Commit d785882
fix(oauth): parse form-encoded responses in
* fix(oauth): parse form-encoded responses in refresh_token()
Token endpoints that respond with application/x-www-form-urlencoded
(e.g. GitHub's /login/oauth/access_token) caused response.json() to
raise JSONDecodeError, silently failing token refresh and driving
gateways offline after access-token expiry.
Apply the same content-type branch used in the three other token
fetching paths in this module (_client_credentials_flow, _password_flow,
and the two authorization code exchanges) so refresh_token() handles
both JSON and form-encoded responses.
Add unit tests covering:
- happy path for form-encoded responses (asserts response.json() is
not invoked to prove the form-encoded branch is actually taken)
- negative path for unexpected content-type (raw fallback then
OAuthError for missing access_token)
- regression guard: set content-type on the existing success test
Signed-off-by: kimsehwan96 <sktpghks138@gmail.com>
* refactor(oauth): consolidate token-response parsing and prevent secret leaks
Pull the JSON / form-encoded response parsing duplicated across five
token-fetching paths (_client_credentials_flow, _password_flow, both
authorization-code exchanges, and refresh_token) into a single
_parse_token_response() helper, and add a _redact_token_response()
helper that all five "No access_token" OAuthError sites and the
refresh_token 4xx path use to bound what reaches logs and exception
messages.
Parsing improvements (apply to all five paths via the helper):
- Treat the content-type header case-insensitively per RFC 7231 §3.1.1.1
so providers sending "Application/X-WWW-Form-Urlencoded" no longer
fall through to the JSON branch.
- URL-decode form-encoded values via urllib.parse.parse_qsl, so a value
like "scope=repo%3Astatus" is delivered to callers as "repo:status".
- Narrow the parse-failure except clause from bare Exception to
ValueError (covers JSONDecodeError and UnicodeDecodeError) so that
unrelated failures such as httpx.ResponseNotRead surface instead of
being silently captured as raw_response.
- Log parse failures with diagnostic context (status, content-type,
body bytes) and exc_info=True to aid operator debugging.
- Detect garbage form bodies: parse_qsl runs without keep_blank_values
so an HTML page with no "=" parses to {} and falls through to the
raw_response capture, and any non-empty parse whose keys aren't
OAuth-parameter shaped (e.g. <meta charset=...>) is rejected the
same way.
- Tolerate undecodable bodies via a new _safe_response_text() helper
that returns "<undecodable body, N bytes>" when response.text raises
UnicodeDecodeError or LookupError.
Secret-leak prevention (everywhere a token-shaped dict reaches an
OAuthError or log line):
- Redact known credential-bearing keys (access_token, refresh_token,
id_token, client_secret, password) to "[REDACTED]".
- Scrub URL/form-style "<key>=<value>" patterns inline so that secrets
embedded in HTML hrefs, form actions, or stack traces are neutered
even when the surrounding string fits inside the truncation window.
- Cap any string value at 256 chars with a "... [truncated, N chars
total]" marker so HTML error pages and verbose stack traces don't
swamp logs.
- Route the refresh_token 4xx error path through the same parse +
redact pipeline (it previously surfaced raw response.text in both
the OAuthError and the failure-status warning).
- refresh_token's "No access_token" OAuthError now matches the sibling
flows by echoing the (redacted) parsed payload for diagnostics.
Tests cover mixed-case content-type, URL-decoded values, JSON-branch
JSONDecodeError + UnicodeDecodeError fallbacks, missing content-type
header, empty form body, garbage form bodies, undecodable bodies,
sensitive-key redaction, raw_response truncation, URL-param scrubbing,
4xx echoed-secret redaction, and 4xx oversized HTML truncation. The
two pre-existing 4xx tests are tightened to assert the parsed error
field appears in the OAuthError so a regression that loses the body
would be caught.
