From 9b9247ef916c528524ab569ad456ed35e4ffc292 Mon Sep 17 00:00:00 2001
From: Mwale Kalenga <mwale.kalenga@prosites.space>
Date: Tue, 30 Dec 2025 12:15:39 -0500
Subject: [PATCH 1/4] Fix OAuth signature generation in validateRestApiAccess

The validateRestApiAccess function was calling getAuthHeaders() without
the required URL parameter for OAuth 1.0a signature generation. This
caused authentication failures when using HTTP connections (which fall
back to OAuth instead of Basic Auth).

Changes:
- Get baseURL from httpClient.defaults.baseURL
- Construct full URL for each endpoint
- Pass proper parameters (method, url, params) to getAuthHeaders()

This fixes the "REST API validation failed: undefined" error when
connecting via HTTP/OAuth.
---
 src/config/auth.js | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/config/auth.js b/src/config/auth.js
index 1bc236d..95d50a3 100644
--- a/src/config/auth.js
+++ b/src/config/auth.js
@@ -317,10 +317,15 @@ export async function validateRestApiAccess(httpClient, authManager) {
       { path: '/feeds', name: 'Feeds' }
     ];
 
+    // Get baseURL from httpClient for OAuth signature generation
+    const baseURL = httpClient.defaults.baseURL;
+
     const results = [];
     for (const endpoint of endpoints) {
       try {
-        const headers = authManager.getAuthHeaders();
+        // Generate proper OAuth headers with full URL for signature
+        const fullUrl = `${baseURL}${endpoint.path}`;
+        const headers = authManager.getAuthHeaders('GET', fullUrl, { per_page: 1 });
         await httpClient.get(endpoint.path, {
           headers,
           params: { per_page: 1 }

From 75dccf13a3efea1118ea6482601ba52045217465 Mon Sep 17 00:00:00 2001
From: Mwale Kalenga <mwale.kalenga@prosites.space>
Date: Tue, 30 Dec 2025 12:56:44 -0500
Subject: [PATCH 2/4] Add defensive check for httpClient baseURL

---
 src/config/auth.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/config/auth.js b/src/config/auth.js
index 95d50a3..3bf35b8 100644
--- a/src/config/auth.js
+++ b/src/config/auth.js
@@ -320,6 +320,10 @@ export async function validateRestApiAccess(httpClient, authManager) {
     // Get baseURL from httpClient for OAuth signature generation
     const baseURL = httpClient.defaults.baseURL;
 
+    if (!baseURL) {
+      throw new Error('httpClient baseURL is not configured');
+    }
+
     const results = [];
     for (const endpoint of endpoints) {
       try {

From 8911c9f4972662eab62b7b2d5168b1d781f35b3b Mon Sep 17 00:00:00 2001
From: Mwale Kalenga <mwale.kalenga@prosites.space>
Date: Tue, 30 Dec 2025 13:52:26 -0500
Subject: [PATCH 3/4] Add defaults.baseURL to MockHttpClient for test
 compatibility

---
 src/tests/helpers.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tests/helpers.js b/src/tests/helpers.js
index 5465874..609fba2 100644
--- a/src/tests/helpers.js
+++ b/src/tests/helpers.js
@@ -179,6 +179,7 @@ export class MockHttpClient {
     this.requests = [];
     this.responses = new Map();
     this.defaultResponse = new MockResponse();
+    this.defaults = { baseURL: 'https://test.example.com' };
   }
 
   /**

From de00638d01c76f1b5222c88ce298b1dee42f614c Mon Sep 17 00:00:00 2001
From: Zack Katz <zack@katz.co>
Date: Wed, 18 Feb 2026 00:48:28 -0500
Subject: [PATCH 4/4] Add optional chaining for httpClient.defaults.baseURL

Prevents TypeError when httpClient.defaults is undefined by using
optional chaining (httpClient?.defaults?.baseURL).
---
 src/config/auth.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/config/auth.js b/src/config/auth.js
index 3bf35b8..8050e8c 100644
--- a/src/config/auth.js
+++ b/src/config/auth.js
@@ -318,7 +318,7 @@ export async function validateRestApiAccess(httpClient, authManager) {
     ];
 
     // Get baseURL from httpClient for OAuth signature generation
-    const baseURL = httpClient.defaults.baseURL;
+    const baseURL = httpClient?.defaults?.baseURL;
 
     if (!baseURL) {
       throw new Error('httpClient baseURL is not configured');