same secret-masking logic used by the expanded
row: detect secret inputs (e.g., child.secret or child.type === 'secret') inside
the collapsed branch and render a masked placeholder (or call the same mask
helper used by the expanded row) instead of renderReviewInputDescriptionContent,
keeping the existing child.error and boolean-true CheckIcon branches intact;
update collapsedInputContent to branch to the masked rendering when the input is
secret.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: c517861e-01f2-4dd0-b306-720e9480f313

📥 Commits

Reviewing files that changed from the base of the PR and between 8297bf7 and 2f05caa.

📒 Files selected for processing (5)

• frontend/packages/react-form-wizard/src/inputs/Input.ts
• frontend/packages/react-form-wizard/src/review/ReviewStep.css
• frontend/packages/react-form-wizard/src/review/ReviewStep.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepContexts.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepNavigation.tsx

[KevinFCormier]

Looks good - just one little nit with types to fix up.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

frontend/packages/react-form-wizard/src/review/ReviewStep.tsx (1)

467-473: ⚠️ Potential issue | 🟠 Major

Mask secrets in collapsed section badges.

Collapsed summaries still render renderReviewInputDescriptionContent(child) for secret inputs, so a collapsed review section can show the raw token even though expanded rows are masked.

Proposed fix

       const collapsedInputContent = child.error ? (
         child.label ?? child.path
+      ) : child.secret ? (
+        '****************'
       ) : child.value === true ? (
         <CheckIcon aria-hidden />
       ) : (
         renderReviewInputDescriptionContent(child)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx` around lines
467 - 473, The collapsed summary currently uses
renderReviewInputDescriptionContent(child) even for secret inputs; update the
collapsedInputContent logic to detect secret/sensitive inputs (e.g.,
child.secret or child.type === 'secret') and replace the rendered raw value with
a masked placeholder (like a fixed dot/asterisk string or a call to a new helper
mask function) when the input is secret and not errored or a boolean true;
ensure you reference the collapsedInputContent expression and
renderReviewInputDescriptionContent(child) so the mask is applied only in
collapsed view while keeping expanded masking behavior unchanged.

frontend/packages/react-form-wizard/src/review/ReviewStepFindList.tsx (1)

160-167: ⚠️ Potential issue | 🟠 Major

Mask secret values in review search results too.

Search mode still builds row.searchValue from the raw node.value, then renders it in the find list. That exposes secret fields whenever review search is active and also indexes the raw secret in Fuse.

Proposed fix

+const REVIEW_SECRET_MASK_TEXT = '****************'
+
 function formatReviewFindSearchValue(node: WizardInputDomNode, labels: ReviewFindBooleanStrings): string {
   if (node.error) return node.error
+  if (node.secret && !isReviewValueUnset(node.value)) return REVIEW_SECRET_MASK_TEXT
   if (typeof node.value === 'boolean') {
     return node.value ? labels.reviewBooleanTrue : labels.reviewBooleanFalse
   }

Also applies to: 417-447

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/packages/react-form-wizard/src/review/ReviewStepFindList.tsx` around
lines 160 - 167, formatReviewFindSearchValue currently returns raw node.value
(via formatReviewValueString) which leaks secrets into review search results and
indexing; update this function to first check node.secret and, if true, return a
masked placeholder instead of the raw value (use the existing masking helper if
one exists or add a small maskSecretValue utility), and apply the same
secret-checking/masking change wherever review search row.searchValue is
constructed (notably in the other review formatting path that uses
formatReviewValueString around lines referenced) so secrets are masked
consistently when building searchValue and not emitted to Fuse.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx`:
- Around line 467-473: The collapsed summary currently uses
renderReviewInputDescriptionContent(child) even for secret inputs; update the
collapsedInputContent logic to detect secret/sensitive inputs (e.g.,
child.secret or child.type === 'secret') and replace the rendered raw value with
a masked placeholder (like a fixed dot/asterisk string or a call to a new helper
mask function) when the input is secret and not errored or a boolean true;
ensure you reference the collapsedInputContent expression and
renderReviewInputDescriptionContent(child) so the mask is applied only in
collapsed view while keeping expanded masking behavior unchanged.

In `@frontend/packages/react-form-wizard/src/review/ReviewStepFindList.tsx`:
- Around line 160-167: formatReviewFindSearchValue currently returns raw
node.value (via formatReviewValueString) which leaks secrets into review search
results and indexing; update this function to first check node.secret and, if
true, return a masked placeholder instead of the raw value (use the existing
masking helper if one exists or add a small maskSecretValue utility), and apply
the same secret-checking/masking change wherever review search row.searchValue
is constructed (notably in the other review formatting path that uses
formatReviewValueString around lines referenced) so secrets are masked
consistently when building searchValue and not emitted to Fuse.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: de8e4034-6118-4d52-b950-775a7a3f45e5

📥 Commits

Reviewing files that changed from the base of the PR and between 2f05caa and 0480588.

📒 Files selected for processing (3)

• frontend/packages/react-form-wizard/src/review/ReviewStep.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepFindList.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepNavigation.tsx

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/packages/react-form-wizard/src/review/ReviewStep.tsx`:
- Around line 773-794: In useReviewSecretMaskState, the useState initializer
inverts masking when a row mounts unset; change the initial state to false (so
showSecrets defaults to false) instead of using isReviewValueUnset(value),
ensuring secrets are masked by default; keep the existing hasValue, masked,
maskedText and revealButton logic and only toggle showSecrets via setShowSecrets
when the user clicks the reveal button.
- Line 785: Replace the hardcoded English aria strings in ReviewStep.tsx with
entries from the StringContext: add two new keys (e.g. showSecretValue /
hideSecretValue) and an editLabel (or similar) to the WizardStrings type and
default strings in StringContext.tsx, then use useStringContext() in ReviewStep
to read those keys and replace aria-label={showSecrets ? 'Hide secret value' :
'Show secret value'} and the ariaLabel="Edit" props with the context values
(e.g. aria-label={strings.showSecretValue} / strings.hideSecretValue and
ariaLabel={strings.editLabel}) so all three strings are localized via
WizardStrings.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 2ff33a9f-71b0-4a12-a483-35ad54902e37

📥 Commits

Reviewing files that changed from the base of the PR and between 0480588 and 9cea9da.

📒 Files selected for processing (7)

• frontend/packages/react-form-wizard/src/inputs/Input.ts
• frontend/packages/react-form-wizard/src/inputs/WizTextArea.tsx
• frontend/packages/react-form-wizard/src/inputs/WizTextInput.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStep.css
• frontend/packages/react-form-wizard/src/review/ReviewStep.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepContexts.tsx
• frontend/packages/react-form-wizard/src/review/ReviewStepNavigation.tsx

💤 Files with no reviewable changes (2)

• frontend/packages/react-form-wizard/src/inputs/WizTextArea.tsx
• frontend/packages/react-form-wizard/src/inputs/WizTextInput.tsx

🚧 Files skipped from review as they are similar to previous changes (3)

• frontend/packages/react-form-wizard/src/review/ReviewStepContexts.tsx
• frontend/packages/react-form-wizard/src/inputs/Input.ts
• frontend/packages/react-form-wizard/src/review/ReviewStepNavigation.tsx

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jeswanke, KevinFCormier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [KevinFCormier,jeswanke]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment