Summary
When entering an OpenAI API key in the WordPress AI Content Flow settings page and attempting to save, the field immediately becomes blank after submission, indicating the API key is not being persisted to the database. This prevents users from configuring the AI provider integration, making the plugin's core functionality unusable.
WordPress Environment
Steps to Reproduce
- Navigate to WordPress Admin → Content Flow → Settings
- Enter a valid OpenAI API key in the "OpenAI API Key" field
- Click "Save Settings" button
- Observe the page reloads and the API key field is now empty
- Check database - API key is not saved in wp_options table
Expected Behavior
- API key should be saved to the database (encrypted/secured)
- Field should retain the masked/hidden API key value after save
- Success notification should appear confirming settings saved
- API key should be validated and tested upon save
Actual Behavior
- API key field becomes blank immediately after save attempt
- No success/error message is displayed
- API key is not persisted to wp_options table
- Plugin cannot authenticate with OpenAI API
Technical Analysis
Potential root causes:
- Form submission issue: Settings form may not be properly serializing the API key field
- WordPress nonce validation: Security nonce may be failing, preventing save
- Sanitization issue: Input sanitization may be stripping the API key value
- Database write failure: wp_update_option() may be failing silently
- JavaScript interference: Client-side code may be clearing the field
- Field name mismatch: Form field name may not match the option name being saved
Acceptance Criteria
Testing Requirements
-
Manual Testing:
- Test API key save functionality in settings page
- Verify database storage in wp_options table
- Test with invalid API keys for validation
- Test all provider API key fields (OpenAI, Anthropic, Google)
-
E2E Tests:
// Playwright test for settings persistence
test('API keys should save and persist', async ({ page }) => {
await page.goto('/wp-admin/admin.php?page=wp-content-flow-settings');
await page.fill('#openai_api_key', 'sk-test-key');
await page.click('#submit');
await expect(page.locator('#openai_api_key')).not.toBeEmpty();
});
-
Unit Tests:
- Test settings sanitization functions
- Test option update/retrieval functions
- Test API key encryption/decryption
Code Investigation Areas
/wp-content-flow/includes/admin/class-settings-page.php - Settings page implementation/wp-content-flow/includes/api/class-settings-controller.php - Settings REST API- Settings form HTML structure and field names
- WordPress options save hooks and filters
- JavaScript handling of settings form
WordPress Compatibility
- Must follow WordPress Settings API best practices
- Use proper sanitization callbacks
- Implement proper capability checks (
manage_options)
- Use WordPress nonces for security
- Follow WordPress coding standards for options handling
Priority
P1 - Critical: This completely blocks the plugin's AI functionality. Users cannot use any AI features without being able to save API keys.
Related Issues
Summary
When entering an OpenAI API key in the WordPress AI Content Flow settings page and attempting to save, the field immediately becomes blank after submission, indicating the API key is not being persisted to the database. This prevents users from configuring the AI provider integration, making the plugin's core functionality unusable.
WordPress Environment
Steps to Reproduce
Expected Behavior
Actual Behavior
Technical Analysis
Potential root causes:
Acceptance Criteria
Testing Requirements
Manual Testing:
E2E Tests:
Unit Tests:
Code Investigation Areas
/wp-content-flow/includes/admin/class-settings-page.php- Settings page implementation/wp-content-flow/includes/api/class-settings-controller.php- Settings REST APIWordPress Compatibility
manage_options)Priority
P1 - Critical: This completely blocks the plugin's AI functionality. Users cannot use any AI features without being able to save API keys.
Related Issues