Signed-off-by: Jonathan Springer <jps@s390x.com>
---------
Signed-off-by: kimsehwan96 <sktpghks138@gmail.com>
Signed-off-by: Jonathan Springer <jps@s390x.com>
Co-authored-by: Jonathan Springer <jps@s390x.com>refresh_token() (#4259)1 parent 67e63ea commit d785882
File tree
3 files changed
+592
-166
lines changed- mcpgateway/services
- tests/unit/mcpgateway/services
3 files changed
+592
-166
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
5192 | 5192 | | |
5193 | 5193 | | |
5194 | 5194 | | |
5195 | | - | |
| 5195 | + | |
5196 | 5196 | | |
5197 | 5197 | | |
5198 | 5198 | | |
5199 | 5199 | | |
5200 | 5200 | | |
5201 | 5201 | | |
5202 | 5202 | | |
5203 | | - | |
| 5203 | + | |
5204 | 5204 | | |
5205 | 5205 | | |
5206 | 5206 | | |
| |||
8388 | 8388 | | |
8389 | 8389 | | |
8390 | 8390 | | |
8391 | | - | |
| 8391 | + | |
8392 | 8392 | | |
8393 | 8393 | | |
8394 | 8394 | | |
8395 | 8395 | | |
8396 | 8396 | | |
8397 | 8397 | | |
8398 | 8398 | | |
8399 | | - | |
| 8399 | + | |
8400 | 8400 | | |
8401 | 8401 | | |
8402 | 8402 | | |
8403 | 8403 | | |
8404 | 8404 | | |
8405 | 8405 | | |
8406 | 8406 | | |
8407 | | - | |
| 8407 | + | |
8408 | 8408 | | |
8409 | 8409 | | |
8410 | 8410 | | |
8411 | 8411 | | |
8412 | 8412 | | |
8413 | 8413 | | |
8414 | 8414 | | |
8415 | | - | |
| 8415 | + | |
8416 | 8416 | | |
8417 | 8417 | | |
8418 | 8418 | | |
8419 | 8419 | | |
8420 | 8420 | | |
8421 | 8421 | | |
8422 | 8422 | | |
8423 | | - | |
| 8423 | + | |
8424 | 8424 | | |
8425 | 8425 | | |
8426 | 8426 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| 20 | + | |
20 | 21 | | |
21 | 22 | | |
22 | | - | |
| 23 | + | |
23 | 24 | | |
24 | 25 | | |
25 | 26 | | |
| |||
236 | 237 | | |
237 | 238 | | |
238 | 239 | | |
| 240 | + | |
| 241 | + | |
| 242 | + | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
| 248 | + | |
| 249 | + | |
| 250 | + | |
| 251 | + | |
| 252 | + | |
| 253 | + | |
| 254 | + | |
| 255 | + | |
| 256 | + | |
| 257 | + | |
| 258 | + | |
| 259 | + | |
| 260 | + | |
| 261 | + | |
| 262 | + | |
| 263 | + | |
| 264 | + | |
| 265 | + | |
| 266 | + | |
| 267 | + | |
| 268 | + | |
| 269 | + | |
| 270 | + | |
| 271 | + | |
| 272 | + | |
| 273 | + | |
| 274 | + | |
| 275 | + | |
| 276 | + | |
| 277 | + | |
| 278 | + | |
| 279 | + | |
| 280 | + | |
| 281 | + | |
| 282 | + | |
| 283 | + | |
| 284 | + | |
| 285 | + | |
| 286 | + | |
| 287 | + | |
| 288 | + | |
| 289 | + | |
| 290 | + | |
| 291 | + | |
| 292 | + | |
| 293 | + | |
| 294 | + | |
| 295 | + | |
| 296 | + | |
| 297 | + | |
| 298 | + | |
| 299 | + | |
| 300 | + | |
| 301 | + | |
| 302 | + | |
| 303 | + | |
| 304 | + | |
| 305 | + | |
| 306 | + | |
| 307 | + | |
| 308 | + | |
| 309 | + | |
| 310 | + | |
| 311 | + | |
| 312 | + | |
| 313 | + | |
| 314 | + | |
| 315 | + | |
| 316 | + | |
| 317 | + | |
| 318 | + | |
| 319 | + | |
| 320 | + | |
| 321 | + | |
| 322 | + | |
| 323 | + | |
| 324 | + | |
| 325 | + | |
| 326 | + | |
| 327 | + | |
| 328 | + | |
| 329 | + | |
| 330 | + | |
| 331 | + | |
