Hotfix authentication issue #4860.

prisma · Aug 29, 2019 · 62cfeaa · 62cfeaa
1 parent 1d95a48
commit 62cfeaa
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala b/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala
@@ -103,7 +103,7 @@ case class SangriaHandlerImpl(managementApiEnabled: Boolean)(
   private def verifyAuth[T](projectId: String, rawRequest: RawRequest)(fn: Project => Future[T]): Future[T] = {
     for {
       project    <- apiDependencies.projectFetcher.fetch_!(projectId)
-      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("Authorization"))
+      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("authorization"))
       result     <- if (authResult.isSuccess) fn(project) else Future.failed(InvalidToken())
     } yield result
   }

diff --git a/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala b/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala
@@ -53,7 +53,6 @@ object AuthImpl extends Auth {
   def verify(secrets: Vector[String], authHeader: String): AuthResult = {
     val isValid = secrets.exists { secret =>
       val claims = Jwt.decodeRaw(token = authHeader.stripPrefix("Bearer "), key = secret, algorithms = algorithms, options = jwtOptions)
-      // todo: also verify claims in accordance with https://github.com/graphcool/framework/issues/1365
       claims.isSuccess
     }
     if (isValid) AuthSuccess else AuthFailure