fix(ui): keep update credentials wizard open

[Alan-TheGentleman]

Context

Updating provider credentials in the providers table wizard was closing the modal after a successful connection test, which prevented users from reaching the final launch step and starting a scan from the same flow.

Description

• keep update flows inside the wizard after a successful connection test so they advance to the launch step
• stop revalidating /providers during wizard connection checks to avoid remounting the row-level modal in Next 16
• add regression coverage for update credentials and check connection wizard actions

Steps to review

1. Open /providers
2. Pick a provider with existing credentials and click Update Credentials
3. Submit valid updated credentials
4. In Check connection, click Check connection
5. Verify the wizard stays open and advances to the final Launch scan step
6. Launch a scan from the modal
7. Run pnpm run healthcheck
8. Run pnpm test:run actions/providers/providers.test.ts
9. Run pnpm test:run components/providers/wizard/hooks/use-provider-wizard-controller.test.tsx

Checklist

Screen.Recording.2026-04-14.at.12.43.15.mov

Community Checklist

• This feature/issue is listed in here or roadmap.prowler.com
• Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

• Are there new checks included in this PR? No
  • If so, do we need to update permissions for the provider?
• Review if the code is being covered by tests.
• Review if code is being documented following https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.
• Review if is needed to change the Readme.md
• Ensure new entries are added to CHANGELOG.md, if applicable.

SDK/CLI

• Are there new checks included in this PR? No
  • If so, do we need to update permissions for the provider? Please review this carefully.

UI (if applicable)

• All issue/task requirements work as expected on the UI
• Screenshots/Video - Mobile (X < 640px)
• Screenshots/Video - Tablet (640px > X < 1024px)
• Screenshots/Video - Desktop (X > 1024px)
• Ensure new entries are added to ui/CHANGELOG.md

API (if applicable)

• All issue/task requirements work as expected on the API
• Endpoint response output (if applicable)
• EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
• Performance test results (if applicable)
• Any other relevant evidence of the implementation (if applicable)
• Verify if API specs need to be regenerated.
• Check if version updates are required.
• Ensure new entries are added to api/CHANGELOG.md

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

✅ Conflict Markers Resolved

All conflict markers have been successfully resolved in this pull request.

[github-actions]

✅ All necessary CHANGELOG.md files have been updated.

[github-actions]

🔒 Container Security Scan

Image: prowler-ui:4be1b8e
Last scan: 2026-04-15 11:45:23 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

• Download full report (see artifacts)
• View in Security tab
• Scanned with Trivy

[alejandrobailo]

Hey!

I spotted one thing that I think introduces a subtle regression though:

/providers is never revalidated in the update flow

After this PR, the full update-credentials chain looks like:

1. updateCredentialsProvider → handleApiResponse(response) — no revalidation
2. checkConnectionProvider → handleApiResponse(response) — no revalidation
3. LaunchStep → calls scanOnDemand / scheduleDaily → revalidates /scans, not /providers
4. handleClose() → resets wizard state, closes modal — no revalidation

So the /providers page data is never refreshed after the user updates credentials through the wizard. Any changes that should be reflected in the providers table (connection status, credential type, etc.) will stay stale until a manual page refresh.

The PR description says "revalidation deferred to the connection test step", but checkConnectionProvider also had its "/providers" removed — so the revalidation isn't deferred, it's gone entirely.

Suggested fix

The controller fix (removing the early-return in handleTestSuccess) is what actually solves the modal-closing bug. I think we can safely restore revalidatePath in checkConnectionProvider:

// checkConnectionProvider
return handleApiResponse(response, "/providers");

Since the modal no longer remounts on revalidation (the early-close is gone), this should keep the wizard open and ensure the providers table shows fresh data when the user eventually closes it.

The removal in updateCredentialsProvider is fine to keep — revalidating at connection-test time is enough.

Let me know what you think!

[Alan-TheGentleman]

Fixed the wizard flow end to end.

The root cause was that the provider wizard modal was mounted inside table rows, so every refresh of the providers page could remount the row and close the modal.

I moved the wizard to a stable page-level host and wired row actions and Add Provider to open that shared modal instead.

With that change in place, the providers table now refreshes after:

1. linking the provider
2. authenticating credentials
3. checking the connection

and the modal stays open through each intermediate step until the flow actually finishes.

I also fixed the action label so rows without a secret show Add Credentials instead of Update Credentials.

Tests updated and passing locally.

@alejandrobailo @pfe-nazaries could you please take another look?

[pfe-nazaries]

LGTM

[alejandrobailo]

The changelog must be for the .24

[Alan-TheGentleman]

Fixed. Moved the changelog entry out of the released 1.23.0 block into a new [1.24.0] (Prowler UNRELEASED) section. Also updated the entry text to reflect the full scope of the change (page-level wizard host).