Merge branch 'main' into fastmpc-logging-progress-example

Author: felixweinberger

.pre-commit-config.yaml

@@ -25,22 +25,22 @@ repos:
     hooks:
       - id: ruff-format
         name: Ruff Format
-        entry: uv run ruff
+        entry: uv run --frozen ruff
         args: [format]
         language: system
         types: [python]
         pass_filenames: false
       - id: ruff
         name: Ruff
-        entry: uv run ruff
+        entry: uv run --frozen ruff
         args: ["check", "--fix", "--exit-non-zero-on-fix"]
         types: [python]
         language: system
         pass_filenames: false
         exclude: ^README\.md$
       - id: pyright
         name: pyright
-        entry: uv run pyright
+        entry: uv run --frozen pyright
         language: system
         types: [python]
         pass_filenames: false
@@ -52,7 +52,7 @@ repos:
         pass_filenames: false
       - id: readme-snippets
         name: Check README snippets are up to date
-        entry: uv run scripts/update_readme_snippets.py --check
+        entry: uv run --frozen python scripts/update_readme_snippets.py --check
         language: system
         files: ^(README\.md|examples/.*\.py|scripts/update_readme_snippets\.py)$
         pass_filenames: false

src/mcp/server/elicitation.py

@@ -98,7 +98,7 @@ async def elicit_with_validation(
         related_request_id=related_request_id,
     )
 
-    if result.action == "accept" and result.content:
+    if result.action == "accept" and result.content is not None:
         # Validate and parse the content using the schema
         validated_data = schema.model_validate(result.content)
         return AcceptedElicitation(data=validated_data)

src/mcp/server/fastmcp/server.py

@@ -320,6 +320,7 @@ async def list_resource_templates(self) -> list[MCPResourceTemplate]:
                 name=template.name,
                 title=template.title,
                 description=template.description,
+                mimeType=template.mime_type,
             )
             for template in templates
         ]

src/mcp/server/transport_security.py

@@ -122,6 +122,6 @@ async def validate_request(self, request: Request, is_post: bool = False) -> Res
         # Validate Origin header
         origin = request.headers.get("origin")
         if not self._validate_origin(origin):
-            return Response("Invalid Origin header", status_code=400)
+            return Response("Invalid Origin header", status_code=403)
 
         return None

tests/server/auth/test_protected_resource.py

@@ -0,0 +1,52 @@
+"""
+Integration tests for MCP Oauth Protected Resource.
+"""
+
+import httpx
+import pytest
+from inline_snapshot import snapshot
+from pydantic import AnyHttpUrl
+from starlette.applications import Starlette
+
+from mcp.server.auth.routes import create_protected_resource_routes
+
+
+@pytest.fixture
+def test_app():
+    """Fixture to create protected resource routes for testing."""
+
+    # Create the protected resource routes
+    protected_resource_routes = create_protected_resource_routes(
+        resource_url=AnyHttpUrl("https://example.com/resource"),
+        authorization_servers=[AnyHttpUrl("https://auth.example.com/authorization")],
+        scopes_supported=["read", "write"],
+        resource_name="Example Resource",
+        resource_documentation=AnyHttpUrl("https://docs.example.com/resource"),
+    )
+
+    app = Starlette(routes=protected_resource_routes)
+    return app
+
+
+@pytest.fixture
+async def test_client(test_app: Starlette):
+    """Fixture to create an HTTP client for the protected resource app."""
+    async with httpx.AsyncClient(transport=httpx.ASGITransport(app=test_app), base_url="https://mcptest.com") as client:
+        yield client
+
+
+@pytest.mark.anyio
+async def test_metadata_endpoint(test_client: httpx.AsyncClient):
+    """Test the OAuth 2.0 Protected Resource metadata endpoint."""
+
+    response = await test_client.get("/.well-known/oauth-protected-resource")
+    assert response.json() == snapshot(
+        {
+            "resource": "https://example.com/resource",
+            "authorization_servers": ["https://auth.example.com/authorization"],
+            "scopes_supported": ["read", "write"],
+            "resource_name": "Example Resource",
+            "resource_documentation": "https://docs.example.com/resource",
+            "bearer_methods_supported": ["header"],
+        }
+    )

tests/server/fastmcp/auth/test_auth_integration.py

@@ -342,11 +342,8 @@ class TestAuthEndpoints:
     @pytest.mark.anyio
     async def test_metadata_endpoint(self, test_client: httpx.AsyncClient):
         """Test the OAuth 2.0 metadata endpoint."""
-        print("Sending request to metadata endpoint")
+
         response = await test_client.get("/.well-known/oauth-authorization-server")
-        print(f"Got response: {response.status_code}")
-        if response.status_code != 200:
-            print(f"Response content: {response.content}")
         assert response.status_code == 200
 
         metadata = response.json()
@@ -399,9 +396,7 @@ async def test_token_invalid_auth_code(
                 "redirect_uri": "https://client.example.com/callback",
             },
         )
-        print(f"Status code: {response.status_code}")
-        print(f"Response body: {response.content}")
-        print(f"Response JSON: {response.json()}")
+
         assert response.status_code == 400
         error_response = response.json()
         assert error_response["error"] == "invalid_grant"

tests/server/fastmcp/test_server.py

@@ -810,6 +810,27 @@ def get_data(name: str) -> str:
         result = await resource.read()
         assert result == "Data for test"
 
+    @pytest.mark.anyio
+    async def test_resource_template_includes_mime_type(self):
+        """Test that list resource templates includes the correct mimeType."""
+        mcp = FastMCP()
+
+        @mcp.resource("resource://{user}/csv", mime_type="text/csv")
+        def get_csv(user: str) -> str:
+            return f"csv for {user}"
+
+        templates = await mcp.list_resource_templates()
+        assert len(templates) == 1
+        template = templates[0]
+
+        assert hasattr(template, "mimeType")
+        assert template.mimeType == "text/csv"
+
+        async with client_session(mcp._mcp_server) as client:
+            result = await client.read_resource(AnyUrl("resource://bob/csv"))
+            assert isinstance(result.contents[0], TextResourceContents)
+            assert result.contents[0].text == "csv for bob"
+
 
 class TestContextInjection:
     """Test context injection in tools, resources, and prompts."""

tests/server/test_sse_security.py

@@ -127,7 +127,7 @@ async def test_sse_security_invalid_origin_header(server_port: int):
 
         async with httpx.AsyncClient() as client:
             response = await client.get(f"http://127.0.0.1:{server_port}/sse", headers=headers)
-            assert response.status_code == 400
+            assert response.status_code == 403
             assert response.text == "Invalid Origin header"
 
     finally:

tests/server/test_streamable_http_security.py

@@ -155,7 +155,7 @@ async def test_streamable_http_security_invalid_origin_header(server_port: int):
                 json={"jsonrpc": "2.0", "method": "initialize", "id": 1, "params": {}},
                 headers=headers,
             )
-            assert response.status_code == 400
+            assert response.status_code == 403
             assert response.text == "Invalid Origin header"
 
     finally: