[BUG][UI]: Admin UI shows raw JSON error instead of redirecting to login when user is deleted #2965
Description
🐞 Bug Summary
When a user's JWT token is valid but the user has been deleted from the backend database, navigating to /admin/ returns a raw JSON response {"detail":"User not found"} with a 401 status instead of redirecting to the login page. In incognito mode (no cookie), the login page loads correctly.
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- Log in to the admin UI at
/admin/login - Delete the user from the backend database
- Navigate to
/admin/ - Observe the raw JSON error
{"detail":"User not found"}instead of a redirect to the login page
🤔 Expected Behavior
The browser should be redirected to /admin/login so the user can re-authenticate, matching the behavior of all other authentication error paths in the AdminAuthMiddleware.
📓 Logs / Error Output
Browser console: GET http://localhost:8080/admin/ 401 (Unauthorized)
🧠 Environment Info
| Key | Value |
|---|---|
| Version or commit | f8f7a76be |
| Runtime | Python 3.13 |
| Platform / OS | Linux (WSL2) |
| Container | N/A |
🧩 Additional Context (optional)
Root cause: In mcpgateway/main.py line 1603, the AdminAuthMiddleware was returning ORJSONResponse(status_code=401, ...) directly instead of using the _error_response() helper method. All other error paths in the middleware use _error_response(), which checks the request Accept header and redirects browser requests to /admin/login.
Fix: Replace the direct ORJSONResponse with self._error_response(request, root_path, 401, "User not found").