SoulSync

History

BoulderBadgeDad 09b97c5f63 #870 : Deezer ARL 'resets itself' — test the SAVED token, not the redaction mask The Deezer ARL field round-trips a redaction sentinel for a saved-but-untouched secret (shown as dots). The save path already guards against the sentinel overwriting the real token (ConfigManager.set), so the ARL was never actually lost — but the connection TEST read the field value and sent the sentinel as the token, so Deezer returned USER_ID=0 ('Invalid ARL token') after navigating away and back. That false failure made it look like the ARL kept resetting. Fix: - ConfigManager.resolve_secret(key, posted): empty/sentinel posted value -> the stored value; a real string -> a genuine new secret. Reusable for any secret connection-test (single source of truth). - /api/deezer-download/test now resolves the effective ARL via resolve_secret, so an untouched field tests the stored token. - testDeezerDownloadConnection() strips the sentinel before sending (untouched -> empty -> backend uses the saved token). Seam/regression tests for resolve_secret (sentinel/empty/none -> stored, real -> passthrough, nothing stored -> empty). JS integrity 64 green.	2 weeks ago
..
config.example.json	Fix import artist override and verification review	3 weeks ago
settings.py	#870 : Deezer ARL 'resets itself' — test the SAVED token, not the redaction mask	2 weeks ago

BoulderBadgeDad 09b97c5f63 #870 : Deezer ARL 'resets itself' — test the SAVED token, not the redaction mask

The Deezer ARL field round-trips a redaction sentinel for a saved-but-untouched
secret (shown as dots). The save path already guards against the sentinel
overwriting the real token (ConfigManager.set), so the ARL was never actually
lost — but the connection TEST read the field value and sent the sentinel as the
token, so Deezer returned USER_ID=0 ('Invalid ARL token') after navigating away
and back. That false failure made it look like the ARL kept resetting.

Fix:
- ConfigManager.resolve_secret(key, posted): empty/sentinel posted value -> the
  stored value; a real string -> a genuine new secret. Reusable for any secret
  connection-test (single source of truth).
- /api/deezer-download/test now resolves the effective ARL via resolve_secret, so
  an untouched field tests the stored token.
- testDeezerDownloadConnection() strips the sentinel before sending (untouched ->
  empty -> backend uses the saved token).

Seam/regression tests for resolve_secret (sentinel/empty/none -> stored, real ->
passthrough, nothing stored -> empty). JS integrity 64 green.

config.example.json

Fix import artist override and verification review

settings.py

#870 : Deezer ARL 'resets itself' — test the SAVED token, not the redaction mask