IBM
diff --git a/‎.env.example‎
Lines changed: 3 additions & 0 deletions b/‎.env.example‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 14 additions & 3 deletions b/‎CHANGELOG.md‎
Lines changed: 14 additions & 3 deletions
diff --git a/‎docs/config.schema.json‎
Lines changed: 6 additions & 0 deletions b/‎docs/config.schema.json‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/docs/config.schema.json‎
Lines changed: 6 additions & 0 deletions b/‎docs/docs/config.schema.json‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/docs/manage/configuration.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/docs/manage/configuration.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/docs/testing/acceptance.md‎
Lines changed: 3 additions & 1 deletion b/‎docs/docs/testing/acceptance.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎docs/docs/using/clients/llm-chat.md‎
Lines changed: 3 additions & 1 deletion b/‎docs/docs/using/clients/llm-chat.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎mcpgateway/admin.py‎
Lines changed: 36 additions & 9 deletions b/‎mcpgateway/admin.py‎
Lines changed: 36 additions & 9 deletions
@@ -858,6 +858,9 @@ PLUGINS_CLI_MARKUP_MODE=rich
 # ACCOUNT_LOCKOUT_DURATION_MINUTES=1
 # Send lockout notification emails when an account is locked
 # ACCOUNT_LOCKOUT_NOTIFICATION_ENABLED=true
+# Minimum response time for failed login attempts (milliseconds)
+# Helps reduce timing-based account enumeration
+# FAILED_LOGIN_MIN_RESPONSE_MS=250
 
 # Self-Service Password Reset
 # Enable forgot-password and reset-password workflows
 
@@ -6,9 +6,9 @@
 
 ### Overview
 
-This release **tightens production defaults** and adds **defense-in-depth controls** across SSRF, transports, OIDC, and authorization (S-01, O-01, O-02, O-03, O-04, O-05, O-06, O-11, O-14, O-16, U-05, C-03, C-09, C-10, C-15, EXTRA-01, C-04, C-07, C-11, C-14, C-28, C-29):
+This release **tightens production defaults** and adds **defense-in-depth controls** across SSRF, transports, OIDC, OAuth secret handling, authentication timing, and authorization (S-01, S-02, S-03, A-02, A-05, A-06, O-01, O-02, O-03, O-04, O-05, O-06, O-10, O-11, O-14, O-16, O-17, U-05, C-03, C-09, C-10, C-15, EXTRA-01, C-04, C-07, C-11, C-14, C-28, C-29):
 
-- **🔐 Hardening Items** - SSRF strict defaults, OIDC id_token verification, WebSocket/reverse-proxy gating, cancellation authorization, OAuth DCR access control, token scoping hardening, bearer scheme consistency, MCP/RPC token-scope enforcement, MCP transport revocation checks, session ownership enforcement, resource visibility scoping, roots authorization parity
+- **🔐 Hardening Items** - SSRF strict defaults with endpoint-level validation, OAuth secret at-rest protection for gateway/server/A2A configs, server OAuth read masking parity, failed-login timing hardening, OIDC id_token verification, WebSocket/reverse-proxy gating, cancellation authorization, OAuth DCR access control, token scoping hardening, bearer scheme consistency, MCP/RPC token-scope enforcement, MCP transport revocation checks, session ownership enforcement, resource visibility scoping, roots authorization parity
 - **🧪 Testing** - Full regression coverage for hardened paths, token scope MCP/RPC coverage, and additional allow/deny regression tests for session/resource controls
 
 > **Highlights**: SSRF protection now defaults to strict mode (block localhost, private networks, fail-closed DNS). WebSocket relay and reverse-proxy transports are disabled by default behind opt-in feature flags. OIDC SSO flows verify `id_token` signatures cryptographically. Cancellation, OAuth DCR, token scoping, session ownership, and resource visibility paths enforce proper authorization gates.
@@ -140,7 +140,7 @@ This release **tightens production defaults** and adds **defense-in-depth contro
 
