SAP · mikicvi-SAP · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025 · Oct 10, 2025
diff --git a/.changeset/itchy-beans-exercise.md b/.changeset/itchy-beans-exercise.md
@@ -0,0 +1,7 @@
+---
+'@sap-ux/odata-service-inquirer': minor
+'@sap-ux/fiori-app-sub-generator': patch
+---
+
+Adds warning to password input and info to backend system choice, tracks if backend system has stored creds, stores credentials only if both already present.  
+
diff --git a/packages/fiori-app-sub-generator/src/fiori-app-generator/end.ts b/packages/fiori-app-sub-generator/src/fiori-app-generator/end.ts
@@ -149,6 +149,8 @@ export async function runPostGenerationTasks(
         // No need to await, we cannot recover anyway
         // eslint-disable-next-line @typescript-eslint/no-floating-promises
         storeService.write(service.backendSystem, { force: true });
+    } else if (service.backendSystem?.newOrUpdated === false && hostEnv !== hostEnvironment.bas) {
+        logger.info(t('logMessages.noCredentialsBackendSystem', { system: service.backendSystem.name }));
     }
 
     // Display info message if using a cap service as it is not otherwise shown when a top level dir is not created

diff --git a/packages/fiori-app-sub-generator/src/translations/fioriAppSubGenerator.i18n.json b/packages/fiori-app-sub-generator/src/translations/fioriAppSubGenerator.i18n.json
@@ -89,7 +89,8 @@
         "warningCachingNotSupported": "Warning: caching is not supported.",
         "attemptingToExecutePostGenerationCommand": "Attempting to execute command after app generation: {{- command}}",
         "installSkippedOptionSpecified": "Option `--skipInstall` was specified. Installation of dependencies will be skipped.",
-        "generatorExiting": "Application generation exiting due to error: {{error}}"
+        "generatorExiting": "Application generation was cancelled due to the error: {{error}}.",
+        "noCredentialsBackendSystem": "No credentials were found for the back-end system: {{system}}. Skipping storing credentials."
     },
     "error": {
         "fatalError": "An error has occurred, please restart the generator.",

@@ -111,6 +111,30 @@ describe('runPostGenerationTasks', () => {
         expect(storeServiceWriteMock).toHaveBeenCalledWith(service.backendSystem, { force: true });
     });
 
+    it('should NOT persist backend system when newOrUpdated is false', async () => {
+        const service = {
+            backendSystem: {
+                newOrUpdated: false
+            } as unknown as BackendSystem,
+            sapClient: '100',
+            odataVersion: OdataVersion.v2,
+            datasourceType: DatasourceType.sapSystem
+        };
+        const project = {
+            targetFolder: '/path/to/project',
+            name: 'testProject',
+            flpAppId: 'testAppId'
+        };
+
+        (getHostEnvironment as jest.Mock).mockReturnValue(hostEnvironment.vscode);
+
+        await runPostGenerationTasks({ service, project }, fs, logger, vscode, appWizard);
+
+        // Should not call getService or write when newOrUpdated is false
+        expect(getService).not.toHaveBeenCalled();
+        expect(storeServiceWriteMock).not.toHaveBeenCalled();
+    });
+
     it('should show information message for cap projects', async () => {
         const service = {
             capService: {} as unknown as CapService,

