From 62cfeaa5930ef25eab45ef249b222ccac15e59fe Mon Sep 17 00:00:00 2001
From: Dominic Petrick <dompetrick@gmail.com>
Date: Thu, 29 Aug 2019 17:52:54 +0200
Subject: [PATCH] Hotfix authentication issue #4860.

---
 .../src/main/scala/com/prisma/image/SangriaHandlerImpl.scala    | 2 +-
 server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala      | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala b/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala
index 9240feed92..db522e73fe 100644
--- a/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala
+++ b/server/images/prisma-image-shared/src/main/scala/com/prisma/image/SangriaHandlerImpl.scala
@@ -103,7 +103,7 @@ case class SangriaHandlerImpl(managementApiEnabled: Boolean)(
   private def verifyAuth[T](projectId: String, rawRequest: RawRequest)(fn: Project => Future[T]): Future[T] = {
     for {
       project    <- apiDependencies.projectFetcher.fetch_!(projectId)
-      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("Authorization"))
+      authResult = apiDependencies.auth.verify(project.secrets, rawRequest.headers.get("authorization"))
       result     <- if (authResult.isSuccess) fn(project) else Future.failed(InvalidToken())
     } yield result
   }
diff --git a/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala b/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala
index e6c055eca9..7a96148d39 100644
--- a/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala
+++ b/server/libs/auth/src/main/scala/com/prisma/auth/Auth.scala
@@ -53,7 +53,6 @@ object AuthImpl extends Auth {
   def verify(secrets: Vector[String], authHeader: String): AuthResult = {
     val isValid = secrets.exists { secret =>
       val claims = Jwt.decodeRaw(token = authHeader.stripPrefix("Bearer "), key = secret, algorithms = algorithms, options = jwtOptions)
-      // todo: also verify claims in accordance with https://github.com/graphcool/framework/issues/1365
       claims.isSuccess
     }
     if (isValid) AuthSuccess else AuthFailure