feat: Only give auth errors if the server does

gabe-l-hart · gabe-l-hart · commit 6fe5a6f71ec9 · 2025-12-04T11:51:40.000-07:00
Branch: InitialCLI

Signed-off-by: Gabe Goodhart &lt;ghart@us.ibm.com&gt;
diff --git a/cforge/common.py b/cforge/common.py
@@ -161,6 +161,10 @@ def make_authenticated_request(
 ) -> Dict[str, Any]:
     """Make an authenticated HTTP request to the gateway API.
 
+    Supports both authenticated and unauthenticated servers. Will attempt
+    the request without authentication if no token is configured, and only
+    fail if the server requires authentication.
+
     Args:
         method: HTTP method (GET, POST, etc.)
         url: URL path for the request
@@ -171,25 +175,29 @@ def make_authenticated_request(
         JSON response from the API
 
     Raises:
-        AuthenticationError: If no authentication is configured
+        AuthenticationError: If the server requires authentication but none is configured
         CLIError: If the API request fails
     """
     token = get_auth_token()
-    if not token:
-        raise AuthenticationError("No authentication configured. Set MCPGATEWAY_BEARER_TOKEN environment variable or run cforge login.")
 
     headers = {"Content-Type": "application/json"}
-    if token.startswith("Basic "):
-        headers["Authorization"] = token
-    else:
-        headers["Authorization"] = f"Bearer {token}"
+    # Only add Authorization header if a token is available
+    if token:
+        if token.startswith("Basic "):
+            headers["Authorization"] = token
+        else:
+            headers["Authorization"] = f"Bearer {token}"
 
     gateway_url = f"http://{get_settings().host}:{get_settings().port}"
     full_url = f"{gateway_url}{url}"
 
     try:
         response = requests.request(method=method, url=full_url, json=json_data, params=params, headers=headers)
 
+        # Handle authentication errors specifically
+        if response.status_code in (401, 403):
+            raise AuthenticationError("Authentication required but not configured. " "Set MCPGATEWAY_BEARER_TOKEN environment variable or run 'cforge login'.")
+
         if response.status_code >= 400:
             raise CLIError(f"API request failed ({response.status_code}): {response.text}")
 
diff --git a/tests/test_common.py b/tests/test_common.py
@@ -137,14 +137,37 @@ def test_authentication_error(self) -> None:
 class TestMakeAuthenticatedRequest:
     """Tests for make_authenticated_request function using a server mock."""
 
-    def test_request_no_auth_raises_error(self, mock_client) -> None:
-        """Test that request without auth raises AuthenticationError."""
+    def test_request_no_auth_raises_error_when_server_requires_it(self, mock_settings) -> None:
+        """Test that request without auth raises AuthenticationError when server requires it."""
         # Ensure no token is available
         with patch("cforge.common.load_token", return_value=None):
-            with pytest.raises(AuthenticationError) as exc_info:
-                make_authenticated_request("GET", "/test")
+            # Mock a 401 response from server (authentication required)
+            mock_response = Mock()
+            mock_response.status_code = 401
+            mock_response.text = "Unauthorized"
 
-            assert "No authentication configured" in str(exc_info.value)
+            with patch("cforge.common.requests.request", return_value=mock_response):
+                with pytest.raises(AuthenticationError) as exc_info:
+                    make_authenticated_request("GET", "/test")
+
+                assert "Authentication required but not configured" in str(exc_info.value)
+
+    def test_request_without_auth_succeeds_on_unauthenticated_server(self, mock_settings) -> None:
+        """Test that request without auth succeeds when server doesn't require it."""
+        # Ensure no token is available
+        with patch("cforge.common.load_token", return_value=None):
+            # Mock a successful response from server (no auth required)
+            mock_response = Mock()
+            mock_response.status_code = 200
+            mock_response.json.return_value = {"result": "success"}
+
+            with patch("cforge.common.requests.request", return_value=mock_response) as mock_req:
+                result = make_authenticated_request("GET", "/test")
+
+                # Verify the request was made without Authorization header
+                call_args = mock_req.call_args
+                assert "Authorization" not in call_args[1]["headers"]
+                assert result == {"result": "success"}
 
     def test_request_with_bearer_token(self, mock_client) -> None:
         """Test successful request with Bearer token."""