 ### Fixed
 
-#### **🔐 Security** (S-01, O-01, O-05, U-05, C-03, C-04, C-07, C-09, C-10, C-11, C-14, C-15, C-28, C-29, EXTRA-01)
+#### **🔐 Security** (S-01, S-02, S-03, A-02, A-05, A-06, O-01, O-05, O-10, O-17, U-05, C-03, C-04, C-07, C-09, C-10, C-11, C-14, C-15, C-28, C-29, EXTRA-01)
 * **SSRF defaults inverted to strict** - localhost, private networks blocked; DNS fail-closed by default (S-01)
 * **OIDC id_token now verified** - cryptographic signature validation in SSO callback (O-01)
 * **OAuth DCR admin gate** - non-admin users denied access to client management endpoints (O-05)
@@ -172,6 +172,12 @@ This release **tightens production defaults** and adds **defense-in-depth contro
 * **SSO callback session binding** - state is bound to browser session marker and callback requires matching session binding (O-14)
 * **OAuth authorize/status ownership checks** - gateway visibility/team/owner checks now enforced consistently on authorize/status endpoints (O-16)
 * **OAuth fetch-tools access hardening** - `/oauth/fetch-tools/{gateway_id}` now reuses centralized gateway access enforcement and fails closed for non-admin null-scope contexts, with targeted regression coverage (O-15)
+* **OAuth config secrets now protected at rest across service CRUD** - sensitive `oauth_config` fields are encrypted on gateway/server/A2A create+update paths, with backward-compatible handling for already-encrypted values (A-02, O-10, O-17)
+* **Server OAuth read masking parity** - server read/list schema responses now mask sensitive OAuth keys the same way as gateway/A2A responses (A-05)
+* **Failed-login timing hardening** - email auth now applies dummy Argon2 verification on early failures plus a configurable minimum failed-login response floor (A-06)
+* **Admin gateway-test SSRF validation** - `/admin/gateways/test` now validates user-supplied target URLs before outbound requests (S-02)
+* **LLM chat connect SSRF validation** - `/llmchat/connect` now validates user-supplied MCP server URLs before session setup (S-03)
+* **OAuth DCR credential persistence hardening** - DCR-populated gateway credentials are protected before persisting to `oauth_config` (A-02, O-17)
 * **JWT rich-token teams semantics** - `_create_jwt_token` now preserves explicit `teams=None` as JSON `null` while still allowing omitted teams claims, restoring deterministic admin-token scope behavior for fail-closed ownership checks
 * **Token revocation fail-open documented** - security-features and securing docs updated to reflect availability trade-off (U-05)
 * **Health diagnostics auth consistency** - `/health/security` now uses standard bearer JWT validation flow.
@@ -196,6 +202,10 @@ This release **tightens production defaults** and adds **defense-in-depth contro
 * **C-28**: Resource event subscriptions now enforce per-subscriber visibility scoping
 * **C-29**: MCP resource subscription creation now enforces visibility checks
 * **C-15**: Token scoping defaults to deny for unmapped API paths
+* **A-02 / O-10 / O-17**: OAuth config sensitive keys are now encrypted at service-layer persistence boundaries for gateway/server/A2A, including DCR credential writes
+* **A-05**: Server read/list responses now apply OAuth secret masking parity with gateway/A2A
+* **A-06**: Email auth failed-login paths now include dummy Argon2 verification and a configurable response-time floor
+* **S-02 / S-03**: Admin gateway test and LLM chat connect now validate outbound target URLs before network calls
 * **C-05**: JSON-RPC tool execution now requires `tools.execute` for both `tools/call` and backward-compatible direct tool method invocation
 * **C-18**: Get-by-ID handlers, including `GET /resources/{resource_id}/info`, now enforce scoped ownership checks in addition to middleware controls
 * **C-19**: All root management endpoints now require `admin.system_config`
@@ -214,6 +224,7 @@ This release **tightens production defaults** and adds **defense-in-depth contro
 * Updated `docker-compose.yml` with transport feature flags and local SSRF overrides
 * Updated Helm chart `values.yaml`, `values.schema.json`, and `README.md` with new SSRF and transport settings
 * Updated `docs/config.schema.json` with new settings, defaults, and `sso_generic_jwks_uri`
+* Added Alembic backfill migration to protect existing plaintext OAuth config secrets in gateway/server/A2A rows
 * Protocol version bumped to `2025-11-25` in configuration schema
 
 ### Documentation
 
@@ -1137,6 +1137,12 @@
       "title": "Account Lockout Notification Enabled",
       "type": "boolean"
     },
+    "failed_login_min_response_ms": {
+      "default": 250,
+      "description": "Minimum response duration for failed login attempts to reduce timing side channels",
+      "title": "Failed Login Min Response Ms",
+      "type": "integer"
+    },
     "password_reset_enabled": {
       "default": true,
       "description": "Enable self-service password reset workflow (set false to disable public forgot/reset endpoints)",
 
@@ -1150,6 +1150,12 @@
       "title": "Account Lockout Notification Enabled",
       "type": "boolean"
     },
+    "failed_login_min_response_ms": {
+      "default": 250,
+      "description": "Minimum response duration for failed login attempts to reduce timing side channels",
+      "title": "Failed Login Min Response Ms",
+      "type": "integer"
+    },
     "password_reset_enabled": {
       "default": true,
       "description": "Enable self-service password reset workflow (set false to disable public forgot/reset endpoints)",
 
