Outris-Identity

test_masking.py•6.54 KiB

import asyncio import os import json import asyncpg from dotenv import load_dotenv load_dotenv() async def run_test(): print("Masking Verification Test") print("=========================") # 1. Direct DB Connection to fetch config db_url = os.getenv("DATABASE_URL") or "postgresql://postgres:postgres@localhost:5432/postgres" # fallback if not os.getenv("DATABASE_URL"): # Try to find it in previous file or guess # Previous check_credits.py worked, so env var must be loadable from somewhere or default works? # No, load_dotenv() likely worked for check_credits.py if .env existed. # But view_file .env failed. # Wait, check_credits.py has `load_dotenv()`. # Maybe I should rely on the system env vars if present. pass try: conn = await asyncpg.connect(db_url) print("DB Connected.") # Fetch API Key row = await conn.fetchrow("SELECT key_prefix, key_hash FROM public.api_keys WHERE is_active = TRUE LIMIT 1") if not row: print("No active API Key found in public.api_keys to simulate backend usage.") # Can't proceed await conn.close() return # Fetch full key? No, we only store hash. # But we need a valid key to CALL the backend. # The backend validates X-API-Key. # The db only has the hash. # We CANNOT recover the full key from the hash. # So we cannot call the backend unless we KNOW a valid key. # # However, `mcp_server` usually has `BACKEND_API_KEY` configured in its environment. # If that env var is missing here (because I can't read .env), I'm stuck. # # BUT, the user's `check_credits.py` ran. It imported `mcp_server`. # Wait, `check_credits.py` did NOT import `mcp_server`. It checked the DB directly. # # In `helpers.py`, `get_settings()` loads from `env`. # If `settings.backend_api_key` is empty, calls fail. # # I must ask the user or hardcode a key if I can find one locally. # Or I can Insert a TEMPORARY key into `public.api_keys` and use it? # Yes! # I can generate a key `sk_test_123`, hash it, insert it. # Then use `sk_test_123` as `BACKEND_API_KEY`. # Use it for the test. # Then delete it. test_key = "sk_test_verification_key_12345" import hashlib test_key_hash = hashlib.sha256(test_key.encode()).hexdigest() # Insert Temp Key print("Inserting temporary test key...") await conn.execute(""" INSERT INTO public.api_keys (key_hash, key_prefix, client_name, client_email, is_active, allow_raw_records, created_at) VALUES ($1, $2, 'Test Script', 'test@example.com', TRUE, TRUE, NOW()) ON CONFLICT DO NOTHING """, test_key_hash, test_key[:7]) # Set Env Vars os.environ["BACKEND_API_KEY"] = test_key # Assume backend url is default or check logs if not os.getenv("BACKEND_API_URL"): os.environ["BACKEND_API_URL"] = "http://localhost:8000" # Guessing typical port await conn.close() except Exception as e: print(f"Setup Error: {e}") return # Now import mcp_server modules (env vars are set) try: from mcp_server.core.database import Database from mcp_server.tools.registry import execute_tool # Import module to register tools import mcp_server.tools.investigation await Database.connect() email = "hr@outris.com" account_row = await Database.fetchrow("SELECT id, user_email FROM mcp.user_accounts WHERE user_email = $1", email) if not account_row: print("Account not found") return account_id = account_row['id'] # Find valid phone phone = "9876543210" # Scenario A: FALSE print("\nScenario A: allow_raw_records = FALSE") await Database.execute("UPDATE public.api_keys SET allow_raw_records = FALSE WHERE client_email = $1", email) try: result, _ = await execute_tool("get_email", {"phone": phone}, account_id=account_id) # print(f"Result Type: {type(result)}") emails = result.get('emails', []) print(f"Emails: {json.dumps(emails, indent=2)}") if emails: if any('*' in e for e in emails): print("VERDICT: PASSED (Masked)") else: print("VERDICT: FAILED (Unmasked)") else: print("Result empty - inconclusive but likely auth worked.") except Exception as e: print(f"Tool Error: {e}") # Scenario B: TRUE print("\nScenario B: allow_raw_records = TRUE") await Database.execute("UPDATE public.api_keys SET allow_raw_records = TRUE WHERE client_email = $1", email) try: result, _ = await execute_tool("get_email", {"phone": phone}, account_id=account_id) emails = result.get('emails', []) print(f"Emails: {json.dumps(emails, indent=2)}") if emails: if not any('*' in e for e in emails): print("VERDICT: PASSED (Unmasked)") else: print("VERDICT: FAILED (Masked)") except Exception as e: print(f"Tool Error: {e}") # Scenario C: No Account Context (Fail-safe check) print("\nScenario C: No Account Context (Fail-safe)") # Should default to Masked try: result, _ = await execute_tool("get_email", {"phone": phone}, account_id=None) emails = result.get('emails', []) print(f"Emails: {json.dumps(emails, indent=2)}") if emails: if any('*' in e for e in emails): print("VERDICT: PASSED (Masked)") else: print("VERDICT: FAILED (Unmasked)") else: print("Result empty.") except Exception as e: print(f"Tool Error: {e}") # Cleanup await Database.execute("UPDATE public.api_keys SET allow_raw_records = FALSE WHERE client_email = $1", email) await Database.execute("DELETE FROM public.api_keys WHERE client_email = 'test@example.com'") await Database.disconnect() except Exception as e: print(f"Run Error: {e}") if __name__ == "__main__": asyncio.run(run_test())

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/outris-dev-user/Outris-Identity'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

test_masking.py•6.54 KiB