fix(GraphQL): Fix auth-token propagation for HTTP endpoints resolved …

…through GraphQL (GRAPHQL-946) (#7245) (#7251) Fixes [Discuss Issue](https://discuss.dgraph.io/t/alpha-problems-with-auth-token/12136). (cherry picked from commit 146c4f1)
dgraph-io · Jan 7, 2021 · fae97ec · fae97ec
1 parent 842bb3d
commit fae97ec
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 0 deletions.
diff --git a/dgraph/cmd/alpha/http.go b/dgraph/cmd/alpha/http.go
@@ -642,6 +642,7 @@ func resolveWithAdminServer(gqlReq *schema.Request, r *http.Request,
 	ctx := metadata.NewIncomingContext(context.Background(), md)
 	ctx = x.AttachAccessJwt(ctx, r)
 	ctx = x.AttachRemoteIP(ctx, r)
+	ctx = x.AttachAuthToken(ctx, r)
 
 	return adminServer.Resolve(ctx, gqlReq)
 }

diff --git a/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go b/graphql/e2e/admin_auth/poorman_auth/admin_auth_test.go
@@ -17,7 +17,9 @@
 package admin_auth
 
 import (
+	"io/ioutil"
 	"net/http"
+	"strings"
 	"testing"
 
 	"github.com/dgraph-io/dgraph/x"
@@ -51,6 +53,20 @@ func TestAdminOnlyPoorManAuth(t *testing.T) {
 	common.SafelyUpdateGQLSchema(t, common.Alpha1HTTP, schema, headers)
 }
 
+func TestPoorManAuthOnAdminSchemaHttpEndpoint(t *testing.T) {
+	// without X-Dgraph-AuthToken should give error
+	require.Contains(t, makeAdminSchemaRequest(t, ""), "Invalid X-Dgraph-AuthToken")
+
+	// setting a wrong value for the token should still give error
+	require.Contains(t, makeAdminSchemaRequest(t, wrongAuthToken), "Invalid X-Dgraph-AuthToken")
+
+	// setting correct value for the token should successfully update the schema
+	oldCounter := common.RetryProbeGraphQL(t, common.Alpha1HTTP).SchemaUpdateCounter
+	require.JSONEq(t, `{"data":{"code":"Success","message":"Done"}}`, makeAdminSchemaRequest(t,
+		authToken))
+	common.AssertSchemaUpdateCounterIncrement(t, common.Alpha1HTTP, oldCounter)
+}
+
 func assertAuthTokenError(t *testing.T, schema string, headers http.Header) {
 	resp := common.RetryUpdateGQLSchema(t, common.Alpha1HTTP, schema, headers)
 	require.Equal(t, x.GqlErrorList{{
@@ -59,3 +75,24 @@ func assertAuthTokenError(t *testing.T, schema string, headers http.Header) {
 	}}, resp.Errors)
 	require.Nil(t, resp.Data)
 }
+
+func makeAdminSchemaRequest(t *testing.T, authTokenValue string) string {
+	schema := `type Person {
+		id: ID!
+		name: String! @id
+	}`
+	req, err := http.NewRequest(http.MethodPost, common.GraphqlAdminURL+"/schema",
+		strings.NewReader(schema))
+	require.NoError(t, err)
+	if authTokenValue != "" {
+		req.Header.Set(authTokenHeader, authTokenValue)
+	}
+
+	resp, err := (&http.Client{}).Do(req)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+	b, err := ioutil.ReadAll(resp.Body)
+	require.NoError(t, err)
+
+	return string(b)
+}