From fa498e01d33579cf0fd9d24e86b4f28b9ecd9d48 Mon Sep 17 00:00:00 2001 From: Abhimanyu Singh Gaur <12651351+abhimanyusinghgaur@users.noreply.github.com> Date: Tue, 5 Jan 2021 16:32:18 +0530 Subject: [PATCH 1/2] fix the auth-token issue --- dgraph/cmd/alpha/http.go | 1 + .../poorman_auth/admin_auth_test.go | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/dgraph/cmd/alpha/http.go b/dgraph/cmd/alpha/http.go index afd6dbb43ab..5978479bfcd 100644 --- a/dgraph/cmd/alpha/http.go +++ b/dgraph/cmd/alpha/http.go @@ -642,6 +642,7 @@ func resolveWithAdminServer(gqlReq *schema.Request, r *http.Request, ctx := metadata.NewIncomingContext(context.Background(), md) ctx = x.AttachAccessJwt(ctx, r) ctx = x.AttachRemoteIP(ctx, r) + ctx = x.AttachAuthToken(ctx, r) return adminServer.Resolve(ctx, gqlReq) } diff --git a/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go b/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go index 9dc1479e5a3..7a091941fcf 100644 --- a/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go +++ b/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go @@ -17,7 +17,9 @@ package admin_auth import ( + "io/ioutil" "net/http" + "strings" "testing" "github.com/dgraph-io/dgraph/x" @@ -51,6 +53,20 @@ func TestAdminOnlyPoorManAuth(t *testing.T) { common.SafelyUpdateGQLSchema(t, common.Alpha1HTTP, schema, headers) } +func TestPoorManAuthOnAdminSchemaHttpEndpoint(t *testing.T) { + // without X-Dgraph-AuthToken should give error + require.Contains(t, makeAdminSchemaRequest(t, ""), "Invalid X-Dgraph-AuthToken") + + // setting a wrong value for the token should still give error + require.Contains(t, makeAdminSchemaRequest(t, wrongAuthToken), "Invalid X-Dgraph-AuthToken") + + // setting correct value for the token should successfully update the schema + oldCounter := common.RetryProbeGraphQL(t, common.Alpha1HTTP).SchemaUpdateCounter + require.JSONEq(t, `{"data":{"code":"Success","message":"Done"}}`, makeAdminSchemaRequest(t, + authToken)) + common.AssertSchemaUpdateCounterIncrement(t, common.Alpha1HTTP, oldCounter) +} + func assertAuthTokenError(t *testing.T, schema string, headers http.Header) { resp := common.RetryUpdateGQLSchema(t, common.Alpha1HTTP, schema, headers) require.Equal(t, x.GqlErrorList{{ @@ -59,3 +75,23 @@ func assertAuthTokenError(t *testing.T, schema string, headers http.Header) { }}, resp.Errors) require.Nil(t, resp.Data) } + +func makeAdminSchemaRequest(t *testing.T, authTokenValue string) string { + schema := `type Person { + id: ID! + name: String! @id + }` + req, err := http.NewRequest(http.MethodPost, common.GraphqlAdminURL+"/schema", + strings.NewReader(schema)) + require.NoError(t, err) + if authTokenValue != "" { + req.Header.Set(authTokenHeader, authTokenValue) + } + + resp, err := (&http.Client{}).Do(req) + require.NoError(t, err) + b, err := ioutil.ReadAll(resp.Body) + require.NoError(t, err) + + return string(b) +} From 5c9d773d4d9adb4d7b22deaae9ebacd0dd46a5e5 Mon Sep 17 00:00:00 2001 From: Abhimanyu Singh Gaur <12651351+abhimanyusinghgaur@users.noreply.github.com> Date: Tue, 5 Jan 2021 17:26:21 +0530 Subject: [PATCH 2/2] review comments --- graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go | 1 + 1 file changed, 1 insertion(+) diff --git a/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go b/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go index 7a091941fcf..658b5bc0a25 100644 --- a/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go +++ b/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go @@ -90,6 +90,7 @@ func makeAdminSchemaRequest(t *testing.T, authTokenValue string) string { resp, err := (&http.Client{}).Do(req) require.NoError(t, err) + defer resp.Body.Close() b, err := ioutil.ReadAll(resp.Body) require.NoError(t, err)