Skip to content

fix(autofill): add dummy inputs to prevent browser autofill for various fields, prevent having 0 workflows in workspace #2482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
waleedlatif1 merged 4 commits into from
Dec 19, 2025
Merged

fix(autofill): add dummy inputs to prevent browser autofill for various fields, prevent having 0 workflows in workspace #2482

waleedlatif1 merged 4 commits into from
Dec 19, 2025
+443 −20

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Dec 19, 2025

Summary

  • add dummy inputs to prevent browser autofill for various fields
  • prevent having 0 workflows in workspace by preventing deleting the only workflow in the workspace, and deleting a folder that contains the only workflow(s) in the workspace

Type of Change

  • Bug fix

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Dec 19, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
docs Skipped Skipped Dec 19, 2025 11:21pm

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 19, 2025
edited
Loading

Greptile Summary

This PR implements two key improvements: preventing browser autofill on various input fields and ensuring workspaces always have at least one workflow.

Key Changes:

  • Added hidden decoy input fields with fakeusernameremembered/fakeemailremembered names positioned off-screen to trick browser autofill behavior, along with autocomplete attributes (autoComplete='off', data-lpignore='true', data-form-type='other') on actual input fields across 8 forms (knowledge base creation, API keys, team invitations, organization setup, template profiles, and workspace invites)
  • Implemented dual-layer validation (frontend + backend) to prevent deleting the last workflow(s) in a workspace, including a new useCanDelete hook with optimized lookup maps for O(1) performance
  • Added recursive folder validation to prevent deleting folders that contain all remaining workflows in the workspace
  • Fixed truncated CSS class definition in popover component

Previous Review Comments Addressed:
All three concerns from the previous review thread have been resolved in commit 531c6732:

  • Backend validation was added to the workflow deletion API to match folder deletion protection
  • Hook logic was corrected to return false when totalWorkflows === 0, preventing deletion attempts in empty workspaces

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • All changes are well-implemented with dual-layer validation (frontend + backend), optimized performance using pre-computed lookup maps, and all previous review concerns have been addressed. The autofill prevention uses standard industry patterns with hidden decoy fields and proper autocomplete attributes. The workflow deletion protection has comprehensive coverage at both API and UI levels, ensuring data integrity.
  • No files require special attention

Important Files Changed

Filename Overview
apps/sim/app/api/workflows/[id]/route.ts Added backend validation to prevent deletion of the last workflow in workspace
apps/sim/app/api/folders/[id]/route.ts Added recursive workflow count and validation to prevent deleting folders containing all workspace workflows
apps/sim/app/workspace/[workspaceId]/w/hooks/use-can-delete.ts New hook for frontend validation of workflow/folder deletion with optimized lookup maps
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/workflow-item/workflow-item.tsx Integrated useCanDelete hook to disable delete button for last workflow(s)
apps/sim/app/workspace/[workspaceId]/w/components/sidebar/components/workflow-list/components/folder-item/folder-item.tsx Integrated useCanDelete hook to disable delete button for folders containing all workflows

Sequence Diagram

sequenceDiagram
    participant User
    participant WorkflowItem as Workflow Item Component
    participant FolderItem as Folder Item Component
    participant useCanDelete as useCanDelete Hook
    participant WorkflowAPI as Workflow API
    participant FolderAPI as Folder API
    participant DB as Database

    Note over User,DB: Frontend Validation Layer
    User->>WorkflowItem: Click delete on workflow
    WorkflowItem->>useCanDelete: canDeleteWorkflows([workflowId])
    useCanDelete->>useCanDelete: Check totalWorkflows > 0
    useCanDelete->>useCanDelete: Check workflowsToDelete < totalWorkflows
    useCanDelete-->>WorkflowItem: return canDelete (true/false)
    alt canDelete = false
        WorkflowItem->>WorkflowItem: Disable delete button
        WorkflowItem-->>User: Button disabled (visual feedback)
    else canDelete = true
        WorkflowItem-->>User: Button enabled
    end

    User->>FolderItem: Click delete on folder
    FolderItem->>useCanDelete: canDeleteFolder(folderId)
    useCanDelete->>useCanDelete: countWorkflowsInFolder(folderId)
    useCanDelete->>useCanDelete: Check workflowsInFolder < totalWorkflows
    useCanDelete-->>FolderItem: return canDelete (true/false)
    alt canDelete = false
        FolderItem->>FolderItem: Disable delete button
        FolderItem-->>User: Button disabled (visual feedback)
    else canDelete = true
        FolderItem-->>User: Button enabled
    end

    Note over User,DB: Backend Validation Layer
    User->>WorkflowAPI: DELETE /api/workflows/[id]
    WorkflowAPI->>DB: SELECT workflows WHERE workspaceId
    DB-->>WorkflowAPI: totalWorkflowsInWorkspace
    WorkflowAPI->>WorkflowAPI: Check totalWorkflows <= 1
    alt Last workflow in workspace
        WorkflowAPI-->>User: 400 Error: Cannot delete only workflow
    else Safe to delete
        WorkflowAPI->>DB: DELETE workflow
        DB-->>WorkflowAPI: Success
        WorkflowAPI-->>User: 200 Success
    end

    User->>FolderAPI: DELETE /api/folders/[id]
    FolderAPI->>DB: countWorkflowsInFolderRecursively(folderId)
    DB-->>FolderAPI: workflowsInFolder
    FolderAPI->>DB: SELECT workflows WHERE workspaceId
    DB-->>FolderAPI: totalWorkflowsInWorkspace
    FolderAPI->>FolderAPI: Check workflowsInFolder >= totalWorkflows
    alt Folder contains all workflows
        FolderAPI-->>User: 400 Error: Cannot delete folder with only workflows
    else Safe to delete
        FolderAPI->>DB: DELETE folder recursively
        DB-->>FolderAPI: Success
        FolderAPI-->>User: 200 Success
    end
Loading

greptile-apps[bot]
greptile-apps bot reviewed Dec 19, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

12 files reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Dec 19, 2025

@greptile

@waleedlatif1 waleedlatif1 merged commit df5f823 into staging Dec 19, 2025
10 checks passed
@waleedlatif1 waleedlatif1 deleted the fix/autofill branch December 19, 2025 23:29
@waleedlatif1 waleedlatif1 mentioned this pull request Dec 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@waleedlatif1