From b1a68df65caef6df06c9495a817ff4c340a44d39 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Mon, 27 Oct 2025 17:04:33 +0100
Subject: [PATCH] fix: add null checks and validation to OAuth bulk update
 method
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add null check before updating OAuth settings to prevent calling methods on null
- Apply couldBeEnabled() validation for all settings in bulk update (not just instant save)
- Disable OAuth providers that fail validation and collect error messages
- Surface all validation errors to the user instead of silently failing
- Update oauth_settings_map with fresh data after saving each setting

This ensures bulk updates follow the same validation logic as instant-save paths
and prevents bypassing model validation by directly calling update.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 app/Livewire/SettingsOauth.php | 35 ++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

diff --git a/app/Livewire/SettingsOauth.php b/app/Livewire/SettingsOauth.php
index 77d3b36fc..6f949b716 100644
--- a/app/Livewire/SettingsOauth.php
+++ b/app/Livewire/SettingsOauth.php
@@ -50,7 +50,7 @@ class SettingsOauth extends Component
             $oauthData = $this->oauth_settings_map[$provider];
             $oauth = OauthSetting::find($oauthData['id']);
 
-            if (!$oauth) {
+            if (! $oauth) {
                 throw new \Exception('OAuth setting for '.$provider.' not found. It may have been deleted.');
             }
 
@@ -83,9 +83,17 @@ class SettingsOauth extends Component
 
             $this->dispatch('success', 'OAuth settings for '.$oauth->provider.' updated successfully!');
         } else {
+            $errors = [];
             foreach (array_values($this->oauth_settings_map) as $settingData) {
                 $oauth = OauthSetting::find($settingData['id']);
-                $oauth->update([
+
+                if (! $oauth) {
+                    $errors[] = "OAuth setting for provider '{$settingData['provider']}' not found. It may have been deleted.";
+
+                    continue;
+                }
+
+                $oauth->fill([
                     'enabled' => $settingData['enabled'],
                     'client_id' => $settingData['client_id'],
                     'client_secret' => $settingData['client_secret'],
@@ -93,6 +101,29 @@ class SettingsOauth extends Component
                     'tenant' => $settingData['tenant'],
                     'base_url' => $settingData['base_url'],
                 ]);
+
+                if ($settingData['enabled'] && ! $oauth->couldBeEnabled()) {
+                    $oauth->enabled = false;
+                    $errors[] = "OAuth settings are incomplete for '{$oauth->provider}'. Required fields are missing. The provider has been disabled.";
+                }
+
+                $oauth->save();
+
+                // Update the array with fresh data
+                $this->oauth_settings_map[$oauth->provider] = [
+                    'id' => $oauth->id,
+                    'provider' => $oauth->provider,
+                    'enabled' => $oauth->enabled,
+                    'client_id' => $oauth->client_id,
+                    'client_secret' => $oauth->client_secret,
+                    'redirect_uri' => $oauth->redirect_uri,
+                    'tenant' => $oauth->tenant,
+                    'base_url' => $oauth->base_url,
+                ];
+            }
+
+            if (! empty($errors)) {
+                $this->dispatch('error', implode('<br/>', $errors));
             }
         }
     }