dvws-node icon indicating copy to clipboard operation
dvws-node copied to clipboard
verified publisher icon snoopysecurity

GraphQL queries: Missing JWT Admin Auth Token

Open nos111 opened this issue 3 years ago • 1 comments

Everytime I run one of the graphql queries I get the following error:

{ "errors": [ { "message": "Missing JWT Admin Auth Token", "locations": [ { "line": 2, "column": 3 } ], "path": [ "updateUserUploadFile" ], "extensions": { "code": "INTERNAL_SERVER_ERROR", "exception": { "stacktrace": [ "Error: Missing JWT Admin Auth Token", " at Object.updateUserUploadFile (/home/dvws-node/graphql/schema.js:121:17)", " at field.resolve (/home/dvws-node/node_modules/apollo-server-core/dist/utils/schemaInstrumentation.js:56:26)", " at executeField (/home/dvws-node/node_modules/graphql/execution/execute.js:481:20)", " at /home/dvws-node/node_modules/graphql/execution/execute.js:377:22", " at promiseReduce (/home/dvws-node/node_modules/graphql/jsutils/promiseReduce.js:23:9)", " at executeFieldsSerially (/home/dvws-node/node_modules/graphql/execution/execute.js:373:43)", " at executeOperation (/home/dvws-node/node_modules/graphql/execution/execute.js:347:14)", " at execute (/home/dvws-node/node_modules/graphql/execution/execute.js:136:20)", " at execute (/home/dvws-node/node_modules/apollo-server-core/dist/requestPipeline.js:205:48)", " at processGraphQLRequest (/home/dvws-node/node_modules/apollo-server-core/dist/requestPipeline.js:148:34)", " at processTicksAndRejections (node:internal/process/task_queues:96:5)", " at async processHTTPRequest (/home/dvws-node/node_modules/apollo-server-core/dist/runHttpQuery.js:220:30)" ] } } } ], "data": { "updateUserUploadFile": null } }

Query: mutation { updateUserUploadFile(filePath: "../../../../../../tmp/test.txt",fileContent:"foo") { filePath, fileContent } }

I think there must be some way to add an admin token but I couldn't find it.

nos111 avatar Aug 09 '22 12:08 nos111

Hey, the GraphQL API will ask for an admin token, but any user token can be provided to run this query.

So you can

  1. create a new user through the application
  2. The application will give you a JWT token, e.g. Authorization: Bearer
  3. Now when sending the request to the GraphQL API, you can provide this token to bypass the authentication requirement

snoopysecurity avatar Aug 13 '22 22:08 snoopysecurity

Closing due to inactivity

snoopysecurity avatar Mar 05 '23 12:03 snoopysecurity