made changes to fix bug #476

Signed-off-by: Satya <[email protected]>

Author: TS0713

mcpgateway/admin.py

@@ -28,6 +28,7 @@
 from fastapi.responses import HTMLResponse, JSONResponse, RedirectResponse
 import httpx
 from pydantic import ValidationError
+from pydantic_core import ValidationError as CoreValidationError
 from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import Session
 
@@ -61,7 +62,7 @@
 from mcpgateway.services.prompt_service import PromptNotFoundError, PromptService
 from mcpgateway.services.resource_service import ResourceNotFoundError, ResourceService
 from mcpgateway.services.root_service import RootService
-from mcpgateway.services.server_service import ServerNotFoundError, ServerService
+from mcpgateway.services.server_service import ServerError, ServerNotFoundError, ServerService
 from mcpgateway.services.tool_service import ToolError, ToolNameConflictError, ToolNotFoundError, ToolService
 from mcpgateway.utils.create_jwt_token import get_jwt_token
 from mcpgateway.utils.error_formatter import ErrorFormatter
@@ -405,10 +406,10 @@ async def admin_add_server(request: Request, db: Session = Depends(get_db), user
         >>> server_service.register_server = original_register_server
     """
     form = await request.form()
-    is_inactive_checked = form.get("is_inactive_checked", "false")
+    # root_path = request.scope.get("root_path", "")
+    # is_inactive_checked = form.get("is_inactive_checked", "false")
     try:
         logger.debug(f"User {user} is adding a new server with name: {form['name']}")
-
         server = ServerCreate(
             name=form.get("name"),
             description=form.get("description"),
@@ -417,24 +418,46 @@ async def admin_add_server(request: Request, db: Session = Depends(get_db), user
             associated_resources=form.get("associatedResources"),
             associated_prompts=form.get("associatedPrompts"),
         )
+    except KeyError as e:
+        # Convert KeyError to ValidationError-like response
+        return JSONResponse(content={"message": f"Missing required field: {e}", "success": False}, status_code=422)
+
+    try:
         await server_service.register_server(db, server)
+        return JSONResponse(
+            content={"message": "Server created successfully!", "success": True},
+            status_code=200,
+        )
 
-        root_path = request.scope.get("root_path", "")
-        if is_inactive_checked.lower() == "true":
-            return RedirectResponse(f"{root_path}/admin/?include_inactive=true#catalog", status_code=303)
-        return RedirectResponse(f"{root_path}/admin#catalog", status_code=303)
+    except CoreValidationError as ex:
+        return JSONResponse(content={"message": str(ex)}, status_code=422)
+
+    except IntegrityError as ex:
+        logger.error(f"Database error: {ex}")
+        return JSONResponse(content={"success": False, "message": "Server name already exists."}, status_code=409)
     except Exception as ex:
+        if isinstance(ex, ServerError):
+            # Custom server logic error — 500 Internal Server Error makes sense
+            return JSONResponse(content={"message": str(ex), "success": False}, status_code=500)
+
+        if isinstance(ex, ValueError):
+            # Invalid input — 400 Bad Request is appropriate
+            return JSONResponse(content={"message": str(ex), "success": False}, status_code=400)
+
+        if isinstance(ex, RuntimeError):
+            # Unexpected error during runtime — 500 is suitable
+            return JSONResponse(content={"message": str(ex), "success": False}, status_code=500)
+
         if isinstance(ex, ValidationError):
-            logger.info(f"ValidationError adding server: type{ex}")
+            # Pydantic or input validation failure — 422 Unprocessable Entity is correct
             return JSONResponse(content=ErrorFormatter.format_validation_error(ex), status_code=422)
+
         if isinstance(ex, IntegrityError):
-            logger.info(f"IntegrityError adding server: type{ex}")
+            # DB constraint violation — 409 Conflict is appropriate
             return JSONResponse(status_code=409, content=ErrorFormatter.format_database_error(ex))
-        logger.info(f"Other Error adding server:{ex}")
-        root_path = request.scope.get("root_path", "")
-        if is_inactive_checked.lower() == "true":
-            return RedirectResponse(f"{root_path}/admin/?include_inactive=true#catalog", status_code=303)
-        return RedirectResponse(f"{root_path}/admin#catalog", status_code=303)
+
+        # For any other unhandled error, default to 500
+        return JSONResponse(content={"message": str(ex), "success": False}, status_code=500)
 
