rusackas opened a new pull request, #40861: URL: https://github.com/apache/superset/pull/40861
### SUMMARY `get_user_from_request()` in `superset/mcp_service/auth.py` raised a `ValueError` whose message enumerated the service's auth configuration — `MCP_AUTH_ENABLED`, whether JWT keys are configured, the configured API key prefix, and whether `MCP_DEV_USERNAME` is set. That message propagated back to unauthenticated callers, exposing configuration detail. This keeps the diagnostic detail in a server-side `logger.warning(...)` and raises a generic message to the caller: > Authentication required. No valid credentials provided. The exception type (`ValueError`) and control flow are unchanged. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — backend error message. ### TESTING INSTRUCTIONS ``` pytest tests/unit_tests/mcp_service/test_auth_api_key.py ``` Existing assertions updated to the new message; a new test verifies the error string does not contain any configuration details, while the detail is still logged server-side. ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration - [ ] Introduces new feature or API - [ ] Removes existing feature or API 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
