Merge branch 'feat/mcp-06-18' into deploy/dev

2025-10-15 17:01:46 +08:00 · 2025-10-15 17:01:46 +08:00 · 7193333b75
parent df1859f6b8 8a0f14fde4
commit 7193333b75
2 changed files with 16 additions and 22 deletions
--- a/api/core/entities/mcp_provider.py
+++ b/api/core/entities/mcp_provider.py
@ -239,26 +239,18 @@ class MCPProviderEntity(BaseModel):

        masked = {}

-        # Check if we have nested client_information structure
-        if "client_information" in credentials and isinstance(credentials["client_information"], dict):
-            client_info = credentials["client_information"]
-            # Mask sensitive fields from nested structure
-            if client_info.get("client_id"):
-                masked["client_id"] = self._mask_value(client_info["client_id"])
-            if client_info.get("client_secret"):
-                masked["client_secret"] = self._mask_value(client_info["client_secret"])
-        else:
-            # Handle flat structure
-            # Mask sensitive fields
-            sensitive_fields = ["client_id", "client_secret"]
-            for field in sensitive_fields:
-                if credentials.get(field):
-                    masked[field] = self._mask_value(credentials[field])
-
-        # Include non-sensitive fields (check both flat and nested structures)
-        if "grant_type" in credentials:
-            masked["grant_type"] = credentials["grant_type"]
-
+        if "client_information" not in credentials or not isinstance(credentials["client_information"], dict):
+            return {}
+        client_info = credentials["client_information"]
+        # Mask sensitive fields from nested structure
+        if client_info.get("client_id"):
+            masked["client_id"] = self._mask_value(client_info["client_id"])
+        if client_info.get("encrypted_client_secret"):
+            masked["client_secret"] = self._mask_value(
+                encrypter.decrypt_token(self.tenant_id, client_info["encrypted_client_secret"])
+            )
+        if client_info.get("client_secret"):
+            masked["client_secret"] = self._mask_value(client_info["client_secret"])
        return masked

    def decrypt_server_url(self) -> str:
--- a/api/core/mcp/auth/auth_flow.py
+++ b/api/core/mcp/auth/auth_flow.py
@ -284,8 +284,10 @@ def refresh_authorization(

    if client_information.client_secret:
        params["client_secret"] = client_information.client_secret
-
-    response = ssrf_proxy.post(token_url, data=params)
+    try:
+        response = ssrf_proxy.post(token_url, data=params)
+    except ssrf_proxy.MaxRetriesExceededError as e:
+        raise MCPRefreshTokenError(e) from e
    if not response.is_success:
        raise MCPRefreshTokenError(response.text)
    return OAuthTokens.model_validate(response.json())