 
 @admin_router.post("/servers/{server_id}/edit")

mcpgateway/static/admin.js

@@ -4227,6 +4227,69 @@ function handleResourceFormSubmit(e) {
         });
 }
 
+async function handleServerFormSubmit(e) {
+    e.preventDefault();
+
+    const form = e.target;
+    const formData = new FormData(form);
+    const status = safeGetElement("serverFormError");
+    const loading = safeGetElement("add-server-loading"); // Add a loading spinner if needed
+
+    try {
+        const name = formData.get("name");
+
+        // Basic validation
+        const nameValidation = validateInputName(name, "server");
+        if (!nameValidation.valid) {
+            throw new Error(nameValidation.error);
+        }
+
+        if (loading) {
+            loading.style.display = "block";
+        }
+
+        if (status) {
+            status.textContent = "";
+            status.classList.remove("error-status");
+        }
+
+        const isInactiveCheckedBool = isInactiveChecked("servers");
+        formData.append("is_inactive_checked", isInactiveCheckedBool);
+
+        const response = await fetchWithTimeout(
+            `${window.ROOT_PATH}/admin/servers`,
+            {
+                method: "POST",
+                body: formData,
+                redirect: "manual",
+            },
+        );
+
+        const result = await response.json();
+        if (!result.success) {
+            console.log(result.message);
+            throw new Error(result.message || "Failed to add server.");
+        } else {
+            // Success redirect
+            const redirectUrl = isInactiveCheckedBool
+                ? `${window.ROOT_PATH}/admin?include_inactive=true#catalog`
+                : `${window.ROOT_PATH}/admin#catalog`;
+            window.location.href = redirectUrl;
+        }
+    } catch (error) {
+        console.error("Add Server Error:", error);
+        if (status) {
+            status.textContent = error.message || "An error occurred.";
+            status.classList.add("error-status");
+        }
+        showErrorMessage(error.message); // Optional if you use global popup/snackbar
+    } finally {
+        if (loading) {
+            loading.style.display = "none";
+        }
+    }
+}
+
 async function handleToolFormSubmit(event) {
     event.preventDefault();
 
@@ -4821,6 +4884,11 @@ function setupFormHandlers() {
         paramButton.addEventListener("click", handleAddParameter);
     }
 
+    const serverForm = safeGetElement("add-server-form");
+    if (serverForm) {
+        serverForm.addEventListener("submit", handleServerFormSubmit);
+    }
+
     const editResourceForm = safeGetElement("edit-resource-form");
     if (editResourceForm) {
         editResourceForm.addEventListener("submit", () => {

mcpgateway/templates/admin.html

@@ -240,9 +240,7 @@ <h2 class="text-2xl font-bold dark:text-gray-200">MCP Servers Catalog</h2>
       </div>
       <div class="bg-white shadow rounded-lg p-6 dark:bg-gray-800">
         <h3 class="text-lg font-bold mb-4 dark:text-gray-200">Add New Server</h3>
-        <form method="POST" action="{{ root_path }}/admin/servers" id="add-server-form"
-          onsubmit="return handleToggleSubmit(event, 'servers')"
-          onreset="document.getElementById('associatedTools').selectedIndex = -1;">
+        <form method="POST" id="add-server-form" onreset="document.getElementById('associatedTools').selectedIndex = -1;">
           <div class="grid grid-cols-1 gap-6">
             <div>
               <label class="block text-sm font-medium text-gray-700 dark:text-gray-400">Name</label>
@@ -263,15 +261,13 @@ <h3 class="text-lg font-bold mb-4 dark:text-gray-200">Add New Server</h3>
               <label for="associatedTools" class="block text-sm font-medium text-gray-700 dark:text-gray-300">
                 Associated Tools
               </label>
-              <select name="associatedTools" {# same name as before (minus camelCase) #} id="associatedTools" multiple
-                {# remove if you want single-select #}
+              <select name="associatedTools" id="associatedTools" multiple
                 class="mt-1 block w-full rounded-md border border-gray-300 dark:border-gray-700 shadow-sm focus:border-indigo-500 focus:ring-indigo-500 dark:bg-gray-900 dark:placeholder-gray-300 dark:text-gray-300">
                 {% for tool in tools %}
-                {# value can be tool.id, tool.slug, or any key you use later #}
                 <option value="{{ tool.id }}">{{ tool.name }}</option>
                 {% endfor %}
               </select>
-              <span id="selectedToolsPills" class="inline-flex flex-wrap gap-1 mt-2"></span> <!-- container -->
+              <span id="selectedToolsPills" class="inline-flex flex-wrap gap-1 mt-2"></span>
               <span id="selectedToolsWarning" class="block text-sm font-semibold text-red-600 mt-1"></span>
             </div>
             <div>
@@ -289,8 +285,14 @@ <h3 class="text-lg font-bold mb-4 dark:text-gray-200">Add New Server</h3>
                 placeholder="e.g., prompt1, prompt2" />
             </div>
           </div>
+          <!-- 🔻 Error Display Span -->
+          <span id="serverFormError" class="block text-sm font-semibold text-red-600 mt-2"></span>
+
+          <!-- 🔄 Optional Loading Indicator -->
+          <div id="add-server-loading" class="hidden text-sm text-gray-500 mt-2">Submitting...</div>
+
           <div class="mt-6">
-            <button type="submit" data-testid="add-server-btn"
+            <button type="submit"
               x-tooltip="'💡Creates a new Virtual Server by combining Tools, Resources & Prompts from global catalogs.'"
               class="inline-flex justify-center py-2 px-4 border border-transparent shadow-sm text-sm font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500">
               Add Server

tests/e2e/test_admin_apis.py

@@ -202,8 +202,8 @@ async def test_admin_server_lifecycle(self, client: AsyncClient, mock_settings):
 
