Umbrella MCP Server

#!/usr/bin/env node /** * Debug the OAuth flow step by step to understand session handling issue */ const axios = require('axios'); const https = require('https'); // Create custom axios instance that accepts self-signed certificates and preserves cookies const httpClient = axios.create({ httpsAgent: new https.Agent({ rejectUnauthorized: false }), // This is key - we need to preserve cookies across requests withCredentials: true, maxRedirects: 0, validateStatus: (status) => status >= 200 && status < 400 }); async function debugOAuthFlow() { console.log('\n🔍 Debug OAuth Flow - Session Cookie Analysis'); console.log('=' .repeat(70)); const baseUrl = 'https://127.0.0.1:8787'; const username = 'david+saola@umbrellacost.com'; const password = 'Dsamsung1!'; // Step 1: Initial /authorize call (should show login form) console.log('\n1️⃣ Initial /authorize call (should show login form):'); const authParams = { response_type: 'code', client_id: 'claude-desktop', redirect_uri: `${baseUrl}/callback`, state: 'test-state-12345', code_challenge: 'test-challenge-code', code_challenge_method: 'S256' }; const authUrl = `${baseUrl}/authorize?${new URLSearchParams(authParams)}`; console.log(`Requesting: ${authUrl}`); try { const authResponse = await httpClient.get(authUrl); console.log(`✅ Status: ${authResponse.status}`); console.log('Cookies received:', authResponse.headers['set-cookie'] || 'None'); console.log('Contains login form:', authResponse.data.includes('<form') ? 'Yes' : 'No'); } catch (error) { console.log('❌ Failed:', error.message); return; } // Step 2: Submit login credentials with cookie jar console.log('\n2️⃣ Submit login with cookie preservation:'); // Create a proper cookie jar to preserve session const cookieJar = new Map(); try { const loginData = { username, password, ...authParams }; console.log('Submitting login...'); const loginResponse = await httpClient.post( `${baseUrl}/login`, new URLSearchParams(loginData), { headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, validateStatus: (status) => status === 302 || status === 200 } ); console.log(`Status: ${loginResponse.status}`); console.log('Set-Cookie headers:', loginResponse.headers['set-cookie'] || 'None'); if (loginResponse.status === 302) { const location = loginResponse.headers.location; console.log('Redirect location:', location); // Extract and store cookies if (loginResponse.headers['set-cookie']) { loginResponse.headers['set-cookie'].forEach(cookie => { const [nameValue] = cookie.split(';'); const [name, value] = nameValue.split('='); cookieJar.set(name, value); console.log(`Stored cookie: ${name}=${value}`); }); } // Step 3: Follow redirect with cookies console.log('\n3️⃣ Follow redirect with session cookie:'); // Build cookie header const cookieHeader = Array.from(cookieJar.entries()) .map(([name, value]) => `${name}=${value}`) .join('; '); console.log('Sending cookies:', cookieHeader); // Handle relative redirect URL const fullRedirectUrl = location.startsWith('http') ? location : `${baseUrl}${location}`; console.log('Full redirect URL:', fullRedirectUrl); const redirectResponse = await httpClient.get(fullRedirectUrl, { headers: { 'Cookie': cookieHeader }, validateStatus: (status) => status >= 200 && status < 400 }); console.log(`Status: ${redirectResponse.status}`); console.log('Response length:', redirectResponse.data.length); if (redirectResponse.status === 200) { console.log('Response type:', redirectResponse.data.includes('Authentication Successful') ? 'Success page with countdown' : 'Other HTML'); console.log('Contains redirect script:', redirectResponse.data.includes('window.location.href') ? 'Yes' : 'No'); // Save response for debugging require('fs').writeFileSync('debug-response.html', redirectResponse.data); console.log('Response saved to debug-response.html'); // Look for the redirect URL in the response (stored in redirectUrl variable) const redirectMatch = redirectResponse.data.match(/const redirectUrl = '([^']+)'/); if (redirectMatch) { console.log('✅ Found redirect URL in script:', redirectMatch[1]); // Check if it contains authorization code const codeMatch = redirectMatch[1].match(/[?&]code=([^&]+)/); if (codeMatch) { console.log('✅ Authorization code found:', codeMatch[1]); console.log('\n🎉 SUCCESS: OAuth flow is working correctly!'); console.log(' - Session cookies preserved properly'); console.log(' - Client auto-registration working'); console.log(' - Authorization code generated successfully'); console.log(' - Direct redirect approach implemented'); } else { console.log('❌ No authorization code in redirect URL'); } } else { console.log('❌ No redirect script found in response'); } } } } catch (error) { console.log('❌ Login failed:', error.message); if (error.response) { console.log('Response status:', error.response.status); console.log('Response data preview:', error.response.data.substring(0, 200)); } } } // Run the debug debugOAuthFlow().catch(err => { console.error('Unexpected error:', err); process.exit(1); });