From 70f16e1a0bab5df61282f089e4a6862846b16cfc Mon Sep 17 00:00:00 2001
From: Yeuoly <45712896+Yeuoly@users.noreply.github.com>
Date: Tue, 30 Jan 2024 18:41:36 +0800
Subject: [PATCH] fix: keep original tool credentials (#2288)

---
 api/services/tools_manage_service.py | 34 +++++++++++++++++-----------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/api/services/tools_manage_service.py b/api/services/tools_manage_service.py
index a866cbb4f9..e6348f6ca8 100644
--- a/api/services/tools_manage_service.py
+++ b/api/services/tools_manage_service.py
@@ -313,25 +313,33 @@ class ToolManageService:
         """
             update builtin tool provider
         """
-        try: 
-            # get provider
-            provider_controller = ToolManager.get_builtin_provider(provider_name)
-            if not provider_controller.need_credentials:
-                raise ValueError(f'provider {provider_name} does not need credentials')
-            # validate credentials
-            provider_controller.validate_credentials(credentials)
-            # encrypt credentials
-            tool_configuration = ToolConfiguration(tenant_id=tenant_id, provider_controller=provider_controller)
-            credentials = tool_configuration.encrypt_tool_credentials(credentials)
-        except (ToolProviderNotFoundError, ToolNotFoundError, ToolProviderCredentialValidationError) as e:
-            raise ValueError(str(e))
-
         # get if the provider exists
         provider: BuiltinToolProvider = db.session.query(BuiltinToolProvider).filter(
             BuiltinToolProvider.tenant_id == tenant_id,
             BuiltinToolProvider.provider == provider_name,
         ).first()
 
+        try: 
+            # get provider
+            provider_controller = ToolManager.get_builtin_provider(provider_name)
+            if not provider_controller.need_credentials:
+                raise ValueError(f'provider {provider_name} does not need credentials')
+            tool_configuration = ToolConfiguration(tenant_id=tenant_id, provider_controller=provider_controller)
+            # get original credentials if exists
+            if provider is not None:
+                original_credentials = tool_configuration.decrypt_tool_credentials(provider.credentials)
+                masked_credentials = tool_configuration.mask_tool_credentials(original_credentials)
+                # check if the credential has changed, save the original credential
+                for name, value in credentials.items():
+                    if name in masked_credentials and value == masked_credentials[name]:
+                        credentials[name] = original_credentials[name]
+            # validate credentials
+            provider_controller.validate_credentials(credentials)
+            # encrypt credentials
+            credentials = tool_configuration.encrypt_tool_credentials(credentials)
+        except (ToolProviderNotFoundError, ToolNotFoundError, ToolProviderCredentialValidationError) as e:
+            raise ValueError(str(e))
+
         if provider is None:
             # create provider
             provider = BuiltinToolProvider(