Skip to content

Commit

Permalink
fix(GraphQL): Fix auth-token propagation for HTTP endpoints resolved …
Browse files Browse the repository at this point in the history
…through GraphQL (GRAPHQL-946) (#7245) (#7252)

Fixes [Discuss Issue](https://discuss.dgraph.io/t/alpha-problems-with-auth-token/12136).

(cherry picked from commit 146c4f1)

# Conflicts:
#	graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go
  • Loading branch information
abhimanyusinghgaur authored Jan 7, 2021
1 parent 0875d25 commit 7028383
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 0 deletions.
1 change: 1 addition & 0 deletions dgraph/cmd/alpha/http.go
Original file line number Diff line number Diff line change
Expand Up @@ -616,6 +616,7 @@ func resolveWithAdminServer(gqlReq *schema.Request, r *http.Request,
ctx := metadata.NewIncomingContext(context.Background(), md)
ctx = x.AttachAccessJwt(ctx, r)
ctx = x.AttachRemoteIP(ctx, r)
ctx = x.AttachAuthToken(ctx, r)

return adminServer.Resolve(ctx, gqlReq)
}
Expand Down
35 changes: 35 additions & 0 deletions graphql/e2e/admin_auth/admin_auth_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ package admin_auth

import (
"encoding/json"
"io/ioutil"
"net/http"
"strings"
"testing"

"github.com/dgraph-io/dgraph/x"
Expand Down Expand Up @@ -90,6 +92,39 @@ func TestAdminPoorManWithAcl(t *testing.T) {
common.RequireNoGQLErrors(t, params.ExecuteAsPost(t, poorManWithAclAdminURL))
}

func TestPoorManAuthOnAdminSchemaHttpEndpoint(t *testing.T) {
// without X-Dgraph-AuthToken should give error
require.Contains(t, makeAdminSchemaRequest(t, ""), "Invalid X-Dgraph-AuthToken")

// setting a wrong value for the token should still give error
require.Contains(t, makeAdminSchemaRequest(t, wrongAuthToken), "Invalid X-Dgraph-AuthToken")

// setting correct value for the token should successfully update the schema
require.JSONEq(t, `{"data":{"code":"Success","message":"Done"}}`, makeAdminSchemaRequest(t,
authToken))
}

func makeAdminSchemaRequest(t *testing.T, authTokenValue string) string {
schema := `type Person {
id: ID!
name: String! @id
}`
req, err := http.NewRequest(http.MethodPost, poorManAdminURL+"/schema",
strings.NewReader(schema))
require.NoError(t, err)
if authTokenValue != "" {
req.Header.Set(authTokenHeader, authTokenValue)
}

resp, err := (&http.Client{}).Do(req)
require.NoError(t, err)
defer resp.Body.Close()
b, err := ioutil.ReadAll(resp.Body)
require.NoError(t, err)

return string(b)
}

func assertAuthTokenError(t *testing.T, url string, params *common.GraphQLParams) {
req, err := params.CreateGQLPost(url)
require.NoError(t, err)
Expand Down

0 comments on commit 7028383

Please sign in to comment.