Skip to content

fix: honor is_active field in token POST/PUT requests#2584

Merged
crivetimihai merged 1 commit intomainfrom
fix/token-is-active-field-issue-2573
Jan 31, 2026
Merged

fix: honor is_active field in token POST/PUT requests#2584
crivetimihai merged 1 commit intomainfrom
fix/token-is-active-field-issue-2573

Conversation

@shoummu1
Copy link
Copy Markdown
Collaborator

@shoummu1 shoummu1 commented Jan 30, 2026

🐛 Bug-fix PR

📌 Summary

API tokens could not be created or updated with is_active=false. The is_active field in POST/PUT request bodies was completely ignored, forcing all tokens to be active regardless of the intended state. This prevented programmatic management of inactive tokens and broke API contract expectations.

🔗Related Issue

Closes #2573

🐞 Root Cause

Three layers were missing the is_active field:

  1. Schema Layer: TokenCreateRequest and TokenUpdateRequest schemas didn't include is_active field
  2. Service Layer: create_token() and update_token() methods hardcoded is_active=True instead of accepting parameter
  3. Router Layer: Endpoints didn't extract or pass is_active from request to service

💡 Fix Description

Added is_active field through the complete request pipeline:

  • Schemas: Added is_active: bool = Field(default=True) to TokenCreateRequest and is_active: Optional[bool] = Field(None) to TokenUpdateRequest
  • Service: Modified method signatures to accept is_active parameter; changed DB INSERT from hardcoded to parameterized; added conditional update logic with None-check
  • Router: Updated all 3 token endpoints (create, update, create_team) to pass is_active=request.is_active
  • Backward Compatibility: Default values maintain existing behavior for clients not sending the field

🧪 Verification

Check Command Status
Lint suite make lint
Unit tests make test
Coverage ≥ 90 % make coverage
Manual regression no longer fails API curl tests

📐 MCP Compliance (if relevant)

  • Matches current MCP spec
  • No breaking change to MCP clients

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • No secrets/credentials committed

@shoummu1 shoummu1 marked this pull request as ready for review January 30, 2026 11:58
@crivetimihai crivetimihai self-assigned this Jan 31, 2026
@shoummu1 @crivetimihai
fix: honor is_active field in token POST/PUT requests
f19e477 
Add is_active field support through the complete request pipeline:

- Schemas: Added is_active to TokenCreateRequest (bool, default=True)
  and TokenUpdateRequest (Optional[bool], default=None)
- Service: Modified create_token() and update_token() methods to accept
  and use is_active parameter instead of hardcoding
- Router: Updated all 3 token endpoints (create, update, create_team)
  to pass is_active=request.is_active
- Tests: Added explicit coverage for is_active=False on create and
  update, including toggle and reactivation scenarios

Backward compatible: default values maintain existing behavior for
clients not sending the field.

Closes #2573

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai crivetimihai force-pushed the fix/token-is-active-field-issue-2573 branch from 5fbc707 to f19e477 Compare January 31, 2026 14:48
@crivetimihai
Copy link
Copy Markdown
Member

crivetimihai commented Jan 31, 2026

Review Changes

Rebased onto main and made the following improvements:

Commit cleanup

  • Squashed 2 commits into 1 clean commit
  • Preserved original author (Shoumi)
  • Improved commit message with detailed description

Added test coverage for is_active=false behavior

Router tests (3 new):

  • test_create_token_with_is_active_false - verify is_active=False is passed to service
  • test_update_token_toggle_is_active - verify deactivation works
  • test_update_token_reactivate - verify reactivation works

Service tests (5 new):

  • test_create_token_with_is_active_false - verify is_active=False stored in DB record
  • test_create_token_default_is_active_true - verify default behavior preserved
  • test_update_token_deactivate - verify deactivation modifies token
  • test_update_token_reactivate - verify reactivation modifies token
  • test_update_token_is_active_none_no_change - verify None doesn't change status

Test results: 113 passed (was 105)

@crivetimihai crivetimihai merged commit afdc2c7 into main Jan 31, 2026
51 checks passed
@crivetimihai crivetimihai deleted the fix/token-is-active-field-issue-2573 branch January 31, 2026 15:07
@crivetimihai crivetimihai added this to the Release 1.0.0-RC1 milestone Jan 31, 2026
hughhennelly pushed a commit to hughhennelly/mcp-context-forge that referenced this pull request Feb 8, 2026
@shoummu1 @hughhennelly
fix: honor is_active field in token POST/PUT requests (IBM#2584)
e5eca7f 
Add is_active field support through the complete request pipeline:

- Schemas: Added is_active to TokenCreateRequest (bool, default=True)
  and TokenUpdateRequest (Optional[bool], default=None)
- Service: Modified create_token() and update_token() methods to accept
  and use is_active parameter instead of hardcoding
- Router: Updated all 3 token endpoints (create, update, create_team)
  to pass is_active=request.is_active
- Tests: Added explicit coverage for is_active=False on create and
  update, including toggle and reactivation scenarios

Backward compatible: default values maintain existing behavior for
clients not sending the field.

Closes IBM#2573

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: hughhennnelly <hughhennelly06@gmail.com>
kcostell06 pushed a commit to kcostell06/mcp-context-forge that referenced this pull request Feb 24, 2026
@shoummu1
fix: honor is_active field in token POST/PUT requests (IBM#2584)
5b6fefa 
Add is_active field support through the complete request pipeline:

- Schemas: Added is_active to TokenCreateRequest (bool, default=True)
  and TokenUpdateRequest (Optional[bool], default=None)
- Service: Modified create_token() and update_token() methods to accept
  and use is_active parameter instead of hardcoding
- Router: Updated all 3 token endpoints (create, update, create_team)
  to pass is_active=request.is_active
- Tests: Added explicit coverage for is_active=False on create and
  update, including toggle and reactivation scenarios

Backward compatible: default values maintain existing behavior for
clients not sending the field.

Closes IBM#2573

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

@crivetimihai crivetimihai

Labels

None yet

Projects

None yet

Milestone

Release 1.0.0-RC1

Development

Successfully merging this pull request may close these issues.

[BUG]: API Calls - API Tokens- Create / Update API calls are not saving the correct data

2 participants

@shoummu1 @crivetimihai