From 7028383a2518eb8a42e7d44aadbe734cd58aa3c4 Mon Sep 17 00:00:00 2001 From: Abhimanyu Singh Gaur <12651351+abhimanyusinghgaur@users.noreply.github.com> Date: Thu, 7 Jan 2021 12:02:03 +0530 Subject: [PATCH] fix(GraphQL): Fix auth-token propagation for HTTP endpoints resolved through GraphQL (GRAPHQL-946) (#7245) (#7252) Fixes [Discuss Issue](https://discuss.dgraph.io/t/alpha-problems-with-auth-token/12136). (cherry picked from commit 146c4f18524f1133fc5f52bffc47a03eaf982a5e) # Conflicts: # graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go --- dgraph/cmd/alpha/http.go | 1 + graphql/e2e/admin_auth/admin_auth_test.go | 35 +++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/dgraph/cmd/alpha/http.go b/dgraph/cmd/alpha/http.go index 021855068a6..20341e23c4c 100644 --- a/dgraph/cmd/alpha/http.go +++ b/dgraph/cmd/alpha/http.go @@ -616,6 +616,7 @@ func resolveWithAdminServer(gqlReq *schema.Request, r *http.Request, ctx := metadata.NewIncomingContext(context.Background(), md) ctx = x.AttachAccessJwt(ctx, r) ctx = x.AttachRemoteIP(ctx, r) + ctx = x.AttachAuthToken(ctx, r) return adminServer.Resolve(ctx, gqlReq) } diff --git a/graphql/e2e/admin_auth/admin_auth_test.go b/graphql/e2e/admin_auth/admin_auth_test.go index 769052a8fdf..93a8ece8851 100644 --- a/graphql/e2e/admin_auth/admin_auth_test.go +++ b/graphql/e2e/admin_auth/admin_auth_test.go @@ -18,7 +18,9 @@ package admin_auth import ( "encoding/json" + "io/ioutil" "net/http" + "strings" "testing" "github.com/dgraph-io/dgraph/x" @@ -90,6 +92,39 @@ func TestAdminPoorManWithAcl(t *testing.T) { common.RequireNoGQLErrors(t, params.ExecuteAsPost(t, poorManWithAclAdminURL)) } +func TestPoorManAuthOnAdminSchemaHttpEndpoint(t *testing.T) { + // without X-Dgraph-AuthToken should give error + require.Contains(t, makeAdminSchemaRequest(t, ""), "Invalid X-Dgraph-AuthToken") + + // setting a wrong value for the token should still give error + require.Contains(t, makeAdminSchemaRequest(t, wrongAuthToken), "Invalid X-Dgraph-AuthToken") + + // setting correct value for the token should successfully update the schema + require.JSONEq(t, `{"data":{"code":"Success","message":"Done"}}`, makeAdminSchemaRequest(t, + authToken)) +} + +func makeAdminSchemaRequest(t *testing.T, authTokenValue string) string { + schema := `type Person { + id: ID! + name: String! @id + }` + req, err := http.NewRequest(http.MethodPost, poorManAdminURL+"/schema", + strings.NewReader(schema)) + require.NoError(t, err) + if authTokenValue != "" { + req.Header.Set(authTokenHeader, authTokenValue) + } + + resp, err := (&http.Client{}).Do(req) + require.NoError(t, err) + defer resp.Body.Close() + b, err := ioutil.ReadAll(resp.Body) + require.NoError(t, err) + + return string(b) +} + func assertAuthTokenError(t *testing.T, url string, params *common.GraphQLParams) { req, err := params.CreateGQLPost(url) require.NoError(t, err)