@Override public AuthenticationResult authenticate( User user, byte[] password ) { AuthenticationMetadata authMetadata = authMetadataFor( user.name() ); if ( !authMetadata.authenticationPermitted() ) { return AuthenticationResult.TOO_MANY_ATTEMPTS; } if ( user.credentials().matchesPassword( password ) ) { authMetadata.authSuccess(); return AuthenticationResult.SUCCESS; } else { authMetadata.authFailed(); return AuthenticationResult.FAILURE; } }
@Mapping( "password_change_required" ) public ValueRepresentation passwordChangeRequired() { return ValueRepresentation.bool( user.passwordChangeRequired() ); }
@Override protected String serialize( User user ) { return String.join( userSeparator, user.name(), // Only used by FileRepository (InternalFlatFileRealm) so we can assume LegacyCredential here serialize( (LegacyCredential) user.credentials() ), String.join( ",", user.getFlags() ) ); }
if ( !existingUser.name().equals( updatedUser.name() ) ) throw new IllegalArgumentException( "The attempt to update the role from '" + existingUser.name() + "' to '" + updatedUser.name() + "' failed. Changing a roles name is not allowed." ); for ( User other : users ) if ( other.equals( existingUser ) ) usersByName.put( updatedUser.name(), updatedUser ); persistUsers();
@Test public void shouldCreateDefaultUserIfNoneExist() throws Throwable { // When authManager().start(); // Then final User user = users.getUserByName( "neo4j" ); assertNotNull( user ); assertTrue( user.credentials().matchesPassword( "neo4j" ) ); assertTrue( user.passwordChangeRequired() ); }
@Override public String username() { return user.name(); }
@Override protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals ) { if ( !authorizationEnabled ) { return null; } String username = (String) getAvailablePrincipal( principals ); if ( username == null ) { return null; } User user = userRepository.getUserByName( username ); if ( user == null ) { return null; } if ( user.passwordChangeRequired() || user.hasFlag( IS_SUSPENDED ) ) { return new SimpleAuthorizationInfo(); } else { Set<String> roles = roleRepository.getRoleNamesByUsername( user.name() ); return new SimpleAuthorizationInfo( roles ); } }
if ( existingUser.credentials().matchesPassword( password ) ) User updatedUser = existingUser.augment().withCredentials( LegacyCredential.forPassword( password ) ).withRequiredPasswordChange( requirePasswordChange ).build(); userRepository.update( existingUser, updatedUser );
@Test public void shouldChangePasswordAndReturnSuccess() throws Exception { // Given HttpServletRequest req = mock( HttpServletRequest.class ); when( req.getUserPrincipal() ).thenReturn( neo4jPrinciple ); OutputFormat outputFormat = new EntityOutputFormat( new JsonFormat(), new URI( "http://www.example.com" ), null ); UserService userService = new UserService( userManagerSupplier, new JsonFormat(), outputFormat ); // When Response response = userService.setPassword( "neo4j", req, "{ \"password\" : \"test\" }" ); // Then assertThat( response.getStatus(), equalTo( 200 ) ); userManagerSupplier.getUserManager().getUser( "neo4j" ).credentials().matchesPassword( "test" ); }
private void assertAuthIniFile( String password ) throws Throwable { assertTrue( fileSystem.fileExists( authInitFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authInitFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); } }
@Override public void suspendUser( String username ) throws IOException, InvalidArgumentsException { User user = getUser( username ); if ( !user.hasFlag( IS_SUSPENDED ) ) { User suspendedUser = user.augment().withFlag( IS_SUSPENDED ).build(); try { synchronized ( this ) { userRepository.update( user, suspendedUser ); } } catch ( ConcurrentModificationException e ) { // Try again suspendUser( username ); } } clearCacheForUser( username ); }
@Test public void shouldBuildImmutableUser() { LegacyCredential abc = LegacyCredential.forPassword( "123abc" ); LegacyCredential fruit = LegacyCredential.forPassword( "fruit" ); User u1 = new User.Builder( "Steve", abc ).build(); User u2 = new User.Builder( "Steve", fruit ) .withRequiredPasswordChange( true ) .withFlag( "nice_guy" ).build(); assertThat( u1, equalTo( u1 ) ); assertThat( u1, not( equalTo( u2 ) ) ); User u1AsU2 = u1.augment().withCredentials( fruit ) .withRequiredPasswordChange( true ) .withFlag( "nice_guy" ).build(); assertThat( u1, not( equalTo( u1AsU2 ))); assertThat( u2, equalTo( u1AsU2 )); User u2AsU1 = u2.augment().withCredentials( abc ) .withRequiredPasswordChange( false ) .withoutFlag( "nice_guy" ).build(); assertThat( u2, not( equalTo( u2AsU1 ))); assertThat( u1, equalTo( u2AsU1 )); assertThat( u1, not( equalTo( u2 ) ) ); } }
private UserResult userResultForName( String username ) { User user = userManager.silentlyGetUser( username ); Iterable<String> flags = user == null ? emptyList() : user.getFlags(); return new UserResult( username, flags ); }
@Test public void shouldCreateUser() throws Throwable { // Given manager.start(); // When manager.newUser( "foo", password( "bar" ), true ); // Then User user = users.getUserByName( "foo" ); assertNotNull( user ); assertTrue( user.passwordChangeRequired() ); assertTrue( user.credentials().matchesPassword( "bar" ) ); }
@Mapping( "password_change" ) public ValueRepresentation passwordChange() { return ValueRepresentation.uri( format( "/user/%s/password", user.name() ) ); } }
if ( user.hasFlag( InternalFlatFileRealm.IS_SUSPENDED ) ) throw new DisabledAccountException( "User '" + user.name() + "' is suspended." ); if ( user.passwordChangeRequired() ) return new ShiroAuthenticationInfo( user.name(), getName(), result );
if ( existingUser.credentials().matchesPassword( password ) ) User updatedUser = existingUser.augment().withCredentials( LegacyCredential.forPassword( password ) ).withRequiredPasswordChange( requirePasswordChange ).build(); userRepository.update( existingUser, updatedUser );
@Test public void shouldChangePassword() throws Throwable { // Given assertEmpty( admin, "CALL dbms.changePassword('abc')" ); assert authManager.getUser( "neo4j" ).credentials().matchesPassword( "abc" ); }
private void assertAuthIniFile( String password ) throws Throwable { File authIniFile = getAuthFile( "auth.ini" ); assertTrue( fileSystem.fileExists( authIniFile ) ); FileUserRepository userRepository = new FileUserRepository( fileSystem, authIniFile, NullLogProvider.getInstance() ); userRepository.start(); User neo4j = userRepository.getUserByName( UserManager.INITIAL_USER_NAME ); assertNotNull( neo4j ); assertTrue( neo4j.credentials().matchesPassword( password ) ); assertFalse( neo4j.hasFlag( User.PASSWORD_CHANGE_REQUIRED ) ); }
if ( !existingUser.name().equals( updatedUser.name() ) ) throw new IllegalArgumentException( "The attempt to update the role from '" + existingUser.name() + "' to '" + updatedUser.name() + "' failed. Changing a roles name is not allowed." ); for ( User other : users ) if ( other.equals( existingUser ) ) usersByName.put( updatedUser.name(), updatedUser ); persistUsers();