diff --git a/services/src/modules/directives/policy/policy-executor.ts b/services/src/modules/directives/policy/policy-executor.ts index b15cd01c..436539a0 100644 --- a/services/src/modules/directives/policy/policy-executor.ts +++ b/services/src/modules/directives/policy/policy-executor.ts @@ -41,6 +41,7 @@ export class PolicyExecutor { const {done, allow} = await evaluate({ ...policy, args, + query, policyAttachments: this.policyAttachments, }); if (!done) throw new Error('in-line query evaluation not yet supported'); diff --git a/services/src/modules/paramInjection.ts b/services/src/modules/paramInjection.ts index 95d8244c..78398ffd 100644 --- a/services/src/modules/paramInjection.ts +++ b/services/src/modules/paramInjection.ts @@ -10,7 +10,7 @@ type jwtData = { [name: string]: any; }; -const paramRegex = /{(source|args|exports)\.(\w+(\.\w+)*)}/; +const paramRegex = /{(source|args|jwt|exports)\.(\w+(\.\w+)*)}/; const authzHeaderPrefix = 'Bearer '; function resolveTemplate( @@ -114,7 +114,6 @@ function getJwt(context: RequestContext): jwtData { context.jwt = isAuthzHeaderValid(authzHeader) ? (decodeJwt(authzHeader.substr(authzHeaderPrefix.length), {json: true}) as jwtData) : {}; - return context.jwt; } diff --git a/services/src/tests/e2e/tests/__snapshots__/authorization_with_queries.spec.ts.snap b/services/src/tests/e2e/tests/__snapshots__/authorization_with_queries.spec.ts.snap index db08b067..f7a47bcb 100644 --- a/services/src/tests/e2e/tests/__snapshots__/authorization_with_queries.spec.ts.snap +++ b/services/src/tests/e2e/tests/__snapshots__/authorization_with_queries.spec.ts.snap @@ -10,7 +10,7 @@ Object { "exception": Object { "stacktrace": Array [ "Error: Unauthorized by policy alwaysDenied in namespace namespace", - " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:37:19)", + " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:42:19)", " at async Promise.all (index 0)", " at async PolicyExecutor.validatePolicies (/service/dist/modules/directives/policy/policy-executor.js:20:9)", " at async field.resolve (/service/dist/modules/directives/policy/policy.js:14:17)", @@ -58,7 +58,7 @@ Object { "exception": Object { "stacktrace": Array [ "Error: Unauthorized by policy notClassified in namespace namespace", - " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:37:19)", + " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:42:19)", " at async Promise.all (index 0)", " at async PolicyExecutor.validatePolicies (/service/dist/modules/directives/policy/policy-executor.js:20:9)", " at async field.resolve (/service/dist/modules/directives/policy/policy.js:14:17)", @@ -99,7 +99,7 @@ Object { "exception": Object { "stacktrace": Array [ "Error: Unauthorized by policy notClassified in namespace namespace", - " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:37:19)", + " at PolicyExecutor.validatePolicy (/service/dist/modules/directives/policy/policy-executor.js:42:19)", " at async Promise.all (index 0)", " at async PolicyExecutor.validatePolicies (/service/dist/modules/directives/policy/policy-executor.js:20:9)", " at async field.resolve (/service/dist/modules/directives/policy/policy.js:14:17)",