allow x-hasura- req headers for jwt unauth role, closes hasura#1686 (hasura#1689)

Author: 0x777

server/src-lib/Hasura/HTTP.hs

@@ -1,6 +1,7 @@
 module Hasura.HTTP
   ( wreqOptions
   , HttpException(..)
+  , hdrsToText
   ) where
 
 import           Control.Lens          hiding ((.=))
@@ -12,8 +13,16 @@ import qualified Network.HTTP.Client   as HTTP
 import qualified Network.HTTP.Types    as HTTP
 import qualified Network.Wreq          as Wreq
 
+import           Data.CaseInsensitive  (original)
+import           Hasura.Server.Utils   (bsToTxt)
 import           Hasura.Server.Version (currentVersion)
 
+hdrsToText :: [HTTP.Header] -> [(Text, Text)]
+hdrsToText hdrs =
+  [ (bsToTxt $ original hdrName, bsToTxt hdrVal)
+  | (hdrName, hdrVal) <- hdrs
+  ]
+
 wreqOptions :: HTTP.Manager -> [HTTP.Header] -> Wreq.Options
 wreqOptions manager hdrs =
   Wreq.defaults

server/src-lib/Hasura/Server/Auth.hs

@@ -22,7 +22,6 @@ module Hasura.Server.Auth
 import           Control.Exception       (try)
 import           Control.Lens
 import           Data.Aeson
-import           Data.CaseInsensitive    (CI (..), original)
 import           Data.IORef              (newIORef)
 
 import qualified Data.Aeson              as J
@@ -73,12 +72,6 @@ data AuthMode
   | AMAdminSecretAndJWT !AdminSecret !JWTCtx !(Maybe RoleName)
   deriving (Show, Eq)
 
-hdrsToText :: [N.Header] -> [(T.Text, T.Text)]
-hdrsToText hdrs =
-  [ (bsToTxt $ original hdrName, bsToTxt hdrVal)
-  | (hdrName, hdrVal) <- hdrs
-  ]
-
 mkAuthMode
   :: ( MonadIO m
      , MonadError T.Text m

server/src-lib/Hasura/Server/Auth/JWT.hs

@@ -183,7 +183,8 @@ processJwt jwtCtx headers mUnAuthRole =
 
     withoutAuthZHeader = do
       unAuthRole <- maybe missingAuthzHeader return mUnAuthRole
-      return $ mkUserInfo unAuthRole $ mkUserVars []
+      return $ mkUserInfo unAuthRole $ mkUserVars $ hdrsToText headers
+
     missingAuthzHeader =
       throw400 InvalidHeaders "Missing Authorization header in JWT authentication mode"