         # POST to /admin/servers should redirect
         response = await client.post("/admin/servers", data=form_data, headers=TEST_AUTH_HEADER, follow_redirects=False)
-        assert response.status_code == 303
-        assert "/admin#catalog" in response.headers["location"]
+        assert response.status_code == 200
+        # assert "/admin#catalog" in response.headers["location"]
 
         # Get all servers and find our server
         response = await client.get("/admin/servers", headers=TEST_AUTH_HEADER)

tests/security/test_input_validation.py

@@ -480,16 +480,16 @@ def must_fail(schema: dict, label: str = "Invalid schema") -> None:
             try:
                 tool = ToolCreate(name=self.VALID_TOOL_NAME, url=self.VALID_URL, input_schema=schema)
                 assert tool.input_schema is not None
-                print(f"✅ Valid schema #{i+1} accepted")
+                print(f"✅ Valid schema #{i + 1} accepted")
             except ValidationError as err:
-                print(f"❌ Valid schema #{i+1} rejected: {str(schema)[:50]}... -> {err}")
+                print(f"❌ Valid schema #{i + 1} rejected: {str(schema)[:50]}... -> {err}")
                 raise
 
         # Invalid schemas - too deep
         for i, payload in enumerate(self.DEEP_NESTING_PAYLOADS):
             if isinstance(payload, dict):
                 logger.debug(f"Testing deep nested schema")
-                must_fail(payload, f"Deep nested schema #{i+1}")
+                must_fail(payload, f"Deep nested schema #{i + 1}")
 
     def test_tool_create_request_type_validation(self):
         """Test request type validation based on integration type."""
@@ -638,7 +638,7 @@ def must_fail(content, label: str = "Invalid content") -> None:
         # Invalid content - HTML tags
         for i, payload in enumerate(self.XSS_PAYLOADS[:5]):
             logger.debug(f"Testing XSS payload in content: {payload[:50]}...")
-            must_fail(payload, f"XSS content #{i+1}")
+            must_fail(payload, f"XSS content #{i + 1}")
 
     def test_resource_create_mime_type_validation(self):
         """Test MIME type validation."""
@@ -911,7 +911,7 @@ def must_fail(payload: str, label: str = "Polyglot payload") -> None:
 
         for i, payload in enumerate(polyglot_payloads):
             logger.debug(f"Testing polyglot payload: {payload[:50]}...")
-            must_fail(payload, f"Polyglot #{i+1}")
+            must_fail(payload, f"Polyglot #{i + 1}")
 
     def test_timing_attack_prevention(self):
         """Test that validation doesn't reveal timing information."""
@@ -1117,7 +1117,7 @@ def must_fail(template: str, label: str = "SSTI payload") -> None:
 
         for i, payload in enumerate(ssti_payloads):
             logger.debug(f"Testing SSTI payload: {payload[:50]}...")
-            must_fail(payload, f"SSTI #{i+1} ({payload[:20]}...)")
+            must_fail(payload, f"SSTI #{i + 1} ({payload[:20]}...)")
 
     def test_regex_dos_prevention(self):
         """Test prevention of ReDoS attacks."""
@@ -1180,7 +1180,7 @@ def test_prototype_pollution_prevention(self):
         ]
 
         for i, payload in enumerate(pollution_payloads):
-            logger.debug(f"Testing prototype pollution payload {i+1}")
+            logger.debug(f"Testing prototype pollution payload {i + 1}")
             # Should handle these safely
             try:
                 tool = ToolCreate(name=self.VALID_TOOL_NAME, url=self.VALID_URL, headers=payload)

tests/unit/mcpgateway/test_admin.py

@@ -287,8 +287,9 @@ async def test_admin_add_server_with_empty_associations(self, mock_register_serv
         result = await admin_add_server(mock_request, mock_db, "test-user")
 
         # Should still succeed
-        assert isinstance(result, RedirectResponse)
-        assert result.status_code == 303
+        # assert isinstance(result, RedirectResponse)
+        # changing the redirect status code (303) to success-status code (200)
+        assert result.status_code == 200
 
     @patch.object(ServerService, "update_server")
     async def test_admin_edit_server_with_root_path(self, mock_update_server, mock_request, mock_db):
@@ -1338,9 +1339,14 @@ async def test_exception_handling_consistency(self, exception_type, expected_sta
 
             result = await admin_add_server(mock_request, mock_db, "test-user")
 
+            print(f"\nException: {exception_type.__name__ if hasattr(exception_type, '__name__') else exception_type}")
+            print(f"Result Type: {type(result)}")
+            print(f"Status Code: {getattr(result, 'status_code', 'N/A')}")
+
             if expected_status in [422, 409]:
                 assert isinstance(result, JSONResponse)
                 assert result.status_code == expected_status
             else:
                 # Generic exceptions return redirect
-                assert isinstance(result, RedirectResponse)
+                # assert isinstance(result, RedirectResponse)
+                assert isinstance(result, JSONResponse)