@@ -457,6 +457,7 @@ curl -X POST -H "Authorization: Bearer $TOKEN" \
 | `MAX_FAILED_LOGIN_ATTEMPTS`   | Maximum failed login attempts before lockout     | `10`                  | int > 0 |
 | `ACCOUNT_LOCKOUT_DURATION_MINUTES` | Account lockout duration in minutes        | `1`                   | int > 0 |
 | `ACCOUNT_LOCKOUT_NOTIFICATION_ENABLED` | Send lockout notification emails      | `true`                | bool    |
+| `FAILED_LOGIN_MIN_RESPONSE_MS` | Minimum failed-login response duration to reduce timing side channels | `250` | int >= 0 |
 | `PASSWORD_RESET_ENABLED`      | Enable self-service forgot-password/reset flow   | `true`                | bool    |
 | `PASSWORD_RESET_TOKEN_EXPIRY_MINUTES` | Password reset token expiry window     | `60`                  | int > 0 |
 | `PASSWORD_RESET_RATE_LIMIT`   | Max reset requests per email in rate window      | `5`                   | int > 0 |
 
@@ -338,7 +338,9 @@ MCPGATEWAY_ADMIN_API_ENABLED=true
 | Admin Home | Navigate to `$GW_URL/admin` | Access admin UI | Dashboard displayed | ☐ | Visual interface |
 | Create Tool (Form) | `curl -X POST $GW_URL/admin/tools -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" -H "Content-Type: application/x-www-form-urlencoded" -d 'name=admin_tool&url=https://api.example.com/v1/endpoint&description=Admin created tool&integrationType=REST&requestType=GET'` | Create via form | `{"message": "Tool registered successfully!", "success": true}` | ☐ | Form submission |
 | Create Resource (Form) | `curl -X POST $GW_URL/admin/resources -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" -H "Content-Type: application/x-www-form-urlencoded" -d 'uri=admin/test&name=admin_resource&description=Created via admin&mimeType=text/plain&content=Admin content'` | Create via form | 303 redirect | ☐ | Admin form endpoint |
-| Test Gateway Connectivity | `curl -X POST $GW_URL/admin/gateways/test -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" -H "Content-Type: application/json" -d '{"base_url": "http://localhost:8101", "path": "/health", "method": "GET", "headers": {}, "body": null}'` | Test connection | Returns status_code, latency_ms, and body | ☐ | Connectivity test |
+| Test Gateway Connectivity | `curl -X POST $GW_URL/admin/gateways/test -H "Authorization: Bearer $MCPGATEWAY_BEARER_TOKEN" -H "Content-Type: application/json" -d '{"base_url": "https://api.example.com", "path": "/health", "method": "GET", "headers": {}, "body": null}'` | Test connection | Returns status_code, latency_ms, and body | ☐ | Connectivity test |
+
+`/admin/gateways/test` enforces SSRF URL validation. Under strict defaults, localhost/private targets are blocked unless explicitly allowed (for example via `SSRF_ALLOWED_NETWORKS` or local dev overrides).
 
 ## 14. Input Validation Testing
 
 
@@ -184,7 +184,7 @@ The LLM Chat functionality is powered by the following REST API endpoints:
 {
   "user_id": "some-string",
   "server": {
-    "url": "http://localhost:8000/mcp",
+    "url": "https://mcp.example.com/mcp",
     "transport": "streamable_http",
     "auth_token": "optional-jwt-token"
   },
@@ -197,6 +197,8 @@ The LLM Chat functionality is powered by the following REST API endpoints:
 }
 ```
 
+`/llmchat/connect` validates user-supplied server URLs with SSRF protections. Under strict defaults, localhost/private addresses are rejected unless explicitly allowed (for example via `SSRF_ALLOWED_NETWORKS` or local development overrides).
+
 **Response**:
 
 ```json
 
@@ -25,6 +25,7 @@
 from datetime import datetime, timedelta, timezone
 from functools import lru_cache, wraps
 import html
+import inspect
 import io
 import json
 import logging
@@ -552,6 +553,8 @@ def decorator(func_to_wrap):
         Returns:
             The wrapped function with rate limiting applied
         """
+        signature_params = inspect.signature(func_to_wrap).parameters.values()
+        accepts_request = any(param.name == "request" or param.kind == inspect.Parameter.VAR_KEYWORD for param in signature_params)
 