@@ -2,12 +2,13 @@ import { Severity } from '@sap-devx/yeoman-ui-types';
 import type { ServiceProvider } from '@sap-ux/axios-extension';
 import { isFullUrlDestination, isPartialUrlDestination, type Destination } from '@sap-ux/btp-utils';
 import type { InputQuestion, PasswordQuestion } from '@sap-ux/inquirer-common';
-import type { BackendSystem } from '@sap-ux/store';
+import { BackendSystemKey, type BackendSystem, SystemService } from '@sap-ux/store';
 import type { Answers } from 'inquirer';
 import { t } from '../../../../i18n';
 import { promptNames } from '../../../../types';
 import { PromptState, removeCircularFromServiceProvider } from '../../../../utils';
 import type { ConnectionValidator } from '../../../connectionValidator';
+import LoggerHelper from '../../../logger-helper';
 import type { ValidationResult } from '../../../types';
 import type { SystemSelectionAnswerType } from '../system-selection/prompt-helpers';
 import type { NewSystemAnswers } from '../new-system/types';
@@ -55,7 +56,21 @@ export function getCredentialsPrompts<T extends Answers>(
             guiOptions: {
                 mandatory: true
             },
-            default: '',
+            default: async (answers: T) => {
+                // Prefill username from the selected backend system if available
+                const selectedSystem = answers?.[promptNames.systemSelection] as SystemSelectionAnswerType;
+                if (selectedSystem?.type === 'backendSystem') {
+                    const selectedBackendSystem = selectedSystem.system as BackendSystem;
+                    if (selectedBackendSystem?.userDisplayName) {
+                        // Read system with credentials to get the stored username, since we won't assume that displayName = username
+                        const systemWithCredentials = await new SystemService(LoggerHelper.logger).read(
+                            BackendSystemKey.from(selectedBackendSystem) as BackendSystemKey
+                        );
+                        return systemWithCredentials?.username || '';
+                    }
+                }
+                return '';
+            },
             validate: (user: string) => user?.length > 0
         } as InputQuestion<T>,
         {
@@ -115,6 +130,13 @@ export function getCredentialsPrompts<T extends Answers>(
                 return valResult;
             },
             additionalMessages: (password: string, answers: T) => {
+                if (PromptState.odataService.connectedSystem?.backendSystem?.newOrUpdated) {
+                    return {
+                        message: t('texts.passwordStoreWarning'),
+                        severity: Severity.warning
+                    };
+                }
+
                 // Since the odata service URL prompt has its own credentials prompts its safe to assume
                 // that `ignoreCertError` when true means that the user has set the node setting to ignore cert errors and
                 // not that the user has chosen to ignore the cert error for this specific connection (this is only supported by the odata service URL prompts).
@@ -153,13 +175,17 @@ function updatePromptStateWithConnectedSystem(
     // Update the existing backend system with the new credentials that may be used to update in the store.
     if (selectedSystem?.type === 'backendSystem') {
         const backendSystem = selectedSystem.system as BackendSystem;
+
         // Have the credentials changed..
         if (backendSystem.username !== username || backendSystem.password !== password) {
+            // Get the hasStoredCredentials from PromptState to determine if it's temp creds scenario or new/updated
+            const hasStoredCredentials = PromptState.hasStoredCredentials || false;
+
             PromptState.odataService.connectedSystem.backendSystem = Object.assign(backendSystem, {
                 username: username,
                 password,
                 userDisplayName: username,
-                newOrUpdated: true
+                newOrUpdated: hasStoredCredentials
             } as Partial<BackendSystem>);
         }
         // If the connection is successful and a destination was selected, assign the connected destination to the prompt state.

@@ -10,7 +10,8 @@ import {
 } from '@sap-ux/btp-utils';
 import { ERROR_TYPE } from '@sap-ux/inquirer-common';
 import type { OdataVersion } from '@sap-ux/odata-service-writer';
-import { type BackendSystemKey, type BackendSystem, SystemService } from '@sap-ux/store';
+import type { BackendSystemKey } from '@sap-ux/store';
+import { type BackendSystem, SystemService } from '@sap-ux/store';
 import type { ListChoiceOptions } from 'inquirer';
 import { t } from '../../../../i18n';
 import type { ConnectedSystem, DestinationFilters } from '../../../../types';
@@ -72,6 +73,8 @@ export async function connectWithBackendSystem(
                 convertODataVersionType(requiredOdataVersion)
             );
         } else if (backendSystem.authenticationType === 'basic' || !backendSystem.authenticationType) {
+            const hasStoredCredentials = !!(backendSystem.username && backendSystem.password);
+            PromptState.hasStoredCredentials = hasStoredCredentials;
             let errorType;
             ({ valResult: connectValResult, errorType } = await connectionValidator.validateAuth(
                 backendSystem.url,
@@ -85,11 +88,7 @@ export async function connectWithBackendSystem(
             ));
             // If authentication failed with existing credentials the user will be prompted to enter new credentials.
             // We log the error in case there is another issue (unresolveable) with the stored backend configuration.
-            if (
-                errorType === ERROR_TYPE.AUTH &&
-                typeof backendSystem.username === 'string' &&
-                typeof backendSystem.password === 'string'
-            ) {
+            if (errorType === ERROR_TYPE.AUTH) {
                 LoggerHelper.logger.error(
                     t('errors.storedSystemConnectionError', {
                         systemName: backendSystem.name,
@@ -246,7 +245,7 @@ export async function createSystemChoices(
             return {
                 name: getBackendSystemDisplayName(system),
                 value: {
-                    system,
+                    system: system,
                     type: 'backendSystem'
                 } as SystemSelectionAnswerType
             };

@@ -209,23 +209,33 @@ export async function getSystemConnectionQuestions(
                 );
             },
             additionalMessages: async (selectedSystem: SystemSelectionAnswerType) => {
-                // Backend systems credentials may need to be updated
+                let message;
+                // Check for stored credentials or authentication failure message if a backend system is selected
                 if (
                     selectedSystem.type === 'backendSystem' &&
                     connectionValidator.systemAuthType === 'basic' &&
                     (await connectionValidator.isAuthRequired())
                 ) {
-                    return {
-                        message: t('prompts.systemSelection.authenticationFailedUpdateCredentials'),
-                        severity: Severity.information
-                    };
+                    const noCredentials = !PromptState.hasStoredCredentials;
+                    if (noCredentials) {
+                        message = {
+                            message: t('prompts.systemSelection.noStoredCredentials'),
+                            severity: Severity.information
+                        };
+                    } else {
+                        message = {
+                            message: t('prompts.systemSelection.authenticationFailedUpdateCredentials'),
+                            severity: Severity.information
+                        };
+                    }
                 }
                 if (connectionValidator.ignoreCertError) {
-                    return {
+                    message = {
                         message: t('warnings.certErrorIgnoredByNodeSetting'),
                         severity: Severity.warning
                     };
                 }
+                return message ?? undefined;
             }
         } as ListQuestion<SystemSelectionAnswers>
     ];

