CCM-9874: cookie casing

harrim91 · harrim91 · commit d3985f200447 · 2025-05-22T17:30:40.000+01:00
diff --git a/infrastructure/terraform/modules/backend-api/iam_role_guardduty_quarantine.tf b/infrastructure/terraform/modules/backend-api/iam_role_guardduty_quarantine.tf
@@ -73,10 +73,10 @@ data "aws_iam_policy_document" "guardduty_quarantine" {
     sid    = "AllowPostScanTag"
     effect = "Allow"
     actions = [
-      "S3:PutObjectTagging",
-      "S3:GetObjectTagging",
-      "S3:PutObjectVersionTagging",
-      "S3:GetObjectVersionTagging"
+      "s3:PutObjectTagging",
+      "s3:GetObjectTagging",
+      "s3:PutObjectVersionTagging",
+      "s3:GetObjectVersionTagging"
     ]
 
     resources = [
diff --git a/lambdas/download-authorizer/src/__tests__/index.test.ts b/lambdas/download-authorizer/src/__tests__/index.test.ts
@@ -68,7 +68,7 @@ describe('download authorizer handler', () => {
     });
 
     const uri = `/${subject}/template-id/proof1.pdf`;
-    const cookie = `CognitoIdentityServiceProvider.${userPoolClientId}.${subject}.AccessToken=jwt`;
+    const cookie = `CognitoIdentityServiceProvider.${userPoolClientId}.${subject}.accessToken=jwt`;
 
     const event = mock<CloudFrontRequestEvent>(makeEvent(uri, cookie));
 
@@ -89,7 +89,7 @@ describe('download authorizer handler', () => {
   test('returns denial if cognito configuration is not present in custom headers', async () => {
     const uri = '/subject/template-id/proof1.pdf';
     const cookie =
-      'CognitoIdentityServiceProvider.user-pool-client-id.subject.AccessToken=jwt';
+      'CognitoIdentityServiceProvider.user-pool-client-id.subject.accessToken=jwt';
 
     const event = mock<CloudFrontRequestEvent>(
       makeEvent(uri, cookie, {
@@ -122,7 +122,7 @@ describe('download authorizer handler', () => {
 
   test('returns denial if authorization fails', async () => {
     const uri = '/subject/template-id/proof1.pdf';
-    const cookie = `CognitoIdentityServiceProvider.${userPoolClientId}.subject.AccessToken=jwt`;
+    const cookie = `CognitoIdentityServiceProvider.${userPoolClientId}.subject.accessToken=jwt`;
 
     lambdaCognitoAuthorizer.authorize.mockResolvedValue({
       success: false,
diff --git a/lambdas/download-authorizer/src/index.ts b/lambdas/download-authorizer/src/index.ts
@@ -21,7 +21,7 @@ export function parseRequest(request: CloudFrontRequest) {
   const userPoolId = customHeaders?.['x-user-pool-id']?.[0]?.value;
   const userPoolClientId = customHeaders?.['x-user-pool-client-id']?.[0]?.value;
 
-  const accessTokenKey = `CognitoIdentityServiceProvider.${userPoolClientId}.${ownerPathComponent}.AccessToken`;
+  const accessTokenKey = `CognitoIdentityServiceProvider.${userPoolClientId}.${ownerPathComponent}.accessToken`;
 
   const cookies = parseCookie(request.headers.cookie?.[0]?.value ?? '');
   const authorizationToken = cookies[accessTokenKey];
