fix: decrypt client secret twice

2026-04-15 01:38:19 +08:00 · 2025-10-27 16:44:33 +08:00 · 2025-10-27 16:44:33 +08:00 · a93cbc0461
commit a93cbc0461
parent 4736819dd9
4 changed files with 11 additions and 9 deletions
--- a/api/core/entities/mcp_provider.py
+++ b/api/core/entities/mcp_provider.py
@ -189,7 +189,9 @@ class MCPProviderEntity(BaseModel):
            masked_creds = self.masked_credentials()
            if masked_creds:
                response["authentication"] = masked_creds
-            response["is_dynamic_registration"] = self.credentials.get("is_dynamic_registration", True)
+            response["is_dynamic_registration"] = self.credentials.get("client_information", {}).get(
+                "is_dynamic_registration", True
+            )

        return response

--- a/api/core/tools/tool_manager.py
+++ b/api/core/tools/tool_manager.py
@ -726,9 +726,7 @@ class ToolManager:
            if "mcp" in filters:
                with Session(db.engine) as session:
                    mcp_service = MCPToolManageService(session=session)
-                    mcp_providers = mcp_service.list_providers(
-                        tenant_id=tenant_id, for_list=True, include_sensitive=False
-                    )
+                    mcp_providers = mcp_service.list_providers(tenant_id=tenant_id, for_list=True)
                for mcp_provider in mcp_providers:
                    result_providers[f"mcp_provider.{mcp_provider.name}"] = mcp_provider

--- a/api/services/tools/mcp_tools_manage_service.py
+++ b/api/services/tools/mcp_tools_manage_service.py
@ -716,7 +716,7 @@ class MCPToolManageService:
        }
        secret_fields = []
        if client_secret is not None:
-            credentials_data["encrypted_client_secret"] = encrypter.encrypt_token(tenant_id, client_secret)
+            credentials_data["encrypted_client_secret"] = client_secret
            secret_fields = ["encrypted_client_secret"]
        client_info = self._encrypt_dict_fields(credentials_data, secret_fields, tenant_id)
        return json.dumps({"client_information": client_info})
--- a/api/services/tools/tools_transform_service.py
+++ b/api/services/tools/tools_transform_service.py
@ -3,6 +3,7 @@ import logging
 from collections.abc import Mapping
 from typing import Any, Union

+from pydantic import ValidationError
 from yarl import URL

 from configs import dify_config
@ -248,12 +249,13 @@ class ToolTransformService:
        provider_entity = db_provider.to_entity()

        response = provider_entity.to_api_response(user_name=user_name, include_sensitive=include_sensitive)
-
+        try:
+            mcp_tools = [MCPTool(**tool) for tool in json.loads(db_provider.tools)]
+        except (ValidationError, json.JSONDecodeError):
+            mcp_tools = []
        # Add additional fields specific to the transform
        response["id"] = db_provider.server_identifier if not for_list else db_provider.id
-        response["tools"] = ToolTransformService.mcp_tool_to_user_tool(
-            db_provider, [MCPTool(**tool) for tool in json.loads(db_provider.tools)], user_name=user_name
-        )
+        response["tools"] = ToolTransformService.mcp_tool_to_user_tool(db_provider, mcp_tools, user_name=user_name)
        response["server_identifier"] = db_provider.server_identifier

        # Convert configuration dict to MCPConfiguration object