         @wraps(func_to_wrap)
         async def wrapper(*args, request: Optional[Request] = None, **kwargs):
@@ -587,8 +590,9 @@ async def wrapper(*args, request: Optional[Request] = None, **kwargs):
                     detail=f"Rate limit exceeded. Maximum {limit} requests per minute.",
                 )
             rate_limit_storage[client_ip].append(current_time)
-            # IMPORTANT: forward request to the real endpoint
-            return await func_to_wrap(*args, request=request, **kwargs)
+            if accepts_request:
+                return await func_to_wrap(*args, request=request, **kwargs)
+            return await func_to_wrap(*args, **kwargs)
 
         return wrapper
 
@@ -12511,15 +12515,22 @@ async def admin_test_gateway(
         >>> admin_test_gateway.__name__
         'admin_test_gateway'
     """
-    full_url = str(request.base_url).rstrip("/") + "/" + request.path.lstrip("/")
-    full_url = full_url.rstrip("/")
-    LOGGER.debug(f"User {get_user_email(user)} testing server at {request.base_url}.")
     start_time: float = time.monotonic()
+    try:
+        validated_base_url = SecurityValidator.validate_url(str(request.base_url), "Gateway test URL")
+    except ValueError as e:
+        LOGGER.warning("Gateway test URL validation failed for %s: %s", request.base_url, e)
+        latency_ms = int((time.monotonic() - start_time) * 1000)
+        return GatewayTestResponse(status_code=400, latency_ms=latency_ms, body={"error": "Invalid gateway URL"})
+
+    full_url = validated_base_url.rstrip("/") + "/" + request.path.lstrip("/")
+    full_url = full_url.rstrip("/")
+    LOGGER.debug(f"User {get_user_email(user)} testing server at {validated_base_url}.")
     headers = request.headers or {}
 
     # Attempt to find a registered gateway matching this URL and team
     try:
-        gateway = gateway_service.get_first_gateway_by_url(db, str(request.base_url), team_id=team_id)
+        gateway = gateway_service.get_first_gateway_by_url(db, validated_base_url, team_id=team_id)
     except Exception:
         gateway = None
 
@@ -13770,6 +13781,8 @@ async def admin_import_preview(request: Request, db: Session = Depends(get_db),
     except ImportValidationError as e:
         LOGGER.error(f"Import validation failed for user {user}: {str(e)}")
         raise HTTPException(status_code=400, detail=f"Invalid import data: {str(e)}")
+    except HTTPException:
+        raise
     except Exception as e:
         LOGGER.error(f"Import preview failed for user {user}: {str(e)}")
         raise HTTPException(status_code=500, detail=f"Preview failed: {str(e)}")
@@ -13834,6 +13847,8 @@ async def admin_import_configuration(request: Request, db: Session = Depends(get
     except ImportServiceError as e:
         LOGGER.error(f"Admin import failed for user {user}: {str(e)}")
         raise HTTPException(status_code=400, detail=str(e))
+    except HTTPException:
+        raise
     except Exception as e:
         LOGGER.error(f"Unexpected admin import error for user {user}: {str(e)}")
         raise HTTPException(status_code=500, detail=f"Import failed: {str(e)}")
@@ -14918,7 +14933,11 @@ async def get_resources_section(
         LOGGER.debug(f"User {user_email} requesting resources section with team_id={team_id}")
 
         # Get all resources and filter by team
-        resources_list = await local_resource_service.list_resources(db, include_inactive=True)
+        resources_result = await local_resource_service.list_resources(db, include_inactive=True)
+        if isinstance(resources_result, tuple):
+            resources_list = resources_result[0]
+        else:
+            resources_list = resources_result
 
         # Apply team filtering if specified
         if team_id:
@@ -14973,7 +14992,11 @@ async def get_prompts_section(
         LOGGER.debug(f"User {user_email} requesting prompts section with team_id={team_id}")
 
         # Get all prompts and filter by team
-        prompts_list = await local_prompt_service.list_prompts(db, include_inactive=True)
+        prompts_result = await local_prompt_service.list_prompts(db, include_inactive=True)
+        if isinstance(prompts_result, tuple):
+            prompts_list = prompts_result[0]
+        else:
+            prompts_list = prompts_result
 
         # Apply team filtering if specified
         if team_id:
@@ -15031,7 +15054,11 @@ async def get_servers_section(
         LOGGER.debug(f"User {user_email} requesting servers section with team_id={team_id}, include_inactive={include_inactive}")
 
         # Get servers with optional include_inactive parameter
-        servers_list = await local_server_service.list_servers(db, include_inactive=include_inactive)
+        servers_result = await local_server_service.list_servers(db, include_inactive=include_inactive)
+        if isinstance(servers_result, tuple):
+            servers_list = servers_result[0]
+        else:
+            servers_list = servers_result
 
         # Apply team filtering if specified
         if team_id: