Hotfix authentication issue #4860.

dpetrick · dpetrick · commit 62cfeaa5930e · 2019-08-29T17:52:54.000+02:00
diff --git a/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala b/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala
@@ -103,7 +103,7 @@ case class SangriaHandlerImpl(managementApiEnabled: Boolean)(
   private def verifyAuth[T](projectId: String, rawRequest: RawRequest)(fn: Project => Future[T]): Future[T] = {
     for {
       project    <- apiDependencies.projectFetcher.fetch_!(projectId)
-      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("Authorization"))
+      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("authorization"))
       result     <- if (authResult.isSuccess) fn(project) else Future.failed(InvalidToken())
     } yield result
   }
diff --git a/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala b/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala
@@ -53,7 +53,6 @@ object AuthImpl extends Auth {
   def verify(secrets: Vector[String], authHeader: String): AuthResult = {
     val isValid = secrets.exists { secret =>
       val claims = Jwt.decodeRaw(token = authHeader.stripPrefix("Bearer "), key = secret, algorithms = algorithms, options = jwtOptions)
-      // todo: also verify claims in accordance with https://github.com/graphcool/framework/issues/1365
       claims.isSuccess
     }
     if (isValid) AuthSuccess else AuthFailure

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ case class SangriaHandlerImpl(managementApiEnabled: Boolean)(`
`103`	`103`	`private def verifyAuth[T](projectId: String, rawRequest: RawRequest)(fn: Project => Future[T]): Future[T] = {`
`104`	`104`	`for {`
`105`	`105`	`project <- apiDependencies.projectFetcher.fetch_!(projectId)`
`106`		`- authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("Authorization"))`
	`106`	`+ authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("authorization"))`
`107`	`107`	`result <- if (authResult.isSuccess) fn(project) else Future.failed(InvalidToken())`
`108`	`108`	`} yield result`
`109`	`109`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,6 @@ object AuthImpl extends Auth {`
`53`	`53`	`def verify(secrets: Vector[String], authHeader: String): AuthResult = {`
`54`	`54`	`val isValid = secrets.exists { secret =>`
`55`	`55`	`val claims = Jwt.decodeRaw(token = authHeader.stripPrefix("Bearer "), key = secret, algorithms = algorithms, options = jwtOptions)`
`56`		`- // todo: also verify claims in accordance with https://github.com/graphcool/framework/issues/1365`
`57`	`56`	`claims.isSuccess`
`58`	`57`	`}`
`59`	`58`	`if (isValid) AuthSuccess else AuthFailure`