@@ -107,7 +107,8 @@
             "newSystemChoiceLabel": "New System",
             "hint": "Select a system configuration.",
             "message": "System",
-            "authenticationFailedUpdateCredentials": "Authentication failed. Please try updating the credentials."
+            "authenticationFailedUpdateCredentials": "Authentication failed. Check your credentials are correct and try again.",
+            "noStoredCredentials": "This stored system has no credentials. Please provide them. They will not be saved with system details."
         },
         "abapOnBTPType": {
             "message": "ABAP environment definition source",
@@ -256,6 +257,7 @@
         "forUserName": "(for user [{{username}}])",
         "httpStatus": "HTTP Status {{httpStatus}}",
         "checkDestinationAuthConfig": "Please check the SAP BTP destination authentication configuration.",
-        "choiceNameNone": "None"
+        "choiceNameNone": "None",
+        "passwordStoreWarning": "Passwords are stored in your operating system's credential manager and are protected by its security policies."
     }
 }
diff --git a/packages/odata-service-inquirer/src/utils/prompt-state.ts b/packages/odata-service-inquirer/src/utils/prompt-state.ts
@@ -17,11 +17,17 @@ export class PromptState {
      */
     public static backendSystemsCache: BackendSystem[] = [];
 
+    /**
+     * Store whether the selected system has stored credentials
+     */
+    public static hasStoredCredentials?: boolean;
+
     static reset(): void {
         // Reset all values in the odataService object, do not reset the object reference itself as it may be used by external consumers
         Object.keys(PromptState.odataService).forEach((key) => {
             PromptState.odataService[key as keyof OdataServiceAnswers] = undefined;
         });
+        PromptState.hasStoredCredentials = undefined;
     }
 
     static resetConnectedSystem(): void {

@@ -75,7 +75,7 @@ exports[`API tests getPrompts, i18n is loaded 1`] = `
     "when": [Function],
   },
   {
-    "default": "",
+    "default": [Function],
     "guiOptions": {
       "mandatory": true,
     },
@@ -156,7 +156,7 @@ exports[`API tests getPrompts, i18n is loaded 1`] = `
     "when": [Function],
   },
   {
-    "default": "",
+    "default": [Function],
     "guiOptions": {
       "mandatory": true,
     },

@@ -33,7 +33,25 @@ jest.mock('@sap-ux/store', () => ({
                 url: 'http://url2',
                 systemType: 'BTP'
             }
-        ] as BackendSystem[])
+        ] as BackendSystem[]),
+        read: jest.fn().mockImplementation((key) => {
+            // Mock read to return systems with credentials
+            const systems = [
+                {
+                    name: 'storedSystem1',
+                    url: 'http://url1',
+                    systemType: 'OnPrem',
+                    username: 'user1',
+                    password: 'pass1'
+                },
+                {
+                    name: 'storedSystem2',
+                    url: 'http://url2',
+                    systemType: 'BTP'
+                }
+            ];
+            return Promise.resolve(systems.find((s) => s.url === key.url));
+        })
     }))
 }));
 

@@ -79,7 +79,7 @@ exports[`getQuestions getQuestions 1`] = `
     "when": [Function],
   },
   {
-    "default": "",
+    "default": [Function],
     "guiOptions": {
       "mandatory": true,
     },
@@ -164,7 +164,7 @@ exports[`getQuestions getQuestions 1`] = `
     "when": [Function],
   },
   {
-    "default": "",
+    "default": [Function],
     "guiOptions": {
       "mandatory": true,
     },

@@ -31,7 +31,25 @@ jest.mock('@sap-ux/store', () => ({
                 url: 'http://url2',
                 systemType: 'BTP'
             }
-        ] as BackendSystem[])
+        ] as BackendSystem[]),
+        read: jest.fn().mockImplementation((key) => {
+            // Mock read to return systems with credentials
+            const systems = [
+                {
+                    name: 'storedSystem1',
+                    url: 'http://url1',
+                    systemType: 'OnPrem',
+                    username: 'user1',
+                    password: 'pass1'
+                },
+                {
+                    name: 'storedSystem2',
+                    url: 'http://url2',
+                    systemType: 'BTP'
+                }
+            ];
+            return Promise.resolve(systems.find((s) => s.url === key.url));
+        })
     }))
 }));
 

@@ -82,7 +82,7 @@ describe('questions', () => {
                 "validate": [Function],
               },
               {
-                "default": "",
+                "default": [Function],
                 "guiOptions": {
                   "mandatory": true,
                 },