| 332 | + | |
| 333 | + | |
| 334 | + | |
| 335 | + | |
| 336 | + | |
| 337 | + | |
| 338 | + | |
| 339 | + | |
| 340 | + | |
| 341 | + | |
| 342 | + | |
| 343 | + | |
| 344 | + | |
| 345 | + | |
| 346 | + | |
| 347 | + | |
| 348 | + | |
| 349 | + | |
| 350 | + | |
| 351 | + | |
| 352 | + | |
| 353 | + | |
| 354 | + | |
| 355 | + | |
| 356 | + | |
| 357 | + | |
| 358 | + | |
| 359 | + | |
| 360 | + | |
| 361 | + | |
| 362 | + | |
| 363 | + | |
| 364 | + | |
| 365 | + | |
| 366 | + | |
| 367 | + | |
| 368 | + | |
| 369 | + | |
| 370 | + | |
| 371 | + | |
| 372 | + | |
| 373 | + | |
| 374 | + | |
| 375 | + | |
239 | 376 | | |
240 | 377 | | |
241 | 378 | | |
| |||
271 | 408 | | |
272 | 409 | | |
273 | 410 | | |
274 | | - | |
275 | | - | |
276 | | - | |
277 | | - | |
278 | | - | |
279 | | - | |
280 | | - | |
281 | | - | |
282 | | - | |
283 | | - | |
284 | | - | |
285 | | - | |
286 | | - | |
287 | | - | |
288 | | - | |
289 | | - | |
290 | | - | |
291 | | - | |
292 | | - | |
| 411 | + | |
293 | 412 | | |
294 | 413 | | |
295 | | - | |
| 414 | + | |
296 | 415 | | |
297 | 416 | | |
298 | 417 | | |
| |||
357 | 476 | | |
358 | 477 | | |
359 | 478 | | |
360 | | - | |
361 | | - | |
362 | | - | |
363 | | - | |
364 | | - | |
365 | | - | |
366 | | - | |
367 | | - | |
368 | | - | |
369 | | - | |
370 | | - | |
371 | | - | |
372 | | - | |
373 | | - | |
374 | | - | |
375 | | - | |
376 | | - | |
377 | | - | |
378 | | - | |
| 479 | + | |
379 | 480 | | |
380 | 481 | | |
381 | | - | |
| 482 | + | |
382 | 483 | | |
383 | 484 | | |
384 | 485 | | |
| |||
455 | 556 | | |
456 | 557 | | |
457 | 558 | | |
458 | | - | |
459 | | - | |
460 | | - | |
461 | | - | |
462 | | - | |
463 | | - | |
464 | | - | |
465 | | - | |
466 | | - | |
467 | | - | |
468 | | - | |
469 | | - | |
470 | | - | |
471 | | - | |
472 | | - | |
473 | | - | |
474 | | - | |
475 | | - | |
476 | | - | |
| 559 | + | |
477 | 560 | | |
478 | 561 | | |
479 | | - | |
| 562 | + | |
480 | 563 | | |
481 | 564 | | |
482 | 565 | | |
| |||
1232 | 1315 | | |
1233 | 1316 | | |
1234 | 1317 | | |
1235 | | - | |
1236 | | - | |
1237 | | - | |
1238 | | - | |
1239 | | - | |
1240 | | - | |
1241 | | - | |
1242 | | - | |
1243 | | - | |
1244 | | - | |
1245 | | - | |
1246 | | - | |
1247 | | - | |
1248 | | - | |
1249 | | - | |
1250 | | - | |
1251 | | - | |
1252 | | - | |
1253 | | - | |
| 1318 | + | |
1254 | 1319 | | |
1255 | 1320 | | |
1256 | | - | |
| 1321 | + | |
1257 | 1322 | | |
1258 | 1323 | | |
1259 | 1324 | | |
| |||
1326 | 1391 | | |
1327 | 1392 | | |
1328 | 1393 | | |
1329 | | - | |
| 1394 | + | |
1330 | 1395 | | |
1331 | 1396 | | |
1332 | 1397 | | |
1333 | | - | |
| 1398 | + | |
1334 | 1399 | | |
1335 | 1400 | | |
1336 | 1401 | | |
1337 | 1402 | | |
1338 | | - | |
1339 | | - | |
| 1403 | + | |
| 1404 | + | |
| 1405 | + | |
| 1406 | + | |
| 1407 | + | |
1340 | 1408 | | |
1341 | | - | |
1342 | | - | |
| 1409 | + | |
| 1410 | + | |
1343 | 1411 | | |
1344 | 1412 | | |
1345 | 1413 | | |
| |||
0 commit comments