Fix authorization headers for basic auth

madhav165 · madhav165 · commit 6b83a81a34a8 · 2025-06-10T21:21:34.000+05:30
Signed-off-by: Madhav Kandukuri &lt;madhav165@gmail.com&gt;
diff --git a/mcpgateway/admin.py b/mcpgateway/admin.py
@@ -545,7 +545,7 @@ async def admin_add_tool(
     """
     logger.debug(f"User {user} is adding a new tool")
     form = await request.form()
-    logger.info(f"Received form data: {dict(form)}")
+    logger.debug(f"Received form data: {dict(form)}")
 
     tool_data = {
         "name": form["name"],
@@ -563,10 +563,10 @@ async def admin_add_tool(
         "auth_header_key": form.get("auth_header_key", ""),
         "auth_header_value": form.get("auth_header_value", ""),
     }
-    logger.info(f"Tool data built: {tool_data}")
+    logger.debug(f"Tool data built: {tool_data}")
     try:
         tool = ToolCreate(**tool_data)
-        logger.info(f"Validated tool data: {tool.dict()}")
+        logger.debug(f"Validated tool data: {tool.dict()}")
         await tool_service.register_tool(db, tool)
         return JSONResponse(
             content={"message": "Tool registered successfully!", "success": True},
diff --git a/mcpgateway/schemas.py b/mcpgateway/schemas.py
@@ -20,6 +20,7 @@
 """
 
 import json
+import base64
 import logging
 from datetime import datetime
 from typing import Any, Dict, List, Literal, Optional, Union
@@ -318,7 +319,8 @@ def assemble_auth(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         auth_type = values.get("auth_type")
         if auth_type:
             if auth_type.lower() == "basic":
-                encoded_auth = encode_auth({"username": values.get("auth_username", ""), "password": values.get("auth_password", "")})
+                creds = base64.b64encode(f'{values.get("auth_username", "")}:{values.get("auth_password", "")}'.encode("utf-8")).decode()
+                encoded_auth = encode_auth({"Authorization": f"Basic {creds}"})
                 values["auth"] = {"auth_type": "basic", "auth_value": encoded_auth}
             elif auth_type.lower() == "bearer":
                 encoded_auth = encode_auth({"Authorization": f"Bearer {values.get('auth_token', '')}"})
@@ -376,7 +378,8 @@ def assemble_auth(cls, values: Dict[str, Any]) -> Dict[str, Any]:
         auth_type = values.get("auth_type")
         if auth_type:
             if auth_type.lower() == "basic":
-                encoded_auth = encode_auth({"username": values.get("auth_username", ""), "password": values.get("auth_password", "")})
+                creds = base64.b64encode(f'{values.get("auth_username", "")}:{values.get("auth_password", "")}'.encode("utf-8")).decode()
+                encoded_auth = encode_auth({"Authorization": f"Basic {creds}"})
                 values["auth"] = {"auth_type": "basic", "auth_value": encoded_auth}
             elif auth_type.lower() == "bearer":
                 encoded_auth = encode_auth({"Authorization": f"Bearer {values.get('auth_token', '')}"})
@@ -715,7 +718,8 @@ def _process_auth_fields(values: Dict[str, Any]) -> Optional[Dict[str, Any]]:
             if not username or not password:
                 raise ValueError("For 'basic' auth, both 'auth_username' and 'auth_password' must be provided.")
 
-            return encode_auth({"username": username, "password": password})
+            creds = base64.b64encode(f'{username}:{password}'.encode("utf-8")).decode()
+            return encode_auth({"Authorization": f"Basic {creds}"})
 
         if auth_type == "bearer":
             # For bearer authentication, only token is required
@@ -824,7 +828,8 @@ def _process_auth_fields(values: Dict[str, Any]) -> Optional[Dict[str, Any]]:
             if not username or not password:
                 raise ValueError("For 'basic' auth, both 'auth_username' and 'auth_password' must be provided.")
 
-            return encode_auth({"username": username, "password": password})
+            creds = base64.b64encode(f"{username}:{password}".encode("utf-8")).decode()
+            return encode_auth({"Authorization": f"Basic {creds}"})
 
         if auth_type == "bearer":
             # For bearer authentication, only token is required
diff --git a/mcpgateway/services/tool_service.py b/mcpgateway/services/tool_service.py
@@ -15,6 +15,7 @@
 """
 
 import asyncio
+import base64
 import json
 import logging
 import time
@@ -125,10 +126,12 @@ def _convert_tool_to_read(self, tool: DbTool) -> ToolRead:
 
         decoded_auth_value = decode_auth(tool.auth_value)
         if tool.auth_type == "basic":
+            decoded_bytes = base64.b64decode(decoded_auth_value["Authorization"].split("Basic ")[1])
+            username, password = decoded_bytes.decode("utf-8").split(":")
             tool_dict["auth"] = {
                 "auth_type": "basic",
-                "username": decoded_auth_value["username"],
-                "password": "********" if decoded_auth_value["password"] else None,
+                "username": username,
+                "password": "********" if password else None,
             }
         elif tool.auth_type == "bearer":
             tool_dict["auth"] = {
